Introduction
Our project’s main purpose is to address the question: How can new, mHealth-specific HIPAA regulations improve the overall care experience including quality, access and reliability? Our research focused on mobile devices, electronic health records (EHRs), wearable devices and data collected from wearable devices. The research analyzes these four fields to determine appropriate HIPAA regulations that both improve the patient experience and address various ethical concerns. Important areas of research included HIPAA Title II rules, data compromisation and compliant standardization.
We hope to learn what components need to be considered when establishing regulations that ensure privacy, security, compliance and consistency among health data. To answer this, we begin by identifying key players, potential areas of development for mobile health technology, and current issues followed by the necessary requirements and how to implement them.
Summary
mHealth Industry Overview
As a growing industry, mHealth encompasses mobile, medical applications and programs developed for both patients and providers. In order to establish proper HIPAA standards, policymakers need to understand the differing roles played by federal and state departments. Mark Silberman and Lisa Clark explain the political context surrounding the industry. Medical devices, as well as certain mobile applications, need to be FDA-approved. However, this rigorous approval process does not extend to a variety of medical devices and apps including wearable technology, fitness apps, etc.. The inconsistency of privacy laws and funding from state-to-state present a number of ‘holes’ in mobile health regulations.
Potential for mHealth
According to a report published by Research2Guidance, 80% of doctors are currently using their mobile devices and tablets for mHealth applications. Additionally, the Pew Research Center found that 62% of smartphone owners use their mobile devices to look up information about a health condition. Market data makes it evident that their is a growing demand for regulatory action.
Sources: https://getreferralmd.com/2015/08/mobile-healthcare-technology-statistics/ , http://www.pewinternet.org/2015/04/01/us-smartphone-use-in-2015/
Current Issue
The current issue with mHealth technologies is the growing number of health-related applications that are not regulated. The NCBI released a study that found most health apps use unsecured internet communications and third party servers; practices that do not comply with HIPAA. This is problematic because these mHealth apps process large amounts of personal health data. As the demand for these products continues to grow, so does the demand for standards.
Privacy & Security Requirements
On the slides, we briefly discussed the dangers of trust issues concerning breaches and surveillance. To break it down even further, there are seven major concerns for mHealth:
- Surveillance - observing and collecting information from an individual through either overt or secret means
- Insecurity - problem related to the way information is protected
- Identification - the connecting of information to individuals
- Secondary use - the use of information for a purpose not known and unauthorized by the provider of information
- Exclusion - the problem of preventing individuals from accessing/changing information maintained by government agencies and businesses.
- Aggregation - compiling small bits of information to reveal a portrait bigger than original parts
- Disclosure - the public release of sensitive information
All seven major security concerns regarding mHealth are driven by the ever-evolving technology of mobile phones and information-processing wearables. The current legal framework in which developers are creating hundreds of mHealth applications is just a patchwork of hastily-written federal and state laws, mostly in response to individual cases. Although HIPAA and Obama’s HITECH Acts have both been passed, neither of them have proven to be sufficient to address the patient’s concerns about the security and health of their data.
***This link directs to the pdf of the primary policy analysis our research was based on
How to address it
To improve the overall care experience including quality, access and reliability, the only way is through specific mHealth regulations. Currently, there are not any politicians with any written platforms in favor of HIPAA reform. This is one of the more shocking realizations we encountered during the research period, especially in spite of the Snowden whistleblowing. We both thought the legal gaps in the privacy and security of Protected Health Information would be a major concern for patients nationwide. There are advocacy groups such as the Patient Privacy Rights Foundation https://patientprivacyrights.org/ , who advocate for HIPAA reform in both the mHealth sect as well as in privacy and security.
Future of mHealth Regulations & Policy
The future of mHealth regulations & policy looks very bleak. As stated earlier, no current congressman or legislator has any written platform in favor of HIPAA reform. The Department of Health and Human Services is the agency responsible for the enforcement of HIPAA violations. This past March, President Trump outlined his first budget blueprint where he plans an HHS budget cut of $15.1 billion.
This is nearly an 18% cut to an already-underfunded department. Even with HHS’ current funding, the Inspector General published a report in November 2013 titled, “The Office for Civil Rights Did Not Meet All Federal Requirements in its Oversight and Enforcement of the Health Insurance Portability and Accountability Act.” This report found that HHS had not established priorities, or implemented controls for its HITECH requirement to provide periodic audits of covered entities to ensure their compliance with the security rule requirements. Since the Department of Health and Human Services is most likely losing funding in the next three years, patients are going to be forced to utilize consumer protection laws as the primary means for enforcing privacy protections for mobile apps. Consumer protection laws do not offer any standardization for mHealth-specific applications which can’t ensure easy access to EHRs. The best we can do is lobby and support advocacy groups such as Patient Privacy Rights Foundation.
Hey Trey! Thanks for your insight here. I agree with what you said in class, that this topic is very similar to ours in that the apps that you are speaking about have little to no regulation. I also liked the flow of events in your presentation, it was all very well articulated. I wish I could say I was surprised by your results, but I was actually caught off guard that the government does not even seem to be trying to have a hand in regulating all of this. You would think that the government would be interested in the promotion and regulation of cheap apps to help people's fitness, as it is in their best interest to have a healthier population. Especially with the healthcare debacle we are having right now, the costs could be so much lower if people have properly approved methods of becoming healthier on their own. Concerning data security, I think it goes without saying that we are both on the same page about this data needing to be regulated so consumers are not being taken advantage of. I think one question that may be worth asking is if HIPPA is the best way to go about regulating this? Of course, it seems like the obvious choice, but if it is clear that no one is going to move on HIPPA and that the HHS budget is being cut significantly, it may mean it is time to try a new avenue of getting regulation passed through congress.
ReplyDeleteSee my comment on your blog related to medical devices. It's not an FDA issue as much as how unregulated the industry is, and, like class 2 medical devices, is easy to streamline these products in without testing or any oversight.
DeleteHey Trey and Ben. I really liked your presentation in class, I thought it was very informative, and like Henry mentioned both of your topics had similar ideas and themes so they naturally flowed together. One of the most important things both of you mentioned was the lack of regulation and effort by the government to ensure proper standards are kept and met. Especially with HIPAA and our ever growing technologically dependent society, security and protection of data is absolutely critical. With the proposed budget cut to HHS, it doesn't appear that this solution is going to be solved soon (at least not in the next four years). Perhaps a solution to protection of mHealth information and data would be to utilize a blockchain system to encrypt and store the data. Again, I really enjoyed your presentation and thought that this topic was both very interesting and very important to the future of healthcare
ReplyDeleteHi Trey and Ben,
ReplyDeleteThank you for a very informative blog post. We had learned a little bit about the regulation issues with mobile health, but I hadn't learned about the specific HIPAA requirements and how mHealth can address them. Thanks for adding that, even though regulations and policy look bleak.
I think you both worked very well together and your presentation flowed smoothly. You were obviously very well prepared and passionate about your topic. I would have liked to learn more about what you feel should be done in politics to promote mHealth. You briefly said that lobbying and supporting advocacy groups would help, but I would have liked to learn more about what is already being done/what specifically could be done in the future.
The SSRN link about HOW MOBILE HEALTH “APPS” FIT INTO A PRIVACY FRAMEWORK NOT LIMITED TO HIPAA is a legal framework about "a patchwork of privacy protections, some health-sector specific and some not. It seems like a great read for your research. Here is a bit about what it covers:
ReplyDeleteThis Article identifies how the various privacy problems relevant to mHealth have been and continue to be addressed. In addition, we offer analysis of mHealth apps by analyzing the privacy problems relevant to the different types of mHealth products. Finally, we offer commentary on what the future holds for mHealth’s privacy law protections.
Good resources in general, but I can certainly see how HIPAA may not apply in all cases to mHealth. Maybe a better way to put this is to say that mHealth applications may or may not have to adhere to HIPAA. Hard topic for sure, and I liked that we learned more about HIPAA.
Unfortunately there are a lot of AIDS/Herpes denials on Herbal cures still out there. I did research on them after I was tested HIV/Herpes positive I was so worried am I going to die soon. I continue my search again on herbal remedy for Std, then I found lots of testimony on how Dr Itua Herbal Medicine Cured HIV/Aids, Herpes Virus,Copd, Hepatitis, Diabetes, On websites sharing their testimonies, which made much more sense to me. All the authors pronounce Dr Itua As a man with Good Heart, I pick interest in their testimonies and I contact him about my situation then he gave me procedure how it works, I proceed after one week he courier his Herbal Medicine to me and instruct me on how to drink it for two weeks to cure. I receive His Herbal Medicine so I drank it for two weeks as I was told then after 2 days I go for a test I found out I was cured from HIV/Aids & Herpes Virus, I pay homage to him 2 months ago to his country to celebrate with him on his African festival which he told me it usually happens every year. I know there are lots of (HIV)/Aids&Herpes Virus denials of Herbal Remedy movement the same few doctors and they represent a very small faction of the community. I could have died because I refused Natural Herbs Cures for so long, but luckily, by the grace of God I am alive to tell my story. Contact Info...Whatsapp Number...+2348149277967,Email...drituaherbalcenter@gmail.com/ info@drituaherbalcenter.com. My Instagram Username...avat5634 Just in case you need someone to talk with. He cure tthe following diseases below...1. Herpes 2. cancer 3. HIV / AIDS 4. hepatitis 5. Bring my ex back 6. Leprosy 7. SARS 8. Bubonic plague
ReplyDelete9. Cerebrovascular disease 10. Lower respiratory infections 11. Syphilis 12. Influenza A-H1N1 (swine flu) 13.Ischemic heart disease 14. Chronic obstructive pulmonary disease 15. Whooping cough 16. Perinatal complications 17. diarrhea 18 .. lung cancer.