Embed Size (px)
Citation preview
Health Data Privacy Regulation
David Harlow JD MPHTHE HARLOW GROUP LLC
blog • healthblawg.com
twitter • @healthblawg Cambridge MA1.22.2015
Photo: CC: http://www.flickr.com/photos/aigle_dore/6672141083
HIPAA Highlights
PHI
CE
BA
Breach Notification
•Patients
•Government
•Press (>500)
Enforcement (OCR/AGs)
•BA Primary Liability
•Downstream responsibility
•Audits, Complaint Investigations, Fines
TPO
BAA
NPP
Authorization/Consent
Security
•Administrative
•Technical
•Physical
•>> Risk Assessment
Privacy
•Minimum Necessary for TPO
•Patient Access
•Opt-In for Research, Marketing, Fundraising
Wall of Shame
Deidentification
Photo: CC: http://www.flickr.com/photos/hape_gera/3281625420
It’s not ALL about HIPAA
When is an app or a device regulated?
Guidance Index: http://j.mp/FDAmeddevice
mHealth Guidance: http://j.mp/FDAmHealth
Wellness – Low Risk Device Guidance:http://j.mp/FDAwellness
Most Apps Won’t Require FDA Regulation
Source: John “Pharmaguy” Mack’s Pharma Marketing Blog
FTC BreachNotification Rule
for PHRs
State Rules on Data Privacy
Including“Sensitive” Health Data
Lockdown vs. Open Door
A Formula for Patient-Centric mHealth Apps
Quality mHealth App = Satisfy Patients’ Needs§ +
Transparency + Reliable Health Data Management*
§Satisfy Patients’ Needs =
Useful Functionality + Efficacy
*Reliable Health Data Management =
Good Privacy Practices + Data Security
Source: John “Pharmaguy” Mack’s Pharma Marketing Blog
Formula for Patient-Centric mHealth Apps
Clear Expectations => No Surprises
The Inevitability of Digital Health
Photo: CC: http://www.flickr.com/photos/aigle_dore/6672141083
for contact info txt dharlow to 50500or scan the QR code
harlowgroup.nethealthblawg.com
twitter.com/[email protected]
Thank YouDavid Harlow JD MPH
THE HARLOW GROUP LLC
