TeamJessBanner

 

In putting together my story to become a member of The Walking Gallery, I started thinking about all the people who have helped me out since I got sick. Maybe they helped me out physically, maybe emotionally. All I know is that all of these people were there for me. Most of them were there for me multiple times. Some stayed up with me all night. Some pushed me to get help. Some listened to me complain, cry, and laugh. And I know that without this cast, I wouldn't be who I am today.

So, everyone, thanks -- you prove that the heart of life is good.

 

 

The Home Fries

 

The people who understand where I come from. It’d been years, yet when I got sick, they called, sent flowers, and visited. They don’t pick me up off the ground, but they’re always only a phone call away.

My Girls1. The Sister, 2. The Mother

My Boys3. The Father 4. The Brother 5. Becky, 6. Bissie, 7. Jessie, 8. Ryan

 

The Cal Kids

suzie

9. Suzie

From the beginning of college through the present, no matter what the issue is, they listen to me, laugh with me, and pick me up when I fall.

viv matt

10. Stephanie, 11. Vivian, 12. Matt

Or they send their parents, or their boyfriend, or their boyfriend’s friend. Basically they’re hyphy rockstars who stood by me before I got sick, stood by me when I got sick, and stand by me to this day.

Sonja Nayeli13. Sonja (14. Tal), 15. Nayeli

Amanda

16. Amanda

havah steph

17. Havah (18. Jason), 19. Stephanie,

AGO ADX20. Stephanie, 21. Carrie, 22. Laura, 23. Arri, 24. Susan, 25. Laurelei, 26. Erin, 27. Carissa, 28. Amanda, 29, Carla, 30. Sarah, 31. Andrea, 32. Emma, 33. Peter, 34. Dave, 35. Jared, 36. Mark, 37. Bryson

At Cal, it’s hard to have real relationships with your professors, your GSIs, your classmates. You’re one in 500 students. But when you fall over, these barriers somehow disappear. My bioethics professor offered to be my medical advocate and call my parents. My social psych professor took me to the student health center in a police car. My GSIs took me home and didn’t freak out too much when I got pulled out of their classes by EMTs. My classmates told me their personal stories, walked me home, and ran the interference required to keep me out of the hospital. Then I worked at a homeless resource center, and, of course, I had my own contingent of the tribe.

gorcey

38. Max, 39. Lev, 40. Ryan, 41. Ben, 42. Joe, 43. Andi, 44. Neil, 45. Steven, 46. Eric, 47. Emilie, 48. Chad, 49. David, 50. David, 51. Diva, 52. Robb, 53. Dylan, 54. Olivia, 55. Kevin, 56. Kristen

 

The Georgetown Crew

I know I owe my masters degree to my cohort at GU - they ensured that I graduated with some cognitive surplus intact. They stole a wheelchair (we returned it... eventually...), drove me home, tucked me into bed, picked me up in weird places, took me to the hospital and waited for hours, staged an intervention, rescued me from water, were my chauffeurs, and caught me when I fell.

Dantana

57. Karen, 58. Veronica, 59. Erin, 60. Dantana, 61. Zach, 62. Veronica, 63. Ashley, 64. Matt, 65. Chris, 66. Matt, 67. Anthony, 68. Betelle, 69. Elliott, 70. Hooman, 71. Jennifer, 72. Kyle, 73. Laura, 74. Maria, 75. Sarah, 76. Stephanie, 77. Charlotte, 78. Haymi, 79. Heather, 80. James, 81. Alice, 82. Alex, 83. Dr. C, 84. Dr. H, 85. Amy, 86. Miriam, 87. Michelle

Phil

88. Phil

ekat
89. Ekat

 

The Feds

For a crew that wears suits all the time, they’re surprisingly protective. From the ONC to HRSA to the FDA, these people were amazing.

90. Wil, 91. Farzad, 92. Lanre, 93. Sachin, 94. Andrea, 95. Sameer, 96. Yael, 97. Marty, 98. Miryam, 99. Robyn, 100. Ian, 101. Mike, 102. Rose, 103. Mary Beth, 104. Georgie, 105. Lori, 106. Jim, 107. Jill, 108. James, 109. Adam, 110. Damon, 111. Aman, 112. Alina, 113. Alon, 114. Mary, 115. Doris, 116. Amy, 117. Gary, 118. Sasha

hhs

High Fives

High Fives

119. Alicia

randi120. Randi

The Law Kids

I was scared that when Amanda left and I wasn’t with the GU kids everyday I’d be alone. That I wouldn't have a person anymore. Nothing could be further from the truth. These people adopted me into their family and are there for me as if I had always been a member of the crowd. Even though I’m not an attorney.

121. Brad, 122. Marie, 123. Gabe, 124. Shaun, 125. Michelle, 126. Sam, 127. Natalie, 128. Laura, 129. Navin, 130. Kathleen

OLYMPUS DIGITAL CAMERA

 

 

The Walking Gallery (and Twitterati)

ted regina131. Regina, 132. Ted,
These people gave me a voice to speak out about being a patient. They helped me discover telling your story is one of the most empowering things you can do.

Whitney133. Whitney (and 134. Jake)

Rebecca135. Rebecca
gallery 136. Nikolai, 137. Wen, 138. Tiffany 139. Lisa, 140. Matthew, 141. Fred, 142. Alan, 143. Gregg, 144. Leonard, 145. Alan, 146. Amy, 147. Brian, 148. Diana, 149. Kait, 150. Greg, 151. Christine

 

The Entrepreneurs

And we have all the technophiles.Some are health, some are not. All want to make the world a better place.

152. Katie, 153. Dhruva, 154. Dave, 155. Marco, 156. Kyle,157. Adam, 158. Henry, 159. Jamie, 160. Michael, 161. Andre, 162. Polina, 163. Anish, 164. Adam, 165. Lygeia, 166. Raph,

Marvin167. Stephanie, 168. Marvin

 

The Alturists

And last, but certainly not least, we have all the people who took me in and really had no idea what they were getting into. I can never thank you enough for all the love and care you all have shown me.

Donna and Dennis

 

169. Donna, 170. Dennis

 Konstantin171. Konstantin

 Leonard172. Leonard
Kelli171. Kelli

Cover RockHealth

This week I've gotten several emails about my thoughts on the House's Energy and Commerce hearing on mobile app regulation by the FDA. While I could come up with my own thoughts on the hearing, I prefer to recap by sending you over to the incomparable Brian Dolan's lists: 5 take aways and 10 threads. Now you're caught up. So today, as promised in a rather polarizing VentureBeat article, Rock Health came out with a slide deck on digital health regulation by the FDA. (Side Note: when did we start calling it digital health? (Second Side Note: When do we get to call technology enabled healthcare just health?)). I loved all the details they gave on how to go through the 510(k) and PMA process - to date, haven't seen a group put out a free "how to navigate" the FDA presentation (so kudos Rock Health!).

FDA 101: A guide to the FDA for digital health entrepreneurs by @Rock_Health from Rock Health - produced by Malay Gandhi (@mgxtro) and Deborah Pascoe (@deborahpascoe).

A Few Comments:

Slide 1: In addition to the Mobile Medical Apps guidance I'd also suggest developers look at the Medical Device Data Systems and Design Considerations for Devices Intended for Home Use.

Slide 3: I’m not sure why the FDA's birthday is relevant - Personally, I would have gone with when the Food, Drug, and Cosmetic Act was signed into law - 1938. FDCA is what expanded the FDA’s regulation authority to include devices and cosmetics. I guess Rock Health doesn't share my love of flappers and the FDCA.

... following FDA regulations will actually make them a better company, with a higher quality process, and open the door to the entire healthcare market. - Geoff Clapp on Slide 23

Slide 4:

Rock Health Question: Why is the FDA looking at Digital Health?
Rock Health Answer: Widespread Availability & Public Interest

"Widespread Availability" and "Public Interest" are why the House Energy and Commerce Committee had a 3 day hearing on digital health. The FDA is a bit simpler - it looks at "digital" health because if something is a device, the FDA regulates it. That’s it.

Slide 5: Really not sure why they refer to the “current” definition of device. Device was codified way back in 1938's FDCA section 201(h) and isn't likely to change...

(h) The term “device” means an instrument, apparatus, implement, machine, contrivance, implant, in vitro reagent, or other similar or related article, including any component, part, or accessory, which is— (1) recognized in the official National Formulary, or the United States Pharmacopeia, or any supplement to them, (2) intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease, in man or other animals, or (3) intended to affect the structure or any function of the body of man or other animals, and which does not achieve its primary intended purposes through chemical action within or on the body of man or other animals and which is not dependent upon being metabolized for the achievement of its primary intended purposes.

So what’s this really mean? If you’ve got something that treats something with an ICD-9 code and isn’t a drug you’re a device. And if you are, you're subject to the medical excise tax. What won't be subject to the tax? Things that aren't medical devices (as the laughable Hotair puts it: "the federal government is munificently resisting the temptation to tax our smartphones" just like they're not taxing our fax machines. Or, for that matter, regulating our fax machines.).

device formula

Slide 6: Believe me, I really wanted to love this slide. Then I noticed that it wasn’t to scale and got sad.

MMA Vs Other Apps (not to scale)

MMA Vs Other Apps (not to scale)

Mobile Medical Apps vs Other Apps (Rock Health Numbers, to scale)

Mobile Medical Apps vs Other Apps (to scale)

Not such a big piece of the space, now is it? Since there isn't a numbered estimate for the gray area of apps which “might” be regulated, I couldn't scale that space.

RockHealth_mHealthGuidance_7_3.25.13
Slide 7: Again, so close to loving this slide. I just wish patient/consumer Safety had made the list. Yes, they said “consumer confidence” but when we’re talking about FDA oversight, we’re talking about medical devices and patient safety. FDA approval does increase physician confidence, but they’re not the end user/consumer in this continuum.

Slide 9: CMS doesn’t regulate devices. Pay for them, sure, but regulate? Not so much. I suppose we can go to futuristic imagination land where everything is mobile and talk about how a future iteration of Meaningful Use may require a provider to use a mobile application per CMS specifications. Barring that, CMS isn’t regulating mobile. Setting reimbursement guidelines, yes. Regulating? No. I’d definitely worry about the FTC before I even though about CMS – particularity in relation to apps which aren’t even considered devices. More on that regulatory continuum can be found in my HIMSS13 presentation. 
RockHealth_mHealthGuidance_9_3.25.13

 

RockHealth_mHealthGuidance_12_3.25.13
Slide 12:  Once I read this article, I understood what they were getting at with this example.  I think my brain still had a problem with it because their Class I example didn't have a mobile application associated with it. Glooko is a good example of the evolution of MMA stages - originally their system/cable was a Class I device - all the cable did was transmit data in its original form for recording. But they couldn't do analytics on it which means its usefulness was limited. Recently they received Class II clearance for their Glooko Logbooks Chart product. And maybe in a few years Glooko will come out with an app that helps control an artificial pancreas device and have to get Class III approval. 

Glooko Example

In closing, great job to the Rock Health team for interviewing so many thought leaders in this space - really enjoyed the emphasis on the FDA being composed of real people (believe me, they are!)!

Author Note: The views in this blog are strictly mine and should not be attributed to any organization mentioned. I do not work for the federal government and the contents of this site do not represent the views of any federal agency. It is important to note that my ORISE fellowship is with the FDA's Center for Drug Evaluation and Research and I do not have inside knowledge regarding the device approval process.

On March 5, 2013, Eric Wickland crossposted a recap of my session cross-posted to Healthcare IT News("Acronyms abound in mHealth Ecosystem"), HIMSS, ("HIMSS13 mHealth session explores federal policy issues") and mHIMSS ("Acronyms abound in mHealth Ecosystem").

HIMSS13
Copied below:

Thinking of diving into the mHealth ecosystem? You'll need a really good grasp of acronyms. And a healthy dose of patience.

Attendees of the 2013 HIMSS Conference and Exhibition were treated to a primer on the alphabet soup of organizations in "Federal mHealth Policy 101," a Monday-morning education session presented by Jessica A. Jacobs, MHSA, CPHIMS. Her hour-long session targeted the bigger federal players, including the HHS, CMS, FDA, FTC, FCC and the Office of Civil Rights.

It also brought to the forefront the realization that, with so many organizations wanting their share of the mHealth pie, the required rules, regulations and standards aren't showing up with any degree of haste.

To wit: The FDA's final document regarding regulation of mobile medical apps has been expected for several months, and still isn't here.

"I have seen a lot of predictions that say March," Jacobs shrugged. "But who knows?"

Also in the pipeline is a regulatory framework for mHealth that's being put together by the FDA, FCC and ONC. That one at least has a deadline, Jacobs pointed out, though that deadline is roughly one year distant.

Jacobs, who has worked with the ONC, FDA and HRSA and chaired the mHIMSS Mobile Devices and Regulatory Implications group, put together a primer on the various agencies involved in mHealth that touched on their responsibilities. She also noted that many of the agencies share those responsibilities and are working together to make sure the landscape is properly regulated.

During a Q&A session, she was asked about Happtique, the New York-based app store that recently unveiled a standards program for apps. Jacobs said Happtique's program, set to launch this spring, may very well be like the Certification Commission for Health Information Technology's EHR certification program. When asked if mHealth regulations might be too strict, and therefore serve to stifle innovation, she said the federal government is trying to take a broad-based approach so that it doesn't hinder creativity.

The key to the mHealth landscape going forward, she said, is collaboration.

"There are a lot of cabinet players in this mobile health space," she pointed out.

This morning I had the opportunity to present on federal mHealth Policy at #HIMSS13. It was totally a great time and people had some amazing questions. Most of which I hoped I answered...

 Policy Continuum

 Download the slides here. 

“Are your eyes closed?”
“No”
“Yes they are. Jess, why do you lie? It scares me when you lie.”
…“Wait, what?”
“You’re going to fall.”

And, like clockwork, I fall, semiconscious to the sidewalk on the corner of Pennsylvania and Constitution.

Somewhere above me someone is concerned. “Is she ok?” “Yes” “No, really, is she ok?” “Yes, she has a heart problem.” “Really? Is she ok?” “Yes, I’ve got this.” “You’re sure?” “I’m sure.” Yes, lady, he has this. He always has it. No matter how embarrassed he is. No matter how inconvenienced he is. He has this.

So, what’s wrong with me? Postural Orthostatic Tachycardia Syndrome. POTS. What’s that mean? It means that sometimes when I stand, my heart rate doubles, my blood pressure drops, and I pass out.

Apparently most people grow out of this. But I’m not most people. I’m 25. I’ve had POTS since, if I’m honest, I was about 9. When I finally got it diagnosed at 21, my condition became legitimate. I’ve seen the statistics; the odds that this goes away after fifteen years are almost nonexistent. I won’t die, but sometimes I’ll want to. As my cardiologist put it, “I’m [his] problem.” I’m the one he can’t fix. But that makes sense. I have an idiopathic condition. It lies somewhere between the heart, autonomic nervous system, and mind. It’s a veritable no-mans land of drugs and specialists where there’s no cure and very little understanding.

During my last “bad” episode, my friend called to check up on me: “Jess, if they make you go to the hospital I’m not going to fight them. Plus, isn’t that what you do?” No, that isn’t what I do. Yes, I have a degree in Health Systems Administration. Yes, I’m an “expert” on Health Information Technology. But that doesn’t change the fact that I’m a horrible patient. That I carry my medical records around with me in a hot pink binder. That I hate hospitals.

And I always have. If I had my way, I’d keep everyone out of them. It’s why I “do” health IT. See, I’ve been in lots of hospitals - from community hospitals to major academic medical centers. They're filled with well intentioned, highly trained, people. Unfortunately the mechanisms these care facilities have put in place don't actually connect the people within, let alone between, instances of care.

I used to think I’d trade anything for perfect health. Now, I don’t know if I would. See, I’m happy. I have people. I have a future. And I know that my life has been influenced by my sickness. Without it, I wouldn’t understand. I wouldn’t understand powerlessness. I wouldn’t understand frustration. I wouldn’t understand that the system is broken.

How broken?  During one stay, despite my credentials, I ended up semiconscious at the bottom of a flight of stairs, in tears, begging to go home. See, in the moments I’m a patient, I can’t manage my life. And, despite their credentials (on this visit: a MD/MBA, a MPH, and three MHSAs), my friends can’t manage it for me. Can you imagine someone without this support system navigating the bureaucracy that is healthcare? I don't know how they do it.

Luckily this is only one side of my coin— I’m healthy enough to have a day job advising the people that chart the course of American health policy. The philosopher Herodotus got it right: “the greater the man, the greater the misfortune,” or, as our friend Peter Parker put it “with great power comes great responsibility.” I know that the weaker I get, the stronger I become. The weaker I get, the more I understand that my care continuum isn't the only one with flaws. The weaker I get, the more I understand that together, we can change our health system. That the whole is greater than the sum of its parts.

Back under the glow of the US Capitol, I hear my friend:

“Jess, you’re broken. But I’m broken too. We’re all broken.”
“You think that together we make a whole person?”
“Yeah, Jess, together we’re a whole person.”

And with that, he picks me up. And carries me home.

http://i2.wp.com/mw2.google.com/mw-panoramio/photos/medium/56925708.jpg?w=630

This is the story behind my Walking Gallery Jacket: "Is She Alright"

8197658371_d50573660a

mHimss

The mHIMSS Policy Group presented our “Summary of Federal Policies and Mobile Applications" just before annual conference this year. While HIMSS has a version, most of it is copy/pasted below. The awesome summary table can be opened  here.


Introduction

February 2012

Dear Reader –

The mHIMSS Policy and Regulatory Implications Workgroup is pleased to present this summarization of mHealth related federal regulations and policies. For those developing a mobile policy, summaries regarding OCR’s HIPAA and CMS/ONC/NIST’s Meaningful Use will be particularly insightful. Additionally, this guide covers information related to developers and manufacturers, and includes insights from the FTC, FCC, and FDA’s Mobile Medical App Guidelines.

The team, chaired by Jessica Jacobs, includes the original work of Wendelyn Bradley, Nick Falcone, Rebecca Kennis, Lee Kim, Michael Kuriland, Patricia MacTaggart, and Daisy Wong.

  • Wendelyn Bradley, BSN/MA, MS Medical Informatics -- Scripps Green-Scripps Health-Administrative Clinical Project Manager. A Scripps employee for 14 years, for the past 10 she has guided clinical software implementation projects. Currently she leads the Perioperative Optimization project and system-wide clinical system roll out.
  • Nick Falcone, CISSP -- Security Operations Engineer with the Children’s Hospital of Philadelphia, is responsible for HIPAA Security Rule compliance, risk assessment, third party management, and policy and procedure.
  • Jessica Jacobs, MHSA, CPHIMS -- Oak Ridge Institute for Science and Education Fellow stationed at the Food and Drug Administration’s Center for Drug Evaluation and Research. [1] She helped stand up the Federal mHealth Collaborative and currently leads FedTel’s “Technology, Innovations, and Standards” workgroup.
  • Rebecca Kennis, CPHIMS -- System Analyst at UHS Hospitals in Binghamton, NY. She is responsible for managing the development and maintenance of mobile device applications, clinical decision support and Meaningful Use initiatives.
  • Lee Kim, BS, JD -- Attorney at Tucker Arensberg, PC. She is an intellectual property and healthcare information technology attorney and a board member of Western Pennsylvania HIMSS. She previously worked in the field of heath information technology.
  • Michael Kurliand, RN MS -- IS Strategy Consultant at the Children's Hospital of Philadelphia. Member of an IS team under the CIO that is responsible for the overall strategic assessment and planning process as well as industry and trend analysis and implementation development.
  • Patricia MacTaggart, MBA, MMA -- George Washington University Lead Research Scientist and Lecturer at the Department of Health Policy/School of Public Health and Health Services and Adjunct Associate Professor, Health Policy & Management, UNC-Chapel Hill. She is a member of HIMSS Public Policy Committee and advises Security and Privacy track students for ONC’s HITECH funded University Based Training Graduate Certificate Program.
  • Daisy Wong, PhD -- Adjunct Assistant Professor at the Computer and Information Sciences at the University of Alabama at Birmingham. She teaches and also provides research and consulting to heath care analytics industry.

Additionally, the group would like to recognize the support we received from Rob Campbell, CEO of Voalte, and HIMSS in the creation of this document, particularly Tom Martin and Tim Castallo.

Here’s to mHealth!

The mHIMSS Policy and Regulatory Implications Workgroup

 

Office for Civil Rights: Health Insurance Portability and Accountability Act

Who is Responsible:

Individuals, organizations, and agencies that meet the definition of a covered entity under HIPAA must comply with the HIPAA Privacy and Security Rules’ requirements to protect the privacy and security of health information and must provide individuals with certain rights with respect to their health information.

  • Most doctor offices, hospitals, health plans, health care clearinghouses and insurance companies are covered entities.
  • Under the HITECH Act, HIPAA Privacy and Security Rules apply to business associates of covered entities. HITECH Act §13401.
  • A covered entity is any entity that receives federal financial assistance from the Department of Health and Human Services or is covered under Title II of the Americans with Disabilities Act as a program, service, or regulatory activity relating to the provision of health care or social services.
  • Are You a Covered Entity?
  • A “business associate” is a person or entity that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of, or provides services to, a covered entity. A member of the covered entity’s workforce is not a business associate.

What and Why it is regulated:

Under the HIPAA Privacy and Security Rules, covered entities are required to take certain steps to ensure that their patients’ protected health information (PHI) remains private and secure. As stated above, under the HITECH Act, business associates must also comply with the HIPAA Privacy and Security Rules.

  • Protected Health Information: all "individually identifiable health information" held or transmitted by a covered entity or its business associate, in any form or media, whether electronic (ePHI), paper, or oral (PHI). ePHI is a form of PHI.
  • Examples:
  • Any demographic data, that relates to the individual’s past, present or future physical or mental health or medical condition
  • The past, present, or future payment for the provision of health care to the individual
  • Data for which there is a reasonable basis to believe can be used to identify the individual
  • Individual identifiable health information such as name, address, birth date, and Social Security Number

The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and availability to those who are authorized to see PHI. The key requirement of the security rule is to conduct a risk assessment and to address the results. The Security Rule is technology neutral, so its standards apply regardless of whether the covered entity is transmitting or receiving electronic protected health information from computer to computer, laptop to laptop, tablet to tablet, or smart phone to smart phone – or any other combination thereof.

The Privacy Rule gives the consumer rights over his/her health information and sets rules and limits on who can view or receive his/her health information.

How and When the Regulation Will be Enforced:

The U.S. Department of Health and Human Service’s Office for Civil Rights (OCR) is responsible for privacy and security enforcement of HIPAA. Currently the OCR is piloting a program to perform up to 150 audits to assess privacy and security compliance. Audits conducted during the pilot phase will begin November 2011 and conclude by December 2012.

Reference:

This summary is based upon the HHS’, Understanding Health Information Privacy site.

Centers for Medicare and Medicaid Services: Meaningful Use

Who is Responsible:

Each Eligible Hospital (EH), Critical Access Hospital (CAH), or Eligible Provider (EP) must demonstrate that they are a “Meaningful User” of a certified electronic health record.

What and Why it is regulated:

This requirement was made law through the Health Information Technology for Economic and Clinical Health (HITECH) Act, which is part the American Recovery and Reinvestment Act (ARRA) of 2009. HITECH promotes the implementation and use of health IT and includes billions of dollars in incentive payments, and eventually, penalizes Medicare providers through reductions in their reimbursements. CMS is promulgating the Meaningful Use rules in three stages under the advisement of NIST and ONC. Additionally, for each stage of Meaningful Use, ONC will promulgate an associated standards rule set.

Currently, Meaningful Use is still in the incentive period. To qualify for an incentive, providers must meet Stage One objectives. Stage One objectives are split into a core group and a menu group. In order to meet Meaningful Use status, all objectives in the core group are required plus 5 of 10 objectives from the menu group for eligible professionals, critical access hospitals, and eligible hospitals. In addition, 15 Clinical Quality Measures are required for eligible hospitals and critical access hospitals and 3 core clinical quality measures (or 3 alternate core clinical quality measures) plus 3 additional clinical quality measures out of a set of 38 for eligible professionals. One of the required core objectives is the utilization of CPOE for eligible hospitals, critical access hospitals, and eligible professionals.

The relationship between Meaningful Use requirements and mobile devices intersect when defining the CPOE requirement of the core group. The Final Rule states that if CPOE occurs through the use of an application on a mobile device, that application must be certified for Meaningful Use as a complete EHR or module. It could be further deduced that any requirement that is fulfilled via a mobile device application would require the application to be certified.

How and When the Regulation Will be Enforced:

Meaningful Use requirements will be implemented in three stages; Stage 1 was defined in the final regulations released in July 2010. The Notice for Proposed Rule Making for Stage 2 is set to be released by the end of the 1st Quarter 2012, Stage 3 is proposed by the end of 2013. While Meaningful Use is currently in an incentive period, starting in 2015, providers will experience a reduction in their Medicare reimbursements if they fail to reach Meaningful Use requirements.

Reference:

This summary was based off of CMS’ Meaningful Use page.

 

 

NIST: Test Procedure for ONC Certified EHR CPOE from Drug-Drug, Drug-Allergy Interaction Checks

Who is Responsible:

This guidance is targeted at eligible hospitals, vendors of ONC Certified EHR CPOE and ONC-Authorized Testing and Certification Bodies (ATCBs), who will use the test procedures to evaluate conformance of EHR technology to ONC’s requirements as defined by NIST.

What and Why it is regulated:

These test procedures define test criteria for EHRs. If the EHR does not meet these requirements, the eligible hospitals (EHs) will not meet Meaningful Use.

This test procedure is organized into two sections:

  • Generate and indicate notifications – evaluates the capability to generate and indicate in real-time notifications at the point of care during computerized provider order entry (CPOE) for drug-drug and drug-allergy contraindications based on the patient’s medication list and medication allergy list.
    • The Vendor identifies specific alerts available in the EHR and available CPOE orders that can be used to initiate those alerts.
    • The Tester enters new medication orders via CPOE and generates at least one each of drug-drug and drug-allergy notifications identified by the Vendor.
    • The Tester validates that the notifications are generated and indicated to the user in real-time during CPOE, are based on the patient’s medication list and medication allergy list, and are displayed as defined by the Vendor.
  • Adjust notifications – evaluates the capability for certain users to make adjustments to drug-drug and drug-allergy interaction checking.
    • The Tester selects and displays the drug-drug and drug-allergy notification adjustment capabilities identified by the Vendor for this test.
    • The Tester adjusts at least one each of the selected drug-drug and drug-allergy notification rules; an example of an adjustment would be changing the level of severity of a notification for all user types or a specific user-type, for instance, causing the suppression of a drug-drug interaction notification for all CPOE users or only for cardiologists who order Digoxin and Furosemide together for the same patient.
    • The Tester validates, in real-time during CPOE, that the selected drug-drug and drug-allergy notifications have been adjusted as described by the Vendor.

This test Procedure requires the vendor to supply the test data. The Tester shall address the following:

  • Vendor-supplied test data shall ensure that the functional and interoperable requirements identified in the criterion can be adequately evaluated for conformance.
  • Vendor-supplied test data shall strictly focus on meeting the basic capabilities required of an EHR relative to the certification criterion rather than exercising the full breadth/depth of capability that an installed EHR might be expected to support.
  • Tester shall record as part of the test documentation the specific Vendor-supplied test data that was utilized for testing.

How and When the Regulation Will be Enforced:

For an eligible hospital to receive EHR Incentive payments from Medicare and Medicaid they must be able to validate the capabilities listed above. An ONC-Authorized Testing and Certification Body (ATCB) must use these procedures when certifying an EHR for ONC.

Reference:

This summary is based upon NIST’s Test Procedures for Drug-drug, drug-allergy interaction checks.

 

Food and Drug Administration: Mobile Medical App Guidance

Who is Responsible:

This guidance is targeted at manufacturers and distributers of mobile medical apps.

  • Manufacturer” encompasses any person or entity that manufactures mobile medical apps in accordance with 21 CFR Parts 803, 806, and 807. Includes: anyone who initiates specifications, designs, labels, or creates a software system or application in whole or from multiple software components. Does not include: developers who strictly operationalize a manufacturers’ design.
  • Distributor” refers to entities that exclusively distribute mobile medical apps. Distributors are expected to work with manufacturers in correcting/removing products, but are not responsible for seeking FDA approval. Common distributors include the iTunes store, Android marketplace, and Blackberry app world.

What and Why it is regulated:

A “mobile medical application” or “mobile medical app” is a mobile app that meets the definition of "device" in section 201(h) of the Federal Food, Drug, and Cosmetic Act (FD&C Act); and its intended use is: as an accessory to a regulated medical device; or to transform a mobile platform into a regulated medical device. These devices are regulated to protect patients from unexpected harms.

Examples:

  • Displaying, Storing, or Transmitting: If a mobile medical app allows for the display/storage/or transmission of patient-specific information, such as personal health information (PHI), in its original format, it is a medical device. This category of mobile medical apps are primarily used as secondary displays (and not for primary diagnosis/treatment decisions) and will only require Class I requirements. For example, a PACS Viewer (like Centricity® Radiology Mobile Access 2.0 software[i]) or mobile ECG viewer (like AirstripTM RPM Cardiology[ii] device) would be regulated under this criterion.
  • Controlling connected medical devices: If a mobile medical app allows for the control of another medical device, it must adhere to the regulations applicable to the connected device. These mobile medical apps can control the use, function, modes, or energy source of a regulated medical device. For example, an app that controls a blood pressure cuff (like Withings®[iii] blood pressure monitor) or a portable ultrasound app (such as the Mobisante software[iv]).
  • Mobile platform transformation: If a mobile medical app transforms a mobile platform into a regulated medical device, it is regulated under the class applicable to its intended use. For example, if a mobile medical app utilizes a phone’s accelerometer to collect data on Parkinson’s disease such as iTrem software.[v]
  • Interpretation of Medical Device Data: If a mobile medical app is intended to analyze or interpret data from a medical device for the purposes of creating alarms, recommendations, or information, is considered an accessory to the first medical device and regulated under the first medical device’s class. This would include patient monitoring apps such as the LifeWatchTM cardiac monitoring system.[vi]

How and When the Regulation Will be Enforced:

If the mobile medical app falls within a specific medical device classification or augments functionality to a specific medical device classification, manufacturers are immediately subject to meet the requirements of that classification (either I, II, or III).

Reference:

This summary is based upon the FDA’s Mobile Medical Apps site.

Federal Communication Commission

Who is Responsible:

Device manufacturers are responsible to design and manufacturer their devices according to the FCC Specific Absorption Rate (SAR) limits. Some examples of devices which might fall under FCC oversight include insulin/glucose monitors, wireless heart monitors, medical radios, and/or cell phones.

What and Why it is regulated:

The FCC regulatory effort has been focused on protecting human health from negative RF (Radio Frequency) exposure and to prevent potential interference among mobile health devices such as implanted cardiac pacemakers. The allowable FCC SAR limit for RF energy exposure from wireless devices is 1.6 watts per kilogram (W/kg), as averaged over one gram of tissue.

Research to determine the health effect of RF exposure is ongoing by various organizations including the FDA and WHO. There are varied interpretations of reports that links wireless device use and cancer and other illnesses. Therefore, the FCC is closely monitoring these study results but has no basis so far to change the current SAR requirement.

How and When the Regulation Will be Enforced:

All wireless devices sold in the US go through a formal FCC approval process to ensure that they do not exceed the maximum allowable SAR level when operating at the device’s highest possible power level. If the FCC learns that a device does not confirm with the test report upon which FCC approval is based – in essence, if the device it stores is not the device the FCC approved, the FCC can withdraw its approval and pursue enforcement action against the appropriate party.

In addition, Wireless Medical Telemetry Service (WMTS) devices used within a health care facility must be registered with the FCC’s designated frequency coordinator and demonstrate that the devices operate within the WMTS spectrum.

References:

This summary is based upon material on the FCC website.

 

 

Federal Trade Commission (FTC)

Who is Responsible:

The consumer data privacy guidance is targeted at policymakers and business that collect data through computers, mobile devices and mobile applications that can be reasonably linked to a specific consumer, computer, or other device. The policies on advertising apply to advertisers.

What and Why it is regulated:

FTC’s proposed framework for consumer data advocates companies to incorporate consumer privacy protection in their businesses; to provide choice to consumer on the use of his or her data; to be transparent with their data practices; to educate consumers on data privacy practices, and provide reasonable access to the consumer data that they maintain. In regard to consumer data privacy, companies do not need to provide choice before collecting and using consumers’ data for commonly accepted practices, such as product fulfillment.

FTC Framework: Consumer Data Privacy Protection

Regarding consumer data privacy protection, the FTC framework includes the following three principles for companies:

  • Companies should incorporate substantive consumer privacy protections throughout their organizations and at every stage of the development of their products and services.
  • Companies should simplify consumer choice. For collection of consumer data for uncommon practices and uses, companies should offer the choice in a simple way at a time and in the context in which the consumer is making a decision about his or her data.
  • Companies should increase the transparency of their data practices and educate consumers on commercial data privacy practices.

FTC Framework: Advertisements

Regarding advertising, the FTC has the following policies in place to guide advertisers:

  • Federal Trade Commission Act
  • Deception Policy Statement
  • Unfairness Policy Statement

How and When the Regulation Will be Enforced:

The FTC regulatory efforts focus on protecting consumer (particularly minors) data privacy and preventing fraudulent or deceptive marketing/advertising that misleads consumers. It will exercise regulatory authority over products and services regardless of the hardware or platform involved. The FTC utilizes the existing FTC Act and laws to determine violations. There are no additional requirements for mobile applications or devices in their current guidance and regulations.

References:

This summary is based upon material on the FTC website.


[iii] http://mobihealthnews.com/11275/fda-clears-withings-iphone-blood-pressure-cuff/. Withings is a trademark or a registered trademark of Withings SAS France.

[iv] http://www.imedicalapps.com/2011/10/fda-sanctioned-mobile-health-apps-making-appearance/

[vi] http://www.lifewatch.com/siteFiles/1/319/5257.asp. LifeWatch is a trademark or a registered trademark of LifeWatch Holding Services, Inc.


[1] Please note, Ms. Jacobs was not involved in the development of any of the guidances/regulations profiled in this summary and her work does not represent the official views of the FDA, HHS, or ORISE. She was enabled to participate through her ORISE fellowship, funded through an interagency agreement between the DOE and HHS/FDA.

fda-logo

Here's a quick summary of the FDA CDRH's Mobile Medical Apps guidance (edited by amazing mHIMSS Mobile Policy and Regulatory Implications Group members: Daisy Wong, Rebecca Kennis, Wendelyn Bradley, Michael Kuriland, and Lee Kim). While I've copy/pasted an early version here, the official HIMSS version is found here. Remember, don't take this as the word of the FDA- it was just us looking at what they said and making some educated analyses.

Guidance Bottom Line:

The FDA will exercise regulatory authority over mobile medical applications intended to perform a medical device function, regardless of the hardware or platform involved. The regulatory requirements manufacturers must meet are determined by the intended use of the mobile medical app.

Who is Responsible:

This guidance is targeted at manufacturers and distributers of mobile medical apps.

  • Manufacturer” encompasses any person or entity that manufactures mobile medical apps in accordance with 21 CFR Parts 803, 806, and 807.
    • Includes:  Anyone who initiates specifications, designs, labels, or creates a software system or application in whole or from multiple software components. This may include health systems, insurance companies, private software vendors, Health IT startups, physicians, nurses, etc.
    • Does not include:  Developers who strictly operationalize a manufacturers’ design. These people are likely technology programmers who are hired to make someone else’s application work.
  • Distributor” refers to entities that exclusively distribute mobile medical apps. Distributors are expected to work with manufacturers in correcting/removing products, but are not responsible for seeking FDA approval. Common distributors include the iTunes store, Android marketplace, and Blackberry app world.

What is, Might, and isn’t regulated:

Below is a detailed description of what is, might, and isn’t regulated by the FDA. Regardless of regulatory oversight, manufacturers are encouraged to follow the Quality Systems regulations to prevent harm in the development of all mobile apps.

What is Regulated - Mobile Medical Applications:

A “mobile medical application” or “mobile medical app” is a mobile app that meets the definition of "device" in section 201(h) of the Federal Food, Drug, and Cosmetic Act (FD&C Act); and its intended use is:

  1. As an accessory to a regulated medical device; or
  2. To transform a mobile platform into a regulated medical device

Examples:

  • Displaying, Storing, or Transmitting:  If a mobile medical app allows for the display/storage/or transmission of patient-specific information, such as personal health information (PHI), in its original format, it is a medical device. This category of mobile medical apps are primarily used as secondary displays (and not for primary diagnosis/treatment decisions) and will only require Class I requirements. For example, a PACS Viewer (like Centricity® Radiology Mobile Access 2.0 software[i]) or mobile ECG viewer (like AirstripTM RPM Cardiology[ii] device) would be regulated under this criterion.
  • Controlling connected medical devices:  If a mobile medical app allows for the control of another medical device, it must adhere to the regulations applicable to the connected device. These mobile medical apps can control the use, function, modes, or energy source of a regulated medical device. For example, an app that controls a blood pressure cuff (like Withings®[iii] blood pressure monitor) or a portable ultrasound app (such as the Mobisante software[iv]).
  • Mobile platform transformation:  If a mobile medical app transforms a mobile platform into a regulated medical device, it is regulated under the class applicable to its intended use. For example, if a mobile medical app utilizes a phone’s accelelerometer to collect data on Parkinson’s disease such as iTrem software.[v]
  • Interpretation of Medical Device Data:  If a mobile medical app is intended to analyze or interpret data from a medical device for the purposes of creating alarms, recommendations, or information, is considered an accessory to the first medical device and regulated under the first medical device’s class. This would include patient monitoring apps such as the LifeWatchTM cardiac monitoring system.[vi]

What might be Regulated:

The FDA will exercise regulatory discretion regarding mobile apps that meet the FD&C’s device definition but are not an accessory to a regulated device or intended to transform a mobile platform into a regulated device. Manufacturers may proactively register, list, and seek approval/clearance for mobile apps that might meet the criteria for being mobile medical apps.

Examples:

Applications that might fall under regulatory oversight include:

  • Applications that remind people to manually input information for logging/tracking/graphing, such as the LogFrog DB Diabetes tracking application that reminds users to test their blood and log A1C results.[vii]
  • Patient education data viewers, such as the ActiveMDTM Patient education marketing.[viii]
  • Organization of personal health information – such as dosages, calories, doctor appointments, lab results, and symptoms. This might include something like iLog Lyme, and application that allows users to log the symptoms of Lyme disease and their medication dosages.[ix]
  • Over the counter medication lookup applications that provide the information available on drug labels such as the MEDIlyzerTM application.[x]

What isn’t Regulated:

Non-covered apps include: Electronic versions of reference materials that do not contain patient-specific information; health/wellness applications that do not intend to cure, treat, or diagnose; automated billing, inventory, appointment, or insurance transactions; generic aids (audio recording, note taking, etc); mobile EHRs or PHRs.

Regulatory Requirements:

If the mobile medical app falls within a specific medical device classification or augments functionality to a specific medical device classification, manufacturers are immediately subject to meet the requirements of that classification (either I, II, or III).

According to the Draft Guidance, these requirements include:

  • Class I devices: General Controls
    • Establishment registration, and Medical Device listing (21 CFR Part 807);
    • Quality System (QS) regulation (21 CFR Part 820);
    • Labeling requirements (21 CFR Part 801);
    • Medical Device Reporting (21 CFR Part 803);
    • Premarket notification (21 CFR Part 807);
    • Reporting Corrections and Removals (21 CFR Part 806); and
    • Investigational Device Exemption (IDE) requirements for clinical studies of investigational devices (21 CFR Part 812).
  • Class II devices: General Controls, Special Controls, and (for most Class II devices) Premarket Notification.
  • Class III devices: General Controls and Premarket Approval (21 CFR Part 814).

Approval Process:

Section Author: Daisy Wong

To meet the regulatory requirements described above, developers of mobile app should be mindful that preparing, filing, and waiting for FDA approval will take time and may cost a significant amount of money. The amount and types of resources needed and the duration of the approval process is dependent upon the app/device classification per the descriptions in the previous section. In addition, developers should also budget for the maintenance of the certification once approval is obtained.

Guidance Limitations:

This guidance provides the “current thinking” of the FDA and is iterative. Indeed, the FDA will monitor mobile apps not covered by this guidance to determine if additional/different guidances are necessary to protect public health. This guidance does not consider wireless safety considerations, clinical decision support software, quality systems software, or mobile medical apps intended to analyze, process, or interpret medical device data from more than one medical device. Separate guidances are forthcoming.

Definitions:

  • Mobile Platform: handheld commercial off-the-shelf (COTS) computing platforms, with or without wireless connectivity. Examples: smartphones, tablet computers, personal digital assistants, etc.
  • Mobile Application (Mobile App): software applications that can be executed on a mobile platform; native and web-based.
  • Regulated Medical Device: a product that meets the definition of "device" in section 201(h) of the FD&C Act and that has been classified or otherwise approved or cleared by the FDA. Regulated Medical devices usually profess an ability to diagnose, cure, mitigate, treat, or prevent disease, or are intended to affect the structure or any function of the body of man.
  • General Controls: include requirements regarding good manufacturing practice, labeling, registering all establishments with the FDA, listing all devices to be marketed and submitting a premarket notification [510(k)] before marketing a device.
  • Special Controls: may include special labeling requirements, mandatory performance standards and postmarket surveillance.
  • Premarket Approval: Premarket approval (PMA) is the FDA process of scientific and regulatory review to evaluate the safety and effectiveness of Class III medical devices

References:

This summary is based upon the FDA’s Mobile Medical Apps site.


[i] http://www.hospitalemrandehr.com/2011/12/02/centricity-gets-fda-510k-clearance-for-mobile-radiology-app/.  Centricity is a registered trademark of General Electric Company.

[iii] http://mobihealthnews.com/11275/fda-clears-withings-iphone-blood-pressure-cuff/.  Withings is a trademark or a registered trademark of Withings SAS France.

[iv] http://www.imedicalapps.com/2011/10/fda-sanctioned-mobile-health-apps-making-appearance/

[vi] http://www.lifewatch.com/siteFiles/1/319/5257.asp.  LifeWatch is a trademark or a registered trademark of LifeWatch Holding Services, Inc.

[vii] http://itunes.apple.com/us/app/id398879753

[viii] http://www.activemd.net/design-develop/patient-education-programs.php.  ActiveMD is a trademark of ActiveMD Patient Education.

[ix] http://itunes.apple.com/us/app/id405435677

[x] http://www.medilyzer.com/smart-phone-iphone.html.  MEDIlyzer is a trademark of MediLyzer Systems Inc.

FDA ORg

My interpretation of the FDA. c. 2009.

This was a group project that suggested the FDA give up regulating food. Presentation is and presentation background brief (cowritten with Anthony Hopper and Eliott Bosslet) is copy/pasted below.

Legislation Review

            The FDA is an ever-evolving agency that is constantly changing due to technology and the advancement of science.  A majority of the amendments are developed to modify previous laws and regulations that were in place.  Currently the FDA is working on the Food and Drug Administration Amendments Act of 2007.  President George W. Bush signed into law H.R. 358 on September 27th, 2007.  This new law focuses on drugs and devices.  It adds the Prescription Drug User Fee Act and also the Medical Device User Fee and Modernization Act.  Another area that the new amendment concentrates on is that of children with the Best Pharmaceuticals for Children Act and the Pediatric Research Equity Act.  With the signing of this act the FDA is hoping to make considerable advances for not only those who develop medical products, but also for those who use them.

Another law that was just signed on June 22nd, 2009 by President Obama is The Family Smoking Prevention and Tobacco Control Act.  This new law adds to the FDA’s already robust list of regulatory standards.  It will focus on cracking down on the appeal of cigarettes to children, making the tobacco industry more clear on their marketing, and also give the FDA power to make changes in the tobacco industries products.

 

Intro/background

            The FDA is the oldest comprehensive consumer protection agency in the U.S. Federal Government, and it reports to The U.S. Department Health and Human Services.  Its history can be traced all the way back to 1820 when eleven scientists met in Washington, D.C., to establish the U.S. Pharmacopeia, which was the first collection of drug standards for the U.S.  Over the years it has grown and branched out to a wide variety of regulatory fields varying from cosmetics to Veterinary products.  Some of the major amendments and laws are as followed: 1906 the Food and Drugs Act, 1938 the Food, Drug, and Cosmetic Act, 1968 the Animal Drugs Amendment, 1976 Medical Device Amendment, 1997 the Current FDA Modernization Act, and the most recent in 2009 is The Family Smoking Prevention and Tobacco Control Act.

The FDA currently regulates: biologics, cosmetics, drugs, foods, medical devices, radiation-emitting electronic products, veterinary products, and now tobacco products.  The FDA’s current budget is approximately $2.7 billion, they employee around 11,000 individuals, and they oversee $1.5 trillion in foods, drugs, and other products.  Due to their diverse and broad regulatory standards we believe that they are spread too thin and are not able to accurately regulate all of these products.  That being said we propose two goals for the FDA, one long-term goal and one short-term goal.  For the short-term we recommend that the FDA increase their budget and for the long-term we recommend that the FDA is broken up into two different entities The U.S. Department of Health and Human Services take everything that pertains to humans: biologics, cosmetics, drugs, medical devices, radiation-emitting electronic products, and tobacco; and the Department of Agriculture takes foods and veterinary products.