How ironic. Three health IT industry experts are concerned that "FDA has largely placed the burden of reviewing and certifying mobile health apps on the marketplace."
How reckless of FDA.
Of course, the commercial Big Health IT sector is itself self-policing and needs no regulation ... and certainly not by the likes of FDA ...
(See my Sept. 16, 2013 letter to the first expert at my post "An Open Letter to David Bates, MD, Chair, ONC FDASIA Health IT Policy Committee on Recommendations Against Premarket Testing and Validation of Health IT", http://hcrenewal.blogspot.com/2013/09/an-open-letter-to-david-bates-md-chair.html.)
JAMA Viewpoint: Mobile Health Apps Need Review, Assessment Wednesday, March 26, 2014
http://www.ihealthbeat.org/
articles/2014/3/26/jama-
viewpoint-mobile-health-apps-
need-review-assessment
In a viewpoint published in the Journal of the American Medical Association, three industry experts urge the Office of the National Coordinator for Health IT to facilitate the creation of an "unbiased review and certification process" for mobile health applications, FierceMobileHealthcare reports.
The viewpoint was written by:
David Bates, who works at Harvard Medical School, Brigham and Women's Hospital and Partners Information Systems and is chair of the Food and Drug Administration Safety Innovation Act Workgroup;
Adam Landman of Harvard Medical School, Brigham and Women's Hospital and Partners Information Systems; and
Adam Powell, president of Payer+Provider Syndicate (Mottl, FierceMobileHealthcare, 3/24).
According to the viewpoint, FDA has largely placed the burden of reviewing and certifying mobile health apps on the marketplace.
From the JAMA viewpoint piece itself at https://jama.jamanetwork.com/article.aspx?articleid=1852662:
The US Food and Drug Administration (FDA) has paid close attention to mHealth apps, because it has regulatory authority over their safety. The agency recently clarified that mHealth apps acting as medical devices or as accessories to medical devices will require FDA approval, whereas apps that provide users with the ability to log life events, retrieve medical content, or communicate with clinicians or health centers will not be regulated under its jurisdiction. For example, an app that tracks glucose levels and suggests insulin dosages would be regulated, whereas an app that tracks a patient’s weight and makes general suggestions about exercise would not. In general, apps that provide precise treatment recommendations and diagnostic information will receive more regulatory attention. Although the FDA has focused on safety, it has largely left the review and certification of apps to the marketplace.
Whereas FDA seems to be resisted regarding reviewing and regulating commercial health IT ... because innovation will be impeded ...
They note that FDA's final rule for mobile health app regulation is organized on a risk-based approach that prioritizes high-risk apps. They write that as a result, "apps that provide precise treatment recommendations and diagnostic information will receive more regulatory action," while "apps that provide users with the ability to log life events, retrieve medical content, or communicate with clinicians or health centers will not be regulated under [FDA's] jurisdiction."
Isn't that almost exactly what the Food and Drug Administration Safety Innovation Act (FDASIA) Health IT Policy Committee Workgroup chaired by Bates recommended for commercial health IT? That commercial health IT should generally not be subject to FDA premarket requirements, with a few exceptions: medical device accessories, high-risk clinical decision support, and higher risk software use cases?
The authors add that current review and assessment protocols for mobile health apps focus on "personal impressions, rather than evidence-based, unbiased assessments of clinical performance and data security," which are "available for other categories of health [IT] software" (Slabodkin, Health Data Management, 3/24).
In JAMA they state "Certification entities in other industries are successfully protecting people from harm." Is FDA a "certification entity?" I thought it had regulatory authority besides ...
Perhaps they can also tell us where we can go to get robust "evidence-based, unbiased assessments of clinical performance and data security" regarding, say, Cerner products, EPIC products, McKesson products, Allscripts products, etc.?
The authors suggest KLAS is the sine qua non of robust commercial health IT evaluation transparency (http://www.klasresearch.com/about/company.aspx):
... The currently available reviews of mHealth apps have largely focused on personal impressions, rather than evidence-based, unbiased assessments of clinical performance and data security. Although evidence-based reviews are not extensively available for mHealth apps, they are available for other categories of health information technology software. For instance, KLAS has successfully made a business out of producing report cards on the quality of health information technology vendors and enterprise software packages, presumably simplifying the lives of hospital leaders.
Do the authors really know the testing a drug or medical device undergoes by FDA?
To use KLAS "report cards" as a gold standard of commercial HIT evaluation comparable to, say, FDA validation of drugs and devices, or FAA software validation regarding "accuracy, safety and security" is, in my mind, a significant leap of faith.
Recommendations
The authors call on ONC to help facilitate a review and assessment process by commissioning "both for-profit and [not-for-profit] entities" to certify such apps "in a similar manner to which review occurs in many other industries" (FierceMobileHealthcare, 3/24).
Except, apparently, the commercial health IT industry which gets extraordinary special accommodation compared to other healthcare and mission critical sectors. The "similar manner" does not seem to apply to major commercial HIT systems that are actually known to be harming people. (E.g., see http://hcrenewal.blogspot.com/2013/02/peering-underneath-icebergs-water-level.html and http://hcrenewal.blogspot.com/2014/02/patient-safety-quality-healthcare.html.)
They argue that "guidelines could be established to help developers build high-quality apps and to serve as a basis for app review." They suggest that such guidelines address issues such as:
Accuracy;
Safety; and
Security (Health Data Management, 3/24).
At least such guidelines are starting to appear for commercial HIT. It took a few decades, but better late than never.
They conclude that "the potential of apps will only be realized if patients and clinicians trust apps, if apps are known to be effective, and if apps can communicate securely and meaningfully with [electronic health records] and personal health records,"...
That's news?
... adding, "Establishing an unbiased review and certification process is a key step in helping mHealth apps achieve their potential" (Powell et al., JAMA, 3/24).
I hope the "certification process" is more robust than commercial HIT "certification", which in my view is not very effective in determining accuracy, safety and security.
-- SS