industry(leading(education( …...– $27.3b market by 2016 (bcc research) – growth rate at 22%...
TRANSCRIPT
![Page 1: Industry(leading(Education( …...– $27.3B market by 2016 (BCC Research) – Growth rate at 22% through 2014 (RNCOS) • Simultaneous contraction in hospital-based and other traditional](https://reader033.vdocument.in/reader033/viewer/2022042417/5f33017d2c76cd73a65875ec/html5/thumbnails/1.jpg)
855.85HIPAA www.compliancygroup.com
Industry leading Education
Certified Partner Program
• Please ask questions • For todays Slides http://compliancy-‐group.com/slides023/ • Todays & Past webinars go to: http://compliancy-‐group.com/webinar/
![Page 2: Industry(leading(Education( …...– $27.3B market by 2016 (BCC Research) – Growth rate at 22% through 2014 (RNCOS) • Simultaneous contraction in hospital-based and other traditional](https://reader033.vdocument.in/reader033/viewer/2022042417/5f33017d2c76cd73a65875ec/html5/thumbnails/2.jpg)
www.duanemorris.com
©2011 Duane Morris LLP. All Rights Reserved. Duane Morris is a registered service mark of Duane Morris LLP. Duane Morris – Firm and Affiliate Offices | New York | London | Singapore | Los Angeles | Chicago | Houston | Hanoi | Philadelphia | San Diego | San Francisco | Baltimore | Boston | Washington, D.C.
Las Vegas | Atlanta | Miami | Pittsburgh | Newark | Boca Raton | Wilmington | Cherry Hill | Princeton | Lake Tahoe | Ho Chi Minh City | Duane Morris LLP – A Delaware limited liability partnership
Lisa W. Clark, Esquire C. Mitchell Goldman, Esquire
Mobile Health and What It Means To You
Compliance Group Webinar
September 17, 2013
![Page 3: Industry(leading(Education( …...– $27.3B market by 2016 (BCC Research) – Growth rate at 22% through 2014 (RNCOS) • Simultaneous contraction in hospital-based and other traditional](https://reader033.vdocument.in/reader033/viewer/2022042417/5f33017d2c76cd73a65875ec/html5/thumbnails/3.jpg)
www.duanemorris.com
This presentation • Background on mHealth • Examination of Regulatory Requirements
– Focus on privacy and security issues
• Conclusions/Recommendations • DO NOT KILL THE MESSENGER!
3 ©2011 Duane Morris LLP. All Rights Reserved. Duane Morris is a registered service mark of Duane Morris LLP.
![Page 4: Industry(leading(Education( …...– $27.3B market by 2016 (BCC Research) – Growth rate at 22% through 2014 (RNCOS) • Simultaneous contraction in hospital-based and other traditional](https://reader033.vdocument.in/reader033/viewer/2022042417/5f33017d2c76cd73a65875ec/html5/thumbnails/4.jpg)
www.duanemorris.com
What is mHealth?
• mHealth – is health care delivered wirelessly – facilitates the delivery and support of health
data through data exchange – is replacing bricks-and-mortar health care
delivery
4 ©2011 Duane Morris LLP. All Rights Reserved. Duane Morris is a registered service mark of Duane Morris LLP.
![Page 5: Industry(leading(Education( …...– $27.3B market by 2016 (BCC Research) – Growth rate at 22% through 2014 (RNCOS) • Simultaneous contraction in hospital-based and other traditional](https://reader033.vdocument.in/reader033/viewer/2022042417/5f33017d2c76cd73a65875ec/html5/thumbnails/5.jpg)
www.duanemorris.com
Terms and Subsets • General mHealth –related terms, used loosely
– Health Information Technology (HIT), – Telemedicine, – Telehealth, – Wireless Health, – eHealth, – Digital Health
• Kinds of mHealth products and services – Can be mobile app, web-based, or desktop – Examples: Personal health records, devices to gather health information
(e.g., for weight or diabetes management) physician-patient engagement products, records access and storage for clinicians, clinical decision support (CDS) etc.
– REMEMBER THE DEFINITION OF MHEALTH
5 ©2011 Duane Morris LLP. All Rights Reserved. Duane Morris is a registered service mark of Duane Morris LLP.
![Page 6: Industry(leading(Education( …...– $27.3B market by 2016 (BCC Research) – Growth rate at 22% through 2014 (RNCOS) • Simultaneous contraction in hospital-based and other traditional](https://reader033.vdocument.in/reader033/viewer/2022042417/5f33017d2c76cd73a65875ec/html5/thumbnails/6.jpg)
www.duanemorris.com
Economic Shifts • Expected growth in mHealth:
– $27.3B market by 2016 (BCC Research) – Growth rate at 22% through 2014 (RNCOS)
• Simultaneous contraction in hospital-based
and other traditional healthcare services (physician visits, etc.).
6 ©2011 Duane Morris LLP. All Rights Reserved. Duane Morris is a registered service mark of Duane Morris LLP.
![Page 7: Industry(leading(Education( …...– $27.3B market by 2016 (BCC Research) – Growth rate at 22% through 2014 (RNCOS) • Simultaneous contraction in hospital-based and other traditional](https://reader033.vdocument.in/reader033/viewer/2022042417/5f33017d2c76cd73a65875ec/html5/thumbnails/7.jpg)
www.duanemorris.com
Who uses mHealth? 1. Consumers (for themselves)
- Weight apps 2. Consumers-Providers/Providers-Consumers
- Glucose meters - Telepsychiatry
3. Providers-Providers - Teleradiology
4. Payors-Providers, Payors-Consumers
7 ©2011 Duane Morris LLP. All Rights Reserved. Duane Morris is a registered service mark of Duane Morris LLP.
![Page 8: Industry(leading(Education( …...– $27.3B market by 2016 (BCC Research) – Growth rate at 22% through 2014 (RNCOS) • Simultaneous contraction in hospital-based and other traditional](https://reader033.vdocument.in/reader033/viewer/2022042417/5f33017d2c76cd73a65875ec/html5/thumbnails/8.jpg)
www.duanemorris.com 8 ©2011 Duane Morris LLP. All Rights Reserved. Duane Morris is a registered service mark of Duane Morris LLP.
![Page 9: Industry(leading(Education( …...– $27.3B market by 2016 (BCC Research) – Growth rate at 22% through 2014 (RNCOS) • Simultaneous contraction in hospital-based and other traditional](https://reader033.vdocument.in/reader033/viewer/2022042417/5f33017d2c76cd73a65875ec/html5/thumbnails/9.jpg)
www.duanemorris.com 9 ©2011 Duane Morris LLP. All Rights Reserved. Duane Morris is a registered service mark of Duane Morris LLP.
![Page 10: Industry(leading(Education( …...– $27.3B market by 2016 (BCC Research) – Growth rate at 22% through 2014 (RNCOS) • Simultaneous contraction in hospital-based and other traditional](https://reader033.vdocument.in/reader033/viewer/2022042417/5f33017d2c76cd73a65875ec/html5/thumbnails/10.jpg)
www.duanemorris.com 10 ©2011 Duane Morris LLP. All Rights Reserved. Duane Morris is a registered service mark of Duane Morris LLP.
![Page 11: Industry(leading(Education( …...– $27.3B market by 2016 (BCC Research) – Growth rate at 22% through 2014 (RNCOS) • Simultaneous contraction in hospital-based and other traditional](https://reader033.vdocument.in/reader033/viewer/2022042417/5f33017d2c76cd73a65875ec/html5/thumbnails/11.jpg)
www.duanemorris.com
The mHealth Stakeholders 1. Device/software developers and sellers 2. Investors 3. Payors 4. Providers 5. Consumers 6. Others:
1. Standard setting organization, academia, telecom, private organizations
7. Government
11 ©2011 Duane Morris LLP. All Rights Reserved. Duane Morris is a registered service mark of Duane Morris LLP.
![Page 12: Industry(leading(Education( …...– $27.3B market by 2016 (BCC Research) – Growth rate at 22% through 2014 (RNCOS) • Simultaneous contraction in hospital-based and other traditional](https://reader033.vdocument.in/reader033/viewer/2022042417/5f33017d2c76cd73a65875ec/html5/thumbnails/12.jpg)
www.duanemorris.com
The Regulatory Environment • Complex and disorganized • High government interest • Knowing the rules can
– Make or break a new product/service – Reduce investor risk – Reduce costs and delays for purchasers – Provide opportunities for streamlining health care costs
12 ©2011 Duane Morris LLP. All Rights Reserved. Duane Morris is a registered service mark of Duane Morris LLP.
![Page 13: Industry(leading(Education( …...– $27.3B market by 2016 (BCC Research) – Growth rate at 22% through 2014 (RNCOS) • Simultaneous contraction in hospital-based and other traditional](https://reader033.vdocument.in/reader033/viewer/2022042417/5f33017d2c76cd73a65875ec/html5/thumbnails/13.jpg)
www.duanemorris.com
mHealth/Government Interest … • The Food and Drug Administration Safety
Innovation Act (FDASIA) Workgroup: – “charged with providing expert input on issues and concepts
identified by the Food and Drug Administration (FDA), Office of the National Coordinator for Health IT (ONC), and the Federal Communications Commission (FCC) to in order to inform the development of a report on an appropriate, risk-based regulatory framework pertaining to health information technology including mobile medical applications that promotes innovation, protects patient safety, and avoids regulatory duplication.”
– First meeting was on April 29, 2013. Slides from meeting are at www.healthit.gov/sites/default/files/fdasia_kickoff_faca_slides.pdf
13 ©2011 Duane Morris LLP. All Rights Reserved. Duane Morris is a registered service mark of Duane Morris LLP.
![Page 14: Industry(leading(Education( …...– $27.3B market by 2016 (BCC Research) – Growth rate at 22% through 2014 (RNCOS) • Simultaneous contraction in hospital-based and other traditional](https://reader033.vdocument.in/reader033/viewer/2022042417/5f33017d2c76cd73a65875ec/html5/thumbnails/14.jpg)
www.duanemorris.com
mHealth/Government Interest
• 62 government committees (!) looking at mHealth/HIT.
• Congress – three days of hearings in mid-
March 2013
14 ©2011 Duane Morris LLP. All Rights Reserved. Duane Morris is a registered service mark of Duane Morris LLP.
![Page 15: Industry(leading(Education( …...– $27.3B market by 2016 (BCC Research) – Growth rate at 22% through 2014 (RNCOS) • Simultaneous contraction in hospital-based and other traditional](https://reader033.vdocument.in/reader033/viewer/2022042417/5f33017d2c76cd73a65875ec/html5/thumbnails/15.jpg)
www.duanemorris.com
Privacy, Security and Data Protection • What are the required, recommended and best
privacy and security protections for a particular mHealth product or service?
• The steps: – Determine how patient data flows in and out – Identify each use as well as each disclosure – Determine legal or appropriate privacy and security
protections
15 ©2011 Duane Morris LLP. All Rights Reserved. Duane Morris is a registered service mark of Duane Morris LLP.
![Page 16: Industry(leading(Education( …...– $27.3B market by 2016 (BCC Research) – Growth rate at 22% through 2014 (RNCOS) • Simultaneous contraction in hospital-based and other traditional](https://reader033.vdocument.in/reader033/viewer/2022042417/5f33017d2c76cd73a65875ec/html5/thumbnails/16.jpg)
www.duanemorris.com
I Feel Great Weight Management Software Tool
I Feel Great Consultants
Government
Other Providers
Advertisers
Employers
1. Confirmation of Medical Necessity
1. Claim information
1. Prescription
II Feel Great
Insurer
Dispensing Pharmacy
Me, the Patient
My Physician 1. Daily
Data Exchange 1. Prescription
2. Daily Data Exchange
1. Data Analyzed/ Clinical Decision Support
* This diagram includes examples of types of data flow for illustration purposes only.
16 ©2011 Duane Morris LLP. All Rights Reserved. Duane Morris is a registered service mark of Duane Morris LLP.
![Page 17: Industry(leading(Education( …...– $27.3B market by 2016 (BCC Research) – Growth rate at 22% through 2014 (RNCOS) • Simultaneous contraction in hospital-based and other traditional](https://reader033.vdocument.in/reader033/viewer/2022042417/5f33017d2c76cd73a65875ec/html5/thumbnails/17.jpg)
www.duanemorris.com
• Food & Drug Administration (FDA) • Health and Human Services (HHS)
– Office of the National Coordinator (ONC) – centralized agency, predominately privacy and security
– Centers for Medicare and Medicaid Services (CMS) – reimbursement, fraud
• Federal Trade Commission (FTC) • Department of Homeland Security • Other
– Federal Communications Commission (FCC) – Department of Commerce (National Telecommunications and
Information Administration) – States
17 ©2011 Duane Morris LLP. All Rights Reserved. Duane Morris is a registered service mark of Duane Morris LLP.
Until We Have Clarity On Regulatory Framework for mHealth, What Agencies Are Regulating It?
![Page 18: Industry(leading(Education( …...– $27.3B market by 2016 (BCC Research) – Growth rate at 22% through 2014 (RNCOS) • Simultaneous contraction in hospital-based and other traditional](https://reader033.vdocument.in/reader033/viewer/2022042417/5f33017d2c76cd73a65875ec/html5/thumbnails/18.jpg)
www.duanemorris.com
FDA Regulation • “Device” – Section 201(h) of the Federal Food,
Drug, and Cosmetic Act (the Act): an instrument, apparatus, implement, machine, contrivance,
implant, in vitro reagent, or other similar or related article, including any component, part, or accessory, which is—
… intended for use in the diagnosis of disease or other conditions, or in the cure,
mitigation, treatment, or prevention of disease, in man or other animals, or intended to affect the structure or any function of the body of man or other
animals …
• Devices are regulated under 3 classifications.
18 ©2011 Duane Morris LLP. All Rights Reserved. Duane Morris is a registered service mark of Duane Morris LLP.
![Page 19: Industry(leading(Education( …...– $27.3B market by 2016 (BCC Research) – Growth rate at 22% through 2014 (RNCOS) • Simultaneous contraction in hospital-based and other traditional](https://reader033.vdocument.in/reader033/viewer/2022042417/5f33017d2c76cd73a65875ec/html5/thumbnails/19.jpg)
www.duanemorris.com
FDA Regulation • Classes:
– Class I – least risky; typically do not require prior FDA review or approval
– Class II – more risky – typically require FDA clearance of a “Premarket Notification” Submission or “510(k)” Standard for clearance of 510(k) – “substantial equivalence” to
an already lawfully marketed device – Class III – most risky – require approval of a Premarket Approval
Application (PMA) – Standard of approval – reasonable assurance of safety and
effectiveness, based on clinical investigations
• Unclassified
19 ©2011 Duane Morris LLP. All Rights Reserved. Duane Morris is a registered service mark of Duane Morris LLP.
![Page 20: Industry(leading(Education( …...– $27.3B market by 2016 (BCC Research) – Growth rate at 22% through 2014 (RNCOS) • Simultaneous contraction in hospital-based and other traditional](https://reader033.vdocument.in/reader033/viewer/2022042417/5f33017d2c76cd73a65875ec/html5/thumbnails/20.jpg)
www.duanemorris.com
FDA Activity Applicable to mHealth
• No overview policy. • FDA has stated that it has approved over 75 mHealth
devices. No identification. • July 2011 – “Draft Guidance on Mobile Medical
Applications (MMAs); waiting for final guidance due 9/13 • June 14, 2013 – “Draft Guidance for the Content of
Premarket Submissions for Management of Cybersecurity in Medical Devices”
• August 14, 2013 – “Guidance on Radio Frequency Wireless Technology in Medical Devices”
20 ©2011 Duane Morris LLP. All Rights Reserved. Duane Morris is a registered service mark of Duane Morris LLP.
![Page 21: Industry(leading(Education( …...– $27.3B market by 2016 (BCC Research) – Growth rate at 22% through 2014 (RNCOS) • Simultaneous contraction in hospital-based and other traditional](https://reader033.vdocument.in/reader033/viewer/2022042417/5f33017d2c76cd73a65875ec/html5/thumbnails/21.jpg)
www.duanemorris.com
FDA on Security and Data Protection
• “Draft Guidance for the Content of Premarket Submissions for Management of Cybersecurity in Medical Devices” (6/13)
• FDA expects that manufacturers will – to take proactive approach to cybersecurity by considering it in the design
phase. – include cybersecurity risk analysis and management plan as part of risk
analysis required by regulation should define and document, e.g., assessment of threats and
vulnerabilities, traceability matrix from cybersecurity controls to risks, etc.
– For more information, see http://www.duanemorris.com/alerts/fda_draft_guidance_details_key_cybersecurity_management_measures_4959.html
21 ©2011 Duane Morris LLP. All Rights Reserved. Duane Morris is a registered service mark of Duane Morris LLP.
![Page 22: Industry(leading(Education( …...– $27.3B market by 2016 (BCC Research) – Growth rate at 22% through 2014 (RNCOS) • Simultaneous contraction in hospital-based and other traditional](https://reader033.vdocument.in/reader033/viewer/2022042417/5f33017d2c76cd73a65875ec/html5/thumbnails/22.jpg)
www.duanemorris.com
FDA on Security and Data Protection
• July 29, 2013 - FDA issued Recall notice for Picis ED PulseCheck software, owned by UnitedHealth Group – Picis ED PulseCheck - software used in ED – Error in software caused doctor’s notes re patient
prescriptions to drop out of electronic record files – Product recalled, used in 20 states; digital fix issued
and problem resolved – More FDA recalls and enforcement actions (and
malpractice litigation) expected
22 ©2011 Duane Morris LLP. All Rights Reserved. Duane Morris is a registered service mark of Duane Morris LLP.
![Page 23: Industry(leading(Education( …...– $27.3B market by 2016 (BCC Research) – Growth rate at 22% through 2014 (RNCOS) • Simultaneous contraction in hospital-based and other traditional](https://reader033.vdocument.in/reader033/viewer/2022042417/5f33017d2c76cd73a65875ec/html5/thumbnails/23.jpg)
www.duanemorris.com
Privacy and Security, HIPAA • HIPAA protects the privacy and security of protected
health information (PHI); fines up to $1.5m per year for violations.
• HIPAA applies to – Covered Entities – 1) health care providers that engage
in certain electronic transactions, 2) health plans, and 3) health clearinghouses (billing companies)
– Business Associates – agents and subcontractors of Covered Entities that handle PHI, and their agents and subcontractors
23 ©2011 Duane Morris LLP. All Rights Reserved. Duane Morris is a registered service mark of Duane Morris LLP.
![Page 24: Industry(leading(Education( …...– $27.3B market by 2016 (BCC Research) – Growth rate at 22% through 2014 (RNCOS) • Simultaneous contraction in hospital-based and other traditional](https://reader033.vdocument.in/reader033/viewer/2022042417/5f33017d2c76cd73a65875ec/html5/thumbnails/24.jpg)
www.duanemorris.com
Privacy and Security, HIPAA cont. • A wireless heart rate monitor service provider that permits a
patient to collect heart rate data at home and send it to his/her physician • is NOT a Covered Entity if it does not bill a payor (instead bills the
customer or the provider) • BUT the physician (who is a Covered Entity) must protect the PHI
• Software that supports the distribution of specialized drugs to a hospital and includes a patient portal provides billing services • IS a Covered Entity if it bills a payor for the hospital or
individual • IS also a Business Associate because if it is billing for the
hospital or performing data analysis
24 ©2011 Duane Morris LLP. All Rights Reserved. Duane Morris is a registered service mark of Duane Morris LLP.
![Page 25: Industry(leading(Education( …...– $27.3B market by 2016 (BCC Research) – Growth rate at 22% through 2014 (RNCOS) • Simultaneous contraction in hospital-based and other traditional](https://reader033.vdocument.in/reader033/viewer/2022042417/5f33017d2c76cd73a65875ec/html5/thumbnails/25.jpg)
www.duanemorris.com
Privacy and Security, Sensitive Data and Consent, HIPAA and State Law
• When is consent to collect/use/disclose ‘sensitive data’ required? – ‘Sensitive data’ includes: mental health, substance
abuse, reproductive health, genetic, infectious disease and other data.
– Different laws apply. – Consent may be obtained in writing, through opt-in/opt-
out, etc. – verbal not advised. – Consent must be clear and honored.
25 ©2011 Duane Morris LLP. All Rights Reserved. Duane Morris is a registered service mark of Duane Morris LLP.
![Page 26: Industry(leading(Education( …...– $27.3B market by 2016 (BCC Research) – Growth rate at 22% through 2014 (RNCOS) • Simultaneous contraction in hospital-based and other traditional](https://reader033.vdocument.in/reader033/viewer/2022042417/5f33017d2c76cd73a65875ec/html5/thumbnails/26.jpg)
www.duanemorris.com
Privacy and Security, HIPAA cont. • If HIPAA applies, then must implement a
Compliance Program that includes: 1. Privacy requirements – Notices, P&Ps, Training, Rights for
Individuals, etc. 2. Security ‘standards’ – Access Restrictions, Audit Requirements,
Disaster Recovery, etc. Standards are sized to organization
3. Breach Notification – Breach Reporting Policy For “Unsecured PHI”, defined to meet certain criteria identified by
HHS for data in motion and data at rest http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/brguidance.html
26 ©2011 Duane Morris LLP. All Rights Reserved. Duane Morris is a registered service mark of Duane Morris LLP.
![Page 27: Industry(leading(Education( …...– $27.3B market by 2016 (BCC Research) – Growth rate at 22% through 2014 (RNCOS) • Simultaneous contraction in hospital-based and other traditional](https://reader033.vdocument.in/reader033/viewer/2022042417/5f33017d2c76cd73a65875ec/html5/thumbnails/27.jpg)
www.duanemorris.com
Privacy and Security, FTC • FTC is authorized to protect the consumer
against – 1) Deception (material misrepresentation, omission); – 2) Unfairness (harm or the potential for harm)
• Actions: – PATH social networking app: settled with FTC for $800k against
charges that it deceived users by collecting personal information from their mobile device address books without their knowledge and consent.
– AcneApp: agreed to stop advertising baseless claims that app could cure acne with lights emitted from smartphones.
27 ©2011 Duane Morris LLP. All Rights Reserved. Duane Morris is a registered service mark of Duane Morris LLP.
![Page 28: Industry(leading(Education( …...– $27.3B market by 2016 (BCC Research) – Growth rate at 22% through 2014 (RNCOS) • Simultaneous contraction in hospital-based and other traditional](https://reader033.vdocument.in/reader033/viewer/2022042417/5f33017d2c76cd73a65875ec/html5/thumbnails/28.jpg)
www.duanemorris.com
Privacy and Security, FTC • FTC expectations for software and apps:
– Privacy by Design - build privacy considerations in from the start. – Transparency. – Collect sensitive data with consent. – Keep data secure. – Truthful advertising, etc.
• Industry Practice: “Terms and Conditions” and “Privacy Policies” on websites, apps. They address: – How product/service uses data. – How user may use data. – Laws (Children’s Online Privacy, etc.)
28 ©2011 Duane Morris LLP. All Rights Reserved. Duane Morris is a registered service mark of Duane Morris LLP.
![Page 29: Industry(leading(Education( …...– $27.3B market by 2016 (BCC Research) – Growth rate at 22% through 2014 (RNCOS) • Simultaneous contraction in hospital-based and other traditional](https://reader033.vdocument.in/reader033/viewer/2022042417/5f33017d2c76cd73a65875ec/html5/thumbnails/29.jpg)
www.duanemorris.com
Privacy and Security - Social Media
• What is ‘social media’? – Forms of exchange of user-generated content,
including blogging, chat rooms, internet forums, podcasts, instant messaging, etc.
• Principle is free-flow of information (and thus difficult to control privacy and security).
• No separate laws (yet). FTC and some states (California) have taken the lead of developing standards
• Consider transparency of how data used, obtain consents as necessary, etc.
29 ©2011 Duane Morris LLP. All Rights Reserved. Duane Morris is a registered service mark of Duane Morris LLP.
![Page 30: Industry(leading(Education( …...– $27.3B market by 2016 (BCC Research) – Growth rate at 22% through 2014 (RNCOS) • Simultaneous contraction in hospital-based and other traditional](https://reader033.vdocument.in/reader033/viewer/2022042417/5f33017d2c76cd73a65875ec/html5/thumbnails/30.jpg)
www.duanemorris.com
FTC Guidance - Privacy
• “Mobile Privacy Disclosures: Building Trust Through Transparency” www.ftc.gov/os/2013/02/130201mobileprivacyreport.pdf
• “Marketing Your Mobile App: Get It Right from the Start” business.ftc.gov/documents/bus81-marketing-your-mobile-app
30 ©2011 Duane Morris LLP. All Rights Reserved. Duane Morris is a registered service mark of Duane Morris LLP.
![Page 31: Industry(leading(Education( …...– $27.3B market by 2016 (BCC Research) – Growth rate at 22% through 2014 (RNCOS) • Simultaneous contraction in hospital-based and other traditional](https://reader033.vdocument.in/reader033/viewer/2022042417/5f33017d2c76cd73a65875ec/html5/thumbnails/31.jpg)
www.duanemorris.com
FTC Guidance - Security • “Mobile App Developers: Start with
Security” business.ftc.gov/documents/bus83-mobile-app-developers-start-security – Make someone responsible. – Take stock of the data. – Understand differences between mobile platforms. – Use due diligence on third party code. – Use transit encryption for usernames, passwords, and other
important data. – Protect your services, etc.
31 ©2011 Duane Morris LLP. All Rights Reserved. Duane Morris is a registered service mark of Duane Morris LLP.
![Page 32: Industry(leading(Education( …...– $27.3B market by 2016 (BCC Research) – Growth rate at 22% through 2014 (RNCOS) • Simultaneous contraction in hospital-based and other traditional](https://reader033.vdocument.in/reader033/viewer/2022042417/5f33017d2c76cd73a65875ec/html5/thumbnails/32.jpg)
www.duanemorris.com
Department of Homeland Security • May 4, 2013 issued a Bulletin, “Attack Surface: Healthcare and
Public Health Sector” – Recognizes security risks in wireless technologies on enterprise networks
and wireless utilization of mobile devices. Concerns: – Areas of concern: Identity theft, malicious intrusions, mistakes
• Recommendations include: – Purchase networked medical devices with “well documented and fine-
grained security features” that permit safe deployment on networks – Purchasing agreements should include vendor support, patch, and
antivirus updates, standard security blocking and tackling, firewalls and endpoint security software, encryption of data at rest and during transmission, and rigorous access controls to healthcare networks.
32 ©2011 Duane Morris LLP. All Rights Reserved. Duane Morris is a registered service mark of Duane Morris LLP.
![Page 33: Industry(leading(Education( …...– $27.3B market by 2016 (BCC Research) – Growth rate at 22% through 2014 (RNCOS) • Simultaneous contraction in hospital-based and other traditional](https://reader033.vdocument.in/reader033/viewer/2022042417/5f33017d2c76cd73a65875ec/html5/thumbnails/33.jpg)
www.duanemorris.com
Concluding Comments • Is your head spinning? • For an mHealth product/service:
– Determine legal and appropriate Security Framework (FDA, HIPAA, Homeland Security etc.) No one-size-fits-all Determine industry best-practices
– Determine Privacy Requirements HIPAA Compliance FTC concerns – develop Terms and Conditions, Privacy Policy AND
FOLLOW THEM – Determine and comply with all other regulatory requirements, e.g., FDA
registration, etc.
33 ©2011 Duane Morris LLP. All Rights Reserved. Duane Morris is a registered service mark of Duane Morris LLP.
![Page 34: Industry(leading(Education( …...– $27.3B market by 2016 (BCC Research) – Growth rate at 22% through 2014 (RNCOS) • Simultaneous contraction in hospital-based and other traditional](https://reader033.vdocument.in/reader033/viewer/2022042417/5f33017d2c76cd73a65875ec/html5/thumbnails/34.jpg)
www.duanemorris.com
Concluding comments, cont. • For an mHealth purchaser/healthcare entity:
– Carefully assess security, privacy and data protections and quality of product Consider legacy issues, interface with enterprise
system, future projects and plans Research best practices; review with IT specialist
– Consider cost, including implementation and oversight issues
– How to integrate product/service into organization – training, audits, sanctions, etc.
– Make sure you have insurance coverage 34 ©2011 Duane Morris LLP. All Rights Reserved. Duane Morris is a registered service mark of Duane Morris LLP.
![Page 35: Industry(leading(Education( …...– $27.3B market by 2016 (BCC Research) – Growth rate at 22% through 2014 (RNCOS) • Simultaneous contraction in hospital-based and other traditional](https://reader033.vdocument.in/reader033/viewer/2022042417/5f33017d2c76cd73a65875ec/html5/thumbnails/35.jpg)
www.duanemorris.com
Other Resources • To best follow national developments:
– HHS’s Office of National Coordinator www.healthit.gov (authorized by ARRA to oversee development of HIT)
• To determine best industry practices, work with industry groups, consultants. – mHIMSS, www.mhimss.org – AHIMA, www.ahima.org
• Consult with counsel/consultants on application of laws, e.g., HIPAA, Terms of Use, policies, etc.
35 ©2011 Duane Morris LLP. All Rights Reserved. Duane Morris is a registered service mark of Duane Morris LLP.
![Page 36: Industry(leading(Education( …...– $27.3B market by 2016 (BCC Research) – Growth rate at 22% through 2014 (RNCOS) • Simultaneous contraction in hospital-based and other traditional](https://reader033.vdocument.in/reader033/viewer/2022042417/5f33017d2c76cd73a65875ec/html5/thumbnails/36.jpg)
www.duanemorris.com
Questions?
• Lisa Clark, Partner, Duane Morris – Phone: +1 215 979 1833
Email: [email protected]
• C. Mitchell Goldman, Partner, Duane Morris – Phone: +1 215 979 1862 – Email: [email protected]
36 ©2011 Duane Morris LLP. All Rights Reserved. Duane Morris is a registered service mark of Duane Morris LLP.
![Page 37: Industry(leading(Education( …...– $27.3B market by 2016 (BCC Research) – Growth rate at 22% through 2014 (RNCOS) • Simultaneous contraction in hospital-based and other traditional](https://reader033.vdocument.in/reader033/viewer/2022042417/5f33017d2c76cd73a65875ec/html5/thumbnails/37.jpg)
Free Demo and 60 Day Evaluation www.compliancy-‐group.com
HIPAA Hotline 855.85HIPAA
855.854.4722
HIPAA Compliance HITECH Attestation Risk Assessment
Omnibus Rule Ready Meaningful Use core measure 15