Health Data Privacy (and a little FDA mHealth) Regulation

Health Data Privacy Regulation

David Harlow JD MPHTHE HARLOW GROUP LLC

blog • healthblawg.com

twitter • @healthblawg Cambridge MA1.22.2015

Photo: CC: http://www.flickr.com/photos/aigle_dore/6672141083

HIPAA Highlights

PHI

CE

BA

Breach Notification

•Patients

•Government

•Press (>500)

Enforcement (OCR/AGs)

•BA Primary Liability

•Downstream responsibility

•Audits, Complaint Investigations, Fines

TPO

BAA

NPP

Authorization/Consent

Security

•Administrative

•Technical

•Physical

•>> Risk Assessment

Privacy

•Minimum Necessary for TPO

•Patient Access

•Opt-In for Research, Marketing, Fundraising

Wall of Shame

Deidentification

Photo: CC: http://www.flickr.com/photos/hape_gera/3281625420

thed

atam

ap.o

rg

It’s not ALL about HIPAA

When is an app or a device regulated?

Guidance Index: http://j.mp/FDAmeddevice

mHealth Guidance: http://j.mp/FDAmHealth

Wellness – Low Risk Device Guidance:http://j.mp/FDAwellness

Most Apps Won’t Require FDA Regulation

Source: John “Pharmaguy” Mack’s Pharma Marketing Blog

FTC BreachNotification Rule

for PHRs

State Rules on Data Privacy

Including“Sensitive” Health Data

Lockdown vs. Open Door

A Formula for Patient-Centric mHealth Apps

Quality mHealth App = Satisfy Patients’ Needs§ +

Transparency + Reliable Health Data Management*

§Satisfy Patients’ Needs =

Useful Functionality + Efficacy

*Reliable Health Data Management =

Good Privacy Practices + Data Security

Source: John “Pharmaguy” Mack’s Pharma Marketing Blog

Formula for Patient-Centric mHealth Apps

Clear Expectations => No Surprises

The Inevitability of Digital Health

Photo: CC: http://www.flickr.com/photos/aigle_dore/6672141083

for contact info txt dharlow to 50500or scan the QR code

harlowgroup.nethealthblawg.com

twitter.com/[email protected]

Thank YouDavid Harlow JD MPH

THE HARLOW GROUP LLC