Adding to the guidance for mobile health application developers, the Federal Trade Commission (FTC) recently launched a new web-based Mobile Health Application Interactive Tool. The tool is designed to aid mobile app developers in understanding various federal laws and regulations that might apply to their products. The tool was developed in conjunction with the Department of Health and Human Services’ Office of National Coordinator for Health Information Technology (ONC), the Office for Civil Rights (OCR), and the Food and Drug Administration (FDA) which have also issued guidance to developers.
The tool works by guiding mobile app developers through a series of 10 “yes or no” questions about the nature of the app, its function, the data collected by it, and the services it provides to users. The questions are designed to help the developer determine whether the app is governed by the FTC breach rules, HIPAA, and/or if it is regulated by the FDA. The 10 questions include the following:
Do you create, receive, maintain, or transmit identifiable health information?
Are you a health care provider or health plan?
Do consumers need a prescription to access your app?
Are you developing this app on behalf of a HIPAA covered entity (such as a hospital, doctor’s office, health insurer, or health plan’s wellness program)?
Is your app intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment or prevention of disease?
Does your app pose “minimal risk” to a user?
Is your app a “mobile medical app?”
Are you a nonprofit organization?
Are you developing this app as or on behalf of a HIPAA covered entity (such as a hospital, doctor’s office, health insurer, or health plan’s wellness program)?
Depending on the answer selected, the tool provides additional guidance to the user as to the regulations that may be applicable to the developer and provides links to obtain further information.
According to the ONC’s chief privacy officer, ONC assisted in the development of the tool due to the widespread use of mobile medical apps:
“As Americans become increasingly engaged in managing their health through diverse health IT products, this tool will provide product developers with access to the critical information and consistent guidance they need in order to innovate. ONC is proud to have collaborated with FTC over the past year on this effort and we hope that as a result, consumers are presented with effective, private, and secure products to support better health, smarter spending and a healthier population.”
The OCR also maintains its own website to assist mobile app developers. Unlike the FTC tool, the OCR site is more of a user forum where developers can raise questions on the site which may be answered by other users or OCR staff.
Finally, the FDA revised its extensive Guidance to Mobile Medical Application Developers in February 2015. The guidance discusses the types of mobile applications that fall under FDA’s jurisdiction, but because they pose a lower risk to the public, the FDA will exercise discretion over enforcement.