Here’s what you need to know if you are a health startup
Health-related startups have the potential to be among the most profitable businesses of 2017 and could bring much-needed, innovative medical care to people with a range of conditions. While medical privacy regulations ensure vital protection and are an essential check against unethical medical practices, they can be cumbersome for startups to ensure their product meets all necessary standards.
Here’s what you need to know about what’s at stake.
HIPAA: The inside view
It’s worth noting that HIPAA doesn’t cover all medical technology. It only applies to identifying information.
That means medical device numbers need to be kept private so they can’t be linked to an individual, biometric data needs to be secure, and no information about an individual’s diagnoses or treatments can be released.
Most importantly, any device that can collect or transmit medical information has to comply with HIPAA standards. That includes high levels of encryption, multi-factor verification, and other tactics to prevent unauthorized individuals from getting access to medical information.
In this regard, the majority of diagnostic tools and any medical tech that falls within the Internet of Things (IoT) is affected by HIPAA.
Low risk or high risk?
What confuses many people about HIPAA and medical tech development is the majority of us have some kind of health-related app on our phone. Are these apps covered by HIPAA?
In general, the answer is no. Though the FDA recommends companies establish privacy practices for general wellness tools, most apps are considered low risk. The only apps required to be in compliance with HIPAA are ones that transmit or store protected health information.
These apps are considered high risk. Apps used by covered entities such as doctors’ offices and their associates are also required to be HIPAA compliant.
Beyond apps, it’s more likely that a medical device is covered by HIPAA. Unless the item is unable to store or transmit information — thus, it’s very low tech — the product will need to be to be compliant with HIPAA.
Regulations or restrictions?
Most medical tech startups aren’t well versed in HIPAA regulations. Even if they study up on the law, it can be hard to meet all the requirements and stay on budget. Typically, receiving venture capital is vital to the success of a startup, especially in the medical industry, but any product impacted by government regulations is less likely to receive venture capital.
Telehealth, also known as systems that enable doctors to meet with patients via webcam and bring medical care to isolated areas, has perhaps the greatest potential of any technology to change the way we practice medicine today. But under HIPAA, it’s been difficult to bring such technology to market.
One of the few firms that’s been successful to date is Fruit Street. The company’s telemedicine software is HIPAA compliant and registered with the FDA.
It can help doctors consult with patients and monitor their health across great distances, but fully encrypting these videos and all medical data was a costly challenge. Live video is generally considered to be one of the least secure forms of communication, and is rarely seen in HIPAA-compliant devices.
Seemingly simpler in terms of compliance concerns would be a startup like RightEye that has raised $4 million from investors to develop its eye-tracking software. The software uses eye tracking to test for autism spectrum disorder (AS) and dyslexia.
That may take the company a good way toward developing the diagnostic software, but will it be enough to bring RightEye into alignment with all necessary HIPAA requirements? Compared to the requirements facing the telehealth industry, the odds look good. But it could be years before we know the outcome due to FDA timelines.
Though HIPAA can be the cause of frustration and contention for startups, if telehealth systems have managed to overcome the many hurdles, other companies and devices can too. HIPAA may delay a product’s race to market for a while, and it may increase expenses for developers and early end-users, but it’s less expensive to enter the market in compliance than to have to pay the fines afterward.
The views expressed are of the author.
Geektime invites global tech and startup professionals to share their opinions and expertise with our readers. If you would like to share your point of view, please contact us at [email protected]