FDA-logo

I thought I was done posting for today, until I came across this. The FDA is working on a proposed rule to regulate medical device data that is acquired and stored directly into the EMR's database.

“As the ability for direct capture evolves, the current direction FDA is heading is the medical record becomes part of the device,” he [Tim Stitely, the FDA’s chief information officer] said after a panel discussion on health information technology at the 27th annual Management of Change conference, sponsored by the Industry Advisory Council and the American Council for Technology. “I don’t think now [EHRs] as defined will be regulated by the FDA. It is not a medical device, food, drug or other thing we regulate.”

Many connectivity features support two predominate use models and can be configured to send acquired data directly to the database or to embargo data until it is reviewed and verified by a clinician. It is not surprising that the FDA would take an interest in systems where device data goes directly into an application that is used to manage patient care. In diagnostic imaging, imaging modalities interoperate with PACS for making patient diagnoses - and PACS are regulated medical devices. While EMRs are not used to make a diagnosis like a PACS, they do manage data from which diagnosis and treatment decisions are made. We may yet see a day when EMRs care delivery applications are regulated as medical devices.

There are many use cases where device data is electronically acquired and held until it is reviewed by a clinician, after which it becomes part of the patient record. This review step exists for two reasons, 1) data from the physiological parameter is unreliable (and the frequency of acquisition does not allow averaging to filter out bad readings), and 2) it serves as a security blanket for the user who doesn't trust computers. One of the problems with this approach is that it makes all medical device data retrospective. For real automation at the point of care - and all the patient safety improvements this implies - medical device data must be near real time, and not something that occurred an hour ago or requires the physical presence of the caregiver.

Don't expect EMR vendors to rush out to get pre market approval for their products (although it will probably come to this at some point in the future). And this certainly raises questions for folks like AllScripts and their Universal Application Integrator on the software side compared with say the Welch Allyn their connectivity SDK (which has a 510(k)). Medical device vendors will carry most of this new regulatory load, as will some specialized connectivity vendors. Expect to see some vendors turn off their "direct to database" feature and stick with clinician reviewed/batch connectivity, regardless of market requirements, because "we don't do 510(k)s."

If you need help, let me know.

UPDATE: Reader JM suggests that at least some FDA regulations should be applied to EMRs. I would agree that HIT vendors should at least be required to comply with the FDA's Quality System regulation for clinical applications used in managing, treating or diagnosing patients. Requiring pre market approval may be a bit much for many types of applications.

In reading this comment, something else struck me: the "enginification" of HIT applications (noted first in the last paragraph of this post). There is a new and growing risk in the configuration of HIT applications, above and beyond the design of those systems. This recalls the patient safety controversy of a couple years ago with poorly configured CPOE systems that resulted in patient injury. (See this and this.)

The risks inherent in some application configuration also extends to hospital networks. As unregulated enterprise networks carry an increasing amount of life-critical data, the proper design, configuration, management, and monitoring of the network - both wired and wireless - is critical to realizing the full effectiveness and safety of the regulated medical devices that are connected to them. The level of network documentation that I've seen in some hospitals is sometimes no more than a PowerPoint diagram.