I'm surprised that this doesn't fall close to the FDA's approval process for medical devices. When I worked at a medical device company and had external training on the requirements, they specified that even a toothbrush could be considered a class 1 medical device[0][1], worthy of a 510k filing. Maybe the apps in question are simply "communications programs" for communications between doctors/therapists and patients, but in that case it seems like HIPAA would apply to these. If they have any algorithms whatsoever, they are definitely medical devices, IMO, though I couldn't find a classification for anything like a "mental health algorithm software" type device. It could be that mental health apps are a gap that the FDA hasn't closed yet?
Overall, it seems to be just another case of "move fast and break things" where the "things" are laws. I am not impressed by the corporate greed that seems to be driven by the insane amounts of venture capitalism we have today. To me, it seems like commercial activity in every industry has been hit with an "unethical stick" and all anyone cares about is $$$$$$$$$$$$$$$$$$$$$$$$$.
> I'm surprised that this doesn't fall close to the FDA's approval process for medical devices.
It will, but it takes a while. So far, medical apps where basically ignored by regulation, but that is about to change. In Germany, you can now register apps as "digital health apps" with regulators [1]. This created a new market, because now the app can be paid for by insurance policies. Hence, most apps already approved are in the "mental health" category and charge about €2,000 per year. Cheap compared to traditional treatments, expensive for a consumer app.
This has benefits and downsides.
Main benefits: Apps must comply with regulatory affairs. There must be data to support that the apps work as advertised. App developers must think about risk for the user/patient and how to manage it.
Main drawbacks: Considering the replication crisis in psychology, there is incentive to create weak evidence. Apps can claim to work, because they did a bunch of studies, but in reality, the app is useless. Since customers don't have to pay for them, but insurance companies do, there is less pushback from actual customers. Why would they care about a free product not working as advertised?
So far, this is something within Germany. I can imagine that other countries will follow. Add the new Medical Device Regulation (MDR), which harmonizes medical device regulations within the EU. The next step will be some global harmonization and thus, enabling these kinds of new markets for prescribed apps.
>Providers who submit HIPAA transactions, like claims, electronically are covered.
If you aren't doing any sort of "transactions" (ie not submitting insurance claims) then you don't have to comply with HIPAA - even if you are providing health services and are storing and processing health information.
The "I" in HIPAA stands for "insurance," as a general rule, if an insurance company is never involved HIPAA probably doesn't apply.
HIPAA is extremely misunderstood, people think it is a general medical privacy law, but it is not, it's a law that regulates insurance companies.
It's been a few years since I read through HIPAA. If insurance pays, generally it will be a HIPAA entity. However, a company can be a "hybrid" entity and logically separate it's HIPAA and non-HIPAA services. So, just because a company accepts insurance, doesn't mean all services are HIPAA compliant.
Lastly, I think (but don't quote me on this), there's a way for an insurer to cover something as a "benefit" of sorts without it being tied to HIPAA.
At the end of the day, my understanding is everything is tied back to CMS.
Overall, it seems to be just another case of "move fast and break things" where the "things" are laws. I am not impressed by the corporate greed that seems to be driven by the insane amounts of venture capitalism we have today. To me, it seems like commercial activity in every industry has been hit with an "unethical stick" and all anyone cares about is $$$$$$$$$$$$$$$$$$$$$$$$$.
[0] https://www.fda.gov/medical-devices/overview-device-regulati...
[1] search "toothbrush" here: https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfpcd/cla...
[none] see "floss" for dental floss, another class 1 medical device: https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfpcd/cla...