As health information technology (HIT) becomes a more accepted part of modern life, federal regulators and legislators are showing increased interest in regulating it. Keep an eye out for future actions to establish rules governing mobile health applications, the privacy of sensitive health information and health information exchanges (HIE).

FDA: Regulation of Mobile Medical Apps

HIT experts will be watching closely to see how the Food and Drug Administration (FDA) implements Section 616 of the FDA Safety and Innovation Act. 

That part of the bill, which was signed into law by President Obama in July, establishes a framework for government oversight of the safety and functionality of HIT applications, including medical apps used on mobile computing devices.

According to Health Data Management, S. 3187 gives the Department of Health and Human Services 18 months to come up with a proposed strategy and recommendations for a “risk-based regulatory framework” pertaining to HIT. In the meantime, however, the FDA can move ahead with plans to regulate mobile health solutions.

Jeffrey Shuren, who leads the FDA’s Center for Devices and Radiological Health, recently told NPR that the FDA doesn't want to regulate all apps, just those that act as medical devices or contribute to clinical decision making. Health and wellness apps or apps that help users manage their own medical conditions won't fall under the FDA’s purview, he said.

Franken: Privacy on Portable Devices

Meanwhile, Sen. Al Franken (D-MN) has introduced legislation requiring that sensitive health information on portable devices be encrypted. According to a HIMSS news brief, Franken maintains that encryption of sensitive data is an industry best practice. 

He points out, for example, that encryption will be part of the criteria for participating in the Nationwide Health Information Network. 

In addition, participants in the Medicare and Medicaid electronic health record incentive programs will be required to conduct a security risk analysis that includes encryption practices.

ONC: Proposed HIE Regulations

Proposed regulations for HIEs are causing concern at the eHealth Initiative (eHI), a national organization representing stakeholders in the health care industry. The group warns that a proposed HIE governance approach recently released by the Office of the National Coordinator for HIT (ONC) would overregulate an activity that is still evolving. 

As a result, says eHI, ONC could unintentionally stifle innovation and hinder the growth of data exchange.

“We strongly recommend that ONC take a step back, seek more input from additional stakeholders, and develop a revised approach that better supports the acceleration of trusted data exchange,” said Jennifer Covich Bordenick, eHI's chief executive officer.