Tag Archives: HIPAA

Medical Software Compliance & HIPAA’s Protection of Patient Data

Leave a reply

banner showing medical device software verification validation and compliance concept

Software as a Medical Device (SaMD) is defined by the FDA as “software intended to be used for one or more medical purposes that perform these purposes without being part of a hardware medical device.” Within the medical device industry, SaMD and cybersecurity have been a topic of conversation as the FDA implements a regulatory framework for digital platforms. As manufacturers develop innovative methods to utilize software to collect patient data, they need to ensure their products protect patient data privacy and any potential data breaches. The Health Insurance Portability and Accountability Act (HIPAA) has provided the healthcare industry with a set of standards and framework to address data protection.

HIPAA was issued by the Department of Health and Human Services to protect patient health information in insurance, healthcare, and hospital settings by the creation of standards. These entities who collect, receive or store protected health information are required to comply with HIPAA standards and must perform audits to identify potential data violations or cybersecurity breaches.

The methods of collecting, receiving, and storing protected health information continues to evolve with advances in healthcare IT technology. Medical devices are an integral part of the infrastructure that collects, receives, and stores patient data.

Medical Device Manufacturers Must Ensure Medical Software Is HIPPA Compliant

Four Factors Software as a Medical Device Manufacturers Should Ask Themselves To Understand if They Need To Be Compliant With HIPAA

  • • What is the purpose of collecting this data?
  • • Is this data identifiable or using any protected health information (PHI)?
  • • Who will have access to any PHI? Only the data’s owner (i.e., patient), a medical professional, third-party associates, manufacturer?
  • • Which of these entities will get access to PHI from the software?

In the medical device world, manufacturers perform verification and validation testing to ensure their products meet the defined design inputs and defined user needs. HIPAA compliance and cybersecurity is no different and will need to be a part of the software design requirements. Manufacturers are obligated to perform verification and validation testing on software to ensure compliance with the requirements defined by HIPAA standards.

HIPAA regulations ensure that patient’s data is protected and that the entities that house this data have processes in place to protect patient data in the case of any data breaches or threats. Manufacturers share the responsibility to ensure data safety by performing verification and validation testing for their software against reasonably anticipated data risks.

Contact DeviceLab Today For HIPAA Compliant Medical Device Software Development Services

At DeviceLab, we provide a full-service device design and engineering company that takes your idea from concept to production. When we create a device, we design the software to help you achieve regulatory compliance and meet HIPAA standards. Our systems will ensure data collected by your medical device is secure and protected from unauthorized access and tampering, using encrypted transmission protocols and validation testing. To schedule a free and confidential consultation, contact us today.

Top 3 Medical Device Design and Development News and Blogs of the Week: March 26, 2017

Orange County Medical Device Design & Development Company DeviceLab Shares Top News and Blogs from the Week Ending 3/26/2017

DeviceLab is keenly interested in diverse aspects that relate to medical device design and development—in particular, mHealth and healthcare IoT. When we find information particularly exceptional or interesting, we often share it on our @devicelab Twitter feed (which we encourage you to follow). This is a weekly post that shares the best medical device design and development information that we found from the previous week.

 

1. How Do HIPAA Regulations Apply to Wearable Devices?

This is a compelling question, especially as we are preparing to make an announcement about a recent HIPAA-compliant network certification we received. But back to the question: How do HIPAA regulations apply to wearable medical devices?

 

As the article attempts to answer, “There is a lot of ambiguity about exactly where HIPAA is triggered and where it’s not.” The ambiguity primarily relates to the relationship between the user and whom has access to the shared data.

 

If the whom is a “covered entity” such as “health plans, healthcare clearinghouses and certain providers that engage in certain payment and other financial transactions,” then it’s more likely that HIPAA regulations apply.

Otherwise, if the whom is not a “covered entity” that is “just interacting with the individual,” then HIPAA regulations probably don’t apply.

 

As this “ambiguity” has some significant impact in the need to ensure HIPAA compliance for a new wearable medical device during the crucial design and development phases, we will certainly be examining this topic in more detail in the near future.

 

2. Opinion: For Unobtrusive Wearables, Consider the UX From all Angles

UX, which of course is short for “user experience,” is one of many components of a truly superior medical device—wearable or not.

 

The article explains that “unobtrusive wearable tech used to be an oxymoron” because until recently, wearable medical device designers weren’t always able to provide “devices that function so naturally, wearers don’t even notice they have them on.”

 

We take some exception to that notion because the point of any new medical device innovation is to either introduce a device that doesn’t exist or to improve upon it if it does. Just because a medical device can now be worn doesn’t it mean UX—comfort, convenience, ease of use—should be sacrificed or reduced.

 

But, that is why we recognize the value of this article: It supports our philosophies for wearable medical device UX and it provides some excellent suggestions for achieving the “lofty goal” of designing wearables that aren’t intrusive.

 

3. Deciphering the Alphabet Soup of IoT Acronyms and Protocols

College professors can be divided into two groups: Those that have “open book” exams and those that don’t. Professors that subscribe to “open book” exams often say the goal is to teach people how to continue learning and quickly access new information.

 

This article fits well within that context because just a few years ago, the “Internet of Things” and “IoT” were relatively obscure concepts. But as IoT continues to gain traction in a variety of industries—including medical devices—so does the “pertinent Internet of Things terminology you should be keeping your eye on.”
No, there won’t be a pop quiz next week, but do try to see how many you know—and how many you could or should learn.