Light topic for the weekend: HIPAA is a strange one!  Pascal Werner 10 May 2024

Light topic for the weekend: HIPAA is a strange one! 

HIPAA Regulations

Typically when speaking with (potential) clients about which regulations apply the hope is always that they don’t. HIPAA is different. People seem to want to do it, no idea why. But the funny thing is that it’s, first of all, a requirement for covered entities. And DTx is typically not a covered entity. However, it may become indirectly required if the DTx is used by a covered entity. 

In other words: check if you are a covered entity or if the product is used by one. If not, you’re not bound by HIPAA (and you should not put that on your website either). 
However, this does not mean you shouldn’t take data privacy and security seriously. And if you do that properly you also have the hard work done for HIPAA compliance. You could state that you’re HIPAA-ready or prepared to act as a business associate; meaning your product is used by a covered entity.

But please, do yourself a favor and don’t claim that your product or service is HIPAA-compliant if it’s not applicable. Otherwise, it looks like you don’t know the most basic definition of it.

Contact Digital Health Works
Contact Pascal Werner
Pascal is a seasoned regulatory consultant, with roots in the startup landscape in Berlin.
He’s not only a SaMD expert, but he also has a engineering background and knows his way around coding.

Let's start a conversation...