The health care industry is increasingly adopting mobile apps for a variety of purposes, including tracking patient health conditions and sharing patient data. Privacy and security are important considerations, and it is imperative for health care providers to know the federal laws and regulations that apply to apps.

Harris Beach health care clients should educate themselves before deploying apps that access, collect, share, use or maintain information related to an individual consumer’s health. This includes apps that:

  • track or monitor fitness or activity, diet, mood, sleep, menstruation or fertility, smoking or alcohol consumption, or medications
  • help consumers view, use, or share their medical records or health insurance claims data or otherwise access information from their doctor, health care clinic or health plan
  • sync with health platforms or internet-connected devices, like a fitness tracker, sleep monitor, blood pressure monitor or a watch that records activity or heart rate
  • diagnose or treat a disease or health condition, or record information that might be relevant to diagnosis or treatment

Mobile Health App Interactive Tool

The Federal Trade Commission (FTC), Food and Drug Administration (FDA), the HHS Office for Civil Rights (OCR) and the HHS Office of the National Coordinator for Health Information Technology (ONC) recently updated the Mobile Health App Interactive Tool to help developers of health-related mobile apps understand regulations.

Developers can navigate a series of high-level questions to access detailed information about the federal laws that might apply to the app, including the FTC Act, the FTC’s Health Breach Notification Rule, the Children’s Online Privacy Protection Act (COPPA), the Health Insurance Portability and Accountability Act (HIPAA), the Federal Food, Drug and Cosmetics Act (FD&C Act), and the 21st Century Cures Act and ONC Information Blocking Regulations.

More information about how HIPAA Rules might apply to health apps is available at OCR’s HIPAA and Health Apps page.

If you need help determining your compliance with federal privacy and security laws, or developing apps that comply with federal regulations, please reach out to Harris Beach’s Health Care Industry Team member Heidi Schult Gregory at (585) 419-8720 or

This alert is not a substitute for advice of counsel on specific legal issues.

Harris Beach has offices throughout New York state, including Albany, Buffalo, Ithaca, Long Island, New York City, Rochester, Saratoga Springs, Syracuse and White Plains, as well as Washington D.C., New Haven, Connecticut and Newark, New Jersey.