mHealth Regulation, Legislation, and Cybersecurity

The pervasiveness of regulation in the health-care industry generally presumes an inevitability of extension into the mHealth sector. Although following the money cannot be discounted, the key drivers for mHealth regulation are protecting the privacy and security of personal health information and protecting consumers from mHealth applications that do not perform as marketed or, worse, cause harm as a result of use. The two dominant pieces of legislation that will affect the security parameters of mHealth apps are the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act, commonly referred to as the HITECH Act. Both laws have far-reaching requirements that must be considered by organizations that include mHealth products and services in their business portfolio. In particular, the HIPAA Privacy and Security Rules and the Centers for Medicare and Medicaid Services standards for meaningful use deserve close attention. Cybersecurity, protection of electronic information transmitted across wireless networks, is an increasingly important component of an organization’s information resource management program. The security challenges inherent in mobile computing may be intensified for organizations that choose a cloud strategy, a maximal version of distributed network architecture. With an increasing volume of security breaches and financial losses averaging more than US$ 2 million per incident, many organizations are investing in cybersecurity insurance. In the final assessment, regulation of mHealth may provide more benefits than restrictions.