Bringing to life an initiative described by Jocelyn Samuels, the Director of the Office for Civil Rights (OCR), at the recent Safeguarding Health Information: Building Assurance through HIPAA Security conference, OCR has announced the launch of a new on-line platform to solicit questions on HIPAA compliance from mobile health developers and others interested in the intersection of health information technology and HIPAA privacy protection. The new website is available at http://hipaaqsportal.hhs.gov/.
OCR launched the platform based on its realization that many mobile health developers (often referred to as mHealth developers) are not familiar with HIPAA and/or how HIPAA’s requirements apply to their products. At the same time, mHealth developers are becoming a more and more important part of the health care delivery system, as health care providers increasingly rely on technological solutions for care coordination, the remote provision of health care, and maintaining patient records.
OCR hopes that mHealth developers and other stakeholders will submit questions about HIPAA and new technologies. In addition to submitting questions, visitors to the website also can comment and vote on the questions submitted by others. By reviewing the submitted questions and the reactions to those questions, OCR hopes to better understand the types of guidance that would be helpful to companies operating in this space.
While for now the only questions listed on the new website appear to have been pre-populated by OCR, the website does provide a potential avenue for mHealth developers and other stakeholders to alert OCR to issues of interest outside of the formal notice and comment rulemaking process. However, OCR has stated that it cannot respond individually to questions, and therefore the website cannot be used to obtain quick answers to company-specific questions. Given this limitation, companies should carefully consider whether they would benefit from submitting a question for consideration by OCR (and the general public).