The Federal Trade Commission (FTC) has released a new interactive tool and best practice guide to help developers of health apps navigate a complex and confusing regulatory maze.
While most clinicians would probably expect the FDA to be the most active player when it comes to oversight of medical and health apps, the FDA medical app guidance released a few years ago made it clear that the agency intended to focus on a very narrow sliver of commercially available medical apps. The FTC has increasingly flexed its regulatory muscles when it comes to health apps, particularly those that make specific health claims.
And while they've come down on some clearly unscrupulous actors, like makers of health apps claiming to treat specific diseases, many regulators have acknowledged that the regulatory scheme can be incredibly confusing for well-intentioned developers. And to their credit, we've often seen regulators from the FDA on the road meeting with numerous stakeholders to provide guidance and solicit feedback. Recently, the Department of Health and Human Services Office of Civil Rights (OCR) published some practical guidance on when the Health Insurance Portability and Accountability Act (HIPAA) applies to health apps.
The latest resources from the FTC were developed in collaboration with the FDA, OCR, and others, and are intended to provide some clarity for developers trying to figure out what regulations may apply to their app. The first is an interactive tool that asks a series of basic questions about things such as the health app's functionality, its developer's association with a provider or insurer, and the app's collection of protected health information. Based on the answers, it tells you which regulations may apply and provides links for more information.
The second resource is a health app "best practices" guidance from the FTC that provides some great tips as well as useful resources for development of a health app. Most of these best practices focus on data security and privacy, imploring developers to minimize the user data they collect, implement authentication steps, limit third party data access, and so on. Some of it is (hopefully) common sense, like only storing data you actually need or not transmitting passwords in plain text. However, given recent studies highlighting some startling deficiencies in health apps approach to privacy, it's clearly worth a read for most health app developers.
Resources: FTC Interactive Health App Tool and FTC Health App Best Practices
FTC Releases Tools to Help Health App Developers Navigate Regulations
Aucun commentaire:
Enregistrer un commentaire