Look Before Your Leap into mHealth

April 27, 2016

Before you decide to create your killer mobile health app, this lawyer advises you look at the FTC's guidance on developing one.

It is an exciting time to be at the intersection of health and technology in this country.  Everyone is interested in what new technology might offer to the patients and healthcare entities, including providers, insurers, investors, software developers, manufacturers, and many others.  Many of my physician clients have come up with great ideas to better serve their patients, particularly as it relates to the use of health apps that manage chronic medical conditions, track fitness, or offer other benefits.

Unlike developing games or shopping apps, there are numerous laws and governmental limitations that apply in the world of healthcare.  It is these laws of which providers and others with the desire to create an app need to be aware.

To make things a little easier, the Federal Trade Commission (FTC) has recently released new guidance for developers of mobile health apps. These guidelines were developed in conjunction with the Department of Health and Human Services Office of National Coordinator for Health Information Technology (OCR) and the Food and Drug Administration (FDA).  You can try the Mobile Health Apps Interactive Tool here.

The goal of the FTC guidance is to help developers understand what rules might apply to their health app by asking questions about the app's functions, the data it collects and what services it will offer to users.  The app will then point the developer to potential laws that might apply, such as the FTC Act, FTC Health Breach Notification Rule, HIPAA, or the Federal Food, Drug and Cosmetics Act (FD&C Act).

The FTC also released a new publication called Start with Security: A Guide for Business,which offers tips on how to best meet data security requirements, and which tailors the advice for health app developers.

Questions the publication raises include the following:

1. Does the app you have created really need to collect and retain patient data? If so, are you taking the right steps to retain and protect that information? 

2. Does you app default to privacy-protective settings or does it access information it does not really need (user contacts).

3. Have you invested in software that will authenticate the user to limit inappropriate access to a user's account? What are the password requirements and security requirements? Does your app store passwords?

These are just a few of the many questions that need to be asked by any provider developing a health app, in order to assure compliance with various healthcare laws.  The FTC's interactive tool is certainly a good place to start.

There are also numerous other legal implications not covered by the FTC questions which relate to the financial relationships between the parties investing in, developing, and testing a health app or any other healthcare venture or start-up.  This might include state and federal self-referral and kickback laws, state professional licensing laws, and many other regulations.  Make sure you talk to counsel about these potential issues before you invest too much time and money in developing your great health app ideas.

While it's certainly an exciting time to develop innovative health apps and other mHealth tools, make sure you do your homework before you get started!