Developing a mobile health app? Check which federal laws apply
The Federal Trade Commission has created a new web-based tool for mobile health app developers, which is designed to help the developers understand what federal laws and regulations might apply to their apps.
The guidance tool asks developers a series of high-level questions about the nature of their mobile health app, including about its function, the data it collects, and the services it provides to users.
Based on the developer’s answers to those questions, the guidance will point the app developer toward detailed information about certain federal laws that might apply to the app. These include the FTC Act, the FTC’s Health Breach Notification Rule, the Health Insurance Portability and Accountability Act (HIPAA) and the Federal Food, Drug and Cosmetics Act (FD&C Act).
“Mobile app developers need clear information about the laws that apply to their health-related products,” said Jessica Rich, director of the FTC’s Bureau of Consumer Protection. “By working with our partner agencies, we’re helping these businesses build apps that comply with the law and provide more protection for consumers.”
“As the number of mobile health products available today continues to rise, it’s important to clarify for developers how FDA and other agencies’ regulations would apply to their app,” said Bakul Patel, associate director for digital health in the FDA’s Center for Devices and Radiological Health. “This effort is part of the FDA’s continued commitment to protecting patient safety while encouraging innovation in digital health.”
“As Americans become increasingly engaged in managing their health through diverse health IT products, this tool will provide product developers with access to the critical information and consistent guidance they need in order to innovate. ONC is proud to have collaborated with FTC over the past year on this effort and we hope that as a result, consumers are presented with effective, private, and secure products to support better health, smarter spending and a healthier population,” said Lucia C. Savage, chief privacy officer, ONC.
“We are committed to helping technology developers understand when and how they must comply with HIPAA, and to that end recently issued guidance illustrating scenarios that trigger HIPAA coverage,” said Jocelyn Samuels, OCR director. “This valuable new tool will help developers gain a greater understanding of their responsibilities under federal law.”
The guidance, which is maintained on the FTC’s website, links directly to each agency’s information about applicable laws. In addition, the FTC simultaneously released its own business guidance aimed at helping health app developers comply with the FTC Act, by building privacy and security into their apps.
The FTC developed the tool in conjunction with the Department of Health and Human Services’ Office of National Coordinator for Health Information Technology (ONC), Office for Civil Rights (OCR) and the Food and Drug Administration (FDA).