Evolving Regulatory & Legal Issues

Key executives and leaders with related interests in the health technology field presented their ideas on evolving legal and federal regulatory requirements, lessons learned from real life experiences, and thoughts on privacy issues and rules. Neal Neuberger, Executive Director for the Institute for e-Health Policy welcomed the speakers at the Congressional Steering Committee on Telehealth and Healthcare Informatics luncheon briefing held May 22nd on Capitol Hill. 

HIMSS Legal Task Force Vice Chair, Nandan Kenkeremath, J.D. and moderator for the event said, “All policy issues are complicated so it is even more difficult when policy and regulatory issues are applied specifically to health IT. So much is happening in the field so it is important to understand how regulatory issues will play out in terms of care coordination, accountable care, improving quality, data base analytics, information exchange, interoperability, roles and responsibilities, safety, along with facing the impact on barriers and burdens.

Carole M. Cotter, Senior Vice President and CIO, for Lifspan Health System in Rhode Island recounted how Lifespan an integrated academic health system dealt with a medical medication error happening within their system that affected 2000 patients. Fortunately, no patients were harmed.

The incident in 2011 happened nine months after Lifespan implemented their Stage 1 release of software. At that time, a clinician found a bug that caused a medication error. It was determined that the bug had been in the code since implementation.

At that time, Lifespan held several sessions with the legacy system vendor and received a work around solution to mitigate the possibility of another error. It took eleven months for the legacy vendor to deliver the fix and Lifespan to test it. The fix was put into production October 2012.

However, during vendor sessions held during FY 2012, the same medication error occurred during a demonstration of the legacy system. So Lifespan hospitals decided not to upgrade to the new legacy product and instead chose a new vendor for a new EHR system. The new vendor is certified for Stage 2 of Meaningful Use and the new implementation system is expected to be completed by April 2015.

As Cotter emphasized, many lessons were learned from the medication error and certainly Lifespan will not implement software that is not thoroughly tested and approved by the clinicians using it.

An important lesson learned is that due to the complexity of the environment and delayed deliveries, system upgrades can’t always be adequately tested by strict deadlines which can result in rushed implementations that may increase the likelihood of errors. The solution is to extend the implementation timeline for Stage 2 to give vendors and providers more time or make reasonable accommodation when hospitals and providers request a hardship exception.

According to Robert Jarrin Senior Director Government Affairs, at Qualcomm, Inc, FDA’s regulatory guidance pertains to a subset of mobile apps called “Mobile Medical Apps” (MMA), which means that these apps are used as an accessory to a regulated medical device or can transform a mobile platform into a regulated medical device.

However, this guidance does not specifically address wireless safety considerations or the application of quality systems to software. FDA intends to address these topics through separate guidance documents.

FDA does not consider MMAs to be electronic copies of medical textbooks, teaching aids, reference materials, apps that log, record, track evaluate, or make decisions, related to developing or maintaining general health and wellness, apps that automate general office operations, generic aids that assist users but are not for a specific medical indicators, and EHRs and PHRs.

Jarrin wants to see the final action on MMAs give more examples on what is not regulated, specific examples of what is regulated but won’t be through enforcement discretion, clarity on intended use, low risk class 1 devices, should be exempt from Good Manufacturing Practice (GMP), accessories should be classified according to their individual level of risk, information provided on actions to centralize internal and external efforts on wireless health, and address the need for better resources to help manufacturers.

Deven McGraw, Director of the Health Privacy Project Center for Democracy and Technology pointed out that the HITECH/Omnibus Rule is a win for patients in terms of privacy. The rule basically changes the breach notification standard, extends accountability down the health data chain to business associates and their subcontractors, and strengthens marketing protections.

The Rule is a “Win” for patients since patients will now be able to obtain electronic copies of health information but yet McGraw feels that the 30-60 day wait is too long. However, Meaningful Use Stage 2 offers opportunities for more immediate access. Now patients can choose to receive information in an unsecure way if they prefer but it requires the provider to provide a warning that the information is not secure.

As McGraw said, “Increased enforcement is a win for patients, but building patient trust in health IT requires a reliable system of accountability but at the same time, liability fears are holding some providers back.”

She continued to say, “More guidance is needed from the Office of Civil Rights on how to comply and deal with privacy and mobile technologies. Another issue is how to protect health data when collected and shared by entities not covered by HIPAA so a workable framework is needed to address the issue of reusing health data.”

The Institute for e-Health Policy, a subsidiary of the HIMSS Foundation, manages the speaker luncheon series. For more information, go to www.e-healthpolicy.org or call (703) 562-8870.

Share Button