Today we’ll be covering Digital Health and HealthTech regulations—because if that’s not fun, I don’t know what is.
Just kidding. While the book of the law isn’t everyone’s cup of tea, it’s one of the essential considerations when you’re building your HealthTech, mHealth, eHealth, Telemedicine, or Digital Health app. Whatever you call it, the law follows.
Also, *quick disclaimer*—we may build beautiful HealthTech digital products, but we are not lawyers. So, this list of HealthTech regulations by no means exhaustive. Before launching your digital health product to market, you should consult with a lawyer.
Alrighty—with that out of the way, let’s get started.
What is a TeleHealth App, HealthTech App,
or Digital Health Product?
Basically, digital health encompasses the combination of high-tech and healthcare. These technologies have been taking off since the evolution of high-tech and its role in society.
But, especially with the pandemic, global HealthTech investments have increased 280% from 2016. Moreover, the US is leading these investments, with $31.9B of venture capital funding going towards HealthTech.
In terms of usage, physician Telehealth usage has increased by 58% just between 2019 and 2020. So if you’re looking for a hot market—this is it.
Digital Health Technology Areas
To understand how the law follows the technology, we should first establish how the technology behind Digital Health and HealthTech is used.
- Personalized and precision medicine: which tailor treatment to the user
- Clinical Decision Support Tools: which help physicians diagnose and make decisions
- Remote Patient Monitoring (RPM) and Delivery of Care: which encompass Telemedicine, Virtual Healthcare, mobile apps, wearables, and Internet of Medical Things (IoMT)
- Big Data Analytics: clinical learnings and studies from large volumes of medical data
- AI/ML-powered Healthcare: which help with diagnostics, digital therapeutics, intelligent drug design, and clinical trials
- Robot-Assisted Surgery: which boost precision and infection management
- Digital Hospital: which are data management tools such as EHRs/EMRs, and tools that streamline hospital operations
Federal Digital Health and HealthTech Regulations
Health Insurance Portability and Accountability Act of 1996 (HIPAA)
The HIPAA (not to be confused with hippo—you’ll just sound funny) is a federal law protecting the privacy and security of patients’ health information. And, it requires that covered entities (CEs) provide notification of health information breaches.
This regulation is enforced by the Office of Civil Rights (OCR), which sits in the US Department of Health and Human Services.
HIPPA is made up of the following rules:
- The Privacy Rule: which sets national standards for the protection of Protected Health Information (PHI—as defined by the Rule.)
- The Security Rule: which sets national standards for protecting the confidentiality, integrity, and availability of PHI that a Covered Entity (as defined by the Privacy Rule) creates, receives, maintains, and communicates electronically (ePHI.)
- The Breach Notification Rule: which establishes the obligations related to an unsecured PHI breach. Additionally, it requires notifications to the affected individuals, government investigators, and media.
- The Enforcement Rule: which defines provisions relating to compliance investigations and civil money penalties (CMPs) for HIPAA violations.
And finally—HIPPA applies to health insurance, healthcare providers, and healthcare clearinghouses that process or facilitate health information processing.
Ego, if your digital medical product is transmitting ePHI to anyone, it could very well be covered by HIPAA. Additionally, this can (but does not necessarily) also cover fitness, mental health, and medication usage tracking, which are all considered Personal Health Records (PHRs.) That lawyer we mentioned earlier? Ask them if this applies to your HealthTech app.
Health Information Technology for Economic and Clinical Health Act (HITECH Act) of 2009
The HITECH Act is another data privacy law that piggybacks off the HIPAA. It was created to encourage the adoption of electronic health records (EHRs) across US hospitals.
And it did—by providing financial incentives for adopting EHRs and heightening security measures for (e)PHI. With it, both covered entities (CEs) and their business associates (BAs) are now liable to comply with the HIPAA.
Moreover, the HITECH act also introduced tougher penalties for breaches. Again, this may apply to you—because even if you just work as a third-party with a HIPAA-compliant covered entity, you may be liable for being HIPAA compliant.
Additionally, the US Food and Drug Administration (FDA) has several regulations to note when it comes to digital health and HealthTech Products.
They include and apply to:
- Federal Food, Drug, and Cosmetic Act (FFDCA): which is the main legislation that covers therapeutic products — including medical devices—regulated by the US.
- Premarket Approval (PMA)
- Software as a Medical Device (SaMD)
- Digital Health Software Pre-certification Program (Pre-cert Program)
- Labratory Developed Test (LDT) under the Clinical Laboratory Improvement
- Amendments (CLIA) program
Stark Law (Ethics in Patient Referrals Act)
and Anti-Kickback Statute
The Stark Law and Anti-Kickback Statues apply to telehealth and virtual health providers who work with third parties that incentivize care coordination and patient engagement.
Basically, with the aim to protect PHI and identifiable information, promote transparency, and prevent fraud, abuse, and waste. So, if your Digital Health or HealthTech app does work with providers and works based on increasing patient engagement—be aware these statutes may apply to you.
Alright. As we said—this list is by no means exhaustive of Digital Health or HealthTech regulations. But they are a start to what we’re sure will be your comprehensive research into the matter.
We know you’re setting out to change the way patient care is accessed and provided—that’s incredible. And we’re here to help.