Why is this Important? You have to understand what privacy laws, compliance reporting, and regulatory agencies will apply to your software, if any, and how that will impact payment from payers, providers, and patients.
|Key Actions||Things to Consider||Tool Kit|
|Find professional regulatory consultant||Find a consultant with domain expertise (e.g. electronic medical records, HIPAA)|
|Identify any privacy laws or regulations that may apply to your product/service and outline an action plan||What are the HIPAA requirements?
Any tool you use will not maintain compliance by itself.
If offering a treatment alternative, you may need to do clinical trials to prove efficacy or equivalence to the FDA
Look into applicable state privacy laws
|FDA, FTC, & Office of Civil Rights (OCR) Guidelines|
|Identify how you will keep data and other user information secure||What infrastructure are you using? Encryption?
Watch out for the security of the providers/systems you might interface with
Make it “secure by design”: Encrypt while generating, in transit, and in storage. Doing this from the start is easier and cheaper than retrofitting security later on.
Be especially diligent about Personally Identifiable Information (PII) and Protected Health Information (PHI)
|Outline clinical trials required and timing||This is critical if seeking to obtain reimbursement from private insurance and Medicare/Medicaid|