On April 5, 2016, Chairwoman Edith Ramirez of the Federal Trade Commission (FTC) announced the release of a new web-based tool to assist developers of mobile health apps in understanding what federal laws they must comply with. The FTC’s new tool joins several others released by other federal agencies designed to educate and guide app developers in their efforts to create compliant apps.   

Closing the Knowledge Gap

Because many federal laws in this arena overlap in their scope, developers are often confused as to which laws are applicable to their particular app. The FTC worked in collaboration with the  Food and Drug Administration and the U.S. Department of Health and Human Services (HHS) to develop this tool in order to close the knowledge gap. According to the FTC, the tool should assist mobile health app developers in determining whether laws, such as the FTC Act, the FTC’s Health Breach Notification Rule, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and the Federal Food, Drug, and Cosmetics Act (FD&C Act) are applicable. The web-based tool works by asking developers a series of questions that help identify those laws with which the developers need to comply.

Other Federal Resources

Mobile health app developers already have a number of tools released by other federal agencies to guide them in understanding the law and their obligations under the law.  The FDA released guidance on its regulation of Mobile Medical Applications in February 2015.  HHS released in February 2016 new guidance on its developers’ portal that details various scenarios where HIPAA would apply.  The scenarios are meant to help answer two specific questions: 

  1. How does HIPAA apply to health information that a patient creates, manages or organizes through the use of a health app?
  2. When might an app developer need to comply with the HIPAA Rules?

HHS cautions developers that each situation is different and the scenarios are merely illustrative. 

Importance of Own Due Diligence

Although these government-provided portals may be useful, they do not replace legal or other expert advice.  Before going live, developers may want to confirm with their legal or regulatory advisors whether their apps will comply with relevant healthcare-related laws and regulations.  In fact, the best time to consider how these laws may apply is in the early development stage.  In some cases, changes to the app and how it interacts with other devices, health providers, and the consumer may mitigate or even avoid some compliance issues.