FDASIA REGULATIONS SUBCOMMITTEE

May 22, 2013

2

Agenda• 4:00 p.m. Call to Order – MacKenzie Robertson

Office of the National Coordinator for Health Information Technology

• 4:05 p.m. Opening Remarks – Brad Thompson and Julian Goldman, Co-Chairs

• 4:10 p.m. Discussion

- Background on the task before the subgroup

- Staying coordinated with the other two subgroups

- Work already done by other organizations

- Getting started on the questions presented• 5:25 p.m. Public Comment• 5:30 p.m. Closing Remarks; Adjourn

3

Background

The committee is charged with identifying the following:

1. Current areas of regulatory duplication, ambiguity, or oversight confusion.

2. Current areas of regulatory success and “best practices.”

3. Regulatory gaps in relation to identified patient safety and innovation needs.

4. Relative strengths and weaknesses of our current regulatory structure as it relates to health it and patient safety.

5. Strategies to improve efficiency and avoid duplicative regulatory processes.

6. Non-regulatory activities (existing or potential) that should be considered.

Is there anything else we ought to be considering?

4

Which laws and regulations are relevant?

Three primary areas:

1. FCC

2. FDA

3. ONC

5

Which laws and regulations are relevant?

But when it comes to considering issues of duplication, we have a wider focus:

1. HIPAA—privacy and security

2. Federal Trade Commission

3. Private standards and certification organizations

4. Laws governing marketing of regulated articles to HCPs

5. Transparency requirements in relationships with HCPs

6. State consumer laws

7. State regulation of medical devices

8. State product liability

9. State boards of medicine and pharmacy

6

In each regulatory area, we will focus on:

1. Scope questions. a) What gets regulated, and

b) What falls within scope but isn’t actively regulated

2. To what degree is it regulated?a) For example, FDA has three classifications

3. Lifecycle regulationa) What are the requirements

i. Premarket

ii. Manufacturing

iii. Promotion

iv. Post Market Reporting

v. Remediation

STRAWMAN PATIENT SAFETY RISK ASSESSMENT

FRAMEWORKFrom the subcommittee call on Monday, May 20

Now Outdated

7

STRAWMAN Dimensions of Patient-Safety Risks

• Purpose-user• Intended purpose of software• Intended user

• Characterizing patient-harm risk• Magnitude of risk• Likelihood of risk situation arising• Ability to mitigate risk

• Complexity of development, implementation, use• Post-marketing changes

• Customizability of software• Integration with other system components

• Wireless connectivity

8

STRAWMAN Framework forAssessing Risk of Harm

9

STRAWMAN INNOVATION RISK ASSESSMENT FRAMEWORK

Also outdated

10

Innovation Risk Assessment Framework (examples)

Regulatory Method Low Risk Medium Risk High Risk

Accountability modelMore transparent pre and post marketing data collection

Process Model

Software development process

Entity documents their process and measures their compliance to their defined process. An internal party defined to review and approve the clinical use of software.

Regulation defines the process and the measurements of the process that are published. Internal party set up to review and approve the clinical use of software.

Regulation defines the process, the measures, and inserts a third-party approval process before the software can be put into production.

Implementation process

Entity documents their process and measures their compliance to their defined process. An internal party defined to review and approve the clinical use of software.

Regulation defines the process and the measurements of the process that are published. Internal party set up to review and approve the clinical use of software.

Regulation defines the process, the measures, and inserts a third-party approval process before the software can be put into production.

Certification ModelRegulatory definition of principles with flexibility of innovation.

Test cases with precise user interface presentations and/or precise process behavior.

Innovation Impact

11

12

Input needed from taxonomy subcommittee

To get to a meaningful level, we will have to determine whether such areas as the following are within scope:

1. UDI

2. CPOE

3. MDDS

4. Mobile apps that act as accessories to medical devices (e.g. companion software for blood glucose meter)

5. Mobile apps that transform a cell phone into a medical device (e.g. electronic stethoscope)

6. CDS

7. EHR

8. Hospital IT networks of interoperable medical devices

9. What else?

13

We stand on whose shoulders?1. Report of the Bipartisan Policy Center: An Oversight

Framework for Assuring Patient Safety in Health Information Technology (2013)

2. A Call for Clarity: Open Questions on the Scope of FDA Regulation of mHealth: A whitepaper prepared by the mHealth Regulatory Coalition (2010), and subsequent policy papers, including mhealth use cases

3. CDS Coalition analysis of the factors that cause a user to be substantially dependent on software (2013)

4. Institute of Medicine (IOM) Report “Health IT and Patient Safety: Building Safer Systems for Better Care”

5. S. Hoffman, “Finding a Cure: The Case for Regulation and Oversight of Electronic Health Record Systems,” 22 Harvard Journal of Law & Technology 103 (2008).

14

We stand on whose shoulders?1. A. Krouse, “iPads, iPhones, Androids, and Smartphones:

FDA Regulation of Mobile Phone Applications as Medical Devices,” 9 Indiana Health Law Review, 731 (2012)

2. Proceedings of joint meeting of FDA, Center for Integration of Medicine and Innovative Technology and the Continua Health Alliance, on Medical Device Interoperability: Achieving Safety And Effectiveness 2010

3. Comments submitted to the International Medical Device Regulators Forum (IMDRF) on the Standalone Software Work Item by groups such as the mHealth Regulatory Coalition -- European Union working group.

4. What else?

15

Discussion questions

1. Identifying non-regulatory activities (existing or potential) that should be considered?

2. Identifying current areas of regulatory success and “best practices.” These are things we want to preserve or even expand.

3. Identifying relative strengths and weaknesses of our current regulatory structure as it relates to Health IT and patient safety.

16

PUBLIC COMMENT