On September 2, 2020, the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) announced a new “Health Apps” feature on the HHS.gov website. The new website, which replaces the OCR’s Health App Developer Portal, highlights existing guidance for mobile health (“mHealth”) apps regarding the Health Insurance Portability and Accountability Act (“HIPAA”) regulations.

The new website features OCR’s guidance for mHealth app developers and others who may be “interested in the intersection of health information technology and HIPAA privacy and security protections,” including:

  • Mobile Health Apps Interactive Tool – A web-based tool created by OCR, in conjunction with the Federal Trade Commission and the Food and Drug Administration, to help health-related mobile app developers understand which federal laws and regulations may be applicable.
  • Health App Use Scenarios & HIPAA – Guidance illustrating when a mHealth developer may be acting as a business associate under HIPAA.
  • Access Rights, Apps, and APIs – FAQs on the HIPAA right of access, mobile apps, and application programming interfaces (APIs).
  • Health Information Technology – FAQs relating to HIPAA and various aspects of health information technology.
  • Guidance on HIPAA & Cloud Computing – Guidance to help covered entities and their business associates, including cloud services providers (“CSPs”), understand how to comply with the HIPAA requirements while using cloud computing technologies.

These new resources are OCR’s latest attempt to make the HIPAA regulations more relevant to rapidly evolving areas of health information technology.