Abstract
The pervasiveness of regulation in the health-care industry generally presumes an inevitability of extension into the mHealth sector. Although following the money cannot be discounted, the key drivers for mHealth regulation are protecting the privacy and security of personal health information and protecting consumers from mHealth applications that do not perform as marketed or, worse, cause harm as a result of use. The two dominant pieces of legislation that will affect the security parameters of mHealth apps are the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act, commonly referred to as the HITECH Act. Both laws have far-reaching requirements that must be considered by organizations that include mHealth products and services in their business portfolio. In particular, the HIPAA Privacy and Security Rules and the Centers for Medicare and Medicaid Services standards for meaningful use deserve close attention. Cybersecurity, protection of electronic information transmitted across wireless networks, is an increasingly important component of an organization’s information resource management program. The security challenges inherent in mobile computing may be intensified for organizations that choose a cloud strategy, a maximal version of distributed network architecture. With an increasing volume of security breaches and financial losses averaging more than US$ 2 million per incident, many organizations are investing in cybersecurity insurance. In the final assessment, regulation of mHealth may provide more benefits than restrictions.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Ashton, K. (2009, June 22). That ‘Internet of things’ thing. RFID Journal. http://www.rfidjournal.com/articles/view?4986. Accessed 26 Nov 2013.
Barton, A. J. (2012). The regulation of mobile health applications. BMC Medicine (Open Access). http://www.biomedcentral.com/1741-7015/10/46. Accessed 12 Nov 2013.
BEI Healthcare, I. T. (2011, October). Meaningful use—core measure 15 explained. http://www.beinetworks.com/Whitepaper_Core_Measure_15.php. Accessed 18 Nov 2013.
Burgess, S. (2012). Efficiency and freedom through mobile devices. Tennessee Medicine, 105(5), 35. . Accessed 12 Nov 2013.
CMS. (2013, February). EHR incentive programs supporting documentation for audits. http://www.cms.gov/Regulations-and-Guidance/Legislation/EHRIncentivePrograms/Downloads/EHR_SupportingDocumentation_Audits.pdf. Accessed 2 Dec 2013.
Covisint Corporation. (2013, August). Industry brief: Healthcare industry reaches tipping point: Cloud now trusted by CIOs for accountable care and interoperability. http://offers.covisint.com/rs/covisint/images/HCL_0015_02FS_PorterIntel_V3.pdfAccessed 17 Nov 2013.
Darrow, B. (2013, May 29). Killer cloud: Report says Amazon web services threatens all IT incumbents. http://gigaom.com/2013/05/29/killer-cloud-report-says-amazon-web-services-threatens-all-it-incumbents/. Accessed 2 Dec 2013.
Deloitte Center for Health Solutions. (2013). Issue brief: Networked medical device cybersecurity and patient safety: Perspectives of health care information cybersecurity executives. http://www.deloitte.com/us/securemeddevice. Accessed 17 Nov 2013.
Dinh, A. K. (2011 April). Cloud computing 101. Journal of AHIMA, 82(4), 36–37.
Food and Drug Administration (FDA). (2012). What is a medical device?. http://www.fda.gov/AboutFDA/Transparency/Basics/ucm211822.htm. Accessed 20 Oct 2013.
Federal Communications Commission (FCC). (n.d.) Federal communications commission: What we do. http://www.fcc.gov/what-we-do. Accessed 02 Nov 2013.
Federal Communication Commission (FCC). (2012). FCC Chairman Genachowski hosts mHealth summit, unveils new plan to help speed mHealth technologies to market. http://hraunfoss.fcc.gov/edocs_public/attachmatch/DOC-314487A1.pdf. Accessed 26 Nov 2013.
Federal Trade Commission. (n.d.). Federal Trade Commission (FTC): What we do. http://www.ftc.gov/about-ftc/what-we-do. Accessed 02 Nov 2013.
Glandon, G. L., Smalth, D. H., & Slovensky, D. J. (2013). Information systems for healthcare management (7th ed). Chicago: Health Administration Press.
HealthIt.gov. (n.d.). Meaningful use. http://www.healthit.gov/policy-researchers-implementers/meaningful-use. Accessed 18 Nov 2013.
Herrin, B. S., & Jones, F. T. (2011). Cybersecurity insurance: Considering coverage for data breaches. Journal of AHIMA, 82(1), 36–37.
Holmquist, E. (2013, February). Risk management frameworks for cloud security. TechTarget, Inc. http://searchcompliance.techtarget.com/ehandbook/Risk-management-for-cloud-computing. Accessed 17 Nov 2013.
Horowitz, B. T. (2012, November 29). Cyber-security in health care; 10 ways to fight the threats. http://www.eweek.com/enterprise-apps/slideshows/cyber-security-in-health-care-10-ways-to-fight-the-threats/. Accessed 11 Oct 2013.
IMS Institute for Healthcare Informatics. (2013, October). Patient apps for improved healthcare. From novelty to mainstream. Parsippany, NJ: IMS Institute.
Kaspersky Lab. (n.d.). Security technologies for mobile and BYOD.
Luxton, D. D., Kayl, R. A., & Mishkind, M. C. (2012). mHealth data security: The need for HIPAA-compliant standardization. Telemedicine and Health, 18(4), 284–288. doi:10.1089/tmj.2011.0180.
Melnik, T. (2011). There’s an app for that! The FDA offers a framework for regulating mobile health. Journal of Health Care Compliance, 45–46, 65–66.
mHealth News. (2013, November 26). The impact of regulations on mHealth startups. http://www.mhealthnews.com/news/impact-regulations-mhealth-startups. Accessed 2 Dec 2013.
National Institute for Standards and Technology. (2009, October). The NIST definition of cloud computing. http://csrc.nist.gov/groups/SNS/cloud-computing/cloud-def-v15.doc. Accessed 17 Nov 2013.
Office of the National Coordinator for Health Information Technology. (n.d.). Guide to privacy and security of health information. http://www.healthit.gov/sites/default/files/pdf/privacy/privacy-and-security-guide.pdf. Accessed 02 Dec 2013.
Ponemon Institute. (2010, January). 2009 Annual study: Cost of a data breach. http://www.encryptionreports.com/download/Ponemon_COB_2009_US.pdf. Accessed 15 Oct 2013.
Ponemon Institute. (2013, December). Third annual benchmark study on patient privacy and data security. http://www2.idespertscorp.com/assets/uploads/ponemon2012/Third_Annual_Study_on_Patient_Privacy_FINAL.pdf. Accessed 15 Oct 2013.
Privacy Rights Clearinghouse. (2013, July). Mobile health and fitness apps: What are the privacy risks? https://privacyrights.org/mobile-medical-apps-privacy-alert. Accessed 02 Dec 2013.
QuinStreet, E. B. (2013). 5 Things to look for in a cloud provider when it comes to security. Oracle. http://www.oracle.com/us/solutions/cloud/oracle-cloud-security-final-1964475.pdf. Accessed 17 Nov 2013.
Redspin, Inc. (2013, February). Breach report 2012 protected health information breach analysis. http://www.redspin.com/docs/Redspin_Breach_Report_2012.pdf. Accessed 18 Sept 2013.
Research & Markets. (2013, March). Mobile health app market report 2013–2017: The commercialization of mHealth. http://www.researchandmarkets.com/reports/2497392/mobile_health_app_market_report_20132017. Accessed 12 Nov 2013.
Richards, K. (2013, July/August). Mobile security by the numbers: Enterprise mobility survey. Information Security, 15(6), 25–33.
Shapiro, G., & Chadwick, L. K. (2013, June 10). Privacy and security implications of the internet of things: Comments of the Consumer Electronics Association. Arlington, VA: Consumer Electronics Association. http://www.ftc.gov/os/comments/internetthingscomments/00027-86193.pdf. Accessed 26 Nov 2013.
TechTarget.com. (2013, July). Mobile health trends: BYOD here to stay. http://cdn.ttgtmedia.com/rms/editorial/Mobile%20Health%20Trends%202013_final.pdf. Accessed 17 Nov 2013.
Terry, K. (2011, November 9). IOM proposes new agency to oversee health IT safety. FierceHealthIT.com. http://www.fiercehealthit.com/node/14286/print. Accessed 12 Dec 2012.
Thompson, B. M. (2013). FDA regulation of mobile health (2nd ed). Cambridge: Chester Street Publishing, Inc.
U.S. Department of Health & Human Services, Office of Civil Rights. (2013a, October 15). Health information privacy, HIPAA administrative simplification statue and rules, privacy rule. http://www.hhs.gov/ocr/privacy/hipaa/administrative/privacyrule/index.html. Accessed 18 Oct 2013.
U.S. Department of Health & Human Services, Office of Civil Rights. (2013b, October 15). Health information privacy, HIPAA administrative simplification statue and rules, security rule. http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/index.html. Accessed 18 Oct 2013.
Wicklund, E. (2013 July 15) Who should oversee mHealth regs? www.healthcareitnews.com/news/mhealth-who-regulates. Accessed 16 Aug 2013.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
Copyright information
© 2014 Springer Science+Business Media New York
About this chapter
Cite this chapter
Garrie, R., Paustian, P. (2014). mHealth Regulation, Legislation, and Cybersecurity. In: mHealth. Springer, Boston, MA. https://doi.org/10.1007/978-1-4899-7457-0_3
Download citation
DOI: https://doi.org/10.1007/978-1-4899-7457-0_3
Published:
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4899-7456-3
Online ISBN: 978-1-4899-7457-0
eBook Packages: Business and EconomicsBusiness and Management (R0)