Mobile health applications creators may need to comply with certain government legislation such as the Children’s Online Privacy Protection Act (COPPA), FTC Health Breach Notification Rule, Federal Food, Drug and Cosmetics Act (FD&C Act), FTC Act, the 21st Century Cures Act, Health Insurance Portability and Accountability Act (HIPAA), and the ONC’s Information Blocking Regulations.
To prevent compliance missteps by mobile health app creators, the Federal Trade Commission (FTC), together with the Department of Health and Human Services Office for Civil Rights (OCR), the Food and Drug Administration (FDA), and the Office of the National Coordinator for Health Information Technology (ONC), created an online tool to assist developers to identify which federal legislation they should adhere to.
The online tool has a sequence of questions regarding the nature of the application, the service it offers, the data it gathers, and how that data is gathered, disclosed, and utilized. Depending on the responses to the questions, the tool will take the app developer to the appropriate government regulatory security, privacy, and breach notification legislation that is applicable.
The tool must be utilized by any developer of a mobile application that views, collects, shares, processes, or keeps data associated with a person’s past, present, or future wellness. Even though a health application is not created for the usage of a HIPAA-covered entity, there is at least one federal legislation that is applicable. The tool will guide creators to resources that they can use to learn more about their compliance responsibilities, together with the recommendations to help them provide a safe and appropriate service while making sure to protect the privacy and security of the health data of app end users.
On December 7, 2022, the HHS made an announcement that the updated online Mobile Health App Interactive Tool is available. The updated release is accessible on this page.