The Office of Civil Rights (OCR) of the Department of Health and Human Services (HHS) recently launched a new resource: a platform for mobile health developers and “others interested in the intersection of health information technology and HIPAA privacy protection.”

In the announcement of this platform, OCR noted that there has been an “explosion” of technology using data regarding the health of individuals in innovative ways to improve health outcomes. However, OCR said that “many mHealth developers are not familiar with the HIPAA Rules and how the rules would apply to their products,” and that “[b]uilding privacy and security protections into technology products enhances their value by providing some assurance to users that the information is safe and secure and will be used and disclosed only as approved or expected.”

The OCR platform for mobile app developers has its own website. Anyone – not just mobile app developers – may browse and use the website. Users may submit questions, offer comments on other submissions and vote on a topic's relevance. OCR noted that to do so users will need to sign in using their email address, “but their identities and addresses will be anonymous to OCR.” 

OCR asked stakeholders to provide input on the following issues related to mobile app development: What topics should we address in guidance? What current provisions leave you scratching your heads? How should this guidance look in order to make it more understandable and more accessible?

Users can also submit questions about HIPAA or use cases through this website. OCR explained that, “we cannot respond individually to questions, we will try to post links to existing relevant resources when we can.” Finally, in the announcement OCR stated that posting or commenting on a question on this website, “will not subject anyone to enforcement action.”