• Home
  • Books
  • Democracy Project
  • About
✕

When Apps Claim HIPAA Compliance

eHealth

When Apps Claim HIPAA Compliance

Wael Hassan November 29, 2016

Do health applications advertised as “HIPAA-compliant” offer some legal assurance?

Often, the answer is no. HIPAA does not apply to technological applications as such. Rather, it governs personal health information managed by covered entities such as hospitals, physicians, pharmacies, and health insurance companies. Health applications managed by covered entities are subject to HIPAA rules. Consumer health applications managed by private businesses or independent developers are not.

What developers of consumer health applications likely mean, when they advertise themselves as “HIPAA-compliant,” is that their solution aligns with HIPAA standards, and that they are willing to sign Business Associate Agreements (BAA) with healthcare organizations. A BAA makes a service provider to a healthcare organization directly liable under HIPAA rules. Canadian healthcare organizations can obtain some legal protection by signing a BAA with a U.S.-based information service provider.

HIPAA definitely does not apply to consumer health applications, such as mobile apps and wearable devices that collect health information for an individual’s use (e.g., monitoring one’s exercise habits or diet), but do not share this information with a healthcare provider. Healthcare providers who wish to recommend these applications to patients should be aware that Canadians have few legal avenues to enforce their privacy rights with respect to consumer applications.

Previous Article

Can big Data be wrong – An election post mortem

Next Article

Dimensions of Identity 1/2: Explaining the Language of Anonymization

Leave a Reply Cancel reply

You must be logged in to post a comment.

Latest Posts

Data for Democracy Project

Data for Democracy Project

Implementing Use Control – The Next Generation of Data Protection 6/7

Implementing Use Control – The Next Generation of Data Protection 6/7

Access Control in a Big Data Context, IV

Access Control in a Big Data Context, IV

Books Authored by Dr. Hassan

Monitoring Elections

Privacy in Design

Arba WordPress Theme by XstreamThemes.
Get Support