Healthcare delivery has become increasingly reliant on state of the art medical devices and the multimodal data they produce. As a result, Healthcare Information Technology (HIT) Infrastructures have become vital to the collaboration and communication required to provide high quality care.
The United Stated Food and Drug Administration (FDA) examination of modern medical device networks and computer infrastructures, has led to the classification of most Healthcare IT infrastructure as a Class I medical device. Beginning on April 18, 2011, FDA classified hardware or software products that transfer, store, convert formats, and display medical device data as Class I Medical Devices.
Over the last few months, I have had the opportunity to discuss the impact of the MDDS rule with leading stakeholders at Healthcare Providers, the FDA and the HIT Industry.
This article series provides a digest of these interactions with these Industry thought-leaders. In this piece, we focus on the impact of the MDDS rule on Hospitals and Healthcare Providers. In our last installment, we covered the impact of the rule on manufacturers of IT systems marketed to Healthcare providers.
The Impact on Hospital and Healthcare Providers
Under most circumstances, Hospitals and Healthcare Providers using general purpose IT systems would not be considered MDDS manufacturers by the FDA.
“There is, however, the potential for impact on Healthcare providers if they use commercial software or hardware components, MDDS or even unclassified, and if the provider combines or modifies these products and uses them in clinical practice. In such scenario, the provider could be considered a device manufacturer and would need to register with the FDA as well as follow quality systems regulations,” said David Finn, Health IT Officer at Symantec.
“If an entity (e.g. a hospital or a clinical user) takes off-the-self general IT equipment or a MDDS and reconfigures, configures, modifies or adds custom software or hardware outside of original manufacturer’s specification for the intended use as a medical device and specifically for the functionality defined in the MDDS rule, that entity has made a new medical device is considered a manufacturer of a MDDS,” commented Bakul Patel, Policy Advisor at the Office of the Center Director, Center for Devices and Radiological Health at FDA. “As a manufacturer, the entity (e.g. a hospital or a clinical user) is required to comply with the Class I device requirement, which includes quality system regulation, for the part/portion of the equipment that has been reconfigured, configured, modified or to which custom software or hardware has been added outside of original manufacturer’s specification,” Patel added.
“Companies that feel the greatest impact of the MDDS final rule may be those that have customized the MDDS for features and functionality,” commented Edward J. Johnson Esq., Regulatory Analyst and of counsel for Axendia, Inc. “The final rule treats end users that have customized purchased MDDS as device manufacturers in their own right. A MDDS customized by a manufacturer for a customer would be considered a different version of that device. The costs associated with supporting multiple MDDS as devices may ultimately prove too burdensome for some manufacturers; however customers will expect manufacturers to bear them as part of doing business,” he added.
What is Driving the Focus on HIT?
FDA is not alone in driving Hospitals to better control and manage their HIT infrastructures. To address this growing concern, the International Electromechanical Commission (IEC) in collaboration with International Standard Organization (ISO) recently issued IEC 80001-1 “Application of risk management to information technology (IT) networks incorporating medical devices.” This global standard provides a framework with defined roles and responsibilities for Hospitals, Medical Device Manufacturers and IT Suppliers to ensure the safety, effectiveness of data and system security.
For its part, Joint Commission has issued an Alert detailing specific steps Healthcare providers should implement to prevent patient harm related to the implementation and use of HIT and converging Technologies. According to the Commission’s’ Sentinel Event Alert, Issue 42: “As health information technology (HIT) and “converging technologies”-the interrelationship between medical devices and HIT-are increasingly adopted by healthcare organizations, users must be mindful of the safety risks and preventable adverse events that these implementations can create or perpetuate.”
“I believe that MDDS requirements for Health IT systems that comply with FDA Quality Systems regulation and Medical Device Reporting can help to ensure that these systems are of high quality and that they assist clinicians in their efforts toward protecting the safety of patient care,” commented Peter L. Elkin, MD, MACP, FACMI, Professor of Medicine, Vice-Chairman, Department of Internal Medicine and Director, Center for Biomedical Informatics at Mount Sinai School of Medicine in New York. “The rigor that MDDS will bring to Health Information Technology systems may provide greater certainty and consistency in the way vendors support Interoperability. Interoperability requires the use of a common data infrastructure that could be used for both phenotypic and genotypic data to provide the kind of interoperability needed to do fully automated electronic quality monitoring (eQuality) and improve both quality of research and the quality of the care that patients receive, including data-driven recruitment of subjects,” added Dr. Elkin.
In the next article for this series, we will share findings from Axendia‘s whitepaper “Managing Smarter and Connected Healthcare Infrastructures” (sponsored by IBM).