The regulatory context of mobile health in the United States and a conceptual framework for privacy and security
The advent of mHealth technologies is changing the patient health information exchange landscape, with patients becoming increasingly involved in the management of their health and health data. However, current United States (US) federal regulations, specifically the Health Insurance Portability and Accountability Act (HIPAA), require only ‘covered entities’ to comply with privacy and security provisions, leaving patientgenerated health information vulnerable to privacy and security threats. Federal policymakers must acknowledge the interconnectedness of the current mHealth landscape to draft global policy protecting patient health information. The work presented in this paper provides a clear conceptual framework with which public and private sector healthcare leaders can develop robust privacy and security policies and procedures. Managed care decision makers should extend their efforts to protect patient data on mobile platforms beyond what is required by HIPAA. Advances in reforming healthcare through the Affordable Care Act will benefit from expanding privacy and security regulations that take account of the principles set forth in this paper.