How to Find Out If Your Mobile Health App Meets FTC Guidelines
Mobile health apps are popular and plentiful. From tracking your calorie count and heart rate to monitoring blood glucose levels and medication intake, it’s estimated there are more than 165,000 mHealth apps available, according to a study conducted by the IMS Institute for Healthcare Informatics. However, the rapidly growing number of mHealth apps can present an overwhelming choice for consumers. Which ones are really safe and accurate? While many mobile apps are low risk, those that could potentially cause harm require federal government review.
How do you know if the health-related app you’re working on—or using—falls under federal guidelines?
To help mobile app developers understand what federal laws and regulations they need to follow, the Federal Trade Commission has created a new web-based tool for developers of health-related mobile apps. It’s not meant to take the place of actual legal advice but to provide a snapshot of which federal laws might apply, from which source: the FTC Act, the FTC’s Health Breach Notification Rule, the Health Insurance Portability and Accountability Act (HIPAA), and the Federal Food, Drug and Cosmetics Act (FD&C Act).
Here’s how it works: The tool asks developers the following ten high-level questions about their app. Based on the developer’s answers, the guidance will point toward detailed information about federal laws that might apply.
- Do you create, receive, maintain, or transmit identifiable health information?
- Are you a health care provider or health plan?
- Do consumers need a prescription to access your app?
- Are you developing this app on behalf of a HIPAA covered entity (such as a hospital, doctor’s office, health insurer, or health plan’s wellness program)?
- Is your app intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment or prevention of disease?
- Does your app pose “minimal risk” to a user?
- Is your app a “mobile medical app?
- Are you a nonprofit organization?
- Are you developing this app as or on behalf of a HIPAA covered entity (such as a hospital, doctor’s office, health insurer, or health plan’s wellness program)?
- Do you offer health records directly to consumers (or do you interact with or offer services to someone who does)?
Since health information is also highly sensitive, the FTC also issued a new best practices primer on building privacy and security into health apps.
