Fenwick privacy and information security practice co-chair Tyler Newby was quoted by the Daily Journal on legal issues raised by new mobile health and digital health applications, such as the potential need to comply with the data security requirements of the Health Insurance Portability and Accountability Act.
Newby told the newspaper most of the mobile medical applications he had seen would not trigger the obligations imposed by HIPAA.
"HIPAA comes into play only in very specific circumstances, like if that information is being collected for purposes of being provided to a medical provider or doctor," he said.
However, that could change if cloud-based services or other applications store or process mobile technology information for a doctor or hospital, Newby said. "The medical provider ultimately becomes responsible for ensuring their business associates are also complying with HIPAA. It becomes a pretty tangled web."
Another issue Newby addressed was whether mobile health companies could sell the personal data they collect for commercial purposes, like advertising particular sports equipment or diet programs to users of activity monitors.
"As long as companies are following what I think is the hallmark of privacy best practices, which is transparency, there shouldn't be an issue,” said Newby.