Should Apps with Personal Health Information Be Subject to HIPAA?

The following is a guest blog post by Erin Gilmer (@GilmerHealthLaw). With news of Grindr’s sharing of user’s HIV status and location data, many wonder how such sensitive information could be so easily disclosed and the answer is quite simply a lack of strong privacy and security standards for apps.  The question then becomes whether apps that store personal health information should be subject to HIPAA? Should apps like Grindr have to comply with the Privacy and Security Rules as doctors, insurance companies, and other covered entities already do? A lot of people already think this information is protected by HIPAA as they do not realize that HIPAA only applies to “covered entities” (health care providers, health plans, and health care clearininghouses) and “business associates” (companies that contract with covered entities).  Grindr is neither of these. Nor are most apps that address health issues – everything from apps with mental health tools to diet and exercise trackers. These apps can store all manner of information ranging simply from a name and birthdate to sensitive information including diagnoses and treatments. Grindr is particularly striking because under HIPAA, there are extra protections for information including AIDS/HIV status, mental health diagnoses, genetics, and substance abuse history.  Normally, this information is highly protected and rightly so given the potential for discrimination. The privacy laws surrounding this information were...
Source: EMR and HIPAA - Category: Information Technology Authors: Tags: Digital Health Health Care Healthcare HealthCare IT HIPAA HIPAA General mHealth Mobile Apps Mobile Health Care Aetna Breach CVS Caremark Breach Erin Gilmer Grindr HIV and HIPAA OCR Source Type: blogs