Federal mHealth Policy 101

@jess_jacobs @FHCInnovation
#HIMSS13 #mHIMSS #Policy

Federal mHealth Policy 101
Jess Jacobs, MHSA, CPHIMS

DISCLAIMER: The views and opinions expressed in this presentation are those of the author and do not necessarily represent official policy or position of HIMSS.


Conflict of Interest Disclosure
Jessica Jacobs, MHSA, CPHIMS

Has no real or apparent
conflicts of interest to report.


Learning Objectives

• Recognize the oversight of seven federal
agencies/opdivs on mHealth related technologies

• Distinguish between federal policies that apply to
mHealth product development verses mHealth
adoption

• Identify federal policies relevant to their
organization's application of mHealth


Agenda

Introduction

Policy 101

Policy Continuum

What’s this mean?


mHealth is the use of mobile and
wireless devices to improve health outcomes,
healthcare services, and health research.
- 2011 NIH Consensus Group


That seems general…
Who • Patient? Provider?
• Data collected? Data
What disseminated? Analysis?
Recommendations?
When • Home? Hospital? Car?
Where • Broadband? Wifi? Wired?

• Treat a disease? General
Why
wellness?


Policy 101: Federal Government Organization


Policy 101: Policy Process

Hears a Passes a Signs into Translates Complies
need Bill Law into Policy


Policy 101: Lots of Cabinet Players


Policy 101: The Cabinet
National Institute of
Department of Commerce
United States Executive Branch

Standards and Technology
(DOC)
(NIST)

Food and Drug
Administration (FDA)
Office of the National
Coordinator for Health IT
(ONC)
Department of Health and
Office of the Secretary (OS)
Human Services (HHS)
Office for Civil Rights (OCR)
Centers for Medicare and
Medicaid Services (CMS)

Federal Communications
Commission (FCC)
Independent Offices
Federal Trade Commission
(FTC)


mHealth Policy Continuum
Adoption

Privacy/Security Safety/Efficacy

Communication


Safety and Efficacy
Running the Show Backup Singers


Safety and Efficacy: FDA

• Food and Drug Administration is responsible for vetting the safety
and efficacy of medical devices.

• Authority:
– Food, Drug, and Cosmetic Act 1938
• FDA is responsible for regulating medical devices
– FDA Safety and Innovation Act 2012, Section 618
• FDA, FCC, ONC will coordinate on regulatory framework.

• Recent Guidance: Mobile Medical Apps Guidance (MMA)
• If the mobile medical app falls within a specific medical device classification or
augments functionality to a specific medical device classification, manufacturers are
immediately subject to meet the requirements of that classification (either I, II, or III).


Safety and Efficacy: FDA Devices
• Medical Devices are classified Class I, II, and III.
• Based on Intended Use and Indications for Use
Class 1: Not substantially important to health
Class 2: Perform as indicated
General Controls
Class 3: Sustain Life
• Listing Special Controls
• Premarket Notification • Labeling
• Recall Processes
Premarket Approval
• Post Market
• Good Manufacturing Surveillance
Processes • Performance Standards


Safety and Efficacy: FDA Device

Anything that isn’t a drug and is used to:
Diagnose
Cure
Mitigate
Treat
Prevent
a disease or condition.


Safety and Efficacy: FDA MMA
Displaying, Storing, or Transmitting
• If a mobile medical app allows for the display/storage/or
transmission of patient-specific information (PHI) in its
original format, it is a medical device. This category of
mobile medical apps are primarily used as secondary
displays (and not for primary diagnosis/treatment
decisions) and will only require Class I requirements.

Controlling connected medical devices
• If a mobile medical app allows for the control of another
medical device, it must adhere to the regulations
applicable to the connected device. These mobile
medical apps can control the use, function, modes, or
energy source of a regulated medical device.


Mobile platform transformation
• If a mobile medical app transforms a mobile
platform into a regulated medical device, it is
regulated under the class applicable to its intended
use.

Interpretation of Medical Device Data
• If a mobile medical app is intended to analyze or
interpret data from a medical device for the
purposes of creating alarms, recommendations, or
information, is considered an accessory to the first
medical device and regulated under the first medical
device’s class.


• Possibly Regulated: “Regulatory discretion will be used regarding mobile apps which meet
the FD&C’s device definition but are not an accessory to a regulated device or intended to
transform a mobile platform into a regulated device. “

Applications which remind people to manually input information
for logging/tracking/graphing.

Patient education data viewers.

Organization of personal health information - such as dosages,
calories, doctor appointments, lab results, and symptoms.

Over the counter medication lookup applications which provide
the information available on drug labels.


Not regulated:

– Electronic versions of reference
materials that do not contain patient-
specific information

– Health/wellness applications that do
not intend to cure, treat, or diagnose

– Automated billing, inventory,
appointment, or insurance
transactions

– Generic aids (audio recording, note
taking, etc)

– mobile EHRs or PHRs


Safety and Efficacy: FCC
• The FCC sets Specific Absorption Rate (SAR) limits to
protecting human health from negative RF (Radio
Frequency) exposure under Part 95.

• Some examples of devices which might fall under FCC
oversight include insulin/glucose monitors, wireless heart
monitors, medical radios, and/or cell phones.

• Authority:
– Communications Act 1934
– Telecommunications Act 1996


Safety and Efficacy: FTC
• The FTC sanctions individuals
who advertise products
inappropriately.
– False or misleading
– Omits material facts
– Act or practice that is unfair
– Cause substantial harm to
consumers (CBA)

• Authority:
– Federal Trade Commission Act 1914
(Section 5)


Communication


Communication
• FCC is responsible for making sure devices are able to
communicate without interference.

• FCC technical requirements apply to devices that posses the
potential to cause radio frequency
– may include the granting of an FCC ID number.

• Authority:
– Communications Act 1934
– Telecommunications Act 1996
– Food and Drug Administration
Safety and Innovation Act 2012


Communication: FCC Spectrum Allocation
• Medical Radio Communications Service (MedRadio): medical
devices for transmitting data containing operational, diagnostic
and therapeutic information associated with a medical implant
device or medical body worn devices

• Medical Micropower Networks (MMNs): wireless medical devices
that can be used to restore functions to paralyzed limbs

• Medical Body Area Networks (MBANs): networks of body-worn
wireless sensors that transmit patient data to a health care
provider

• Wireless Medical Telemetry Service (WMTS): a short distance
data communication service for transmitting patient medical
information to a central monitoring location in a medical facility

• Medical devices may also operate under the rules for unlicensed
devices under Part 15 in any frequency band available under that
Part.


Communication: Standards

• While not mandated, many standards
organizations work in collaboration with federal
partners.


Adoption
Running the Show
Backup Singers


Adoption: CMS
• Centers for Medicare and Medicaid Adoption (CMS) sets
reimbursement guidelines and runs incentive programs
for hospitals and providers.

• Authority:
– Social Security Act 1965
– American Recovery and Reinvestment Act 2010


Adoption: CMS, ONC, and NIST
• Meaningful Use promotes the adoption of EHRs.

• Operational Rule:
• HHS Center for Medicare and Medicaid Services (CMS)
writes the rule and administers the provider incentive/penalty
program.
• Technical Rules:
• HHS Office of the National Coordinator for Health IT (ONC) is
responsible for the Standards and Certification Rule.
• NIST provides test criteria for EHRs to become certified.


Adoption
Stages One and Two Stage Three and Beyond

• Create the capacity for
electronic episodes of care
• How to incorporate patient
generated data


Adoption: Body of Evidence


Privacy and Security
Running the Show Backup Singer


Privacy and Security: OCR and HIPAA

• HHS Office for Civil Rights promulgates rules to
protect consumer health information.

• Authority:
– Health Insurance Portability
and Accountability Act 1996
– American Recovery and
Reinvestment Act 2010


Privacy and Security: OCR and HIPAA
• HIPAA applies to Protected Health Information
(PHI):
– all "individually identifiable health information"
– any form or media: electronic (ePHI), paper, or oral.
– held or transmitted by a covered entity or its business
associates. health care providers, health plans, health
care clearinghouses, vendors


Privacy and Security: HIPAA

• Rules:
– OCR Privacy Rule:
• Gives the consumer rights over
his/her PHI
• Sets rules and limits on who can
view or receive PHI
– OCR: Security Rule:
• administrative, physical, and
technical safeguards for PHI
• Requires a risk assessment


Privacy and Security: FTC
• The FTC protects consumer data
privacy
– Special rules for minors

• FTC Health Breach Notification Rule:
– Primarily applies to Personal Health
Records

• Authority:
• Federal Trade Commission Act 1914
• Children’s Online Privacy Protection Act
1998


Privacy and Security: FCC
No Intercepting No Jamming


What’s this mean? Question of Who.
Manufacturer Healthcare Provider

• Initiates Specifications • Hospital
• Designs • Physicians
• Labels
• Creates a software
system or application in
whole or from multiple
software components


Manufacturer
Adoption Safety/Efficacy Communication Privacy/Security
Make sure device If device, undergo Meet
interoperability is FDA review and appropriate FCC
compatible with oversight. technical
Development

ONC/NIST specifications
specifications. Meet FCC and registration
requirements for requirements.
Make sure not RF.
infringing on
patents
If device, If collecting PHI, fulfill
Deployment

postmarket HIPAA requirements
surveillance. Have appropriate
disclaimers and
Don’t oversell to safeguards.
avoid FTC oversight.


Healthcare Providers and Facilities

Adoption Communication Privacy/Security

• Utilize • Use • fulfill all HIPPA
certified EHRs appropriate requirements
spectrum (Security
specifications Assessment)


Resources

• FCC: http://www.fcc.gov/topic/health-care

• FTC: http://www.ftc.gov/

• FDA: http://www.fda.gov/medicaldevices/productsandmedicalprocedures/ucm255978.htm

• CMS: http://www.cms.gov/Regulations-and-Guidance/Legislation/EHRIncentivePrograms/Meaningful_Use.html

• ONC: http://www.healthit.gov/policy-researchers-implementers/mobile-devices-roundtable-safeguarding-health-information

• NIST: http://www.nist.gov/medical-devices-portal.cfm


Thank You! Questions?

Jess Jacobs
jjacobs@healthcareinnovation.us

Special thanks to the
2011-12 mHIMSS Policy Workgroup
W. Bradley, N. Falcone, R. Kennis, L. Kim, M. Kuriland, & D. Wong
for researching the whitepaper this presentation is based on.

Federal mHealth Policy 101

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (20)

Similaire à Federal mHealth Policy 101

Similaire à Federal mHealth Policy 101 (20)

Plus de Jess Jacobs

Plus de Jess Jacobs (16)

Dernier

Dernier (20)

Federal mHealth Policy 101

Notes de l'éditeur