FDA considers a move to regulate hospital patient information software
FDA considers a move to regulate hospital patient information software
Could have potentially disastrous’ impact on CPR development
If you think moving toward a computerized patient record (CPR) is difficult now, imagine the headaches involved if you could only select components from government-approved software. A scenario being playing out now in Washington, DC, could lead to just that.
The Food and Drug Administration (FDA) is considering including patient information software systems in its definition of regulated medical devices. That could mean that the CPR you’re developing, own, or are interested in buying or developing, would have to go through the same type of extensive approval system that new drugs face.
The move could affect all software that is not part of a medical device but runs systems that contain patient-related data, such as electronic medical records. The standards also could extend to claims processing programs and applications that enable physicians to prescribe, order, or implement services that affect treatment and outcomes.
It’s not time to panic, but it is time to be concerned, says Linda Kloss, RRA, executive vice president of the American Health Information Management Association in Chicago.
"It would present a terrible barrier to the development of computer-based patient records," she says. "The FDA includes a pre-approval process before any technology can go onto the marketplace. And even if there are just major modifications, the approval process has to be undertaken all over again."
That process is painfully familiar to the pharmaceutical industry. Pharsight, a clinical trial consulting company based in San Francisco, says its research shows that the average FDA approval time for a new drug is currently 1.7 years, which is actually down from 2.7 years in the 1990 to 1993 period. However, the company notes that with drugs the time needed for clinical trials has grown. On average now, the approval time, including FDA consideration, is eight to 12 years, at a cost of more than $360 million.
The FDA broached the idea of new regulations in meetings with software vendors last September. That discussion reportedly included whether to draft new oversight regulations or place the programs under the existing Safe Medical Devices Act. A coalition of interested health care organizations was quickly formed to counteract the move and is urging the FDA to include CPR-type software in any new regulations.
"Our organizations feel this could slow down the development of a computerized patient record and would be potentially disastrous to that development," says Kloss. "It also seems that it would even conflict with the public policy which favors development of a computerized patient record."
"What’s motivating them now is hard to understand because to the best of our knowledge there haven’t been any incidents of significance where medical software has hurt patients," says Randolph Miller, MD, professor of biomedical infomatics at Vanderbilt University in Nashville and a past president of the American Medical Infomatics Association. "In fact, there has been a lot of documentation that major adverse events have been prevented by computerized systems. I guess [FDA authorities] are concerned because there are no regulations in effect, and that’s probably the way it should be."
This is not the first time the issue has come up. In 1989, when the FDA drafted regulations for clinical software, concern was expressed about other medical software. The FDA, however, opted to exclude informational software and software controlled by practitioners.
Miller warns that the current FDA deliberations should not be taken lightly. "This is a serious attempt. They’ve already prepared some draft guidelines on how they would do this, and they’re holding meetings trying to get input," he says.
"Everything is still under discussion," says FDA spokeswoman Sharon Snider. "We’re doing a lot of active listening, but no final decisions have been made." Among the choices facing the agency is to do nothing at all, Snider adds.
The impact of new regulations would depend on how the FDA would classify various types of software, Miller says. "If they have a reasonable classification system and exempt things that should be exempted, it wouldn’t have much impact. But if they classify a lot of things as being medical devices, that presents some very onerous problems. They could, in the worst case scenario, kill off large portions of the medical software industry."
Hospitals using software not in compliance with any new regulations could have to alter their existing programs or replace them with federally approved commercial software even if a provider’s existing system is similar or identical. Providers also might have to submit to regular quality-assurance audits and periodic reviews conducted by the FDA.
The additional regulation should be of special concern to anyone involved in hospital reimbursement because of the increasing reliance by financial departments on computerized claims processing systems, says Carla Smith, executive director of the Center for Healthcare Information Management in Ann Arbor, MI. Lack of compliance with FDA regulations also could affect accreditation and possibly even certification for programs such as Medicare or Medicaid.
Commercially developed software would be the largest target of regulators. But of special interest to the FDA are custom-designed software programs developed internally by facilities to meet their own information needs. Hundreds of hospitals have developed such in-house programs, which the FDA says have raised consumer-protection concerns and the possible need for oversight.
While some say the concern about so-called home-grown systems is legitimate, others argue that now is not the time.
"Software is a very dynamic thing, especially software for computerized patient records," says Kloss. "We’re far from knowing what that software should look like, and we need to be in an environment of great innovation."
There also are concerns about the difficulty of regulating a technology that is so multifaceted. For example, with the way providers typically use software today, it is often impossible to say where the clinical function ends and the facility’s operational concerns begin, Smith says.
Providers generally tie peripheral systems to a core software program. The peripherals perform a variety of tasks from inventory control to patient scheduling and prescription ordering.
The regulations could pose special problems for large hospitals that deal with several software companies and consultants at the same time. In trying to comply with regulations, administrators may have a difficult time, especially if some vendors have gone out of business, says Warren L. Chandler, senior vice president and chief information officer with Baptist St. Vincent’s Health System in Jacksonville, FL.
In addition, their software may no longer be licensed or may not be adaptable to meet compliance standards, Chandler says.
Most large vendors with mainstream products, however, are likely to "bend over backwards to help modify their clients’ software," which will probably make compliance affordable for most facilities, Chandler says. It would be extremely rare if a facility would have to replace its software with something entirely new, says Smith.
Ironically, the FDA’s consideration of new regulations comes as the technology industry is addressing the specific issues that hinder CPRs, such as developing unique identifiers. (For details, see story, p. 47.)
So if you’re moving towards a CPR should you stop in your tracks? "My advice would be to keep going," says Kloss. "We think there will at least be some good dialogue over definitions of the types of systems that we can agree on. It seems logical to believe that the positive public policy aspects of the CPR will be the overriding factor."
But she admits the debate raises good questions that the health care industry should be answering. Information technology has grown quickly but there are no standards for judging what is fit to use, she notes. "There probably should be more consideration of things such as software quality control and how an organization monitors and tests software integrity. Do we just rely on what the vendors tell us? There really does need to be some ownership of the quality and integrity of software we acquire. We’re just at the beginning of this process now."
Subscribe Now for Access
You have reached your article limit for the month. We hope you found our articles both enjoyable and insightful. For information on new subscriptions, product trials, alternative billing arrangements or group and site discounts please call 800-688-2421. We look forward to having you as a long-term member of the Relias Media community.