Despite HHS having recently released fairly helpful guidance clarifying when health app vendors are subject to HIPAA (see our blog post), some members of Congress think it is too little too late. In a letter dated March 9, 2016, members of Congress complained that HHS has not followed through on its commitment to help covered entities understand their HIPAA obligations.

These commitments include:

  1. Provide up-to-date and clear information about what is expected of technologies companies for compliance with the HIPAA Rules, and identify the implementation standards that can help technology companies conform to the regulations.
  2. Provide more clarity on HIPAA obligations for companies and services that store data in the cloud.
  3. Engage regularly with technology companies to provide compliance assistance.

The letter goes on to state that this lack of guidance has impacted advances in health care and denies patients access to new technologies. Ultimately, the authors of the letter ask to meet with the Secretary to identify ways in which HHS, Congress, and industry stakeholders can work together and address these issues.