Recently, the U.S. Food and Drug Administration (“FDA”) issued its much-anticipated final guidance for developers of mobile medical applications (“apps”). Apps run on mobile communication devices and can present unique problems not only to consumers, but also to providers who must walk a fine line between meaningful use requirements and HIPAA regulations regarding personal health information (“PHI”).
Mobile apps have the potential to transform the provider-patient relationship, as they can allow for diagnosis and interaction outside traditional health care settings. They also make it possible for patients to monitor and manage their own health care; the opportunity is literally within arm’s reach. There are now apps on the market that can diagnose abnormal heart rhythms, or transform a smart phone into a mobile ultrasound device.
Apps this powerful obviously carry significant risks if they do not operate properly. The FDA has decided how it will oversee this new technology; its focus will be on apps that:
1. are intended to be used as an accessory to a regulated medical device – for example, an application that allows a health care professional to make a specific diagnosis by viewing a medical image from a picture-archiving and communication system on a smartphone or tablet; or,
2. transform a mobile platform into a regulated medical device, such as the ultrasound device mentioned previously.
The FDA will review mobile medical apps using the same regulatory standards and risk-based approach that is used for the review of all other medical devices.
The use of mobile technologies in healthcare has become a part of everyday business. That said, great caution should be exercised by providers when communicating with patients via any kind of mobile device. According to the Healthcare Information and Management Systems Society (“HIMSS”), over half of ePHI breaches are the result of theft, loss, or misuse of mobile devices. As more and more patients embrace apps for the management of their healthcare, providers should implement safeguards and strict policies to ensure that they are doing their part to protect ePHI.