Many have asked me for an analysis of the new FDA Mobile Medical Applications NPRM.
The FDA will not seek to regulate mobile medical apps that perform the functionality of an electronic health record system or personal health record system. However, the FDA defined a small subset of mobile medical apps that may impact the functionality of currently regulated medical devices that will require oversight. Here’s a thoughtful analysis by Bradley Merrill Thompson of Epstein Becker Green, which he has given me permission to post:
“Today, FDA published the long-anticipated draft guidance on the regulation of mobile apps—more specifically, what the agency calls “mobile medical apps”. This draft reflects significant efforts by FDA in a fairly short amount of time, and we applaud that work. Much of the framework of the FDA guidance is consistent with the work the mHealth Regulatory Coalition (MRC) published on its website earlier this year (www.mhealthregulatorycoalition.org). While FDA has done a good job getting the ball rolling, there are a number of areas that require further work. We all (including FDA) recognize that this draft guidance is certainly not the end of the story.
The regulatory oversight recommended in today’s draft guidance applies only to a small subset of mobile apps, which FDA defines as any software application that runs on an off-the-shelf, handheld computing platform as well as web-based software designed for mobile platforms. To be regulated, as a first step the app would have to first meet the definition of a medical device and then as a second step either (1) be used as an accessory to another regulated device or (2) “transform” the handheld platform into a device, such as by using the platform’s display screens or built-in sensors.
My travels in Japan included lectures in Tokyo and Kyoto, sharing lessons learned from the US health information technology national efforts. I highlighted that the Office of the National Coordinator has to balance the desire for innovation with a pace of change that vendors and clinicians can tolerate.
This led me to think about the pace of change that CIOs are experiencing right now. The IT innovations of the past few years have been dizzying and the cycle between the peak of hype to the trough of obsolescence is now measured in months, not years.
Some examples of rise and fall
1. Blackberry – I was one of the earliest adopters of Blackberry technology, using a small pager-like device for short text messages. As each new model was announced, I welcomed the innovations – the evolution from thumbwheel to joystick to track pad, larger color screens, cameras, video features, and voice memo recording. However, in 2011, my mobile device needs have outpaced Blackberry’s engineering. I now need a full featured web browser, a book reader, the ability to zoom/drag via touch screen, and a robust App Store. Until 2010, Blackberry seemed to be unstoppable in the corporate messaging world. Now it is laying of 2500 people as the iPhone and Android devices rapidly replace Blackberries in consumer and business settings. They tried very hard to introduce new devices such as the Storm, the Playbook, and the Torch, but came up short as customer expectations exceed their pace of innovation.
On September 11, 2001, I was sitting in my Harvard Clinical Research Institute office (I was CIO there from 2001-2007 as part of my Harvard Medical School CIO duties). A staff member ran into my office and told me that a plane had crashed into a World Trade Center Tower. This sounded like a horrible accident. Then, the second tower was hit and we knew this disaster was planned. News of the Pentagon and Pennsylvania crashes trickled in. I gathered all the staff and told them to focus on their families and personal safety, to go home and stay in touch virtually as we learned more about the day’s events.
What impact has 9/11 had on my healthcare IT world since then?
9/11 had a profound impact on our culture, making us all understand our vulnerability.
The loss of life gave us an appreciation of the preciousness of each day we have on the planet, putting the problems of our work lives in perspective.
The loss of infrastructure, including many data centers, was a wake up call that redundancy goes beyond servers, networks, and storage. Whole buildings can disappear in an instant through natural or manmade disaster.
As Patient Centered Medical Homes and Accountable Care Organizations form, the lines between professional and hospital practice become increasingly murky.
CMS has long required that hospital and professional records be separable, so that in the case of audits or subpoenas, it is clear who recorded what.
Today, the BIDMC ACO continues to expand into the community, adding owned hospitals, affiliated hospitals, owned practices, and affiliated practices.
Our strategy to date has been to use our home-built inpatient and ambulatory systems at the academic medical center, Meditech in the community hospitals, and eClinicalWorks in private ambulatory practices which are part of our ACO.
We share data among these applications via private and public HIE transactions – viewing, pushing, and pulling.
The challenge with emerging ACOs is that professionals are likely to work in a variety of locations, each of which may have different IT systems and each of which serves as a separate steward of the medical record from a CMS point of view.
Our clinicians are asking the interesting question – can I use a single EHR for all patients I see regardless of the location I see them?
Our legal experts are studying this question.
In 2011 and 2012 I wrote about the increasing problem of Business Spam – unsolicited, unconsented advertising that has grown in volume to the point that it constitutes more than half of my email . In 2016, I’ve done an experiment – I’ve not opted in to any newsletter, any website offering notifications or any vendor offering information. I’ve monitored my mailbox for violators of good email practices.
This month, we put a stop to it – cold turkey. Anyone sending business spam is now blocked from the 22,000 users of Beth Israel Deaconess and its affiliates.
Here’s how we did it – using a commercially available appliance we have black listed organizations which send bulk email and companies which violate unsolicited email policies.
I drank the kool-aid early. We installed our first EHR in 1996 with me doing the lion’s share of pushing and pulling. While I’d ultimately turn my back on this passion, I had a number of notable accomplishments before walking down my Damascus road.
- Within a year of implementation, our practice became one of the top installations for our vendor.
- Within 2 years I was elected to the board of our user group.
- Within 4 years I was president.
- In 2003, our practice was recognized by HIMSS as one of the top primary care installations of Electronic Records.
- In subsequent years I lectured around the country (for HIMSS) extolling the benefits of EHR for both quality and efficiency of care.
- As opposed to the experience of other physicians, our practice was not only successful in our implementation, we were in the top 10% in income for our specialty.
- Our quality metrics were also routinely far above national norms.
- In 2012, I was the physician representative for CDC public health grand rounds, discussing the upcoming EHR incentive program: Meaningful Use.
- By 2013, we easily qualified for stage 1 of Meaningful Use, and I happily accepted the financial fruit of my labors.
But the final years were not, as I expected, a triumph. I became increasingly frustrated with the worsening of our EHR by the “features” needed to qualify us for MU1. I also chafed at the way most physicians were meeting this criteria: by abandoning patient-centered care and adopting a data-centered care model. Patients were given useless handouts to summarize “care,” and the data requirement was satisfied. Patient portals gave limited access to information were touted as “patient centered” care, while the product was left unused by most patients, but the data requirement was satisfied.
It’s always interesting to talk with John Halamka, and last week–after athenahealth bought the IP but apparently not the actual code of the Beth Israel Deaconess Medical Center (BIDMC) web-based EHR he’s been shepherding for the past 18 years–I got him on the record for a few minutes. We started on the new deal but given that had already been covered pretty well elsewhere we didn’t really stay there. More fun that way–Matthew Holt
Matthew Holt: The guys across town (Partners) ripped out all the stuff they’ve been building and integrating for the last 30 years and they decided to pay Judy Faulkner over a billion dollars. And you took all the stuff that you’ve been building for the past 15 to 20 years and sold it to Jonathan Bush for money. Does that make you a better businessman than they are?
(Update Note 2/11/15: While I’ve heard from public & private sources that the cost of the Partners project will be between $700m and $1.4 billion, Carl Dvorak at Epic asked me to point out less than 10% of the cost goes to Epic for their fees/license. The rest I assume is external and internal salaries for implementation costs, and of course it’s possible that many of those costs would exist even if Partners kept its previous IT systems).
John Halamka: Well, that is hard to say, but I can tell you that smart people in Boston created all these very early systems back in the 1980s. On one hand, the John Glaser group created a client server front end. I joined Beth Israel Deaconess in 1996 and we created an entirely web-based front end. We have common roots but a different path.
It wasn’t so much that I did this because of a business deal. As I wrote in my blog, there is no benefit to me or to my staff. There are no royalty streams or anything like that. But sure, Beth Israel Deaconess receives a cash payment from Athena. But important to me is that the idea of a cloud-hosted service which is what we’ve been running at Beth Israel Deaconess since the late ’90s hopefully will now spread to more organizations across the country. And what better honor for a Harvard faculty member than to see the work of the team go to more people across the country?
MH: There’s been a lot of debate about the concept of developing for the new world of healthcare using client server technology that has been changed to “sort of” fit the integrated delivery systems over the last 10 years, primarily by Epic but also Cerner and others. In particular how open those systems are and how able they are to migrate to new technology. You’ve obviously seen both sides, you’re obviously been building a different version than that. And a lot of this is obviously about plugging in other tools, other technologies to do things that were never really envisaged back in 1998. You’ve come down pretty strongly on the web-based side of this, but what’s your sense for how likely it is that what has happened over the last five or ten years in most other systems including the one across the street we just mentioned is going to change to something more that looks more like what you had at Beth Israel Deaconess?Continue reading…
Of the nearly 100 people I interviewed for my upcoming book, John Halmaka was one of the most fascinating. Halamka is CIO of Beth Israel Deaconess Medical Center and a national leader in health IT policy. He also runs a family farm, on which he raises ducks, alpacas and llamas. His penchant for black mock turtlenecks, along with his brilliance and quirkiness, raise inevitable comparisons to Steve Jobs. I interviewed him in Boston on August 12, 2014.
Our conversation was very wide ranging, but I was particularly struck by what Halamka had to say about federal privacy regulations and HIPAA, and their impact on his job as CIO. Let’s start with that.
Halamka: Not long ago, one of our physicians went into an Apple store and bought a laptop. He returned to his office, plugged it in, and synched his e-mail. He then left for a meeting. When he came back, the laptop was gone. We looked at the video footage and saw that a known felon had entered the building, grabbed the laptop, and fled. We found him, and he was arrested.
Now, what is the likelihood that this drug fiend stole the device because he had identity theft in mind? That would be zero. But the case has now exceeded $500,000 in legal fees, forensic work, and investigations. We are close to signing a settlement agreement where we basically say, “It wasn’t our fault but here’s a set of actions Beth Israel will put in place so that no doctor is ever allowed again to bring a device into our environment and download patient data to it.”
Karen DeSalvo started as the new National Coordinator for Healthcare Information Technology on January 13, 2014. After my brief discussion with her last week, I can already tell she’s a good listener, aware of the issues, and is passionate about using healthcare IT as a tool to improve population health.
She is a cheerleader for IT, not an informatics expert. She’ll rely on others to help with the IT details, and that’s appropriate.
What advice would I give her, given the current state of healthcare IT stakeholders?
1. Rethink the Certification Program – With a new National Coordinator, we have an opportunity to redesign certification. As I’ve written about previously some of the 2014 Certification test procedures have negatively impacted the healthcare IT industry by being overly prescriptive and by requiring functionality/workflows that are unlikely to be used in the real world.
One of the most negative aspects of 2014 certification is the concept of “certification only”. No actual clinical use or attestation is required but software must be engineered to incorporate standards/processes which are not yet mature. An example is the “transmit” portion of the view/download/transmit patient/family engagement requirements.
There is not yet an ecosystem for patients to ‘transmit’ using CCDA and Direct, yet vendors are required to implement complex functionality that few will use. Another example is the use of QRDA I and QRDA III for quality reporting.
CMS cannot yet receive such files but EHRs must send them in order to be certified. The result of this certification burden is a delay in 2014 certified product availability.