News | Mobile Devices | April 25, 2016

FTC Creates Compliance Tool for Mobile Health App Developers

Tool and related business guidance designed to help developers stay compliant with federal and state privacy regulations

mobile health apps, FTC, compliance tool, business guidance, privacy

April 25, 2016 — The Federal Trade Commission (FTC) announced that it has created a Web-based guidance tool for developers of health-related mobile applications (health apps). FTC did not take this action alone, but rather developed the tool in conjunction with the Department of Health and Human Services’s (HHS) Office of the National Coordinator for Health Information Technology (ONC), Office for Civil Rights (OCR), and the U.S. Food and Drug Administration (FDA). 

FDA released a seminal guidance document on mobile medical apps early last year.  In its guidance document, FDA addresses, among other things, those apps it intends to regulate as medical devices under the Federal Food, Drug, and Cosmetic Act (FD&C Act) and those for which the agency intends to exercise its enforcement discretion. OCR has also recently issued guidance in this area, providing examples of scenarios where the Health Insurance Portability and Accountability Act (HIPAA) regulations might apply to health information created, managed or organized through the use of health apps.

The FTC’s new health apps tool asks developers a series of high-level questions about the nature of the app, including questions about its function, the data it collects and the services it provides to users.  These questions include the following:

  • Do you create, receive, maintain or transmit identifiable health information?;
  • Are you a healthcare provider or health plan?;
  • Do consumers need a prescription to access your app?;
  • Are you developing this app on behalf of a HIPAA-covered entity?;
  • Is your app intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment or prevention of disease?;
  • Does your app pose “minimal risk” to a user?;
  • Is your app a “mobile medical app”?;
  • Are you a nonprofit organization?; and
  • Do you offer health records directly to consumers (or do you interact with or offer services to someone who does)?

Based on the answers to these questions, the tool will point the app developer toward detailed information about certain federal laws that might apply to the app, including the FTC Act, the FTC’s Health Breach Notification Rule, HIPAA and the FD&C Act.

Simultaneous with the release of the guidance tool, the Commission also issued a business guidance aimed at helping health app developers comply with the FTC Act by building privacy and security into their apps. Beyond the laws identified above, FTC notes in its business guidance that health apps could be subject to, among other things, the Children’s Online Privacy Protection Rule; the Gramm-Leach-Bliley Act’s Safeguards Rule and Privacy Rule; myriad state laws; and basic truth-in-advertising and privacy principles.

Given the proliferation of health apps, developers can expect increasing federal and state scrutiny over these products.  The veritable alphabet soup of potentially-applicable laws require that developers maintain a sophisticated understanding of both existing requirements and new requirements that are sure to come online over the coming months and years.

For more information: www.venable.com

Related Content

Text Messaging Could Help Tackle High Blood Pressure in At-Risk Patients

Image courtesy of Michigan Medicine

News | Hypertension| September 06, 2017
A new National Institutes of Health-funded hypertension trial will examine the possibility of using an emergency...
Abbott. St. Jude Medical has updated its firmware to address cybersecurity issues with its Allure Quadra MP and other EP devices

Abbott. St. Jude Medical has updated its firmware to address cybersecurity issues with its Allure Quadra MP and other EP devices.

Feature | EP Lab| August 29, 2017 | Dave Fornell
August 29, 2017 — The U.S.
MDISS Launches 'WHISTL' Network of Medical Device Security Testing Labs
News | Cybersecurity| August 23, 2017
The Medical Device Innovation, Safety and Security Consortium (MDISS) recently launched the first of more than a dozen...
HHS Unveils Improved Web Tool to Highlight Recent Health Information Breaches
News | Cybersecurity| August 21, 2017
The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) recently launched a revised web...
Healthcare cybersecurity concerns have increased dramatically as EMRs and medical devices become more digitally connected.

Healthcare cybersecurity concerns have increased dramatically as EMRs and medical devices become more digitally connected.

Feature | Cybersecurity| August 18, 2017 | Dave Fornell
August 17, 2017 — Cybersecurity has become a growing concern in healthcare as patient data, medical systems and impla
Houston Methodist Hospital Enters Multi-Year Technology and Research Agreement With Siemens Healthineers
News | Cardiac Imaging| August 17, 2017
Houston Methodist Hospital and Siemens Healthineers have entered into a multi-year agreement to bring cutting-edge...
ScImage Awarded U.S. Government DIN-PACS IV Contract
News | PACS| August 16, 2017
ScImage Inc. was recently awarded a new DIN-PACS IV (Digital Imaging Network/Picture Archiving and Communications...
The FDA is concerned about cybersecurity of ICDs and cyber security of other medical devices.
Feature | Cybersecurity| August 16, 2017 | Dave Fornell
There is growing concern among patients and regulators that medical devices, especially implantable electrophysiology
Clarius Wireless Ultrasound Scanners Now Available With Advanced Features
News | Ultrasound Imaging| August 09, 2017
Clarius Mobile Health has released advanced features and options for its wireless handheld ultrasound scanner for...
Xavier University Announces Healthcare Artificial Intelligence Summit
News | Artificial Intelligence| August 07, 2017
Xavier University has launched the Xavier Center for Artificial Intelligence (AI), a pioneering effort to accelerate...
Overlay Init