Lexology May 21, 2019
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) released a new set of Health Insurance Portability and Accountability Act (HIPAA) FAQs building upon prior guidance from OCR. The new FAQs discuss the applicability of HIPAA to covered entities and business associates that interact with health apps and explain when HIPAA regulated entities may be held vicariously liable for data breaches experienced by the health app providers.
The new FAQs reiterate that a covered entity will not be liable for a breach of health information if the health app is not provided by or on behalf of the covered entity. Determining an app was developed for, or provided...