Mobile health (“mHealth”) medical app developers, including health information technology (“HIT”) and telemedicine app developers, tend to focus on FDA requirements. Indeed since many of these apps may be categorized as medical devices, and the FDA approval process is lengthy, developers are wise to focus on whether an app is regulated by the FDA. But a successful developer should also build privacy protections (e.g., privacy policies) and security protections (e.g., disaster recovery) into its product from the earliest stages. The Federal Trade Commission (“FTC”) calls this “Privacy By Design.” “Security By Design” is the corollary. The idea is to design the product service with privacy and security protections in place, to avoid major modifications down the road and regulatory hurdles. Many developers say, “Of course I’ll take care of privacy and security - the data is encrypted.” That’s great but it’s not enough. If HIPAA applies, there are a long list of privacy and security standards to address. If HIPAA does not apply, the FTC and other agencies may step in with their own requirements. The goal of Privacy and Security By Design is to avoid the avoidable – a privacy or security violation or breach that slows down and even stops the success of a product on the market. It’s competitive out there for mHealth, HIT and telemedicine app developers, and the edge is important.
03 May · Fri 2013
Attention mHealth, HIT and Telemedicine App Developers: Privacy and Security By Design Is Critical
09 Feb · Thu 2012
IRS Issues Device Tax Proposed Rule
29 Jul · Fri 2011
FDA Plans to Regulate Mobile Medical Apps
Within the past week or so, the FDA has issued draft guidelines concerning mobile medical applications or “apps,” as they are more commonly referred to. Medical apps are sold for devices such as Apple’s iPad and iPhone, Blackberry phones, and phones using Google’s Android software.[Read More]