Enterprise Mobility and Regulation
Whether you build a Mobile Apps as part of a public product or service, or develop in-house Mobile Apps to support your own business processes, it is useful to keep an eye on what the government regulators are up to regarding all things mobile. There is a lot of debate about what, if anything, requires regulation, and what those regulations should be.
For example, many companies have developed customer facing mobile applications that enable them to engage directly with their customers. These are especially popular among retailers, but they also commonly used by insurance providers, financial services companies, and various kinds of publishers. Many of these mobile apps do more than provide special features, products, and services for customers. They also provide a direct communication channel to customers. And, they can collect information. Given the nature of mobile devices today, that information may go way beyond what you might normally collect from the user interacting with the application. It might include geographical information (for example, where was the person located when they clicked on that feature?), or personal profile information in the context of phone actions. This may be useful information for marketing purposes, but it is also personal information. I personally feel there should also be aspects of self regulation, for example the collection of this information should be clearly stated and even the possibility of opting out given the the Mobile App end-user.
What are the regulations related to collecting this kind of information? That’s a good question, and there is a lot of discussion among regulators and others in the industry about this, but right now there are no clear answers. What is gradually emerging, is a lot of regulatory discussion in two principle areas: healthcare and privacy.
Last summer, in the U.S. the FDA issued a press release calling for public input on regulatory guidance pertaining to mobile devices and applications used in healthcare. Specifically they wanted to focus on mobile applications that:
“a. are used as an accessory to medical device already regulated by the FDA (For example, an application that allows a health care professional to make a specific diagnosis by viewing a medical image from a picture archiving and communication system (PACS) on a smartphone or a mobile tablet); or
b. transform a mobile communications device into a regulated medical device by using attachments, sensors or other devices (For example, an application that turns a smartphone into an ECG machine to detect abnormal heart rhythms or determine if a patient is experiencing a heart attack).”
Suggestions have been coming in. For instance, late last year the American Telemedicine Association suggested, that FDA classify mobile health tools under five categories:
• Medical Information and Measurement Capture Systems
• Data Aggregators
• Communication Technologies
• Network Infrastructure Tools
• Health Care Provider Graphic User Interfaces
Obviously this discussion is in its early stages, but there is little doubt that the FDA will eventually regulate healthcare related mobile apps. Any business that releases a mobile healthcare app, whether it is a health care provider, a device manufacturer, or a pharmacy, should pay attention to this ongoing regulatory discussion.
In the area of privacy, the U.S. Federal Trade Commission has long been interested in how companies use, store, and protect personal data. Some years ago the FTC released the Fair Information Practice Principles to articulate basic guidelines. Although these guidelines are not legally binding, they have become the bases for many state and federal rules regarding the handling of personal information. Recently here in Europe, the European Union has proposed new rules to govern privacy among EU nations.
Mobility has added a new dimension to the kinds of information that it is technically possible to collect, and that has regulators taking a close look at rules governing personal data. It is also important to note that regulations in this area can vary from one country to another.
The take-away here is that if you are building applications that are healthcare or finance related or designed for use by consumers, it is a good idea to consider the regulatory environment as part of your application planning and design.
Please follow me on Twitter @ithain