Government Issues New Tool to Help Mobile App Developers Identify Applicable Federal Laws

This week, the Federal Trade Commission (FTC or Commission) released an interactive tool (entitled the “Mobile Health Apps Interactive Tool”) that is intended to help developers identify the federal law(s) that apply to apps that collect, create and share consumer information, including health information. The interactive series of questions and answers augments and cross-references existing guidance from the US Department of Health and Human Service (HHS) that helps individuals and entities—including app developers—understand when the Health Insurance Portability and Accountability Act (HIPAA) and its rules may apply.  The tool is also intended to help developers determine whether their app is subject to regulation as a medical device by the FDA, or subject to certain requirements under the Federal Trade Commission Act (FTC Act) or the FTC’s Health Breach Notification Rule. The Commission developed the tool in conjunction with HHS, FDA and the Office of the National Coordinator for Health Information Technology (ONC).

Based on the user’s response to ten questions, the tool helps developers determine if HIPAA, the Federal Food, Drug, and Cosmetic Act (FDCA), FTC Act and/or the FTC’s Health Breach Notification Rule apply to their app(s). Where appropriate based on the developer’s response to a particular question, the tool provides a short synopsis of the potentially applicable law and links to additional information from the appropriate federal government regulator.

The first four questions cover a developer’s potential obligations under HIPAA. The first question explores whether an app creates, receives, maintains or transmits individually identifiable health information, such as an IP address. Developers may use the tool’s second, third and fourth questions to assess whether they are a covered entity or a business associate under HIPAA. The tool’s fifth, sixth and seventh questions help developers establish whether their app may be a medical device that the FDA has chosen to regulate.  The final three questions are intended to help users assess the extent to which the developer is subject to regulation by the FTC.

Although the tool provides helpful, straightforward guidance, users will likely need a working knowledge of relevant regulatory principles to successfully use the tool.  For example, the tool asks the user to identify whether the app is “intended for use” for diagnosis, cure, mitigation, treatment or disease prevention, but does not provide any information regarding the types of evidence that the FDA would consider to identify a product’s intended use or the intended use of a mobile app (e.g., statements made by the developer in advertising or oral or written statements). In addition, how specifically an app will be offered to individuals to be used in coordination with their physicians can be dispositive of the HIPAA analysis in ways that are not necessarily intuitive.

The tool provides a starting point for developers to raise their awareness of potential compliance obligations. It also highlights the need to further explore the three federal laws, implementing rules and their exceptions. Developers must be aware of the tool’s limitations—it does not address state laws and is not intended to provide legal advice. In fact, the tool does not provide links to the actual text of the laws or regulations and is clearly aimed at non-lawyers.  Nor does the tool highlight all applicable guidance documents provided on the websites for each federal regulator, which shed additional light on what that regulator has determined is within or outside of its oversight.

Jennifer S. Geetter
  Jennifer S. Geetter advises global life sciences, health care and informatics clients on legal issues attendant to biomedical innovation, research compliance, financial relationship management, digital health practices, and global privacy and data security laws. Jennifer represents a broad range of clients. Read Jennifer Geetter's full bio.


Michael W. Ryan
Michael W. Ryan advises manufacturers, health care providers, developers, and investors on the legal, regulatory, and reimbursement issues that arise during the development and commercialization of medical devices, drugs, biological products, and clinical laboratory testing services. Read Michael Ryan's full bio.


Vanessa K. Burrows
Vanessa K. Burrows counsels clients on health care law and regulatory issues, with an emphasis on drug, medical device, food, beverage, and pharmacy law. Her broad-based experience also includes the Health Insurance Portability and Accountability Act (HIPAA) compliance, health privacy and security, alcohol beverages and public health. She advises health care entities and their contractors on compliance, regulatory, data sharing, licensing, and enforcement matters. She also counsels clients on compliance with Food and Drug Administration (FDA) regulations and guidance. Read Vanessa Burrows' full bio.


Vernessa T. Pollard
Vernessa T. Pollard advises companies on regulatory, compliance, enforcement and policy matters involving pharmaceuticals, medical devices, health information technology (HIT) and digital health solutions, services and software. She advises companies and investors on regulatory and compliance issues arising from mergers, acquisitions and other transactions involving Food and Drug Administration (FDA)-regulated products. She also counsels manufacturers, distributors and retailers on regulatory and compliance issues related to food and cosmetic marketing and safety. Read Vernessa Pollard's full bio.

STAY CONNECTED

TOPICS

ARCHIVES

2021 Chambers USA top ranked firm
U.S. News Law Firm of the Year 2022 Health Care Law
U.S. News Law Firm of the Year 2022 Health Care Law