January 30, 2015 | By Lawrence J. Tabas

Mobile health apps (also known as mHealth apps) are increasingly popular with consumers. As of 2014, there were more than 100,000 mobile health apps available on iOS and Android platforms, and total revenue from mobile health apps is expected to increase to $26 billion by the end of 2017, according to a research2guidance report. Mobile health apps have the potential to revolutionize the health care industry by engaging patients in their health care and facilitating communications between patients and their physicians. However, there are many privacy and security risks associated with their use.

Mobile health apps contain large amounts of data, the majority of which is personal and sensitive information about the app’s user. When this data crosses into the realm of protected health information, federal and state laws and regulations, come into effect to protect it. Mobile health app developers must be aware of these laws and regulations in order to create successful apps and avoid penalty under the law in the event of a breach of any protected health information contained within the app. But according to some mobile health app developers, there is confusion about the Health Insurance Portability and Accountability Act (“HIPAA”) and its application to the development of mobile health apps.

For mobile health app developers, additional guidance about the applicability of HIPAA is forthcoming from United States Department of Health and Human Services (“HHS”), Office for Civil Rights (“OCR”). In a recently released letter from Sylvia Burwell, Secretary of HHS, OCR has acknowledged that more guidance is necessary, especially for those companies and services that store data in the cloud. Further, Ms. Burwell stated that OCR has already met and discussed with ACT | The App Association the needs of mobile health companies, and promises to keep an open working relationship with them.

Check back with the Health Law Gurus™ for updates. To read a copy of the letter, click here.

Categorized In: HIPAA, Privacy, Technology

About the Authors

Lawrence J. Tabas


Lawrence is the Chair for Obermayer’s Health Care Law Department and Election Law Practice Group. Lawrence’s Health Care Law legal experience includes the representation of Pennsylvania County governments in Behavioral Health Managed...

Read More by Author