Вы находитесь на странице: 1из 9

New Care Models

teChNology

roI payMeNt

LegaL and PoLicy

Navigating the Regulatory Framework in an mHealth Ecosystem


contents
Introduction 4-02 Where Is the Data and to Whom Does It Belong? Facility and Provider Issues 4-02 FCC: MBAN Networks 4-03 Self-developed Products4-04 Patents 4-04 Cloud Computing 4-05 Social Media 4-05 Fundamental Concepts of Medical Device Regulation in an Evolving Health IT Landscape4-06 Summary and Future State 4-08 Authors4-09 References 4-09

4
staNdards aNd INteroperabIlIty prIvaCy aNd seCurIty

s Crews St

17th

Betel S

e Prescott St
Lanier Dr

SC

Kin

10

th

Riggan St Elizabeth St

St

Elizabeth St

St

cott

th

Pre Pres

12

gg
Hawthor
y Tracy S

St

St

ull Cu NC

an Jacinto

ark

g Ct

16th

Montgome

St t d d d d d d d d d d d d d d d d d St dS ard ard pard

rez St

Ho How

ito St

annan St

unbar St

h s Spo istu em Chr al-M d spit Ho Blv tal spi Ho

St

ncis Fra

Lake St

dley St

ns

mo St

ora St

ry Ma

St

anki Ran mR Sam

n St

Ct ham Cts Gris ham Gris

Wainwrig

Guadalu

Waco St

t
Burnet St

mHIMSS Roadmap

Halsey

ard

Tarlt

St

Goliad

Nogale

Co

4-01

St

St

Pres

Nim

lema

Boli

w vie Bay ery Old etery C Cem

Be

nA

d Bel

Te Tem Par eP ple k

et Burnet St

itt D

Andrews Dr

gg Twi

Burnet St

Blu che r St

N Ca

NU

r ppe

e N Low

S 19th

St

Blu

Loritte

S Sch

St

Keys

Law

Tw

che

Star

17

Tre

Ju

Peo

New Care Models

teChNology

roI payMeNt

LegaL and PoLicy

staNdards aNd INteroperabIlIty

prIvaCy aNd seCurIty

Increasingly, mHealth is encountering regulatory barriers which inhibit the widespread adoption of mobile and wireless devices. Legislators are beginning to notice the importance of mHealth and the role of such devices in future care delivery settings. Recently, a number of legislative efforts have been discussed. There has been a noticeable uptick of legislation related to mobile devices and mHealth. However, there remains a chance that well intentioned legislation could further impact mHealth adoption. The Mobile Device Privacy Act could expand the financial impacts associated with healthcare-related data breeches. The Healthcare Innovation and Marketplace Technologies Act (HIMTA) would establish a special Office of Mobile Health at the Food and Drug Administration (FDA) to provide recommendations on mobile health application (app) issues. But, mobile and wireless devices are becoming ubiquitous and there has been an explosion of mobile applications, including for mHealth. Providers and consumers, alike, have ready access to mobile and wireless. As a result, there has been somewhat of a decentralization of the information system infrastructure, as we know it. Not being present in the same physical location is no longer a significant barrier to the exchange and flow of information. And, the demand for the instant exchange and flow of information is handled, increasingly, by cloud computing and wireless networks. As will be seen below, this section of the Roadmap addresses these evolving technological trends.

T
an Jacinto
ark
g Ct

he role of policy and the creation of legislation are intricately involved in the many

other issues addressed within mHIMSS Roadmap. To affect return on investment (ROI) and payment, changes in policy must occur. To properly incentivize physicians to change the delivery of care, the payment structure must also change. Many barriers to advancing mobile health (mHealth) reside at both the state and federal levels. A number of recent policy developments have changed the way patients, physicians, and other healthcare professionals access information and healthcare. Policy and policymaking have not kept pace with the rate of technology innovation.

Where Is the Data and to Whom Does It Belong? Facility and Provider Issues
The proliferation of mHealth technology raises several fundamental questions relating to custody of medical information One is a new variant of an old question: to what extent should records of other providers be incorporated into the clinical records of a physician, hospital, or other provider Examples of this in the mHealth context include the transmission of digital radiology images from a hospital or freestanding diagnostic center to a physicians smartphone, or the provision of telemedicine services Other issues arise from the proliferation of wellness, monitoring, and other data that could be generated by mHealth devices used by consumers to transmit information to, and receive information from, their healthcare providers Under what circumstances is the healthcare provider required to maintain records of these transmissions, to comply with regulatory requirements or to maintain an adequate record of care for legal purposes? Does the healthcare provider have ownership rights in the data transmitted, so the data can be used for research, marketing, or other purposes? Historically, some providers have been reluctant to incorporate into their own records reports, images, etc, that originated with another provider, since the receiving provider may be unable to verify the accuracy of the data However, healthcare today frequently involves coordination by many providers across the care continuum Excluding data from other providers may result in giving an incomplete picture of care rendered to the patient, which may result in substandard care or in difficulties later on with legal defense For example, if

Topics covered in this section of the Roadmap include:

Managing Patient-Generated Data The Role of Medical Body Area Networks (MBAN)-Enabled Devices Assessing Self-Developed Platforms When and What to Patent Cloud Computing Social Media Changes in Medical Device Management

s Crews St

17th

Betel S

e Prescott St
Lanier Dr

SC

Kin

10

th

Riggan St Elizabeth St

St

Elizabeth St

St

cott

th

Pre Pres

12

gg
Hawthor
y Tracy S

St

St

ull Cu NC

16th

Montgome

St t d d d d d d d d d d d d d d d d d St dS ard ard pard

rez St

Ho How

ito St

annan St

unbar St

h s Spo istu em Chr al-M d spit Ho Blv tal spi Ho

St

ncis Fra

Lake St

dley St

ns

mo St

ora St

ry Ma

St

anki Ran mR Sam

n St

Ct ham Cts Gris ham Gris

Wainwrig

Guadalu

Waco St

t
Burnet St

mHIMSS Roadmap

Halsey

ard

Tarlt

St

Goliad

Nogale

Co

4-02

St

St

Pres

Nim

lema

Boli

w vie Bay ery Old etery C Cem

Be

nA

d Bel

Te Tem Par eP ple k

et Burnet St

itt D

Andrews Dr

gg Twi

Burnet St

Blu che r St

N Ca

NU

r ppe

e N Low

S 19th

St

Blu

Loritte

S Sch

St

Keys

Law

Tw

che

Star

17

Tre

Ju

Peo

New Care Models

teChNology

roI payMeNt

LegaL and PoLicy

staNdards aNd INteroperabIlIty

prIvaCy aNd seCurIty

a radiology image from another provider is relied on for clinical decision making but excluded from the record, the rationale for the clinical decisions may be unclear Also, the definition of designated record set under HIPAA Privacy Standards includes not only the medical and billing records of the provider, but also records used, in whole or in part, by or for the covered entity to make decisions about individuals1 Concerning wellness, monitoring, and other data transmitted by consumers to their providers, the central consideration of whether or not this data should be included in the providers record is its clinical significance Accumulating vast stores of routine data may impede care by detracting from clinically relevant findings When data is shared using such devices, it would be advisable to discuss with the patient how the data will be used, so that the patients expectations are reasonable

FCC: MBAN Networks


In planning for the expanded use of wireless health, providers need to understand the role of the Federal Communications Commission (FCC) in allocating radio frequencies for medical uses The FCC has the responsibility to designate permissible uses of bands of radio frequency spectrum, so that the potential for interference is minimized In the bands approved for wireless medical communications technologies, medical devices are secondary users of spectrum For this reason, manufacturers are held to strict standards for frequency stability, emission bandwidth, and transmitter power While this is primarily a concern for manufacturers, in the case of wireless MBANs, providers also have a responsibility to register MBAN devices with a coordinator to be appointed in the near future by the FCC

Over the last several years, the FCC has expanded access to spectrum for wireless medical communications technologies, in response to the dynamic changes in this industry These include the Wireless Medical Telemetry Service (WMTS)2 and the MedRadio Service3 WMTS allows for wireless transmission of patient telemetric medical information to a central location in a hospital or other healthcare facility WMTS offers an advantage over devices that tether patients to monitoring devices via hardwired cables, because it allows for greater patient mobility and comfort MedRadio devices allow communication between an implanted or body-worn device and an external programmer/controller In November 2011, the FCC expanded the MedRadio Service to permit the use of Medical Micro-Power Networks (MMNs)4 MMNs support wideband medical implant devices that use neuromuscular stimulation to restore sensation, mobility, and other functions to paralyzed limbs and organs Most recently, on May 24, 2012, the FCC allocated spectrum for MBANs5 The FCC defines MBAN as follows: An MBAN is a low power network consisting of a MedRadio programmer/control transmitter and multiple medical body-worn devices all of which transmit or receive non-voice data or related device control commands for the purpose of measuring and recording physiological parameters and other patient information or performing diagnostic or therapeutic functions via radiated bi-or unidirectional electromagnetic signals.6 MBAN devices are allowed to operate in the 23602400 MHz band on a secondary, non-interference basis under the FCCs license-by-rule framework7 This action by the FCC makes the US the first nation to allocate spectrum for MBAN devices Examples of MBAN technology include predictive and

early warning systems used in the healthcare facility to provide continuous patient monitoring, and devices used in the home to monitor health information for the elderly or patients with chronic diseases MBANs in the healthcare facility can allow monitoring of more patients and provide greater continuity of monitoring MBAN devices designed for home use may utilize only the 2390-2400 MHz portion of the spectrum, which has no restrictions regarding location or mobile use MBANs operating in the 2360-2390 MHz band are limited to indoor locations within healthcare facilities Also, because of the need to coordinate with primary users of the spectrum, healthcare facilities that intend to operate an MBAN in the 2360-2390 MHz band are required to register with a frequency coordinator designated by the FCC Information required for the registration will include the specific frequencies or frequency range to be used; capabilities of the MBAN equipment to use the 23902400 MHz band; effective isotropic radiated power; number of programmer/controller transmitters in use at the healthcare facility, including manufacturer names and model numbers and FCC identification number; and location of the programmer/controller transmitters Allocation of spectrum for MBAN devices by no means represents the end of the FCCs activities in the area of mHealth technologies Spectrum is a finite resource and the FCC mHealth Taskforce continues to provide input on the best uses of spectrum Recently, the FCC hosted a Summit on June 6, 2012 to discuss future plans for enhanced spectrum access for wireless health innovations Providers should remain mindful of: The role of MBAN enabled devices in healthcare settings; and The need to register MBAN devices in healthcare settings

s Crews St

17th

Betel S

e Prescott St
Lanier Dr

SC

Kin

10

th

Riggan St Elizabeth St

St

Elizabeth St

St

cott

th

Pre Pres

12

gg
Hawthor
y Tracy S

St

St

ull Cu NC

an Jacinto

ark

g Ct

16th

Montgome

St t d d d d d d d d d d d d d d d d d St dS ard ard pard

rez St

Ho How

ito St

annan St

unbar St

h s Spo istu em Chr al-M d spit Ho Blv tal spi Ho

St

ncis Fra

Lake St

dley St

ns

mo St

ora St

ry Ma

St

anki Ran mR Sam

n St

Ct ham Cts Gris ham Gris

Wainwrig

Guadalu

Waco St

t
Burnet St

mHIMSS Roadmap

Halsey

ard

Tarlt

St

Goliad

Nogale

Co

4-03

St

St

Pres

Nim

lema

Boli

w vie Bay ery Old etery C Cem

Be

nA

d Bel

Te Tem Par eP ple k

et Burnet St

itt D

Andrews Dr

gg Twi

Burnet St

Blu che r St

N Ca

NU

r ppe

e N Low

S 19th

St

Blu

Loritte

S Sch

St

Keys

Law

Tw

che

Star

17

Tre

Ju

Peo

New Care Models

teChNology

roI payMeNt

LegaL and PoLicy

staNdards aNd INteroperabIlIty

prIvaCy aNd seCurIty

Self-developed Products
If your organization is developing products in-house (regardless of the nature of the product, such as software or a medical device), then your organization must take the necessary steps to ensure that it is not violating any other partys intellectual property rights and that it protects its ownership in the intellectual property Everything that we create is generally based upon something else (unless it is pioneering technology) If the products are based upon pre-existing materials which are proprietary to a third party, then appropriate license agreements should be secured in advance of the development and the terms and conditions complied with Further, the organization should ensure that the developer does not use any trade secret or other confidential or proprietary information from a third party, unless the owner of the intellectual property has expressly authorized the use Appropriate assignments and agreements, too, should be in place to ensure that the organization owns the intellectual property rights with regard to developers work product Similarly, if your organization is acquiring products that have been developed in-house, then it is a good practice to do the necessary due diligence with regard to intellectual property rights

Patents
In the United States, a patent gives the owner the right to exclude others from making, using, offering for sale, or selling the invention throughout the United States or importing the invention into the United States Each country has its own set of patent laws and therefore if patent protection is sought outside of the United States, then one must apply for patent protection in those countries of interest There are generally two types of patents One is a utility patent (for the utilitarian aspects of an invention) and the other is a design patent (for an ornamental design of an article) The standards for patentability with respect to a utility patent are that the invention must be novel, non-obvious, and be useful For a design patent, the design must be ornamental, new, and non-obvious Not every patent application which is submitted to the United States Patent and Trademark Office (USPTO) matures into a patent Based upon current statistics, the allowance rate for the grant of a patent is less than fifty-percent (50%) Plus, the average pendency time of a patent application can be two to three years at the present time Thus, there can be a long wait until a final determination is made about whether or not an invention is patentable And, it should be noted that no rights accrue while a patent application is still pending (except the right to state that an invention is patent pending); a patent owner has the right to enforce its patent rights once a patent has been granted In determining whether or not to patent an invention, there are various business considerations For example, consider whether your organization wants to make the technology proprietary and whether your organization believes your product has sufficient longevity in the

marketplace The current patent term is 14-years for design patents from the date of issuance and 20-years from the earliest effective filing date for utility patents (for applications filed on or after June 8, 1995) Another consideration is determining whether your invention is patentable You may want to conduct a patent search to assist in the determination of whether the invention is patentable You may also want to include a search of the non-patent literature references as well (since patent examiners look to both issued patents and non-patent literature references for prior art which may render your invention not new or not non-obvious) Finally, you may also want to consider whether your organization should obtain a freedom to operate opinion from a qualified patent attorney to help determine whether the product which has been invented may be made, used, or sold without infringing the patent rights of others Because patent infringement may be innocent and these enforcement actions are very expensive, this may be a worthwhile consideration for your organization, regardless of whether or not your organization seeks applying for a patent

s Crews St

17th

Betel S

e Prescott St
Lanier Dr

SC

Kin

10

th

Riggan St Elizabeth St

St

Elizabeth St

St

cott

th

Pre Pres

12

gg
Hawthor
y Tracy S

St

St

ull Cu NC

an Jacinto

ark

g Ct

16th

Montgome

St t d d d d d d d d d d d d d d d d d St dS ard ard pard

rez St

Ho How

ito St

annan St

unbar St

h s Spo istu em Chr al-M d spit Ho Blv tal spi Ho

St

ncis Fra

Lake St

dley St

ns

mo St

ora St

ry Ma

St

anki Ran mR Sam

n St

Ct ham Cts Gris ham Gris

Wainwrig

Guadalu

Waco St

t
Burnet St

mHIMSS Roadmap

Halsey

ard

Tarlt

St

Goliad

Nogale

Co

4-04

St

St

Pres

Nim

lema

Boli

w vie Bay ery Old etery C Cem

Be

nA

d Bel

Te Tem Par eP ple k

et Burnet St

itt D

Andrews Dr

gg Twi

Burnet St

Blu che r St

N Ca

NU

r ppe

e N Low

S 19th

St

Blu

Loritte

S Sch

St

Keys

Law

Tw

che

Star

17

Tre

Ju

Peo

New Care Models

teChNology

roI payMeNt

LegaL and PoLicy

staNdards aNd INteroperabIlIty

prIvaCy aNd seCurIty

Cloud Computing
Cloud computing is defined as a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (eg, networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction according to NIST Special Publication No 800-145 Essentially, applications and data may be accessed on demand from a remotely hosted computing resource Many organizations have decided to outsource their IT operations to the cloud Some organizations are backing up their data to the cloud Others are having the cloud host their applications and data But, which cloud provider should your organization pick, if it is considering a move to the cloud? Not all cloud computing providers are alike Some have better customer support and technical support than others Some have better guarantees regarding availability of the servers, power, and network availability Some have a better track record in term of data security than others Your organization may want to consider conducting due diligence on the cloud provider, such as reviewing audit reports and determining whether the provider is certified by a third party (eg, FedRAMP),

interviewing key cloud provider personnel, visiting the data center, and obtaining reviews or recommendations from third parties Your organization may also want to consider asking the cloud provider not only about their technological operations, but also about their track record as a business You may also want to consider asking the cloud provider where their data centers are geographically (such as whether the data centers are solely located in the United States) Other considerations that your organization may want to contemplate in connection with the cloud are endpoint security and the robustness of your organizations network Even if the cloud provider (and their data center) might be secure, your organization should make sure that end user devices are secure as well (and that end users are taught good security practices) This includes securing mobile and wireless devices It is also paramount that your organizations network be robust to handle the massive amounts of information being exchanged in an expedient manner This applies both to wired and wireless networks

Social Media
Mention social media, and the first things that come to mind may be social and professional networking sites such as Facebook and LinkedIn, which are increasingly accessed via mobile devices However, the world of social media also encompasses platforms for sharing of user content, such as Youtube and Tumblr, microblogging sites such as Twitter, and video

communication services such as Skype and Facetime Social media presents many potential benefits for patient engagement and development of brand identity However, it also presents several types of legal and regulatory concerns: Professionalism: Because social media is so ubiquitous, health care professionals may face new questions such as Is it ever appropriate to friend a patient? The Federation of State Medical Boards found that 92% of US medical boards have received reports of violations of professionalism using social media1 Privacy: There have been several widely reported incidents of health care professionals posting data relating to patients on social media sites2 Even if the patients name is not revealed, disclosing information that is not completely deidentified will violate the Health Insurance Portability and Accountability Act (HIPAA) Privacy Standards Employer issues: Because of the potential for violation of privacy and interference with workforce productivity, many employers adopt policies limiting employees access to and use of social media Such policies must be carefully limited to avoid interfering with employees rights to communicate with fellow employees about conditions of employment3

2 3

Federation of State Medical Boards, Model Policy Guidelines for the Appropriate Use of Social Media and Social Networking in Medical Practice, p 2 See, eg, When Facebook goes to the hospital, patients may suffer, Los Angeles Times, Aug 8, 2010 National Labor Relations Board, Report of the General Counsel, May 30, 2012

s Crews St

17th

Betel S

e Prescott St
Lanier Dr

SC

Kin

10

th

Riggan St Elizabeth St

St

Elizabeth St

St

cott

th

Pre Pres

12

gg
Hawthor
y Tracy S

St

St

ull Cu NC

an Jacinto

ark

g Ct

16th

Montgome

St t d d d d d d d d d d d d d d d d d St dS ard ard pard

rez St

Ho How

ito St

annan St

unbar St

h s Spo istu em Chr al-M d spit Ho Blv tal spi Ho

St

ncis Fra

Lake St

dley St

ns

mo St

ora St

ry Ma

St

anki Ran mR Sam

n St

Ct ham Cts Gris ham Gris

Wainwrig

Guadalu

Waco St

t
Burnet St

mHIMSS Roadmap

Halsey

ard

Tarlt

St

Goliad

Nogale

Co

4-05

St

St

Pres

Nim

lema

Boli

w vie Bay ery Old etery C Cem

Be

nA

d Bel

Te Tem Par eP ple k

et Burnet St

itt D

Andrews Dr

gg Twi

Burnet St

Blu che r St

N Ca

NU

r ppe

e N Low

S 19th

St

Blu

Loritte

S Sch

St

Keys

Law

Tw

che

Star

17

Tre

Ju

Peo

New Care Models

teChNology

roI payMeNt

LegaL and PoLicy

staNdards aNd INteroperabIlIty

prIvaCy aNd seCurIty

Fundamental Concepts of Medical Device Regulation in an Evolving Health IT Landscape


These days, a common question heard in the healthcare technology and communications industries sounds like this: Is this a medical device? As medical data is growing exponentially and medical processes are becoming increasingly automated, there is an increased demand for networked connectivity for medical devices and health information management systems through wired, wireless, and mobile networks This transformation has brought about a need for equipment vendors, developers, health IT experts, hospital administrators, and clinical IT specialists to become familiar with the triggers for regulated medical device status and whether traditionally non-regulated home grown networks and off the shelf software solutions can remain unregulated Determining whether a traditional medical device is regulated by the Food and Drug Administration (FDA) may seem obvious While a blood pressure monitor, stethoscope, thermometer, defibrillator, and MRI machine would no doubt be considered regulated medical devices, what about a smartphone with a downloaded mobile application that claims to stave off heart disease by helping the user keep track of daily exercise? Or what about a tablet PC loaded with several apps and software including a certified electronic health record (EHR), a radiological image viewing application, and other software that performs clinical decision support (CDS) analysis? Or how about a wireless router and an

associated information network system in a hospital that is modified by a hospital IT specialist to transmit and store data from a variety of medical devices and medical systems? Are any of these examples regulated medical devices? As this section explains, it depends Whether or not a product (tangible or intangible) is a medical device begins with an analysis through the lens of Section 201(h) of the Federal Food, Drug and Cosmetic Act (FFDCA) Simply stated, any productbe it hardware, software, manual, electronic, radiation emitting or notwith an intended use as defined by the FFDCA, is a device Thus, if a product is labeled, promoted, or used in a manner consistent with this definition, it will be subject to regulation by the FDA as a medical device, including pre- and post-marketing controls This is a hard concept to grasp, especially for those unfamiliar with FDA parlance or the agencys regulations It helps to start by looking at the relevant language in the Act Section 201(h) states that a device is: an instrument, apparatus, implement, machine, contrivance, implant, in vitro reagent, or other similar or related article, including any component, part, or accessory, which is intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease, in man or other animals, or intended to affect the structure or any function of the body of man or other animals, and which does not achieve its primary intended purposes through chemical action within or on the body of man or other animals and which is not dependent upon being metabolized for the achievement of its primary intended purposes. There is a lot to contemplate in that definition Most notably, what exactly is an instrument, apparatus, implement, machine, contrivance, implant, in vitro

reagent, or other similar or related article, including any component, part, or accessory? That could mean virtually anything, right? Yes It literally could mean anything Thus, a medical device is anything that is intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease, in man or other animals, or intended to affect the structure or any function of the body of man or other animals, and which is not dependent upon being metabolized for the achievement of its primary intended purposes Next, to determine if a product meets the intended use of a medical device, one must consider what the manufacturer (and in some cases its distributor) says or does with respect to the product Even the design functionality can inform the intended use of a product Think in terms of words associated with the item that are either written or spoken, or even by way of deeds performed through company representatives about the item The FDA calls any of those pronouncements the labeling of a device When a company markets a device for commercial distribution in the US, the labeling on the device identifies what it is, what it does and how it is used This includes the packaging, inserts, or messaging as inferred through promotional materials, advertising, or other public statements made about the device by the manufacturer, its representatives or executives To illustrate the significance and impact of labeling, imagine for a moment that you walk into a store There is nothing in the store except for a lonely shelf with a single product placed on the shelf The product or thing has no packaging, no markings, no lettering or instructions, no corresponding pictures, text or literature, or other symbols of any kind to help you understand the context of what that product does or what it is, or how it is

s Crews St

17th

Betel S

e Prescott St
Lanier Dr

SC

Kin

10

th

Riggan St Elizabeth St

St

Elizabeth St

St

cott

th

Pre Pres

12

gg
Hawthor
y Tracy S

St

St

ull Cu NC

an Jacinto

ark

g Ct

16th

Montgome

St t d d d d d d d d d d d d d d d d d St dS ard ard pard

rez St

Ho How

ito St

annan St

unbar St

h s Spo istu em Chr al-M d spit Ho Blv tal spi Ho

St

ncis Fra

Lake St

dley St

ns

mo St

ora St

ry Ma

St

anki Ran mR Sam

n St

Ct ham Cts Gris ham Gris

Wainwrig

Guadalu

Waco St

t
Burnet St

mHIMSS Roadmap

Halsey

ard

Tarlt

St

Goliad

Nogale

Co

4-06

St

St

Pres

Nim

lema

Boli

w vie Bay ery Old etery C Cem

Be

nA

d Bel

Te Tem Par eP ple k

et Burnet St

itt D

Andrews Dr

gg Twi

Burnet St

Blu che r St

N Ca

NU

r ppe

e N Low

S 19th

St

Blu

Loritte

S Sch

St

Keys

Law

Tw

che

Star

17

Tre

Ju

Peo

New Care Models

teChNology

roI payMeNt

LegaL and PoLicy

staNdards aNd INteroperabIlIty

prIvaCy aNd seCurIty

supposed to be used Let us also assume that its design is not obvious Thus, barring any additional information, it would be impossible to know or understand much about the product because it lacks sufficient labeling to help you, the user, understand its intended use For all you know, it is a fancy paperweight or car part That changes, the moment the product has markings, pictures, or information on it describing what it is, what it does and how it is used That labeling helps to guide its intended use Consider another example Imagine a pen sold in a retail store with nothing on its label other than a few words In fact, the package is white, has no pictures or illustrations and only lists the words: Black ink pen for writing Price $100 It is obviously not a medical device nor can a consumer (including a medical professional) derive an intended use other than for writing However, say the same pen in the same package listed the words Black ink pen for writing Sterile and may be used during surgery Price $100 Such words would change its intended use and the pen would now be a regulated medical device Labeling informs the world about the intended use of the product

and gaming functionalities Similarly, a mobile application that keeps track of exercise (as opposed to specific medical information) is not necessarily a medical device However, in this example the mobile application claims to stave off chronic diseases like heart disease, arguably triggering FDA regulation as a medical device In this case the downloaded software app would be regulated as a mobile medical application A tablet PC loaded with several apps and software including a certified EHR, a radiological image viewing application, and other software that performs CDS analysis: A tablet PC is traditionally sold as a computing device that processes general information while having the ability to communicate with a network The intended use of the tablet PC is not specific to medical uses It could be used for anything (education, finances, word processing, research, entertainment, general health, wellness, fitness, etc) The fact that one could also load medical software onto such a device does not necessarily trigger the tablet PCs designation as a medical device Computers, much like iPads or other tablets, are generally not considered to be medical devices because their intended use (and the way they are marketed) does not meet the Section 201(h) definition However, the software loaded onto the tablet PC, is each a separate and distinct device (in this example EHR software, a radiological viewing application, and CDS software) Each could be deemed a medical device depending on their intended uses In this example, they would be regulated independently from each other and apart from the computing device EHRs, although arguably fitting the intended use of a medical device, have remained

largely untouched by the FDA as it has exercised its enforcement discretion for these products The radiological image viewing application is a regulated medical device as a radiological image processing system Whether the CDS software is regulated would depend on its intended use and in this example was intentionally left ambiguous A wireless router and an associated information network system in a hospital that is modified by a hospital IT specialist to transmit and store data from a variety of medical devices and medical systems: A wireless router is an access point that aggregates data packets between computing devices and then forwards them An information network system is a local area network (LAN) that manages data from various computing devices and access points and connects them to an external communications network (wired or mobile broadband) Typically, a wireless router and a LAN are not considered medical devices because their intended use does not meet the Section 201(h) definition They could be used for anything (education, finances, word processing, research, entertainment, general health, wellness, fitness, etc) However, if the purchaser of those products either modifies or adds to the hardware or software of either productand by doing so changes their intended use to a medical purposethose products are now medical devices In this example, the hospital IT specialist changes the intended use of the wireless router and its associated information network system to transmit or store medical device data In doing so, he has converted each of them into a regulated medical devicespecifically a medical device data system In addition, because the hospital IT specialist modified the original products to render

Use Cases
Now let us look a little deeper into the examples mentioned at the beginning of this article: A smartphone with a downloaded mobile application that claims to stave off heart disease by helping the user keep track of daily exercise: The intended use of a smartphone is not to function as a medical device The intended use of a smartphone is to provide voice communications, high-speed data transmission, computer processing, and additional features such as camera, video,

s Crews St

17th

Betel S

e Prescott St
Lanier Dr

SC

Kin

10

th

Riggan St Elizabeth St

St

Elizabeth St

St

cott

th

Pre Pres

12

gg
Hawthor
y Tracy S

St

St

ull Cu NC

an Jacinto

ark

g Ct

16th

Montgome

St t d d d d d d d d d d d d d d d d d St dS ard ard pard

rez St

Ho How

ito St

annan St

unbar St

h s Spo istu em Chr al-M d spit Ho Blv tal spi Ho

St

ncis Fra

Lake St

dley St

ns

mo St

ora St

ry Ma

St

anki Ran mR Sam

n St

Ct ham Cts Gris ham Gris

Wainwrig

Guadalu

Waco St

t
Burnet St

mHIMSS Roadmap

Halsey

ard

Tarlt

St

Goliad

Nogale

Co

4-07

St

St

Pres

Nim

lema

Boli

w vie Bay ery Old etery C Cem

Be

nA

d Bel

Te Tem Par eP ple k

et Burnet St

itt D

Andrews Dr

gg Twi

Burnet St

Blu che r St

N Ca

NU

r ppe

e N Low

S 19th

St

Blu

Loritte

S Sch

St

Keys

Law

Tw

che

Star

17

Tre

Ju

Peo

New Care Models

teChNology

roI payMeNt

LegaL and PoLicy

staNdards aNd INteroperabIlIty

prIvaCy aNd seCurIty

them medical devices for use in clinical practice, the hospital IT specialist now becomes a device manufacturer in accordance with the law This is different than a wireless router and LAN set up by a hospital IT specialist for use in waiting room areas and intended for general uses (as opposed to medical device data), including general health queries by the public and healthcare professionals In short, if the product in question meets the intended use as described by Section 201(h), it is most likely a medical device and, therefore, subject to the general controls of the FFDCA Those controls are the baseline requirements that apply to all medical devices necessary for marketing, proper labeling, and monitoring performance of that device once it is on the market Once its device is determined to be a medical device, the medical device manufacturer must consider how the FDA will classify its device according to the level of risk posed through its normal use Based on the risk classification (ie, Class I, II, or III), the FDA will specify the level of regulatory control necessary to assure the safety and effectiveness of the device In particular, classification of the device will dictate, among other things, the marketing process and the need to submit a premarket notification via a 510(k) clearance or premarket approval (PMA) With each increasing level of classification, deeper complexities face manufacturers in order to satisfy the premarket requirements for marketing and commercial distribution Prior to marketing and commercial distribution, however, the manufacturer must follow premarket requirements and assure that certain general controls are met as required by law General controls include, for example, proper labeling, registration, and listing of medical devices, as well as in some cases, special

controls (including special labeling requirements and mandatory compliance with performance standards) All regulated medical deviceswhether Class I, II or IIIare subject to some set of general controls Establishment registration, for example, is required for many of those involved in the supply and distribution chains of a medical device, including the manufacturer, contract manufacturers, specification developers, distributors, repackagers and relabelers In addition, the device must be listed with the FDA to ensure that the device can be traced back to the registered establishments involved with its production or distribution An important requirement under general controls is the manufacturing of the device in accordance with Current Good Manufacturing Practices (CGMP) Unless specifically exempted, manufacturers must establish and follow CGMPs to ensure that their products consistently meet applicable requirements and specifications The CGMPs or quality system requirements for FDAregulated products provide the framework that all medical device manufacturers must follow In essence, CGMPs require manufacturers to develop and implement procedures that are appropriate for current state-of-the-art manufacturing for that specific device Each manufacturer must impose manufacturing requirements on itself for every device it produces to ensure that the final product is safe and effective These methods and processes govern how to design, produce, and distribute the devices As discussed earlier, labeling regulations stipulate any display of written, printed, or graphic matter upon the immediate container of any device and all labels and other written, printed, or graphic matter upon any device or any of its containers or wrappers, accompanying

the device at any time while held for sale in interstate commerce Importantly, most, if not all advertising, is labeling Before market clearance is obtained, the manufacturer must assure the device is properly labeled in accordance with FDAs labeling requirements Finally, post-market requirements include quality systems (the quality assurance requirement covering design controls, packaging, labeling, and manufacturing of a medical device), medical device reporting, and postmarket surveillance controls In sum, the FDA is charged with protecting the public health by assuring the safety, efficacy, and security of medical devices and regulating their manufacture, marketing, and distribution Medical device regulations in an evolving health IT landscape are not easy to understand nor easy to navigate As modern medicine becomes smarter and more widely adopted, nontraditional medical device manufacturers will need to learn how to navigate complex regulatory requirements that may not have evolved at the same speed as the devices they are developing

Summary and Future State


The policy framework for the mHealth ecosystem is currently under development The monitoring of pending legislation and changes in the continued promulgation of existing regulations should remain a priority of many hospitals A number of issues remain in a state of flux, especially concerning the role of mobile devices in the delivery of healthcare By 2020, it has been predicted that the majority of computing will be edge computing, which will include mobile and wireless devices as well as cloud computing There will be a paradigm shift from having an on

s Crews St

17th

Betel S

e Prescott St
Lanier Dr

SC

Kin

10

th

Riggan St Elizabeth St

St

Elizabeth St

St

cott

th

Pre Pres

12

gg
Hawthor
y Tracy S

St

St

ull Cu NC

an Jacinto

ark

g Ct

16th

Montgome

St t d d d d d d d d d d d d d d d d d St dS ard ard pard

rez St

Ho How

ito St

annan St

unbar St

h s Spo istu em Chr al-M d spit Ho Blv tal spi Ho

St

ncis Fra

Lake St

dley St

ns

mo St

ora St

ry Ma

St

anki Ran mR Sam

n St

Ct ham Cts Gris ham Gris

Wainwrig

Guadalu

Waco St

t
Burnet St

mHIMSS Roadmap

Halsey

ard

Tarlt

St

Goliad

Nogale

Co

4-08

St

St

Pres

Nim

lema

Boli

w vie Bay ery Old etery C Cem

Be

nA

d Bel

Te Tem Par eP ple k

et Burnet St

itt D

Andrews Dr

gg Twi

Burnet St

Blu che r St

N Ca

NU

r ppe

e N Low

S 19th

St

Blu

Loritte

S Sch

St

Keys

Law

Tw

che

Star

17

Tre

Ju

Peo

New Care Models

teChNology

roI payMeNt

LegaL and PoLicy

staNdards aNd INteroperabIlIty

prIvaCy aNd seCurIty

premises information system to a fluid, scalable, and mobile information system In addition to the increased sophistication and power of technology, just about everyone will have access to mobile and wireless devices as time goes on Healthcare technology will become more patient-centered as a result The delivery of healthcare will become mobile (and e-visits to schools, homes, workplaces, and other settings will become the norm) and there will be more questions concerning the practice of medicine and other allied fields across state lines There will also be questions about the kinds of data which will be aggregated, whether from electronic health records, remote patient monitoring, genomic information of patients, or other sources The questions will range from ethical questions, legal questions, and security questions How will the data be mined and what do we do in the face of cyber attacks and cyber threats? How do we keep our data safe and in the hands of those that are authorized to handle it? There is no question that the face of healthcare technology will change The new face of healthcare technology will be mHealth The vast innovations and advancements are to be commended, but with the increased functionality and convenience also comes the responsibility of proper handling and management This body of work is intended for educational purposes only and reflects the views of the author(s). This information is not intended to serve as legal advice. If you are considering developing a medical device or engaging in any of the above activities, you should seek qualified legal counsel.

RefeRences authoRs

1 2

Lee Kim, Esq


Attorney Tucker Arensberg

Patricia D. King, Esq


Associate General Counsel Swedish Covenant Hospital
3

Robert Jarrin, Esq


Senior Director, Government Affairs Qualcomm Incorporated

mhiMss staff Liaison

Thomas Martin, MBA


Manager mHIMSS
4

6 7

45 CFR 164501 WMTS operates in the 608-614 MHz, 1395-1400 MHz, and 14291432 MHz bands The FCCs rules define wireless medical telemetry as the measurement and recording of physiological parameters and other patient-related information via radiated bi-or unidirectional electromagnetic signals 47 CFR 951103(c) WMTS allows for wireless transmission of patient telemetric medical information to a central location in a hospital or other healthcare facility The MedRadio Service operates in the 401-406 MHz band MedRadio provides an umbrella framework supporting the operation of implanted and body-worn devices used for diagnostic or therapeutic purposes MedRadio includes legacy Medical Implant Communication Service (MICS) operations, which utilize 402-405 MHz for short-range wireless links between medical implant transmitters and associated programmer/control equipment See Investigation of the Spectrum Requirements for Advanced Medical Technologies, ET Docket Nos 06-135, 05-213, and 03-92, Report and Order, 24 FCC Rcd 3474 (2009) MMNs can access 24 megahertz of spectrum in the 413-419 MHz, 426-432 MHz, 438-444 MHz and 451-457 MHz bands See Amendment of Parts 2 and 95 of the Commissions Rules to Provide Additional Spectrum for the Medical Device Radiocommunication Services in the 413-457 MHz band, ET Docket No 09-36, Report and Order, 26 FCC Rcd 16605 (2011) Amendment of the Commissions Rules to Provide Spectrum for the Operation of Medical Body Area Networks, ET Docket No 08-59, First Report and Order and Further Notice of Proposed Rulemaking, __ FCC Rcd _____ (2012) 47 CFR Part 95, Subpart E, Appendix 1 Because MBAN is required to operate on a secondary basis, it is required to coordinate with Aeronautical Mobile Telemetry (AMT) users, which have primary allocation for the 2360-2395 MHz band The registration rules for MBAN are designed to facilitate this coordination The license-by-rule basis allows use of an MBAN device in accordance with the rules without individual licensing of devices

Copyright 2012 Healthcare Information and Management Systems Society (HIMSS)


The inclusion of an organization name, product or service in this document should not be construed as a HIMSS endorsement of such organization, product or service, nor is the failure to include an organization name, product or service to be construed as disapproval For more information: www.mhimss.org

s Crews St

17th

Betel S

e Prescott St
Lanier Dr

SC

Kin

10

th

Riggan St Elizabeth St

St

Elizabeth St

St

cott

th

Pre Pres

12

gg
Hawthor
y Tracy S

St

St

ull Cu NC

an Jacinto

ark

g Ct

16th

Montgome

St t d d d d d d d d d d d d d d d d d St dS ard ard pard

rez St

Ho How

ito St

annan St

unbar St

h s Spo istu em Chr al-M d spit Ho Blv tal spi Ho

St

ncis Fra

Lake St

dley St

ns

mo St

ora St

ry Ma

St

anki Ran mR Sam

n St

Ct ham Cts Gris ham Gris

Wainwrig

Guadalu

Waco St

t
Burnet St

mHIMSS Roadmap

Halsey

ard

Tarlt

St

Goliad

Nogale

Co

4-09

St

St

Pres

Nim

lema

Boli

w vie Bay ery Old etery C Cem

Be

nA

d Bel

Te Tem Par eP ple k

et Burnet St

itt D

Andrews Dr

gg Twi

Burnet St

Blu che r St

N Ca

NU

r ppe

e N Low

S 19th

St

Blu

Loritte

S Sch

St

Keys

Law

Tw

che

Star

17

Tre

Ju

Peo

Вам также может понравиться