Site moved to, redirecting in 1 second...

13 posts categorized "FDA"

January 30, 2015

Privacy and Security and the Internet of Things

"Only Connect"

In the future, everything will be connected.

That future is almost here.

Over a year ago, the Federal Trade Commission held an Internet of Things workshop and it has finally issued a report summarizing comments and recommendations that came out of that conclave.

As in the case of the HITECH Act's attempt to increase public confidence in electronic health records by ramping up privacy and security protections for health data, the IoT report -- and an accompanying publication with recommendations to industry regarding taking a risk-based approach to development, adhering to industry best practices (encryption, authentication, etc.) -- seeks to increase the public's confidence, but is doing it the FTC way: no actual rules, just guidance that can be used later by the FTC in enforcement cases. The FTC can take action against an entity that engages in unfair or deceptive business practices, but such practices are defined by case law (administrative and judicial), not regulations, thus creating the U.S. Supreme Court and pornography conundrum -- I can't define it, but I know it when I see it (see Justice Stewart's timeless concurring opinion in Jacobellis v. Ohio).

Continue reading "Privacy and Security and the Internet of Things" »

July 22, 2014

FDA Social Media Guidance - Hangout on Air

FDAsm HOA banner

Last month, the FDA released draft guidance on social media and internet platforms with character space limitations and a separate draft guidance for correcting misinformation posted online. Some of us had been waiting for these guidelines for five years or more.

I discussed these guidance documents with Kathi Browne in a Google+ Hangout on Air:

Continue reading "FDA Social Media Guidance - Hangout on Air" »

June 17, 2014

#FDAsm - FDA Releases Draft Social Media Guidance Five Years After Public Hearing

FDAFive years after its most recent public hearing on the subject of social media marketing of drugs and medical devices, the FDA released a draft Guidance for Industry Internet/Social Media Platforms with Character Space Limitations— Presenting Risk and Benefit Information for Prescription Drugs and Medical Devices.

Update 7/24/2014, 11/25/2014: See my further discussion of these guidance documents in a Google+ FDA Guidance Hangout on Air and in an article on US FDA Social Media Guidance published in the UK PMlive directory of digital agencies.

Publication was prompted by a statutory deadline in the FDASIA, and there is a 90-day comment period now open. It's a little disappointing that it literally took an act of Congress to get the agency to focus and act on this issue, and that despite the focus all we're getting here is nonbinding sub-regulatory guidance.

Continue reading "#FDAsm - FDA Releases Draft Social Media Guidance Five Years After Public Hearing" »

FDA continues to detail types of mHealth apps it will not regulate

FDASince issuing its mobile medical applications guidance, the FDA has offered a number of clarifying statements, intended to give the regulated community a clearer idea of whether and when to expect any particular mHealth application to be considered a device.

Last week, the FDA added a category of applications with respect to which it intends to "exercise enforcement discretion" (i.e., not regulate):

  • Mobile apps that allows a user to collect, log, track and trend data such as blood glucose, blood pressure, heart rate, weight or other data from a device to eventually share with a heath care provider, or upload it to an online (cloud) database, personal or electronic health record. [Added June 11, 2014].

Continue reading "FDA continues to detail types of mHealth apps it will not regulate" »

May 15, 2014

HIPAA for Web and Mobile Developers and Designers (and for everyone, The Data Map)

DatamapI spoke at the HxRefactored conference in Brooklyn this week. The title of my talk was Dancing with HIPAA and it was intended as an introduction to health care data privacy and security regulations, practical concerns and -- most important -- practical solutions to privacy and security issues whether subject to HIPAA or not. Many issues for this audience will be triggered by data not gleaned from a health record maintained by a health care provider or payor. Instead, such data may be released by an individual (and therefore no longer covered by HIPAA) and mashed up with data feeds from personal trackers and manually inputted data, put through a health behavior modification recommendation engine, and -- voila! -- behavior change recommendations are delivered to an individual. In this context, the health data is being held in a special-purpose PHR, not an EHR, so HIPAA rules don't apply and therefore OCR enforcement should not be of concern -- though the FTC breach notification rules apply and, as we know, the FTC asserts broad parallel jurisdiction to enforce HIPAA as well.

Continue reading "HIPAA for Web and Mobile Developers and Designers (and for everyone, The Data Map)" »

April 07, 2014

FDASIA Health IT Report Issued; Comments Welcomed on Three-Agency Approach

Pages from HealthITreport_FINALThe FDA, the FCC and ONC issued a long-awaited joint report with a proposed strategy and recommendations for a risk-based framework for regulation of Health IT.

The report identifies four key priority areas and outlines next steps to take in each area:  

I. Promote the Use of Quality Management
II. Identify, Develop, and Adopt Standards and
Best Practices;
III. Leverage Conformity Assessment Tools; and
IV. Create an Environment of Learning and
Continual Improvement

This report should be read together with the FDA framework for regulation of mobile medical applications which was supposedly up in the air pending release of this report. It now seems that they are directed at related, but different, parts of the ecosystem. Both are part of a bigger story, including pending legislaton.

Continue reading "FDASIA Health IT Report Issued; Comments Welcomed on Three-Agency Approach" »

December 11, 2013

Digital Health: Apps, Analytics & Agencies

I spoke yesterday at the Massachusetts Bar Association's "Hot Topics in Healthcare" program. (Webcast live, and available behind a paywall at the link.)

Here are my slides:

Continue reading "Digital Health: Apps, Analytics & Agencies" »

October 30, 2013

Mobile Health Apps: Pass the Secret Sauce

6029363903_0e9abdceab_mThe IMS Institute for Healthcare Informatics released a report on the ecosystem bloody mess of 40,000+ mobile health apps that are available today. Hat tip to Jane Sarasohn-Kahn for writing about it today at Health Populi.

From the executive summary:

Over time, the app maturity model will see apps progress from being recommended on an ad hoc basis by individual physicians, to systematic use in healthcare, and ultimately to an end goal of being a fully integrated component of healthcare management. There are four key steps to move through on this process: recognition by payers and providers of the role that apps can play in healthcare; security and privacy guidelines and assurances being put in place between providers, patients and app developers; systematic curation and evaluation of apps that can provide both physicians and patients with useful summarized content about apps that can aid decision-making regarding their appropriate use; and integration of apps with other aspects of patient care. Underpinning all of this will be the generation of credible evidence of value derived from the use of apps that will demonstrate the nature and magnitude of behavioral changes or improved health outcomes.

(Emphasis supplied.)

We are nowhere near this endpoint -- integration of the use of health apps into health care management -- right now, due to a number of factors.

Continue reading "Mobile Health Apps: Pass the Secret Sauce" »

May 14, 2013

The FDA Patient Network Website - Pretty Darn Patient-Centered

FDA Patient Network 2
The FDA launched an impressive patient network website this month, after nearly four years of research, focus groups, usability testing and more. The twin goals for this website are promoting the educational mission of the FDA, and promoting opportunities for patient advocacy within the FDA — and earlier in the policymaking process than has been the case historically. James Valentine, Program Analyst in the Office for Health and Constituent Affairs put it simply and forcefully in a recent telephone conversation: “The idea is to engage the patient community, to have the patient voice heard at the FDA.”

Historically, the agency has been working with patients one-on-one, by phone and email, often when an extremely ill patient is seeking information on clinical trials or access to investigational products. The goal is to broaden the field of engagement. The agency has had patient representatives on its advisory committees since the late 1980s — an innovation that came about as part of the response to AIDS/HIV — and patient involvement in the FDA’s processes were further formalized in the late 1990s, as part of Clinton-era cancer initiatives. There are now about two hundred patient representatives involved in over 110 disease areas.

The FDA Safety & Innovation Act (enacted in mid-2012) mandates the involvement of patient representatives in roles beyond those of the advisory committees. Draft procedures for patient involvement are due to be made public in September of this year, according to Valentine. Unlike opportunities for patient involvement in other government agencies, the FDA recognizes patient representatives on advisory committees (and in the new roles) as consultants — just as scientific and clinical experts brought into the FDA process are recognized as consultants — and this means that patients involved in the FDA processes in an official capacity are paid for their time and expenses.

Aside from this new program, the website really just puts a patient-friendly face on an existing set of resources — clinical trials, investigational products, and more — but the improvement is quite welcome.

While the new website is a gateway to the FDA, Valentine assures us that “the Office of Health and Constituent Affairs is still here to help patients navigate the agency.”

The first FDA Patient Network live chat will be a town hall meeting with staff from the Office of Health and Constituent Affairs on May 21 at 3:00 p.m. EDT. Future chats will feature staff from throughout the agency.

Here’s hoping that the FDA will carry through on the promise of online openness.

David Harlow
The Harlow Group LLC
Health Care Law and Consulting 

A version of this post first appeared on, the blog of The Society for Participatory Medicine.

December 09, 2011

Microsoft GE Healthcare joint venture - A sign of weakness or strength?

Microsoft and GE Healthcare announced a joint venture yesterday (as-yet unnamed), trumpeted as bringing together the best of both companies' offerings in the health care provider market. (More from the NY Times.) Late in the day, I spoke with Brandon Savage, Chief Medical Officer at GE Healthcare, and Nate McLemore, General Manager of Microsoft Health Solutions Group.  They had a great deal to say about the companies' shared vision of the use of platform technology to enable care teams to deliver the right decision at the right time, noting that their core products complement each other rather than overlap.

The centerpiece of the collaboration will be an amalgamation (so to speak) of the two companies' strengths around Amalga (the Microsoft product) and Qualibria (the GE product). Brandon and Nate described the challenges facing these products thus: Qualibria needs to be able to pull in data from multiple sources better (Microsoft can help), and Amalga needs to be able to share best practices across sites better (GE can help).  

Put another way (to quote John Moore at Chilmark Research), Amalga is "more a toolset than a product." McLemore acknowledged that provider organizations need to make a substantial investment in customization in order to realize benefits from using Amalga, and noted that one of the keys to the synergy with GE is that GE can build the applications needed to unlock the value from Amalga for customers who can't or won't do it themselves.  While there have been some providers that have walked away from Amalga, there are some notable success stories (e.g. New York Presbyterian's dramatic reduction in DVT thanks to information extracted and interventions facilitated by Amalga's analytical tools).  (We should note that there a number of products that carry or have carried the Amalga brand; one of them, Amalga HIS, was sold to Orion Health in a deal that should close soon.)

Qualibria (the GE Healthcare product) is a tool to capture and disseminate medical knowledge and clinical decision rules developed by leading health systems and/or by individual client institutions (see further explanation of Qualibria a little more than halfway through the linked post).  

Savage and McLemore emphasized that their current focus is on population health -- Amalga and Qualibria both allow health care providers to manage populations of patients based on the aggregate date crunched by the two systems.  They also focused on the openness of the products they are building -- even though one might think of GE Healthcare as a "legacy" or "big iron" EHR vendor -- and emphasized the ability of legacy EHR vendors to integrate EHR assets in place with the analytics and clinical decision support provided by Amalga and Qualibria.

The scope of the joint venture announced raises two potential regulatory concerns:

  • First, there may be antitrust regulatory review needed before the transaction can proceed.

This is not GE Healthcare's first joint venture.  GE's joint venture with Intel -- kicked off about a year ago -- by contrast, is more focused on the patient, on the individual receiving home health services, and on the hardware that could be left in a patient's home and transmit data to the patient's health care providers, as needed.

It seems a little odd that Microsoft HealthVault is remaining at Microsoft rather than being moved into the new venture, particularly since Microsoft was, within the past year, talking up the integration of HealthVault and Amalga.  It remains to be seen whether HealthVault will follow the Google Health PHR into oblivion.  Peter Neupert, who has headed up Microsoft's Health Solutions Group, will be retiring from Microsoft, and will consult to the new entity on a part-time basis.  

This seems like the end of an era at Microsoft, with a division whose core product was acquired from an entrepreneurial hospital group about six years back.  As GE Healthcare folks would say, it looks like another case of "reverse innovation" -- except this time, instead of looking for reverse innovation from GE Healthcare technologies in developing countries, GE and Microsoft are hoping to do in a smaller setting what they have been unable to do in their corporate home settings.  As the CEO of the GE-Intel joint venture said recently: "My instructions are to drive the bus as if I stole it."  The new bus sounds like it will be driven by GE Healthcare, with a payload of Microsoft HSG IP in an engineering environment driven by Microsoft culture.  We'll have to wait and see whether and when it arrives at its final destination.

David Harlow
The Harlow Group LLC
Health Care Law and Consulting