Interesting article that tries to summarize some of the latest HHS guidance. Includes “If the individual’s app – chosen by an individual to receive the individual’s requested ePHI – was not provided by or on behalf of the covered entity (and, thus, does not create, receive, transmit, or maintain ePHI on its behalf), the covered entity would not be liable under the HIPAA Rules for any subsequent use or disclosure of the requested ePHI received by the app,” officials explained.
https://healthitsecurity.com/news/hhs-clarifies-hipaa-liability-around-third-party-health-apps