The Federal Trade Commission recently released an interactive tool for mobile health apps. The tool was developed in conjunction with several other federal agencies, including the Department of Health and Human Services’ Office for Civil Rights, the Office of the National Coordinator for Health Information Technology, and the Food and Drug Administration.
The tool is designed to provide a “snapshot” of applicable laws and regulations that apply to mobile health apps. These include the (1) Health Insurance Portability and Accountability Act (“HIPAA”); (2) Federal Food, Drug, and Cosmetic Act; (3) Federal Trade Commission Act; and (4) FTC’s Health Breach Notification Rule. The tool asks developers the following series of ten questions and explains which laws apply based on the answers to the questions:
- Do you create, receive, maintain, or transmit identifiable health information?
- Are you a health care provider or health plan?
- Do consumers need a prescription to access your app?
- Are you developing this app on behalf of a HIPAA covered entity (such as a hospital, doctor’s office, health insurer or health plan’s wellness program)?
- Is your app intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment or prevention of disease?
- Does your app pose “minimal risk” to a user?
- Is your app a “mobile medical app”?
- Are you a nonprofit organization?
- Are you developing this app as or on behalf of a HIPAA covered entity (such as a hospital, doctor’s office, health insurer or health plan’s wellness program)?
- Do you offer health records directly to consumers (or do you interact with or offer services to someone who does)?
The FTC’s tool is intended to be a starting point for mobile health app developers. The tool provides links to resources which app developers may learn more in-depth information about the applicable legal requirements. The release of the FTC tool follows the March 2016 release of guidance on mobile health apps by OCR.