One of the great promises of wearable Health Tech devices and the “quantified person” is that we will be able to collect massive amounts of data about individuals and communities that will allow us to extract correlations that will help healthcare professionals identify disease and chronic conditions early. The result will be lower-cost treatments that are more effective with better outcomes for patients.

There are many significant obstacles standing between the present situation and this bright future. One of the biggest barriers to progress is the maze of laws and regulations that apply to healthcare systems, from information to devices and services. And one of the primary concerns is the security of patient data. The U.S. Department of Health and Human Services is responsible for implementing the laws about this information, and one of the key laws is the Health Insurance Portability and Accountability Act of 1996, known more familiarly by its acronym, HIPAA. This law is intended to protect the privacy and security of patient data. This law gives individuals rights to see their own health records, as well as limit who else can access the information. One problem for mobile health and connected health product developers, however, is it’s not entirely clear what their responsibilities are, and what the recommended practices are.

The Office of Civil Rights issued new guidance for professionals last month. One of the industry groups affected by this is the App Association. In a statement, the group indicated that this was a good start, but that more information is needed. According to the Executive Director Morgan Reed, “recent regulatory shifts place greater value on the use of patient-generated health data by care providers. But, the companies that make the apps and devices that consumers find so useful must have clear guidelines to continue innovating in this life-changing space.”

Regulations about privacy and data security are essential for this industry, but at the same time, developers must have a clear understanding of the rules so that they can make informed decisions about whether they want to create products and services that have to comply with these rules. And then they need to be able to move forward, confident that they will be meeting the requirements. Protecting the privacy of patient data is important, but the government needs to be able to do so without stifling development.