Upload
jess-jacobs
View
3.079
Download
0
Embed Size (px)
DESCRIPTION
An introduction to Federal mHealth policies from the following agencies: HHS (CMS, FDA, OCR, ONC), NIST, FTC, FCC.
Citation preview
@jess_jacobs @FHCInnovation#HIMSS13 #mHIMSS #Policy
Federal mHealth Policy 101
Jess Jacobs, MHSA, CPHIMS
DISCLAIMER: The views and opinions expressed in this presentation are those of the author and do not necessarily represent official policy or position of HIMSS.
@jess_jacobs @FHCInnovation#HIMSS13 #mHIMSS #Policy
Conflict of Interest Disclosure Jessica Jacobs, MHSA, CPHIMS
Has no real or apparent
conflicts of interest to report.
@jess_jacobs @FHCInnovation#HIMSS13 #mHIMSS #Policy
Learning Objectives
• Recognize the oversight of seven federal agencies/opdivs on mHealth related technologies
• Distinguish between federal policies that apply to mHealth product development verses mHealth adoption
• Identify federal policies relevant to their organization's application of mHealth
@jess_jacobs @FHCInnovation#HIMSS13 #mHIMSS #Policy
Agenda
Introduction
Policy 101
Policy Continuum
What’s this mean?
@jess_jacobs @FHCInnovation#HIMSS13 #mHIMSS #Policy
mHealth is the use of mobile and
wireless devices to improve health outcomes, healthcare services, and health research.
- 2011 NIH Consensus Group
@jess_jacobs @FHCInnovation#HIMSS13 #mHIMSS #Policy
That seems general…
Who • Patient? Provider?
What • Data collected? Data
disseminated? Analysis? Recommendations?
When • Home? Hospital? Car?
Where • Broadband? Wifi? Wired?
Why • Treat a disease? General
wellness?
@jess_jacobs @FHCInnovation#HIMSS13 #mHIMSS #Policy
Agenda
Introduction
Policy 101
Policy Continuum
What’s this mean?
@jess_jacobs @FHCInnovation#HIMSS13 #mHIMSS #Policy
Policy 101: Federal Government Organization
@jess_jacobs @FHCInnovation#HIMSS13 #mHIMSS #Policy
Policy 101: Policy Process
Hears a need
Passes a Bill
Signs into Law
Translates into Policy
Complies
@jess_jacobs @FHCInnovation#HIMSS13 #mHIMSS #Policy
Policy 101: Lots of Cabinet Players
@jess_jacobs @FHCInnovation#HIMSS13 #mHIMSS #Policy
Policy 101: The Cabinet
Uni
ted
Stat
es E
xecu
tive
Bran
ch
Department of Commerce (DOC)
National Institute of Standards and Technology
(NIST)
Department of Health and Human Services (HHS)
Food and Drug Administration (FDA)
Office of the Secretary (OS)
Office of the National Coordinator for Health IT
(ONC)
Office for Civil Rights (OCR)
Centers for Medicare and Medicaid Services (CMS)
Independent Offices
Federal Communications Commission (FCC)
Federal Trade Commission (FTC)
@jess_jacobs @FHCInnovation#HIMSS13 #mHIMSS #Policy
Agenda
Introduction
Policy 101
Policy Continuum
What’s this mean?
@jess_jacobs @FHCInnovation#HIMSS13 #mHIMSS #Policy
mHealth Policy Continuum
Adoption
Safety/Efficacy
Communication
Privacy/Security
@jess_jacobs @FHCInnovation#HIMSS13 #mHIMSS #Policy
Running the Show Backup Singers
Safety and Efficacy
@jess_jacobs @FHCInnovation#HIMSS13 #mHIMSS #Policy
Safety and Efficacy: FDA
• Food and Drug Administration is responsible for vetting the safety and efficacy of medical devices.
• Authority: – Food, Drug, and Cosmetic Act 1938
• FDA is responsible for regulating medical devices
– FDA Safety and Innovation Act 2012, Section 618• FDA, FCC, ONC will coordinate on regulatory framework.
• Recent Guidance: Mobile Medical Apps Guidance (MMA)• If the mobile medical app falls within a specific medical device classification or
augments functionality to a specific medical device classification, manufacturers are immediately subject to meet the requirements of that classification (either I, II, or III).
@jess_jacobs @FHCInnovation#HIMSS13 #mHIMSS #Policy
Safety and Efficacy: FDA Devices• Medical Devices are classified Class I, II, and III. • Based on Intended Use and Indications for Use
Class 1: Not substantially important to health
General Controls• Listing• Premarket Notification• Recall Processes• Good Manufacturing
Processes
Class 2: Perform as indicated
Special Controls• Labeling• Post Market
Surveillance• Performance Standards
Class 3: Sustain Life
Premarket Approval
@jess_jacobs @FHCInnovation#HIMSS13 #mHIMSS #Policy
Safety and Efficacy: FDA Device
Anything that isn’t a drug and is used to:
Diagnose
Cure
Mitigate
Treat
Prevent
a disease or condition.
@jess_jacobs @FHCInnovation#HIMSS13 #mHIMSS #Policy
Safety and Efficacy: FDA MMA
Displaying, Storing, or Transmitting• If a mobile medical app allows for the display/storage/or
transmission of patient-specific information (PHI) in its original format, it is a medical device. This category of mobile medical apps are primarily used as secondary displays (and not for primary diagnosis/treatment decisions) and will only require Class I requirements.
Controlling connected medical devices• If a mobile medical app allows for the control of another
medical device, it must adhere to the regulations applicable to the connected device. These mobile medical apps can control the use, function, modes, or energy source of a regulated medical device.
@jess_jacobs @FHCInnovation#HIMSS13 #mHIMSS #Policy
Safety and Efficacy: FDA MMA
Mobile platform transformation• If a mobile medical app transforms a mobile
platform into a regulated medical device, it is regulated under the class applicable to its intended use.
Interpretation of Medical Device Data• If a mobile medical app is intended to analyze or
interpret data from a medical device for the purposes of creating alarms, recommendations, or information, is considered an accessory to the first medical device and regulated under the first medical device’s class.
@jess_jacobs @FHCInnovation#HIMSS13 #mHIMSS #Policy
Safety and Efficacy: FDA MMA• Possibly Regulated: “Regulatory discretion will be used regarding mobile apps which
meet the FD&C’s device definition but are not an accessory to a regulated device or intended to transform a mobile platform into a regulated device. “
Applications which remind people to manually input information for logging/tracking/graphing.
Patient education data viewers.
Organization of personal health information - such as dosages, calories, doctor appointments, lab results, and symptoms.
Over the counter medication lookup applications which provide the information available on drug labels.
@jess_jacobs @FHCInnovation#HIMSS13 #mHIMSS #Policy
Safety and Efficacy: FDA MMANot regulated:
– Electronic versions of reference materials that do not contain patient-specific information
– Health/wellness applications that do not intend to cure, treat, or diagnose
– Automated billing, inventory, appointment, or insurance transactions
– Generic aids (audio recording, note taking, etc)
– mobile EHRs or PHRs
@jess_jacobs @FHCInnovation#HIMSS13 #mHIMSS #Policy
Safety and Efficacy: FCC
• The FCC sets Specific Absorption Rate (SAR) limits to protecting human health from negative RF (Radio Frequency) exposure under Part 95.
• Some examples of devices which might fall under FCC oversight include insulin/glucose monitors, wireless heart monitors, medical radios, and/or cell phones.
• Authority:– Communications Act 1934– Telecommunications Act 1996
@jess_jacobs @FHCInnovation#HIMSS13 #mHIMSS #Policy
Safety and Efficacy: FTC
• The FTC sanctions individuals who advertise products inappropriately. – False or misleading– Omits material facts– Act or practice that is unfair– Cause substantial harm to consumers
(CBA)
• Authority: – Federal Trade Commission Act 1914
(Section 5)
@jess_jacobs @FHCInnovation#HIMSS13 #mHIMSS #Policy
Running the Show Backup Singers
Communication
@jess_jacobs @FHCInnovation#HIMSS13 #mHIMSS #Policy
Communication
• FCC is responsible for making sure devices are able to communicate without interference.
• FCC technical requirements apply to devices that posses the potential to cause radio frequency – may include the granting of an FCC ID number.
• Authority: – Communications Act 1934– Telecommunications Act 1996– Food and Drug Administration
Safety and Innovation Act 2012
@jess_jacobs @FHCInnovation#HIMSS13 #mHIMSS #Policy
Communication: FCC Spectrum Allocation
• Medical Radio Communications Service (MedRadio): medical devices for transmitting data containing operational, diagnostic and therapeutic information associated with a medical implant device or medical body worn devices
• Medical Micropower Networks (MMNs): wireless medical devices that can be used to restore functions to paralyzed limbs
• Medical Body Area Networks (MBANs): networks of body-worn wireless sensors that transmit patient data to a health care provider
• Wireless Medical Telemetry Service (WMTS): a short distance data communication service for transmitting patient medical information to a central monitoring location in a medical facility
• Medical devices may also operate under the rules for unlicensed devices under Part 15 in any frequency band available under that Part.
@jess_jacobs @FHCInnovation#HIMSS13 #mHIMSS #Policy
Communication: Standards
• While not mandated, many standards organizations work in collaboration with federal partners.
@jess_jacobs @FHCInnovation#HIMSS13 #mHIMSS #Policy
Running the Show Backup Singers
Adoption
Running the Show Backup Singers
@jess_jacobs @FHCInnovation#HIMSS13 #mHIMSS #Policy
Adoption: CMS
• Centers for Medicare and Medicaid Adoption (CMS) sets reimbursement guidelines and runs incentive programs for hospitals and providers.
• Authority:– Social Security Act 1965– American Recovery and Reinvestment Act 2010
@jess_jacobs @FHCInnovation#HIMSS13 #mHIMSS #Policy
Adoption: CMS, ONC, and NIST• Meaningful Use promotes the adoption of EHRs.
• Operational Rule: • HHS Center for Medicare and Medicaid Services (CMS)
writes the rule and administers the provider incentive/penalty program.
• Technical Rules: • HHS Office of the National Coordinator for Health IT (ONC)
is responsible for the Standards and Certification Rule.• NIST provides test criteria for EHRs to become certified.
@jess_jacobs @FHCInnovation#HIMSS13 #mHIMSS #Policy
Stages One and Two Stage Three and Beyond
• Create the capacity for electronic episodes of care
• How to incorporate patient generated data
Adoption
@jess_jacobs @FHCInnovation#HIMSS13 #mHIMSS #Policy
Adoption: Body of Evidence
@jess_jacobs @FHCInnovation#HIMSS13 #mHIMSS #Policy
Running the Show Backup Singer
Privacy and Security
@jess_jacobs @FHCInnovation#HIMSS13 #mHIMSS #Policy
Privacy and Security: OCR and HIPAA
• HHS Office for Civil Rights promulgates rules to protect consumer health information.
• Authority:– Health Insurance Portability
and Accountability Act 1996– American Recovery and
Reinvestment Act 2010
@jess_jacobs @FHCInnovation#HIMSS13 #mHIMSS #Policy
Privacy and Security: OCR and HIPAA
• HIPAA applies to Protected Health Information (PHI): – all "individually identifiable health information" – any form or media: electronic (ePHI), paper, or oral. – held or transmitted by a covered entity or its business
associates. health care providers, health plans, health care clearinghouses, vendors
@jess_jacobs @FHCInnovation#HIMSS13 #mHIMSS #Policy
Privacy and Security: HIPAA
• Rules: – OCR Privacy Rule:
• Gives the consumer rights over his/her PHI
• Sets rules and limits on who can view or receive PHI
– OCR: Security Rule: • administrative, physical, and
technical safeguards for PHI• Requires a risk assessment
@jess_jacobs @FHCInnovation#HIMSS13 #mHIMSS #Policy
Privacy and Security: FTC• The FTC protects consumer data
privacy– Special rules for minors
• FTC Health Breach Notification Rule: – Primarily applies to Personal Health
Records
• Authority: • Federal Trade Commission Act 1914• Children’s Online Privacy Protection Act
1998
@jess_jacobs @FHCInnovation#HIMSS13 #mHIMSS #Policy
No Intercepting No Jamming
Privacy and Security: FCC
@jess_jacobs @FHCInnovation#HIMSS13 #mHIMSS #Policy
Agenda
Introduction
Policy 101
Policy Continuum
What’s this mean?
@jess_jacobs @FHCInnovation#HIMSS13 #mHIMSS #Policy
Manufacturer
• Initiates Specifications• Designs• Labels• Creates a software
system or application in whole or from multiple software components
Healthcare Provider
• Hospital• Physicians
What’s this mean? Question of Who.
@jess_jacobs @FHCInnovation#HIMSS13 #mHIMSS #Policy
ManufacturerAdoption Safety/Efficacy Communication Privacy/Security
Development
Make sure device interoperability is compatible with ONC/NIST specifications.
Make sure not infringing on patents
If device, undergo FDA review and oversight.
Meet FCC requirements for RF.
Meet appropriate FCC technical specifications and registration requirements.
Deployment
If device, postmarket surveillance.
Don’t oversell to avoid FTC oversight.
If collecting PHI, fulfill HIPAA requirementsHave appropriate disclaimers and safeguards.
@jess_jacobs @FHCInnovation#HIMSS13 #mHIMSS #Policy
Healthcare Providers and Facilities
Adoption
• Utilize certified EHRs
Communication
• Use appropriate spectrum specifications
Privacy/Security
• fulfill all HIPPA requirements (Security Assessment)
@jess_jacobs @FHCInnovation#HIMSS13 #mHIMSS #Policy
mHealth Policy Continuum
Adoption
Safety/Efficacy
Communication
Privacy/Security
@jess_jacobs @FHCInnovation#HIMSS13 #mHIMSS #Policy
Resources
• FCC: http://www.fcc.gov/topic/health-care
• FTC: http://www.ftc.gov/
• FDA: http://www.fda.gov/medicaldevices/productsandmedicalprocedures/ucm255978.htm
• CMS: http://www.cms.gov/Regulations-and-Guidance/Legislation/EHRIncentivePrograms/Meaningful_Use.html
• ONC: http://www.healthit.gov/policy-researchers-implementers/mobile-devices-roundtable-safeguarding-health-information
• NIST: http://www.nist.gov/medical-devices-portal.cfm
@jess_jacobs @FHCInnovation#HIMSS13 #mHIMSS #Policy
Thank You! Questions?
Jess Jacobs
Special thanks to the
2011-12 mHIMSS Policy Workgroup W. Bradley, N. Falcone, R. Kennis, L. Kim, M. Kuriland, & D. Wong
for researching the whitepaper this presentation is based on.