Many involved in the world of health IT know that federal regulation is part of the deal. Issues of health information privacy have been subject to an array of federal and state laws for decades. HIPAA, the Federal Privacy Act, laws governing Medicaid, Medicare, the Veterans Health Administration, funds used for the treatment of mental illness, sexually transmitted infections and on and on all have privacy provisions. There is a similar regulatory scheme for data security, again including HIPAA, the Gramm-Leach-Bliley Act and other laws.
More recently, Congress began authorizing HHS and its Office of the National Coordinator for Health IT to fund and regulate electronic prescribing standards, health IT standards, certification, "meaningful use", information exchange and other provisions found in the American Recovery and Reinvestment Act of 2009.
Regulation of Health 2.0?
What many do not know is that FDA likely will play an increasingly important role in regulating health IT. We're reminded of this most immediately by the recent announcement that FDA is holding a public meeting regarding the "Promotion of FDA-Regulated Medical Products Using the Internet and Social Media Tools." The official announcement appears in the Sept. 21, 2009, Federal Register.
This hearing, set for mid-November 2009, in Washington D.C., is intended to help guide FDA in making policy decisions on how the Internet and social media tools (e.g., blogs, microblogs, podcasts, social networking sites, online communications, video sharing, widgets, and wikis) can be used to promote FDA-regulated medical products -- including human and animal drugs and biologics, and medical devices -- in a truthful, non-misleading, and balanced manner.
Specific questions that will be addressed at the meeting include:
- For what online communications will manufacturers, packers or distributors be held accountable?
- How can manufacturers, packers and distributors fulfill regulatory requirements (e.g., fair balance) in their Internet and social network promotions?
- What parameters should apply to the posting of corrective information on Web sites controlled by third parties?
- When is the use of links appropriate?
In addition, FDA is seeking public comment on Internet adverse event reporting.
While many may read these questions as having implications for medical device and drug companies, it is important for Health 2.0 entrepreneurs and champions to participate in FDA's inquiry. For many in the Health 2.0 space, drug and device manufacturers and their marketing budgets are the lifeblood of this very young and fragile interaction between social media, consumers, patients, providers and others.
Should FDA exercise too heavy and regulatory a hand, Health 2.0 enterprises could find themselves without sponsors or support.
FDA and the Regulation of Health IT
FDA's authority is exceptionally broad. Under the Food, Drug and Cosmetic Act of 1938, Congress provided for the regulation of, among other things, "an instrument, apparatus, implement, machine, contrivance, implant, in vitro reagent, or other similar or related article, including any component, part, or accessory, which is … intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease, in man or other animals …"
This authority, taken to the present, gives FDA authority to regulate certain health IT, specifically regarding its safety.
For years, FDA has regulated the software used by blood centers. Typical blood centers are highly reliant on sophisticated technologies to process, analyze and type blood and blood products. Embedded in these technologies is software that allows the processes to run virtually free of human oversight or intervention. Software errors could be catastrophic and, thus, FDA has carefully regulated them.
On the other end, FDA has no interest -- and probably no authority -- in the regulation of scheduling software, software or devices that handle static data, databases, etc. The threshold question has been, is there a clinician making an independent professional decision that stands between the health IT and the patient? If the answer is "yes," FDA, even where it may have regulatory authority, has typically elected not to exercise authority.
If, on the other hand, there is no clinician (as in the case of the blood centers) or, if the clinician is in a situation where it might be impossible for there to be an independent clinical judgment, then FDA is more inclined to regulate.
There are generally two instances where, even if a clinician is present, FDA might find the need to regulate in an abundance of caution and safety. First, there are some processes that are simply too complex, and the clinician has no choice but to rely on the output of the medical software. An example would be software used in the targeting of certain beam therapies.
Second would be in those instances where the demands for urgent and immediate clinical intervention cause a clinician to be over-reliant on health IT. Here, a good example might be emergency department clinical decision support software. One can easily imagine that on a Saturday night in a large urban hospital ED or in the midst of a mass casualty event, an ED clinician may look to the decision support software in making snap clinical decisions.
FDA Scrutiny of Health IT Will Grow
FDA's scrutiny of health IT can only be expected to expand. This will be the case, in particular, as health IT allows for greater personal and family involvement in patient care. For some time, many of us have projected that the ever-evolving sophistication of health IT would at some point marry with the pressure to have care provided at the lowest level of intensity. Some care once available only in hospitals is now available in our homes.
As we confront the challenges of a rapidly aging society, increasingly the preference -- both for us as individuals seeking to maintain our autonomy and dignity and for society seeking to constrain the cost of care -- will be to support aging in place, in our homes. Increasingly, the ability for us to do that -- to avoid being institutionalized -- will require the use of health IT for monitoring and treatment. As we move in that direction, we should expect, and may desire, to have FDA paying close attention to health IT safety.