call girls in Connaught Place DELHI 🔝 >༒9540349809 🔝 genuine Escort Service ...
Federal mHealth Policy 101
1. @jess_jacobs @FHCInnovation
#HIMSS13 #mHIMSS #Policy
Federal mHealth Policy 101
Jess Jacobs, MHSA, CPHIMS
DISCLAIMER: The views and opinions expressed in this presentation are those of the author and do not necessarily represent official policy or position of HIMSS.
2. @jess_jacobs @FHCInnovation
#HIMSS13 #mHIMSS #Policy
Conflict of Interest Disclosure
Jessica Jacobs, MHSA, CPHIMS
Has no real or apparent
conflicts of interest to report.
3. @jess_jacobs @FHCInnovation
#HIMSS13 #mHIMSS #Policy
Learning Objectives
• Recognize the oversight of seven federal
agencies/opdivs on mHealth related technologies
• Distinguish between federal policies that apply to
mHealth product development verses mHealth
adoption
• Identify federal policies relevant to their
organization's application of mHealth
5. @jess_jacobs @FHCInnovation
#HIMSS13 #mHIMSS #Policy
mHealth is the use of mobile and
wireless devices to improve health outcomes,
healthcare services, and health research.
- 2011 NIH Consensus Group
6. @jess_jacobs @FHCInnovation
#HIMSS13 #mHIMSS #Policy
That seems general…
Who • Patient? Provider?
• Data collected? Data
What disseminated? Analysis?
Recommendations?
When • Home? Hospital? Car?
Where • Broadband? Wifi? Wired?
• Treat a disease? General
Why
wellness?
9. @jess_jacobs @FHCInnovation
#HIMSS13 #mHIMSS #Policy
Policy 101: Policy Process
Hears a Passes a Signs into Translates Complies
need Bill Law into Policy
11. @jess_jacobs @FHCInnovation
#HIMSS13 #mHIMSS #Policy
Policy 101: The Cabinet
National Institute of
Department of Commerce
United States Executive Branch
Standards and Technology
(DOC)
(NIST)
Food and Drug
Administration (FDA)
Office of the National
Coordinator for Health IT
(ONC)
Department of Health and
Office of the Secretary (OS)
Human Services (HHS)
Office for Civil Rights (OCR)
Centers for Medicare and
Medicaid Services (CMS)
Federal Communications
Commission (FCC)
Independent Offices
Federal Trade Commission
(FTC)
15. @jess_jacobs @FHCInnovation
#HIMSS13 #mHIMSS #Policy
Safety and Efficacy: FDA
• Food and Drug Administration is responsible for vetting the safety
and efficacy of medical devices.
• Authority:
– Food, Drug, and Cosmetic Act 1938
• FDA is responsible for regulating medical devices
– FDA Safety and Innovation Act 2012, Section 618
• FDA, FCC, ONC will coordinate on regulatory framework.
• Recent Guidance: Mobile Medical Apps Guidance (MMA)
• If the mobile medical app falls within a specific medical device classification or
augments functionality to a specific medical device classification, manufacturers are
immediately subject to meet the requirements of that classification (either I, II, or III).
16. @jess_jacobs @FHCInnovation
#HIMSS13 #mHIMSS #Policy
Safety and Efficacy: FDA Devices
• Medical Devices are classified Class I, II, and III.
• Based on Intended Use and Indications for Use
Class 1: Not substantially important to health
Class 2: Perform as indicated
General Controls
Class 3: Sustain Life
• Listing Special Controls
• Premarket Notification • Labeling
• Recall Processes
Premarket Approval
• Post Market
• Good Manufacturing Surveillance
Processes • Performance Standards
17. @jess_jacobs @FHCInnovation
#HIMSS13 #mHIMSS #Policy
Safety and Efficacy: FDA Device
Anything that isn’t a drug and is used to:
Diagnose
Cure
Mitigate
Treat
Prevent
a disease or condition.
18. @jess_jacobs @FHCInnovation
#HIMSS13 #mHIMSS #Policy
Safety and Efficacy: FDA MMA
Displaying, Storing, or Transmitting
• If a mobile medical app allows for the display/storage/or
transmission of patient-specific information (PHI) in its
original format, it is a medical device. This category of
mobile medical apps are primarily used as secondary
displays (and not for primary diagnosis/treatment
decisions) and will only require Class I requirements.
Controlling connected medical devices
• If a mobile medical app allows for the control of another
medical device, it must adhere to the regulations
applicable to the connected device. These mobile
medical apps can control the use, function, modes, or
energy source of a regulated medical device.
19. @jess_jacobs @FHCInnovation
#HIMSS13 #mHIMSS #Policy
Safety and Efficacy: FDA MMA
Mobile platform transformation
• If a mobile medical app transforms a mobile
platform into a regulated medical device, it is
regulated under the class applicable to its intended
use.
Interpretation of Medical Device Data
• If a mobile medical app is intended to analyze or
interpret data from a medical device for the
purposes of creating alarms, recommendations, or
information, is considered an accessory to the first
medical device and regulated under the first medical
device’s class.
20. @jess_jacobs @FHCInnovation
#HIMSS13 #mHIMSS #Policy
Safety and Efficacy: FDA MMA
• Possibly Regulated: “Regulatory discretion will be used regarding mobile apps which meet
the FD&C’s device definition but are not an accessory to a regulated device or intended to
transform a mobile platform into a regulated device. “
Applications which remind people to manually input information
for logging/tracking/graphing.
Patient education data viewers.
Organization of personal health information - such as dosages,
calories, doctor appointments, lab results, and symptoms.
Over the counter medication lookup applications which provide
the information available on drug labels.
21. @jess_jacobs @FHCInnovation
#HIMSS13 #mHIMSS #Policy
Safety and Efficacy: FDA MMA
Not regulated:
– Electronic versions of reference
materials that do not contain patient-
specific information
– Health/wellness applications that do
not intend to cure, treat, or diagnose
– Automated billing, inventory,
appointment, or insurance
transactions
– Generic aids (audio recording, note
taking, etc)
– mobile EHRs or PHRs
22. @jess_jacobs @FHCInnovation
#HIMSS13 #mHIMSS #Policy
Safety and Efficacy: FCC
• The FCC sets Specific Absorption Rate (SAR) limits to
protecting human health from negative RF (Radio
Frequency) exposure under Part 95.
• Some examples of devices which might fall under FCC
oversight include insulin/glucose monitors, wireless heart
monitors, medical radios, and/or cell phones.
• Authority:
– Communications Act 1934
– Telecommunications Act 1996
23. @jess_jacobs @FHCInnovation
#HIMSS13 #mHIMSS #Policy
Safety and Efficacy: FTC
• The FTC sanctions individuals
who advertise products
inappropriately.
– False or misleading
– Omits material facts
– Act or practice that is unfair
– Cause substantial harm to
consumers (CBA)
• Authority:
– Federal Trade Commission Act 1914
(Section 5)
25. @jess_jacobs @FHCInnovation
#HIMSS13 #mHIMSS #Policy
Communication
• FCC is responsible for making sure devices are able to
communicate without interference.
• FCC technical requirements apply to devices that posses the
potential to cause radio frequency
– may include the granting of an FCC ID number.
• Authority:
– Communications Act 1934
– Telecommunications Act 1996
– Food and Drug Administration
Safety and Innovation Act 2012
26. @jess_jacobs @FHCInnovation
#HIMSS13 #mHIMSS #Policy
Communication: FCC Spectrum Allocation
• Medical Radio Communications Service (MedRadio): medical
devices for transmitting data containing operational, diagnostic
and therapeutic information associated with a medical implant
device or medical body worn devices
• Medical Micropower Networks (MMNs): wireless medical devices
that can be used to restore functions to paralyzed limbs
• Medical Body Area Networks (MBANs): networks of body-worn
wireless sensors that transmit patient data to a health care
provider
• Wireless Medical Telemetry Service (WMTS): a short distance
data communication service for transmitting patient medical
information to a central monitoring location in a medical facility
• Medical devices may also operate under the rules for unlicensed
devices under Part 15 in any frequency band available under that
Part.
27. @jess_jacobs @FHCInnovation
#HIMSS13 #mHIMSS #Policy
Communication: Standards
• While not mandated, many standards
organizations work in collaboration with federal
partners.
28. @jess_jacobs @FHCInnovation
#HIMSS13 #mHIMSS #Policy
Adoption
Running the Show
Running the Show Backup Singers
Backup Singers
29. @jess_jacobs @FHCInnovation
#HIMSS13 #mHIMSS #Policy
Adoption: CMS
• Centers for Medicare and Medicaid Adoption (CMS) sets
reimbursement guidelines and runs incentive programs
for hospitals and providers.
• Authority:
– Social Security Act 1965
– American Recovery and Reinvestment Act 2010
30. @jess_jacobs @FHCInnovation
#HIMSS13 #mHIMSS #Policy
Adoption: CMS, ONC, and NIST
• Meaningful Use promotes the adoption of EHRs.
• Operational Rule:
• HHS Center for Medicare and Medicaid Services (CMS)
writes the rule and administers the provider incentive/penalty
program.
• Technical Rules:
• HHS Office of the National Coordinator for Health IT (ONC) is
responsible for the Standards and Certification Rule.
• NIST provides test criteria for EHRs to become certified.
31. @jess_jacobs @FHCInnovation
#HIMSS13 #mHIMSS #Policy
Adoption
Stages One and Two Stage Three and Beyond
• Create the capacity for
electronic episodes of care
• How to incorporate patient
generated data
34. @jess_jacobs @FHCInnovation
#HIMSS13 #mHIMSS #Policy
Privacy and Security: OCR and HIPAA
• HHS Office for Civil Rights promulgates rules to
protect consumer health information.
• Authority:
– Health Insurance Portability
and Accountability Act 1996
– American Recovery and
Reinvestment Act 2010
35. @jess_jacobs @FHCInnovation
#HIMSS13 #mHIMSS #Policy
Privacy and Security: OCR and HIPAA
• HIPAA applies to Protected Health Information
(PHI):
– all "individually identifiable health information"
– any form or media: electronic (ePHI), paper, or oral.
– held or transmitted by a covered entity or its business
associates. health care providers, health plans, health
care clearinghouses, vendors
36. @jess_jacobs @FHCInnovation
#HIMSS13 #mHIMSS #Policy
Privacy and Security: HIPAA
• Rules:
– OCR Privacy Rule:
• Gives the consumer rights over
his/her PHI
• Sets rules and limits on who can
view or receive PHI
– OCR: Security Rule:
• administrative, physical, and
technical safeguards for PHI
• Requires a risk assessment
37. @jess_jacobs @FHCInnovation
#HIMSS13 #mHIMSS #Policy
Privacy and Security: FTC
• The FTC protects consumer data
privacy
– Special rules for minors
• FTC Health Breach Notification Rule:
– Primarily applies to Personal Health
Records
• Authority:
• Federal Trade Commission Act 1914
• Children’s Online Privacy Protection Act
1998
40. @jess_jacobs @FHCInnovation
#HIMSS13 #mHIMSS #Policy
What’s this mean? Question of Who.
Manufacturer Healthcare Provider
• Initiates Specifications • Hospital
• Designs • Physicians
• Labels
• Creates a software
system or application in
whole or from multiple
software components
41. @jess_jacobs @FHCInnovation
#HIMSS13 #mHIMSS #Policy
Manufacturer
Adoption Safety/Efficacy Communication Privacy/Security
Make sure device If device, undergo Meet
interoperability is FDA review and appropriate FCC
compatible with oversight. technical
Development
ONC/NIST specifications
specifications. Meet FCC and registration
requirements for requirements.
Make sure not RF.
infringing on
patents
If device, If collecting PHI, fulfill
Deployment
postmarket HIPAA requirements
surveillance. Have appropriate
disclaimers and
Don’t oversell to safeguards.
avoid FTC oversight.
42. @jess_jacobs @FHCInnovation
#HIMSS13 #mHIMSS #Policy
Healthcare Providers and Facilities
Adoption Communication Privacy/Security
• Utilize • Use • fulfill all HIPPA
certified EHRs appropriate requirements
spectrum (Security
specifications Assessment)
45. @jess_jacobs @FHCInnovation
#HIMSS13 #mHIMSS #Policy
Thank You! Questions?
Jess Jacobs
jjacobs@healthcareinnovation.us
Special thanks to the
2011-12 mHIMSS Policy Workgroup
W. Bradley, N. Falcone, R. Kennis, L. Kim, M. Kuriland, & D. Wong
for researching the whitepaper this presentation is based on.
Notes de l'éditeur
This presentation, for providers and developers alike, will serve as an introduction to Federal mHealth policies from the following agencies: HHS (CMS, FDA, OCR, ONC), NIST, FTC, FCC.
Definition
Who: Who is the product intended to be used by?What: How does the product record and analyze the information? When: What settings can the product be used in – different requirements for clinical vs home useWhere: What connectivity is required for successful utilization of the product? Why: Why is the product used?