California passed the most comprehensive privacy law in the U.S. on June 28, 2018, with a compliance date of January 1, 2020. For mobile health app developers, that date may seem far away, but the California law will require significant and challenging operational changes. It is unclear whether the law will apply to protected health information of mobile health app developers who are business associates under HIPAA. But for more consumer-focused apps that fall outside of HIPAA, the California law will certainly require significant changes, ranging from updating privacy policies to implementing a consumer right of erasure. The law will affect most businesses that do business in California and have information about California residents, even if the business is located outside of California.
Writing for healthcareinfosecurity.com, former Health and Human Services, Office of Civil Rights (OCR) attorney, David Holtzman predicts that in 2016, the OCR will aggressively increase their number of audits to enforce compliance among health care providers and their business associates, with the Health Insurance Portability and Accountability Act (HIPAA) patient privacy and security law.
Many telehealth and mHealth app developers are concerned about whether or not their app is a medical device