Mobile phones - Data protection blog

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) recently published two guidance documents to aid organizations in complying with HIPAA.

As we reported on the Health Law Pulse blog, the HIPAA Security Rule Crosswalk to NIST Cybersecurity Framework compares the standards set forth in the NIST Cybersecurity Framework to the HIPAA Security Rule, in order to enable organizations to identify potential gaps in their security programs and better ensure compliance with the Security Rule and the ability to secure electronic protected health information (ePHI) from a broad range of threats.

The second guidance document, Health App Use Scenarios and HIPAA, was posted on OCR’s health app developer portal, which we previously covered on our blog.  The stated purpose of the guidance is to provide scenarios in which the HIPAA regulations might apply to mobile health applications. The guidance analyzes various scenarios to determine whether, based on the facts presented in each scenario, the app developer is a HIPAA business associate, providing clarity to developers that may be unaware of current or potential HIPAA compliance obligations.

More information about both guidance documents can be found here.

To subscribe for updates from our Data Protection Report blog, visit the email sign-up page.