FDA oversight may extend throughout health IT
■ A practical look at information technology issues and usage
The technology you adopt for your practice, including electronic medical record systems and smartphones, could become subject to Food and Drug Administration scrutiny. Experts are trying to discern what that level of examination might look like, and what specific technology would be affected.
So far, there's no clear answer.
The FDA might get involved, experts say, because some kinds of health information technology could be considered medical devices -- which the FDA regulates.
Sen. Charles Grassley (R, Iowa) started the high-level discussion about the FDA's role in health IT in the context of meaningful use of EMRs and the push to get physicians to adopt technology. He sent a letter on Feb. 24 to Health and Human Services Secretary Kathleen Sebelius asking what her agency intended to do to ensure the safety of EMRs, and the role the FDA should play in monitoring them.
The next day, an FDA director stated flatly: "Under the Federal Food, Drug and Cosmetic Act, HIT software is a medical device."
Jeffrey Shuren, MD, director of the FDA Center for Devices and Radiological Health, made that statement as he reported that his agency had received 260 reports over the past two years of health IT-related malfunctions causing 44 injuries and six deaths. Dr. Shuren's statement was made to the Health Information Technology Policy Committee, an advisory panel under the auspices of the HHS Office of the National Coordinator, which oversees health technology.
Steve Nitenson, RN, PhD, an adjunct professor in the information technology management division at Golden Gate University in San Francisco, said the FDA has a history of stepping up scrutiny after problems occur. Many believe that the number of deaths and complications Dr. Shuren detailed in his testimony to the advisory committee was an indication that the FDA now feels it is necessary to exercise its authority.
The discussion of FDA oversight has prompted a debate over what is considered a medical device, and what should and shouldn't fall under FDA regulation.
Experts generally divide health-related applications into three categories -- those that clearly could be considered a medical device, those that clearly are not, and those that could go either way.
Nitenson said the FDA already monitors EMR functionalities that involve contact with patients, such as interpreting lab results, for example. Most experts agree that even smartphone applications that are an extension of those systems fall under the medical device category and are thus open to FDA scrutiny.
But when it comes to other uses of technology, "It's more like the wild, wild West," Nitenson said. This is the area that would include a combination of systems that would transmit data from one source to another, and the various devices used to store and transmit the data, including mobile devices such as smartphones.
Michael Zeinfeld, founder and president of Complemedia, a Chicago-based company that builds targeted media channels for branding purposes, said one reason the FDA is taking another look at many of these devices is that their mobile counterparts are making applications easier to adopt, and thus the mobile devices are used more widely.
Kyle Heppenstall is the managing director of CompassX Group, a life sciences management consulting firm in Irvine, Calif., that helps clients get systems validated with various federal agencies. His clients include corporations, health care firms, and biotech and pharmaceutical companies that are building technology systems for the consumer market. He advises them that those systems need to be validated, even when they are mobile extensions of existing systems that already are monitored by the government.
Heppenstall said the cost of developing a regulated system could be up to three times more expensive than developing systems that are not regulated. "That is an additional burden that would have to be [paid for] by the owner of the system," he said.
Particularly with smartphone applications -- many of which are inexpensive to develop and cost nothing to download -- most experts agree that the cost of developing FDA-compliant applications and software would stifle innovation.
"Finally there's a place where doctors can go, and health care professionals can go, to get these tools and resources, and you don't want to make it more difficult for innovation to happen," Zeinfeld said. "And you shouldn't have to make it more difficult. Certainly, there's got to be some middle ground."
On the other hand, Nitenson, who has worked clinically in emergency and intensive care departments, said, "I would never use, nor would I recommend, [that] a physician use software technology that is specifically designed around a smartphone device that is not strong enough to endure both the HHS mandates and the FDA's mandate of data security and integrity for medical devices."
Most experts agree that full oversight of all health information systems likely never would happen. The cost would be too high, and the scope of regulation would be too vast.
But Dr. Shuren did lay out some possible scenarios, most of which would involve tracking problems after a device or software has hit the market. For example, there could be a database of adverse effects, or a registration list of devices. Another option might be a requirement that developers adhere to the FDA's Quality Systems Regulation, a list of specific guidelines manufacturers must follow.
Nintenson thinks there must be consequences if FDA oversight is to have an impact.
"As long as there is no consequence, people who write software don't necessarily do things in a more secure manner," he said.