Health IT Pulse

Mar 30 2012   8:36AM GMT

The ABCs of federal regulation for mobile devices in health care

AnneSteciw Profile: AnneSteciw

Tags:
FCC
FDA
FTC
medical device security
mobile device management
nist
Office for Civil Rights

If it takes a village of federal agencies to raise the HITECH Act, it takes an alphabet soup of national departments to regulate the use of mobile devices in health care.

During the first panel session of the ONC’s Mobile Devices Roundtable event, representatives from five federal offices explained their department’s role in setting the regulatory framework for using mobile devices in health care, specifically with regard to the privacy and security of protected health information (PHI).

Federal Communications Commission (FCC)

The FCC authorizes a variety of RF-based medical devices, under part 95 of its rules, including implanted medical devices as well as patient monitoring devices. The FCC authorizes carriers whose networks are used by many mobile devices in health care to access, transmit or store information. The FCC also establishes the technical rules used by Wi-Fi or other similar networks for short transmissions.

Food and Drug Administration (FDA)

The FDA aims to promote and protect public health. To that end, the administration is concerned with any technology — including phones and other mobile devices — that is used for treating disease in patients. The FDA looks at the effectiveness of a medical device as well as the risk — including security and privacy risk — the device could bring to patients.

Last year the FDA released a draft guidance document on mobile medical applications. Right now the administration is looking at non-traditional ways of finding a good balance between the benefits and risks associated with using mobile devices in health care, said Bakul Patel, policy advisor for the FDA’s Center for Devices and Radiological Health (CDRH).

Federal Trade Commission (FTC)

The FTC attempts to combat unfair or deceptive practices, so any false or misleading claims or omissions of material facts in relation to a mobile device or app could fall under FTC jurisdiction.

Cora Tung Han from the FTC’s Division of Privacy and Identity Protection cited two recent cases of enforcement involving mobile devices used for the purpose of health care. The first involved an app that claimed to treat acne through a light emitted from the mobile device. The second case was against the developer of a peer-to-peer file sharing app that caused consumers to unwittingly share personal information on their mobile device.

One of the key elements that brings mobile devices under FTC jurisdiction, said Han, is if they make representations — including in the privacy policy or settings — about what they do.

Office for Civil Rights (OCR)

Described by deputy director Susan McAndrew as the “cops” of privacy and security in health care, the OCR, within the U.S. Department of Health and Human Services, is charged with enforcing HIPAA regulations. Mobile devices being used in health care are subject to HIPAA rules, said McAndrew, so it’s important to apply the same privacy and security protections that would be used with enterprise equipment, such as computers.

Since mobile devices are especially susceptible to being lost or stolen, said McAndrew, OCR recommends taking all reasonable precautions to secure them. Though encryption is not required by HIPAA, it’s a good idea to encrypt mobile devices if it’s reasonable to do so, she added. Using other data security strategies such as user authentication and role-based access at the system level is also a good idea, McAndrew noted.

National Institute of Standards and Technology (NIST)

NIST, a non-regulatory federal agency within the U.S. Department of Commerce, is concerned with measurement, standards and testing. The institute produces a variety of publications related to computer security, said Tim Grance, senior computer scientist with NIST, including some with mobile security guidance.

When asked how mobile devices play into risk assessment for health care, Grance recommended taking an enterprise-wide view of the devices, examining the issues and threats that come with them and considering the context of their use.

11  Comments on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • Mike Wisz
    The ABCs of federal regulation for #mobile devices in health care http://t.co/1lIky1tV #HealthIT #HITsm #hcsm #mHealth
    0 pointsBadges:
    report
  • Murphy Palmer
    The ABCs of federal regulation for mobile devices in health care - Health IT Pulse http://t.co/UH8nIE7n via @addthis
    0 pointsBadges:
    report
  • Jenny Laurello
    RT @CraigByer: Examining federal regulations for #mobile devices in health care: http://t.co/kwN5Xkwq #mHealth #HealthIT #HITsm
    0 pointsBadges:
    report
  • SearchHealthIT
    The ABCs of federal regulations for #mHealth http://t.co/DvCEh7Et #HITpol
    0 pointsBadges:
    report
  • Pivasys
    RT: SearchHealthIT: The ABCs of federal regulations for #mHealth http://t.co/nU7BExpF #HITpol
    0 pointsBadges:
    report
  • par8o
    We're interested to see what the future brings. RT @HITexchange The ABCs of federal regulations for #mHealth http://t.co/orLZXqFQ #HITpol
    0 pointsBadges:
    report
  • Gabriella Groeneweg
    The ABCs of federal regulation for mobile devices in health care http://t.co/FlDkKUTK
    0 pointsBadges:
    report
  • Luca M. Sergio
    The ABCs of federal regulations for #mHealth http://t.co/k66tllUF #HITpol http://t.co/meISDfix
    0 pointsBadges:
    report
  • Fortrex
    The ABCs of federal regulation for #mobile devices in health care http://t.co/1lIky1tV #HealthIT #HITsm #hcsm #mHealth
    0 pointsBadges:
    report
  • Fortrex
    The ABCs of federal regulation for mobile devices in health care - Health IT Pulse http://t.co/6ldCw4mu I see a problem here
    0 pointsBadges:
    report
  • Supporting mobile device usage in a health care setting - Bring Your Own Device
    [...] The ABCs of federal regulation for mobile devices in health care [...]
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: