Educating Health App Developers about Regulatory Requirements

Lucia Savage and Helen Caton-Peters | June 21, 2016

These days it doesn’t require a degree in computer science to create a health app.  Developers of these apps can be technologists, clinicians, or patients using their knowledge and experience in health care. All can develop new health tools that range from tracking heart healthy behaviors to using electronic calendars to reminding us of health appointments. 

But conceiving of and designing an app to fill a need is only part of the process. It is important to consider the legal implications early on in the design stage, which is why we at the Office of the National Coordinator for Health Information Technology (ONC) collaborated with the Federal Trade Commission (FTC), the Food and Drug Administration (FDA) and the HHS Office for Civil Rights (OCR) to create a new web based tool to help developers answer questions about certain federal legal requirements.

While each of these agencies has a long track record of providing helpful information and guidance to developers about regulatory oversight, we have heard from developers that knowing where to find information about what regulations apply and when can be a challenge. This interactive tool helps guide developers through a short assessment of their app with a series of questions about the nature of the app, including its function, the data it collects, and the services it provides to its users.

For example, developers of health apps often ask if the Health Insurance Portability and Accountability Act, or HIPAA, is relevant to their app.  HIPAA privacy and security regulations, which protect personal health information in certain settings, are just one set of federal regulations that could be applicable to a developer’s new health-related app.  In fact, federal laws and regulations originating with FTC, FDA and the OCR all could influence the development of a new health-related product.  And while these may not be the only applicable federal laws and regulations, they are often important requirements to consider when developing a health-related app.

We are excited to announce that there have been over 12,000 views of the tool since its release on April 4 to answer these types of important questions from innovators across the country.  We are proud to have been part of this cross-agency collaboration and are committed to continuing to provide these kinds of valuable educational tools in the future.

For other ONC resources about mobile health security, click here. For additional guidance on whether HIPAA applies to a mobile app, see OCR’s health app developer portal.