The risky business of sharing data in and outside of the healthcare system is becoming more complicated, especially as consumer use of health applications and the desire to share health data increase exponentially. Current privacy laws were not created during the age of the internet, big data and mobile healthcare. One of the most critical pieces of privacy legislation, the Health Insurance Portability and Accountability Act (HIPAA), was enacted in 1996, during a time when healthcare providers and payers maintained health information using paper-based medical records instead of electronic health records (EHRs). iPhones, iPads and other mobile devices did not emerge until almost a decade later.
While HIPAA was amended in the 2009 Health Information Technology for Economic and Clinical Health (HITECH) Act to address concerns arising from the use of EHRs, numerous challenges remain with the aging legislation. A significant amount of health data is now generated from healthcare apps and consumer devices that are not governed by HIPAA. As market-disruptive, nontraditional entrants to the healthcare industry proliferate, confusion about the handling of electronic health information abounds.
In a new issue brief, Manatt Health and the eHealth Initiative examine the significant amount of health data being generated from apps and consumer devices that are outside the scope of HIPAA regulation. The brief aims to clear up some of the confusion, offering tangible examples of what constitutes a covered or non-covered HIPAA entity and how to determine when an app developer is a business associate under HIPAA. Manatt Health and the eHealth Initiative also provide an examination of federal guidance and regulations for covered entities and app developers and discuss the nuances of the California Consumer Privacy Act and the General Data Protection Regulation.
Click here to read more.