Emerging Challenges in mhealth: Keeping Information Safe & Secure HCCA CI 2016 Web Hull Privacy, Data Protection, & Compliance Advisor Web.Hull@icloud.com 1 Topics 1. mhealth Challenges & Landscape 2. Who owns this problem 3. Action Steps 4. How do I keep up to date Web.Hull@icloud.com 2 1
There are more than 165,000 health / wellness apps on the Apple store today Is Apple going to stop innovating? No? o Next generation watches, iphones, o Apple health o Research pack o Care pack Are there other innovators / entrepreneurs out there who think that they can make money like Apple does? Of course! Web.Hull@icloud.com 3 There are lots of innovators and early adopters in your organization, and they Will make apps / wearables / devices Will propose apps / wearables / devices Or just start using them Web.Hull@icloud.com 4 2
The regulatory frame work is playing catch up to innovation As it always does Regulation is fragmented HHS OCR, FTC, ONC, FDA, States, The new Mobile Health Apps Interactive Tool on the FTC website cites three other federal agencies Expect more Guidance, Regulation, & Enforcement Web.Hull@icloud.com 5 There s a good chance any apps / wearables /devices you are using as a Covered Entity make the provider your Business Associate Have you performed a Risk Assessment? Do you have a Business Associate Agreement with them? Are you ready to respond to the HIPAA Audit Questionnaire? Web.Hull@icloud.com 6 3
There is a great pressure to control / reduce costs and someone might think that these are one way to do it Patient scheduling Data monitoring Telemedicine Web.Hull@icloud.com 7 Who Owns The Problem? As a Healthcare Compliance and Privacy Professional, who would you say owns this problem / opportunity in your organization? Web.Hull@icloud.com 8 4
Who Owns The Problem? There is no such thing as an Army of one, so you might have to round up a posse. InfoSec Procurement IT HR Legal Medical Records Compliance Privacy Medical Staff Nursing Others? Web.Hull@icloud.com 9 Action Steps 1. Determine if there is an Apps / Wearables / Device Policy If yes, review and, if appropriate, revise If no, draft one, have it approved, and distribute it. Web.Hull@icloud.com 10 5
Action Steps 2. Determine if there is a process for bringing vendors on board? If yes, then You have a good opportunity to properly vet and remediate any app / wearable / device You might have already done the work for all your existing apps / wearables / devices If no, then start one now! Web.Hull@icloud.com 11 Action Steps 3. As David said get an inventory of all your apps / wearables / devices. 4. Determine the owner of each app / wearable / device on the inventory 5. Determine which ones are covered by HIPAA. You are going to need this list for your HIPAA Audit request for information See Business Associate Listing Sample Template http://www.hhs.gov/hipaa/forprofessionals/complianceenforcement/audit/batemplate/index.html Web.Hull@icloud.com 12 6
Action Steps 6. Sort from highest to lowest risk 7. Starting with the highest risk Review each app / wearable / device for HIPAA compliance Remediate gaps Document work Web.Hull@icloud.com 13 Action Step 8. Develop and implement a process for capturing each and every proposed / new app / wearable / device for proper review prior to contracting. Document review of each and every new app / wearable / device It is important to not let a rogue employee bring on an unreviewed App / Wearable / Device Web.Hull@icloud.com 14 7
How To Keep Up To Date Read, Read, Read Go to conferences mobihealthnews http://mobihealthnews.com/ Web.Hull@icloud.com 15 Thank You & Questions? Web.Hull@icloud.com 16 8
Web Hull Privacy, Data Protection, & Compliance Advisor 17 Burr Ave. Barrington, RI 02806 Telephone & Text: 401.316.3021 email: Web.Hull@icloud.com Linkedin: https://www.linkedin.com/in/webhull Twitter: @WebHull Web.Hull@icloud.com 17 9