Developing a health app? Book an appointment with two new compliance resources

Share This Page

If you’re in the process of developing a health-related mobile app, what tools are essential to your success? The answer, according to some entrepreneurs, is innovative code, a great marketing plan, and the number of a take-out that delivers until 2AM. But have you given much thought to legal compliance? A new multi-agency interactive tool may help you determine which federal laws apply to your product. What’s more, the FTC just issued a new publication with guidance on building privacy and security into health apps.

HIPAA, the FTC Act, the Health Breach Notification Rule, and the Federal Food, Drug, and Cosmetic Act. There’s a lot for health app developers to keep in mind. But by answering 10 yes-or-no questions in the Mobile Health App Interactive Tool, you can streamline your compliance efforts. It’s a collaboration of the FTC, HHS’s Office of the National Coordinator for Health Information Technology, HHS’s Office for Civil Rights, and the FDA.

What’s the next step? If you’re covered by the FTC Act, Mobile Health App Developers: FTC Best Practices is a must-read. But regardless of the nature of your business, there are nuggets to glean from the brochure. Building on the principles of the FTC’s Start with Security initiative, the new publication offers advice tailored for health app developers. It boils down to eight best practices:

  1. Minimize data.
  2. Limit access and permissions.
  3. Keep authentication in mind.
  4. Consider the mobile ecosystem.
  5. Implement security by design.
  6. Don’t reinvent the wheel.
  7. Innovate how you communicate with users.
  8. Don’t forget about other applicable laws.

Before releasing your health app, use the interactive tool to determine the laws that may apply and consider how you can incorporate the nuts-and-bolts guidance in Mobile Health App Developers: FTC Best Practices.


Add new comment

Comment Policy

Privacy Act Statement

It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system (PDF), and user names also are part of the FTC’s computer user records system (PDF). We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.