Valuing Private Certification
There are currently several private entities that seek to certify medical apps, connectivity solutions, EHR record exchange, and other products, services and people in our sphere of interest. Given the ongoing proliferation of private certifications, there is a growing need to evaluate them, judge their relative costs and benefits, and determine which – if any – are worth adopting as either the one certified or as the consumer of certified products or services.
These private activities are usually distinct from governmental requirements (e.g. FDA or FTC compliance, or state licensing), although in the case of EHR Meaningful Use (MU) certification, private entities function on behalf of the federal government to certify compliant EHRs. Note here that compliant EHRs are those that are capable of achieving MU. Purchasing a product that is thus certified is a prerequisite for a provider then achieving MU.
How Big a Loophole is “Wellness”?
The medical app and regulatory pot is being stirred as products continue to appear, including those with questionable FDA credentials, or lack of credentials.
As discussed in our earlier posts on apps regulation (here and here), an app is a medical device if its meets the congressionally mandated and FDA enforced definition of a medical device as something whose intended use “is for the diagnosis of disease or other conditions, or the cure, mitigation, treatment, or prevention of disease, or is intended to affect the structure or any function of the body of man”. As stated in the FDA’s Draft Guidance, omitted from this definition, and therefore not medical devices, are apps “that are solely used to log, record, track, evaluate, or make decisions or suggestions related to developing or maintaining general health and wellness.”
mHealth update – Sept 2012
Since my last blog post here at Medical Connectivity there have been some mHealth updates that may be of interest to the blog readers.
USA and FCC
Just this week the FCC released its task force findings on mHealth. The overarching goal given to the task force was: “By 2017 mHealth, wireless health and e-Care solutions will be routinely available as part of best practices for medical care.” They were to produce actionable recommendations that could be taken by the FCC, other regulatory agencies and industry to reach this goal. The FCC committed to implementing five specific actions in the list produced by the task force:
a) Immediately recruit for an FCC Medical Director position
b) Develop and execute a health care stakeholder outreach plan to promote greater collaboration between the FCC and the health care sector on policies at the intersection of communications and health.
c) Direct the International Bureau to work with FCC counterparts in other countries to encourage them to make spectrum available for MBANs and to discuss possible spectrum harmonization to allow for medically safe cross-border patient travel and better economies of scale for device makers.
d) Consider an Order by the end of this year to comprehensively reform and modernize the Rural Health Care Program, and
e) Consider an Order by the end of this year to streamline our experimental licensing rules to promote and encourage the creation of wireless health “test beds” to permit easier testing of mHealth devices.
The FTC Weighs in With Mobile App Advice
Those of us engaged in medical devices and their connectivity often (or perhaps not often enough) look to the FDA for regulation and guidance. In these pages there has been discussion of FDA regulation generally (here), as applied to Medical Device Data Systems (MDDS) (here), medical device mobile apps (here and here), and clinical decision support systems (here)
We sometimes remember that there are also other government agencies that may have impact on what we do. For examples the role of the FCC has been discussed here with respect to medical device wireless applications, and more recently the prospect of the FCC taking away part of the Wireless Medical Telemetry Spectrum (WMTS) has received attention in clinical engineering circles (while no one else seems to care). CMS is always of interest with respect to medical device reimbursement, and more recently with respect to meaningful use of electronic health records (EHR), which may or may not be medical devices. Advertising of medical devices is regulated by both the FDA and the FTC, and some over-the-counter devices bridge the FDA and Consumer Products Safety Commission divide. The FTC (but curiously not the FDA) has previously gone after smart phone acne treatment apps because of their “baseless claims.” When there is dual authority and a need for regulatory action I have wondered if having two responsible agencies is worse than having just one (leading to some new math such as 1+1 < 2, and might even be <1).
Obama Signs Law to Regulate HIT – Someday
Today, July 11, 2012, President Obama signed into law the Food and Drug Administration Safety and Innovation Act. Applauded by big pharma, the American Medical Association, the National Organization for Rare Disorders, and others, this new legislation reauthorizes various user fees, and revises regulations in an effort to address problems around drug shortages, the paucity of therapies for rare diseases, and improving availability of pediatric drugs and devices. For regulatory geeks, there is also new language around the “least burdensome standard,” modification of de novo application process, reclassification procedures and more. You can see a bill summary of the legislation here, and download the actual law here (pdf).
Unique Device Identifier
Two things in the FDASIA (pronounced “F-D-A sigh”) jumped out at me: unique device identifier and health information technology. Section 614 directs the Secretary of HHS to issue proposed unique device identifier (UDI) regulations by December 31, 2012, and to finalize the proposed regulations not later than 6 months after the close of the comment period.
In general, the UDI is a good thing in that it will likely contribute to improved supply chain efficiency. All the claims about improved post market surveillance, patient safety and quicker, more reliable recalls are considerably beyond the ability of what is really just a hopped up serial numbering scheme. To achieve the widely trumpeted safety benefits would require the wide adoption of an information system that does not yet exist. There are a lot of cool ways such an information system could come into being – the feds, some outfit like the ECRI Institute, or an open source software project driven by hospitals. And of course, you’d have to get health care providers to, you know, actually use the software.
Needless to say, the easy part with be getting the UDI onto products (and that’s taken years).
The big news for many folks is that there is now a legislative mandate to regulate HIT.
Lessons from a Recent Recall
A recent Class I recall (not pictured) of a medical monitor with a hospital network connected central station stimulates some generalities about software, “fixes”, and connectivity. (Class I recalls are defined by the FDA as a situation in which there is a reasonable probability that the use of, or exposure to, a violative product will cause serious adverse health consequences or death.)
The use of the product in question was given as:
- a networked solution system used to monitor a patient’s vital signs and therapy, control alarms, review Web-based diagnostic images, and access patient records. The number of monitored vital signs can be increased or decreased based on the patient’s needs
Curiously only one customer was identified as having received the product, or at least this particular version of the product. While the manufacturer and product in question is a matter of public record, and available at the link, I chose not to include it here because my objective is not to repeat the recall information, but to suggest the reasons for the recall, an associated labeling issue, and offer some general lessons.
