April 19, 2015

When Doctors BYOD a Regulatory Thicket Emerges

By: On July 26, 2012

healthcare complianceDoctors are increasingly using their tablet devices during rounds. The regulatory overlap can be complicated: HIPAA, FDA, FCC, and a plethora of other potential regulations and regulatory bodies. All the regulations and regulatory bodies approach their mandates from different perspectives.

The key to HIPAA compliance, for example, is user access control and authentication, which can be addressed at the device or server level. Interestingly, a deployed software system or app could, in theory, be FDA-compliant as a medical imaging device for example but not necessarily HIPAA compliant. On the other hand, a secure communications system could be deployed that is HIPAA-compliant but not necessarily FDA-approved (nor necessarily requiring FDA approval if it is not a “medical device”). This article suggests that when doctors bring their own devices, such as tablets, into the hospital, institutional controls will be required. We think it is still far too early to predict where and how control will be exerted.

The only thing we can say for sure at this point is that the regulated mobile health market continues to grow and change at a rapid clip.


Leave a comment