Skip to content Skip to navigation

FTC Launches New Web-Based Tool for mHealth App Developers

April 11, 2016
by Heather Landi
| Reprints

The Federal Trade Commission (FTC) released a new web-based, multi-agency interactive tool for developers of health-related mobile apps to serve as guidance about applicable federal laws and regulations.

The FTC developed the Mobile Health Apps Interactive Tool in conjunction with the Department of Health and Human Services’ (HHS) Office of National Coordinator for Health Information Technology (ONC), Office for Civil Rights (OCR) and the Food and Drug Administration (FDA).

According to a FTC press release, the guidance tool asks developers a series of high-level questions about the nature of their app, including about its function, the data it collects, and the services it provides to users. Based on the developer’s answers to those questions, the guidance will point the app developer toward detailed information about certain federal laws that might apply to the app. These include the FTC Act, the FTC’s Health Breach Notification Rule, the Health Insurance Portability and Accountability Act (HIPAA) and the Federal Food, Drug and Cosmetics Act (FD&C Act).

The agencies want to help app developers understand consumer privacy and safety protections, while encouraging innovation in digital health.

“Mobile app developers need clear information about the laws that apply to their health-related products,” Jessica Rich, director of the FTC’s Bureau of Consumer Protection said in a statement. “By working with our partner agencies, we’re helping these businesses build apps that comply with the law and provide more protection for consumers.”

 “As Americans become increasingly engaged in managing their health through diverse health IT products, this tool will provide product developers with access to the critical information and consistent guidance they need in order to innovate. ONC is proud to have collaborated with FTC over the past year on this effort and we hope that as a result, consumers are presented with effective, private, and secure products to support better health, smarter spending and a healthier population,” Lucia Savage, chief privacy officer, ONC, said in a statement.

Jocelyn Samuels, OCR director, said the new online tool will help technology developers understand when and how they must comply with HIPAA, and to that end, OCR recently issued guidance illustrating scenarios that trigger HIPAA coverage.

The guidance, which is maintained on the FTC’s website, links directly to each agency’s information about applicable laws. In addition, the FTC simultaneously released its own business guidance aimed at helping health app developers comply with the FTC Act, by building privacy and security into their apps.




CMS Hospital Compare Website Updated with VA Data

The Centers for Medicare & Medicaid Services (CMS) has announced the inclusion of Veterans Administration (VA) hospital performance data as part of the federal agency’s Hospital Compare website.

CMS Awards Funding to Special Innovation Projects

The Centers for Medicare & Medicaid Services (CMS) has awarded 20, two-year Special Innovation Projects (SIPs) aimed at local efforts to deliver better care at lower cost.

Center of Excellence in Genomic Science to be Established in Chicago

The National Human Genome Research Institute has awarded $10.6 million over five years for the establishment of a new research center in Chicago to advance genomic science.

EHNAC and HITRUST Combine HIPAA Security Criteria, CSF Framework

The Electronic Healthcare Network Accreditation Commission (EHNAC) and the Health Information Trust Alliance (HITRUST) announced plans to streamline their accreditation and certification programs.

Halamka on MACRA Final Rule: “CMS is Listening and I Thank Them”

Health IT notable expert John Halamka, M.D., CIO of Beth Israel Deaconess Medical Center in Boston, recently weighed in on the Medicare Access and CHIP Reauthorization Act (MACRA) final rule.

Texas Patient Care Clinic Hit with Ransomware Attack

Grand Prairie, Texas-based Rainbow Children's Clinic was the victim of a ransomware attack on its IT systems in August, affecting more than 33,000 patients, according to multiple news media reports this week.