federal mhealth policy 101

@jess_jacobs @FHCInnovation#HIMSS13 #mHIMSS #Policy

Federal mHealth Policy 101

Jess Jacobs, MHSA, CPHIMS

DISCLAIMER: The views and opinions expressed in this presentation are those of the author and do not necessarily represent official policy or position of HIMSS.


Conflict of Interest Disclosure Jessica Jacobs, MHSA, CPHIMS

Has no real or apparent

conflicts of interest to report.


Learning Objectives

• Recognize the oversight of seven federal agencies/opdivs on mHealth related technologies

• Distinguish between federal policies that apply to mHealth product development verses mHealth adoption

• Identify federal policies relevant to their organization's application of mHealth


Agenda

Introduction

Policy 101

Policy Continuum

What’s this mean?


mHealth is the use of mobile and

wireless devices to improve health outcomes, healthcare services, and health research.

- 2011 NIH Consensus Group


That seems general…

Who • Patient? Provider?

What • Data collected? Data

disseminated? Analysis? Recommendations?

When • Home? Hospital? Car?

Where • Broadband? Wifi? Wired?

Why • Treat a disease? General

wellness?


Agenda

Introduction

Policy 101

Policy Continuum

What’s this mean?


Policy 101: Federal Government Organization


Policy 101: Policy Process

Hears a need

Passes a Bill

Signs into Law

Translates into Policy

Complies


Policy 101: Lots of Cabinet Players


Policy 101: The Cabinet

Uni

ted

Stat

es E

xecu

tive

Bran

ch

Department of Commerce (DOC)

National Institute of Standards and Technology

(NIST)

Department of Health and Human Services (HHS)

Food and Drug Administration (FDA)

Office of the Secretary (OS)

Office of the National Coordinator for Health IT

(ONC)

Office for Civil Rights (OCR)

Centers for Medicare and Medicaid Services (CMS)

Independent Offices

Federal Communications Commission (FCC)

Federal Trade Commission (FTC)


Agenda

Introduction

Policy 101

Policy Continuum

What’s this mean?


mHealth Policy Continuum

Adoption

Safety/Efficacy

Communication

Privacy/Security


Running the Show Backup Singers

Safety and Efficacy


Safety and Efficacy: FDA

• Food and Drug Administration is responsible for vetting the safety and efficacy of medical devices.

• Authority: – Food, Drug, and Cosmetic Act 1938

• FDA is responsible for regulating medical devices

– FDA Safety and Innovation Act 2012, Section 618• FDA, FCC, ONC will coordinate on regulatory framework.

• Recent Guidance: Mobile Medical Apps Guidance (MMA)• If the mobile medical app falls within a specific medical device classification or

augments functionality to a specific medical device classification, manufacturers are immediately subject to meet the requirements of that classification (either I, II, or III).


Safety and Efficacy: FDA Devices• Medical Devices are classified Class I, II, and III. • Based on Intended Use and Indications for Use

Class 1: Not substantially important to health

General Controls• Listing• Premarket Notification• Recall Processes• Good Manufacturing

Processes

Class 2: Perform as indicated

Special Controls• Labeling• Post Market

Surveillance• Performance Standards

Class 3: Sustain Life

Premarket Approval


Safety and Efficacy: FDA Device

Anything that isn’t a drug and is used to:

Diagnose

Cure

Mitigate

Treat

Prevent

a disease or condition.


Safety and Efficacy: FDA MMA

Displaying, Storing, or Transmitting• If a mobile medical app allows for the display/storage/or

transmission of patient-specific information (PHI) in its original format, it is a medical device. This category of mobile medical apps are primarily used as secondary displays (and not for primary diagnosis/treatment decisions) and will only require Class I requirements.

Controlling connected medical devices• If a mobile medical app allows for the control of another

medical device, it must adhere to the regulations applicable to the connected device. These mobile medical apps can control the use, function, modes, or energy source of a regulated medical device.


Safety and Efficacy: FDA MMA

Mobile platform transformation• If a mobile medical app transforms a mobile

platform into a regulated medical device, it is regulated under the class applicable to its intended use.

Interpretation of Medical Device Data• If a mobile medical app is intended to analyze or

interpret data from a medical device for the purposes of creating alarms, recommendations, or information, is considered an accessory to the first medical device and regulated under the first medical device’s class.


Safety and Efficacy: FDA MMA• Possibly Regulated: “Regulatory discretion will be used regarding mobile apps which

meet the FD&C’s device definition but are not an accessory to a regulated device or intended to transform a mobile platform into a regulated device. “

Applications which remind people to manually input information for logging/tracking/graphing.

Patient education data viewers.

Organization of personal health information - such as dosages, calories, doctor appointments, lab results, and symptoms.

Over the counter medication lookup applications which provide the information available on drug labels.


Safety and Efficacy: FDA MMANot regulated:

– Electronic versions of reference materials that do not contain patient-specific information

– Health/wellness applications that do not intend to cure, treat, or diagnose

– Automated billing, inventory, appointment, or insurance transactions

– Generic aids (audio recording, note taking, etc)

– mobile EHRs or PHRs


Safety and Efficacy: FCC

• The FCC sets Specific Absorption Rate (SAR) limits to protecting human health from negative RF (Radio Frequency) exposure under Part 95.

• Some examples of devices which might fall under FCC oversight include insulin/glucose monitors, wireless heart monitors, medical radios, and/or cell phones.

• Authority:– Communications Act 1934– Telecommunications Act 1996


Safety and Efficacy: FTC

• The FTC sanctions individuals who advertise products inappropriately. – False or misleading– Omits material facts– Act or practice that is unfair– Cause substantial harm to consumers

(CBA)

• Authority: – Federal Trade Commission Act 1914

(Section 5)



Communication


Communication

• FCC is responsible for making sure devices are able to communicate without interference.

• FCC technical requirements apply to devices that posses the potential to cause radio frequency – may include the granting of an FCC ID number.

• Authority: – Communications Act 1934– Telecommunications Act 1996– Food and Drug Administration

Safety and Innovation Act 2012


Communication: FCC Spectrum Allocation

• Medical Radio Communications Service (MedRadio): medical devices for transmitting data containing operational, diagnostic and therapeutic information associated with a medical implant device or medical body worn devices

• Medical Micropower Networks (MMNs): wireless medical devices that can be used to restore functions to paralyzed limbs

• Medical Body Area Networks (MBANs): networks of body-worn wireless sensors that transmit patient data to a health care provider

• Wireless Medical Telemetry Service (WMTS): a short distance data communication service for transmitting patient medical information to a central monitoring location in a medical facility

• Medical devices may also operate under the rules for unlicensed devices under Part 15 in any frequency band available under that Part.


Communication: Standards

• While not mandated, many standards organizations work in collaboration with federal partners.



Adoption



Adoption: CMS

• Centers for Medicare and Medicaid Adoption (CMS) sets reimbursement guidelines and runs incentive programs for hospitals and providers.

• Authority:– Social Security Act 1965– American Recovery and Reinvestment Act 2010


Adoption: CMS, ONC, and NIST• Meaningful Use promotes the adoption of EHRs.

• Operational Rule: • HHS Center for Medicare and Medicaid Services (CMS)

writes the rule and administers the provider incentive/penalty program.

• Technical Rules: • HHS Office of the National Coordinator for Health IT (ONC)

is responsible for the Standards and Certification Rule.• NIST provides test criteria for EHRs to become certified.


Stages One and Two Stage Three and Beyond

• Create the capacity for electronic episodes of care

• How to incorporate patient generated data

Adoption


Adoption: Body of Evidence


Running the Show Backup Singer

Privacy and Security


Privacy and Security: OCR and HIPAA

• HHS Office for Civil Rights promulgates rules to protect consumer health information.

• Authority:– Health Insurance Portability

and Accountability Act 1996– American Recovery and

Reinvestment Act 2010


Privacy and Security: OCR and HIPAA

• HIPAA applies to Protected Health Information (PHI): – all "individually identifiable health information" – any form or media: electronic (ePHI), paper, or oral. – held or transmitted by a covered entity or its business

associates. health care providers, health plans, health care clearinghouses, vendors


Privacy and Security: HIPAA

• Rules: – OCR Privacy Rule:

• Gives the consumer rights over his/her PHI

• Sets rules and limits on who can view or receive PHI

– OCR: Security Rule: • administrative, physical, and

technical safeguards for PHI• Requires a risk assessment


Privacy and Security: FTC• The FTC protects consumer data

privacy– Special rules for minors

• FTC Health Breach Notification Rule: – Primarily applies to Personal Health

Records

• Authority: • Federal Trade Commission Act 1914• Children’s Online Privacy Protection Act

1998


No Intercepting No Jamming

Privacy and Security: FCC


Agenda

Introduction

Policy 101

Policy Continuum

What’s this mean?


Manufacturer

• Initiates Specifications• Designs• Labels• Creates a software

system or application in whole or from multiple software components

Healthcare Provider

• Hospital• Physicians

What’s this mean? Question of Who.


ManufacturerAdoption Safety/Efficacy Communication Privacy/Security

Development

Make sure device interoperability is compatible with ONC/NIST specifications.

Make sure not infringing on patents

If device, undergo FDA review and oversight.

Meet FCC requirements for RF.

Meet appropriate FCC technical specifications and registration requirements.

Deployment

If device, postmarket surveillance.

Don’t oversell to avoid FTC oversight.

If collecting PHI, fulfill HIPAA requirementsHave appropriate disclaimers and safeguards.


Healthcare Providers and Facilities

Adoption

• Utilize certified EHRs

Communication

• Use appropriate spectrum specifications

Privacy/Security

• fulfill all HIPPA requirements (Security Assessment)


mHealth Policy Continuum

Adoption

Safety/Efficacy

Communication

Privacy/Security


Resources

• FCC: http://www.fcc.gov/topic/health-care

• FTC: http://www.ftc.gov/

• FDA: http://www.fda.gov/medicaldevices/productsandmedicalprocedures/ucm255978.htm

• CMS: http://www.cms.gov/Regulations-and-Guidance/Legislation/EHRIncentivePrograms/Meaningful_Use.html

• ONC: http://www.healthit.gov/policy-researchers-implementers/mobile-devices-roundtable-safeguarding-health-information

• NIST: http://www.nist.gov/medical-devices-portal.cfm

http://www.fcc.gov/topic/health-care

http://www.fcc.gov/topic/health-care

http://www.ftc.gov/

http://www.ftc.gov/

http://www.fda.gov/medicaldevices/productsandmedicalprocedures/ucm255978.htm

http://www.fda.gov/medicaldevices/productsandmedicalprocedures/ucm255978.htm

http://www.cms.gov/Regulations-and-Guidance/Legislation/EHRIncentivePrograms/Meaningful_Use.html

http://www.cms.gov/Regulations-and-Guidance/Legislation/EHRIncentivePrograms/Meaningful_Use.html

http://www.healthit.gov/policy-researchers-implementers/mobile-devices-roundtable-safeguarding-health-information

http://www.healthit.gov/policy-researchers-implementers/mobile-devices-roundtable-safeguarding-health-information

http://www.nist.gov/medical-devices-portal.cfm

http://www.nist.gov/medical-devices-portal.cfm


Thank You! Questions?

Jess Jacobs

[email protected]

Special thanks to the

2011-12 mHIMSS Policy Workgroup W. Bradley, N. Falcone, R. Kennis, L. Kim, M. Kuriland, & D. Wong

for researching the whitepaper this presentation is based on.

mailto:[email protected]

federal mhealth policy 101

Health & Medicine