A tricky issue for mobile health app developers since the Office for Civil Rights (OCR) released its first “Health App Use Scenarios & HIPAA” guidance back in 2016 has been deciphering whether the developer is a business associate if it offers its app on a consumer-facing basis as well as through covered entities (or their
API
“I Have an App for That”: ONC’s Information Blocking Rule and HIPAA Access Rights
By Elizabeth G. Litten on
A patient asks her doctor to send her test results to an app the patient has downloaded on her phone. The doctor worries that the app is not secure and that the patient might not understand the security risks. What should the doctor do?
Covered entity health care providers and their business associates likely need…