OCR’s new HIPAA portal raising more questions than answers

Earlier this month HHS’ Office for Civil Rights (OCR) launched an online portal intended to help mobile health app developers better understand the HIPAA privacy and security rules.

The OCR explains, “many mHealth developers are not familiar with the HIPAA Rules and how the rules would apply to their products. Use this site to help OCR understand what guidance on HIPAA regulations would be helpful to you.”

The portal invites its users to submit questions and present cases around the subject of mobile privacy and security, as well as providing links to useful resources relevant to these subjects, and to whom they apply.

While the site is primarily targeted at mobile health app developers, OCR invites anyone with an interest in the subject to use the site and contribute to community discussions. Crucially, the OCR makes it clear that all submissions are made anonymously, so there is no risk that participation will result in enforcement action.

How is the portal being used?
Approximately two weeks after launch, we took a look at how the portal is being used by its members, and how the OCR is managing its latest venture.

The first thing to note is the general lack of uptake in the service; just 130 registered users at time of writing. Furthermore, only six questions have been posted to date, with the most popular having received just four votes.

Most surprising though is the lack of response to those questions from the community, or the OCR for that matter.

In its introduction to the portal the OCR says, “We will be moderating submissions for appropriateness but we cannot vouch for the accuracy of their representations. We cannot respond individually to questions, although we will try to post links to existing relevant resources when we can.”

While we appreciate the portal is still in its relative infancy, and users may still be finding their feet with the service, it could be argued the OCR could be more proactive in terms of responding to its community – the current lack of response does little to encourage others to post their own questions.

What we’d like to see next
The idea behind the portal can not be criticized; we support anything that aids the education of developers in the healthcare space, and ultimately helps stem the flow of HIPAA breaches. In this sense, there is every chance the portal could prove to be an extremely useful resource moving forward.

However, if these initial weeks are anything to go by then there is much to be done in terms of improving the community aspect of the portal, and encouraging those with uncertainties or concerns to come forward and voice their questions.