Skip to main content
For Legal Professionals
Find a Lawyer
Please enter a legal issue and/or a location
Begin typing to search, use arrow keys to navigate, use enter to select

Find a Lawyer

More Options

New Guidelines for Health App Developers

By Christopher Coble, Esq. on March 04, 2016 | Last updated on March 21, 2019

Current estimates value the health app market at around $10 billion. Everyone wants to get in shape, and they want easy access to their health data to help boost their fitness and wellbeing. The trick is giving them access to that data, and storing it, without violating medical privacy laws.

Faced with the uncertainty of whether federal statutes like HIPAA apply to health tracking apps, the Department of Health and Human Services released new guidance to developers and vendors to make sure their health apps are HIPAA-compliant. Here's what you need to know:

Is HIPAA Hungry for You?

The most important question for health app developers is whether they need to comply with the Health Insurance Portability and Accountability Act. HIPAA governs the collection, storage, and sharing of a person's private medical information.

Generally, HIPAA only applies to health plans, health care clearinghouses, and most health care providers. But HIPAA can also apply to business associates of those entities, like those creating or offering an app on behalf of covered entities. According to the guidelines, "a business associate is a person [or entity] who creates, receives, maintains or transmits protected health information (PHI) on behalf of a covered entity or another business associate."

Clientele Questionnaire

As the guidelines point out, there is no bright-line rule for determining whether your app will be covered by HIPAA. But it does provide a set of questions that can help you figure it out. Among them:

"Are your clients covered entities?"

"Were you hired by, or are you paid for your service or product by, a covered entity? Or another business contracted to a covered entity?"

"Does a covered entity (or a business associate acting on its behalf) direct you to create, receive, maintain or disclose information related to a patient or health plan member?"

Generally speaking, if you're offering services directly to consumers, and collecting health information only for them or on their behalf, you're probably not subject to HIPAA regulations.

Even so, the privacy of your customers' data should be your highest priority. So if you're creating an app, especially a health-related one, you might want to discuss the legal issues with an experienced business attorney.

Follow FindLaw for Consumers on Google+.

Related Resources:

You Don’t Have To Solve This on Your Own – Get a Lawyer’s Help

Meeting with a lawyer can help you understand your options and how to best protect your rights. Visit our attorney directory to find a lawyer near you who can help.

Or contact an attorney near you:
Copied to clipboard