Today, OCR posted new guidance on our mHealth Developer Portal [] to provide scenarios where the Health Insurance Portability and Accountability Act (HIPAA) regulations might apply to mobile health applications.  We hope these new scenarios will help developers determine how federal regulations might apply to products they are building; we also hope they will reduce some of the uncertainty that can be a barrier to innovation.

The new guidance follows OCR’s release last fall of a “developer portal,” a platform linked to the OCR privacy site [] that enables mobile health developers and others to get a better understanding of how HIPAA regulations apply to new technologies. The portal also helps us understand where to focus our guidance and outreach on HIPAA.  If you have not checked it out yet, take a look.

We built the portal specifically to reach developers, but the site is open for browsing by anyone; users who want to submit questions, offer comments on other submissions or vote on the relevancy of questions posed by others must register, but users remain anonymous and OCR does not have access to registration information (which is maintained by Ideascale, the content host).

OCR has already answered a number of questions posted on the developer portal and will continue to provide answers through guidance where appropriate.  So please visit the site, vote on topics, add your comments, and help us prioritize our guidance and outreach work.

If you have questions about this site you may send an email to

You may also reach us through

Follow OCR on Twitter at