COVID-19 has rapidly accelerated our expectations that virtual connection can deliver better and more economical care. As a result, digital health companies have an unprecedented opportunity to innovate, but with that opportunity also comes significant regulatory challenges related to the collection and processing of personal health information. What legal requirements apply to the processing of health information? What are the risks associated with noncompliance? In this brief primer, we provide answers to these questions, and a window to what may lay next on the horizon.

Frequently Asked Questions

What federal laws may apply to digital health companies, and what do they generally require?

HIPAA

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that protects certain health information. When considering whether HIPAA applies to your activities, it is best to start with the question "who is holding the information?" rather than, "what is the nature of the information?"

HIPAA applies to "covered entities," which are healthcare providers, health plans (insurers), and healthcare clearing houses:

Healthcare Providers	Health Plans	Healthcare Clearing Houses
This includes providers such as: Doctors Clinics Psychologists Dentists Chiropractors Nursing homes Pharmacies if they transmit any information in an electronic form in connection with a transaction for which the U.S. Department of Health and Human Services (HHS) has adopted a...

Read Full Story: https://www.wsgr.com/en/insights/privacy-and-security-of-health-information-a...