On August 5, 2016, the Centers for Medicare and Medicaid Services (CMS) published a Survey and Certification Memorandum (Notice) urging State health departments to enforce violations by nursing homes in posting patient images on social media. This development was interesting given that the Office for Civil Rights (OCR), the enforcer of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules, presumably should already be cracking down on any such violations of resident rights as a violation of HIPAA. According to Modern Healthcare, increased instances of nursing home staff inappropriately posting resident pictures on social media may have sparked this pronouncement by CMS.
Specifically, CMS will more strictly enforce, through State agencies, corrective actions to ensure that employee postings of residents in a degrading manner do not occur in the nursing home setting. Interestingly, the Notice does not discuss nursing homes reporting such employee conduct to OCR, but does indicate that employees should report such postings on social media of residents as abuse “to at least one law enforcement agency.” Continue reading Government Cracks Down On Nursing Home Use of Social Media
1. Since most text messaging is not a secure form of communication, it raises HIPAA concerns if any protected health information is included in the text message. There is the possibility of a data breach in the transmission of the text message, as well as in the event of a lost or stolen phone.
2. Relevant information about a patient may be omitted from the patient’s medical chart if it is communicated via text message. Text messages are difficult to print or archive, resulting in the information being lost or deleted. This can have adverse consequences in the patient’s care due failure to communicate important information regarding the patient to everyone who needs the information.
3. Important evidence may be lost, resulting in adverse consequences in the event of a lawsuit. Any time a lawsuit is anticipated, all relevant evidence must be preserved, including text messages. However, since the messages reside on individual employees’ phones, they may be omitted from the document preservation efforts, or accidentally (or intentionally) deleted by the employee. Such loss of evidence could result in the court’s imposition of an “adverse inference,” meaning that the jury must determine that lost evidence would have been adverse to the health care facility (even if that is not true).
The safest course is to ban text messaging in a health care setting. Health care facilities which allow the use of text messaging should implement policies and procedures to ensure that they avoid these problems.
One of the reasons why consumers, healthcare providers, investors, the government and others have been slow to adopt mobile health applications and software (apps), are concerns about the privacy and security of data collected through the apps. For instance, Appthority, a service provider that offers an app risk management solution, recently reported that the iPharmacy Drug Guide and Pill ID app “is playing fast and loose with your personal info.” www.appthority.com/news/mobile-threat-monday-android-app-leaks-your-medical-info-online. iPharmacy is a free app that allows consumers to maintain a personal health record on their prescription drugs, look up information on a drug, provide reminders, and maintain pharmacy discount cards. Continue reading mHealth App Use: Is Data Truly Protected?
Mobile health application developers, manufacturers, investors, healthcare providers and others received welcome news late last month when the U.S. Food and Drug Administration published its long-awaited final guidance on mobile medical applications under the Federal Food, Drug, and Cosmetic Act. It is vital for any app developer to understand whether the guidance applies to their product from the initial design stage. Those who are already marketing software and apps that involve healthcare should also review the guidance with care to try to determine how FDA’s new regime impacts both business plans and continuing operations.
Continue reading Mobile Medical Apps Guidance
Duane Morris, in conjunction with the Wharton Health Care Management Alumni Association and Locust Walk Partners, presented a networking reception and panel discussion of the key legal and business issues for mHealth app developers and entrepreneurs on Wednesday, June 26, 2013, at the University of Pennsylvania’s Bodek Lounge. Panelists discussed topics including healthcare industry trends and mHealth growth; investment and business trends; legal and regulatory issues; and healthcare IT and reimbursement issues.
Click here to see pictures of the event.
Mobile health (“mHealth”) medical app developers, including health information technology (“HIT”) and telemedicine app developers, tend to focus on FDA requirements. Indeed since many of these apps may be categorized as medical devices, and the FDA approval process is lengthy, developers are wise to focus on whether an app is regulated by the FDA. But a successful developer should also build privacy protections (e.g., privacy policies) and security protections (e.g., disaster recovery) into its product from the earliest stages. The Federal Trade Commission (“FTC”) calls this “Privacy By Design.” “Security By Design” is the corollary. Continue reading Attention mHealth, HIT and Telemedicine App Developers: Privacy and Security By Design Is Critical
Mobile health (“mHealth”, “telehealth” or any other terms for health care delivered wirelessly) is revolutionizing the health care industry. That message resounded at last week’s mHealth Summit, which gathered roughly 4,000 investors and angel-funders, telecom and software companies, and entrepreneurs and developers to share ideas and display new mHealth products. Hot mHealth areas include data analytics, texting and medical records. Home health and medical homes also stand to benefit with the introduction of products designed to submit protected health information (“PHI”) and other data between patient and provider. Continue reading mHealth/Telehealth Investors and Entrepreneurs: The Generational Divide
Last month, top health care investors and entrepreneurs came together with hospital, payor and government leaders at a conference sponsored by the University of Pennsylvania’s Wharton Healthcare Management Alumni Association to discuss the restructuring of the health care system. Jonathan Blum, CMS Deputy Administrator and Director of the Center of Medicare participated on a panel about about macro health care system changes and one of the key take aways was not surprisingly, that change in the health care system is all about the data. Continue reading Medicare and Health Care Reform: Why Isn’t Real Time Data a Priority?
Health care payors (plans, insurers) are emerging quickly as one of the dominant players in the mobile health (mHealth) marketplace. Apps to exchange information with patients regarding appointment reminders, to coordinated care among various providers for diabetes and other conditions, and to provide patients with personal health records (PHRs) are becoming all the rage. Payors command a unique place in the healthcare industry; not only do they receive and distribute the healthcare dollars but they maintain deep files of information on the consumers whose care they pay for. With their reserves of funds, payors are also uniquely positioned to invest in the use of mobile health in the delivery of health care. They can develop and distribute apps from basic-to-sophisticated, from those that merely provide good diet tips to beneficiaries, to those that collect and transmit critical health data to physicians and other providers. They can also incentivize beneficiaries to adopt mHealth solutions by, for instance, offering to reduce premiums in exchange for compliant behavior. Further, the employers who pay for health coverage may incentivize, or penalize, employees that do not utilize mHealth tools offered by payors.
Continue reading Health Plans Jump Into The Mobile Health (mHealth) Market – How Much Will Providers Have To Pay?
The relationship between privacy and mobile applications is coming into focus. On February 27, 2012, the California Attorney General entered into a Joint Statement of Principles with the six largest mobile application companies – Apple, Google, H-P, Microsoft, Amazon and RIM – regarding consumer privacy and transparency issues when data is collected through an app. http://ag.ca.gov/cms_attachments/press/pdfs/n2647_agreement.pdf. The Five Principles set parameters for good practice. Although not legally binding, the AG promises to review compliance in the fall, and may use California laws on privacy, false advertising, unfair business practices and others as enforcement tools. Since California often leads the way in privacy enforcement it is likely that other states will follow suit.
Continue reading California Spotlights Mobile Applications and Privacy: The Impact on the App (Including the mHealth) Industry