Farzad Mostashari, MD, the outgoing National Coordinator for Health IT, has been a champion of tapping into the mobile revolution to bolster patient-provider relationships and, ultimately, care delivery during his four-year tenure.

Last week, Mostashari spoke with mHealthNews Editor Eric Wicklund and other editors of the HIMSS Media Group. He discussed a range of topics, including his office’s proudest achievements in the mHealth arena, the one thing the ONC has strived to avoid, and his take on the debate about adding another agency to regulate mHealth.

Q: What have been your greatest accomplishments promoting and advancing mhealth?

A: "First of all, categorically, I need to correct that I haven’t had any accomplishments here that didn't build on or weren’t really the work done by the staff here and the broader health IT community. So I’ll answer the question: What has been accomplished in moving mHealth forward in the last four years? There are a couple of things. The first is we have, I think, stayed out of its way, let it flourish, and that’s important. So the work we’ve done with the FDA, with the FCC, to enable innovation in that space, and it continues to this day with the FDASIA hearings that we’ve had with regard to balancing innovation with a regulatory framework to provide clear lanes. The mobile guidance that we worked on with FDA, I thought, was right on the mark to enable this growth to occur has been critical.

[See also: FDA releases final rules on mobile apps.]

The second has been pointing those innovators in the direction of things that matter, because a lot of the innovators don't really have a grasp of what the needs of the situation are. So things like our challenges and prizes and awards programs to focus the attention of that mHealth space on real-world problems … signals to where we’re going, whether you talk about Blue Button and the Blue Button Mashup Challenge or the Heart Check Challenge, and so forth.

The third has been to provide a framework and consistency around security, because one of the main concerns and potential stumbling blocks to mHealth is going to be if there are compromises to privacy and security. So the work we did with NIST, with the FDA and with the Office of Civil Rights in terms of creating educational materials, the summit on mHealth security, Leon (Rodriguez, the OCR's director) and I just did a Medscape piece, with CME, around mobile security. So that’s the third.

Regulatory clarity, pointing in a new direction, and supporting privacy and security are three ways. And then in terms of staying out of the way (and) making sure that, despite what you may hear, we have been working very hard to avoid over-specifying in certification how things are to be done. When we talk about patient access to their own information we didn't say that ‘it needs to be a website.’ We explicitly made it possible for that to be fulfilled through a mobile app – which I think is the way connected health is going to go. It’s not going to be websites. When we talked about in certification that information should be encrypted when it’s on end devices if that information persists, that’s enabling mobile applications for clinical care, both increasing their security but also pointing the way toward (the reality that) you don't really need to persist the data on the mobile device. If you establish a connection, then when that connection is broken – Poof – the data is never persisted on the mobile device."

[See also: 'Ethical hacker' calls BYOD a nightmare.]

A: "I think more than anything it’s been being open to some of the possibilities in this space. When hardware becomes ubiquitous, when software becomes ubiquitous, when platforms and connectedness become ubiquitous, it changes everything, and I think the mobile revolution both for patients and for providers is going to be one of those huge – to use an overused phrase – game changers. Just the iPhone 5S is a game changer for patient and provider authentication potentially. Ubiquitous sensors are another. It’s great, and our job is to enable this community to continue evolving at tech speed rather than at med speed. 

Q: Should there be a new department created to regulate mHealth, or can that be handled by the FDA, ONC, or FCC? Is it even realistic to create one that would keep up?

A: "I think we should use exiting regulatory authorities and streamline them to avoid regulatory duplication. Adding another regulatory agency is rarely the solution."

Government Health IT Editor Tom Sullivan contributed to this report.