Mobile Health App Regulations: FDA & HIPAA

Mobile healthcare and apps, mHealth, is, at times, quite literally a matter of life and death.

Mobile healthcare and apps, mHealth, is, at times, quite literally a matter of life and death. And from my recent research on the trend, there’s widespread agreement that the industry requires pre-defined standards and strong regulation to 1) protect the quality of patient care; and 2) ensure PHI is secure and handled properly.

Yet, being enveloped in the HIPAA realm for some time has skewed my thinking – when I heard about the FDA regulating healthcare apps, I was confused. Instinctually, albeit not intellectually, I’d always thought the FDA provided insight into topics like food poisoning and MSG – not smartphones and apps, or anything technology-related.

However a recent blog post by David Lee Scher, MD, opened my eyes to a few reasons why he believes the FDA needs to be the regulatory body of “digital health technologies.” And some reasons why those in the field aren’t very fond of the organization – he mentions the fact that the FDA slows the approval process for apps annually and raises review fees for device companies, increasing developer frustration over the increased time to market.

One of the points he brings up is the fact that the FDA’s mandate isn’t covered by other related agencies – including the ONC and FCC (broadband access). The ONC, acting on behalf of the HHS, is notorious for enforcing the HIPAA and HITECH compliance laws, yet Scher reduces that to, “oversees EHRs.” A slightly broader perspective might say the ONC oversees the handling of PHI, not just EHRs, since the majority of HIPAA breach cases involved some type of physical theft or loss, as you can see in my infographic breakdown of the 2011 HIPAA violation breach types.

While the FDA should and will be involved in evaluating apps for their ability to improve patient health, they need to make collaboration with the ONC/HHS a priority to test apps for their ability to keep PHI secure. Scher references commentary in The Washington Times by Joel White – White’s position is primarily against FDA app regulation, including the argument that the FDA’s “piecemeal and oftentimes conflicting structure” of regulation raises concerns on how these rules intend to coexist with rules established by other agencies.

White argues a point from a recent State of the Union speech in support of his opinion; “tearing down outdated regulatory structures” allows innovation to flourish and encourages economic growth. Although potentially initially true, I don’t think throwing every regulatory body or law out the window is productive – without mHealth oversight, patient care may decrease significantly in quality with the advent of untested apps released to market, causing more costly and potentially dangerous issues down the road.

A regulatory body may also serve to prevent a flooded healthcare app industry (perhaps prolonging its success) and work to inform consumers of their quality and security when it comes to keeping health records secure.

Ultimately, I think we need a cohesive and productive collaboration between every agency and organization that touches mHealth and a way of streamlining the process to prevent wasted resources and time.

References:
Five Reasons Why Digital Health Technologies Need FDA Oversight
White: FDA’s Assault on Mobile Technologies