On October 5, 2015, the Office for Civil Rights (OCR) announced the launch of a new platform [http://HIPAAQsportal.hhs.gov] for mobile health (mHealth) developers and others interested in the intersection of health information technology and HIPAA privacy protection. With the proliferation of new technology using data about the health of individuals in innovative ways to improve health outcomes, OCR recognizes that mHealth developers may need to consider building privacy and security protections into technology products to enhance product value by providing some assurance to users that the information is safe and secure and will be used and disclosed only as approved or expected. Such protections are sometimes required by federal and state laws, including the HIPAA Privacy, Security and Breach Notification Rules.

OCR’s new site is on the Ideascale cloud-based idea management platform. Users who want to submit questions, offer comments on other submissions or vote on how relevant the topic is will sign in using their email address, but their identities and addresses will be anonymous to OCR. OCR will consider the input provided on this site in developing future guidance and technical assistance efforts. OCR is also asking stakeholders to provide input on the following issues: What topics should OCR address in guidance? What current provisions leave you scratching your heads? How should this guidance look in order to make it more understandable or more accessible? Stakeholders can also use this page to submit questions about HIPAA, present a use case, or see what their peers are discussing. Users can comment on the discussions and vote on which topics or use cases would be the most helpful or important.

OCR’s announcement notes that posting or commenting on a question on this site will not subject anyone to enforcement action. While OCR will not respond individually to questions, they will try to post links to existing relevant resources when they can.