Your SlideShare is downloading. ×
  • Like
Federal mHealth Policy 101
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.


Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Federal mHealth Policy 101


An introduction to Federal mHealth policies from the following agencies: HHS (CMS, FDA, OCR, ONC), NIST, FTC, FCC.

An introduction to Federal mHealth policies from the following agencies: HHS (CMS, FDA, OCR, ONC), NIST, FTC, FCC.

Published in Health & Medicine
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
No Downloads


Total Views
On SlideShare
From Embeds
Number of Embeds



Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide
  • This presentation, for providers and developers alike, will serve as an introduction to Federal mHealth policies from the following agencies: HHS (CMS, FDA, OCR, ONC), NIST, FTC, FCC.
  • Definition
  • Who: Who is the product intended to be used by?What: How does the product record and analyze the information? When: What settings can the product be used in – different requirements for clinical vs home useWhere: What connectivity is required for successful utilization of the product? Why: Why is the product used?
  • Each of the feds


  • 1. @jess_jacobs @FHCInnovation #HIMSS13 #mHIMSS #Policy Federal mHealth Policy 101 Jess Jacobs, MHSA, CPHIMSDISCLAIMER: The views and opinions expressed in this presentation are those of the author and do not necessarily represent official policy or position of HIMSS.
  • 2. @jess_jacobs @FHCInnovation #HIMSS13 #mHIMSS #Policy Conflict of Interest DisclosureJessica Jacobs, MHSA, CPHIMS Has no real or apparent conflicts of interest to report.
  • 3. @jess_jacobs @FHCInnovation #HIMSS13 #mHIMSS #Policy Learning Objectives• Recognize the oversight of seven federal agencies/opdivs on mHealth related technologies• Distinguish between federal policies that apply to mHealth product development verses mHealth adoption• Identify federal policies relevant to their organizations application of mHealth
  • 4. @jess_jacobs @FHCInnovation #HIMSS13 #mHIMSS #Policy AgendaIntroduction Policy 101 Policy ContinuumWhat’s this mean?
  • 5. @jess_jacobs @FHCInnovation #HIMSS13 #mHIMSS #PolicymHealth is the use of mobile andwireless devices to improve health outcomes,healthcare services, and health research. - 2011 NIH Consensus Group
  • 6. @jess_jacobs @FHCInnovation #HIMSS13 #mHIMSS #Policy That seems general… Who • Patient? Provider? • Data collected? DataWhat disseminated? Analysis? Recommendations?When • Home? Hospital? Car?Where • Broadband? Wifi? Wired? • Treat a disease? General Why wellness?
  • 7. @jess_jacobs @FHCInnovation #HIMSS13 #mHIMSS #Policy AgendaIntroduction Policy 101 Policy ContinuumWhat’s this mean?
  • 8. @jess_jacobs @FHCInnovation #HIMSS13 #mHIMSS #PolicyPolicy 101: Federal Government Organization
  • 9. @jess_jacobs @FHCInnovation #HIMSS13 #mHIMSS #Policy Policy 101: Policy ProcessHears a Passes a Signs into Translates Compliesneed Bill Law into Policy
  • 10. @jess_jacobs @FHCInnovation #HIMSS13 #mHIMSS #PolicyPolicy 101: Lots of Cabinet Players
  • 11. @jess_jacobs @FHCInnovation #HIMSS13 #mHIMSS #Policy Policy 101: The Cabinet National Institute of Department of CommerceUnited States Executive Branch Standards and Technology (DOC) (NIST) Food and Drug Administration (FDA) Office of the National Coordinator for Health IT (ONC) Department of Health and Office of the Secretary (OS) Human Services (HHS) Office for Civil Rights (OCR) Centers for Medicare and Medicaid Services (CMS) Federal Communications Commission (FCC) Independent Offices Federal Trade Commission (FTC)
  • 12. @jess_jacobs @FHCInnovation #HIMSS13 #mHIMSS #Policy AgendaIntroduction Policy 101 Policy ContinuumWhat’s this mean?
  • 13. @jess_jacobs @FHCInnovation #HIMSS13 #mHIMSS #PolicymHealth Policy Continuum AdoptionPrivacy/Security Safety/Efficacy Communication
  • 14. @jess_jacobs @FHCInnovation #HIMSS13 #mHIMSS #Policy Safety and EfficacyRunning the Show Backup Singers
  • 15. @jess_jacobs @FHCInnovation #HIMSS13 #mHIMSS #Policy Safety and Efficacy: FDA• Food and Drug Administration is responsible for vetting the safety and efficacy of medical devices.• Authority: – Food, Drug, and Cosmetic Act 1938 • FDA is responsible for regulating medical devices – FDA Safety and Innovation Act 2012, Section 618 • FDA, FCC, ONC will coordinate on regulatory framework.• Recent Guidance: Mobile Medical Apps Guidance (MMA) • If the mobile medical app falls within a specific medical device classification or augments functionality to a specific medical device classification, manufacturers are immediately subject to meet the requirements of that classification (either I, II, or III).
  • 16. @jess_jacobs @FHCInnovation #HIMSS13 #mHIMSS #Policy Safety and Efficacy: FDA Devices• Medical Devices are classified Class I, II, and III.• Based on Intended Use and Indications for Use Class 1: Not substantially important to health Class 2: Perform as indicated General Controls Class 3: Sustain Life • Listing Special Controls • Premarket Notification • Labeling • Recall Processes Premarket Approval • Post Market • Good Manufacturing Surveillance Processes • Performance Standards
  • 17. @jess_jacobs @FHCInnovation #HIMSS13 #mHIMSS #Policy Safety and Efficacy: FDA DeviceAnything that isn’t a drug and is used to: Diagnose Cure Mitigate Treat Prevent a disease or condition.
  • 18. @jess_jacobs @FHCInnovation #HIMSS13 #mHIMSS #PolicySafety and Efficacy: FDA MMA Displaying, Storing, or Transmitting • If a mobile medical app allows for the display/storage/or transmission of patient-specific information (PHI) in its original format, it is a medical device. This category of mobile medical apps are primarily used as secondary displays (and not for primary diagnosis/treatment decisions) and will only require Class I requirements. Controlling connected medical devices • If a mobile medical app allows for the control of another medical device, it must adhere to the regulations applicable to the connected device. These mobile medical apps can control the use, function, modes, or energy source of a regulated medical device.
  • 19. @jess_jacobs @FHCInnovation #HIMSS13 #mHIMSS #PolicySafety and Efficacy: FDA MMA Mobile platform transformation • If a mobile medical app transforms a mobile platform into a regulated medical device, it is regulated under the class applicable to its intended use. Interpretation of Medical Device Data • If a mobile medical app is intended to analyze or interpret data from a medical device for the purposes of creating alarms, recommendations, or information, is considered an accessory to the first medical device and regulated under the first medical device’s class.
  • 20. @jess_jacobs @FHCInnovation #HIMSS13 #mHIMSS #Policy Safety and Efficacy: FDA MMA• Possibly Regulated: “Regulatory discretion will be used regarding mobile apps which meet the FD&C’s device definition but are not an accessory to a regulated device or intended to transform a mobile platform into a regulated device. “ Applications which remind people to manually input information for logging/tracking/graphing. Patient education data viewers. Organization of personal health information - such as dosages, calories, doctor appointments, lab results, and symptoms. Over the counter medication lookup applications which provide the information available on drug labels.
  • 21. @jess_jacobs @FHCInnovation #HIMSS13 #mHIMSS #Policy Safety and Efficacy: FDA MMANot regulated:– Electronic versions of reference materials that do not contain patient- specific information– Health/wellness applications that do not intend to cure, treat, or diagnose– Automated billing, inventory, appointment, or insurance transactions– Generic aids (audio recording, note taking, etc)– mobile EHRs or PHRs
  • 22. @jess_jacobs @FHCInnovation #HIMSS13 #mHIMSS #Policy Safety and Efficacy: FCC• The FCC sets Specific Absorption Rate (SAR) limits to protecting human health from negative RF (Radio Frequency) exposure under Part 95.• Some examples of devices which might fall under FCC oversight include insulin/glucose monitors, wireless heart monitors, medical radios, and/or cell phones.• Authority: – Communications Act 1934 – Telecommunications Act 1996
  • 23. @jess_jacobs @FHCInnovation #HIMSS13 #mHIMSS #Policy Safety and Efficacy: FTC• The FTC sanctions individuals who advertise products inappropriately. – False or misleading – Omits material facts – Act or practice that is unfair – Cause substantial harm to consumers (CBA)• Authority: – Federal Trade Commission Act 1914 (Section 5)
  • 24. @jess_jacobs @FHCInnovation #HIMSS13 #mHIMSS #Policy CommunicationRunning the Show Backup Singers
  • 25. @jess_jacobs @FHCInnovation #HIMSS13 #mHIMSS #Policy Communication• FCC is responsible for making sure devices are able to communicate without interference.• FCC technical requirements apply to devices that posses the potential to cause radio frequency – may include the granting of an FCC ID number.• Authority: – Communications Act 1934 – Telecommunications Act 1996 – Food and Drug Administration Safety and Innovation Act 2012
  • 26. @jess_jacobs @FHCInnovation #HIMSS13 #mHIMSS #Policy Communication: FCC Spectrum Allocation• Medical Radio Communications Service (MedRadio): medical devices for transmitting data containing operational, diagnostic and therapeutic information associated with a medical implant device or medical body worn devices• Medical Micropower Networks (MMNs): wireless medical devices that can be used to restore functions to paralyzed limbs• Medical Body Area Networks (MBANs): networks of body-worn wireless sensors that transmit patient data to a health care provider• Wireless Medical Telemetry Service (WMTS): a short distance data communication service for transmitting patient medical information to a central monitoring location in a medical facility• Medical devices may also operate under the rules for unlicensed devices under Part 15 in any frequency band available under that Part.
  • 27. @jess_jacobs @FHCInnovation #HIMSS13 #mHIMSS #Policy Communication: Standards• While not mandated, many standards organizations work in collaboration with federal partners.
  • 28. @jess_jacobs @FHCInnovation #HIMSS13 #mHIMSS #Policy AdoptionRunning the ShowRunning the Show Backup Singers Backup Singers
  • 29. @jess_jacobs @FHCInnovation #HIMSS13 #mHIMSS #Policy Adoption: CMS• Centers for Medicare and Medicaid Adoption (CMS) sets reimbursement guidelines and runs incentive programs for hospitals and providers.• Authority: – Social Security Act 1965 – American Recovery and Reinvestment Act 2010
  • 30. @jess_jacobs @FHCInnovation #HIMSS13 #mHIMSS #Policy Adoption: CMS, ONC, and NIST• Meaningful Use promotes the adoption of EHRs.• Operational Rule: • HHS Center for Medicare and Medicaid Services (CMS) writes the rule and administers the provider incentive/penalty program.• Technical Rules: • HHS Office of the National Coordinator for Health IT (ONC) is responsible for the Standards and Certification Rule. • NIST provides test criteria for EHRs to become certified.
  • 31. @jess_jacobs @FHCInnovation #HIMSS13 #mHIMSS #Policy AdoptionStages One and Two Stage Three and Beyond • Create the capacity for electronic episodes of care • How to incorporate patient generated data
  • 32. @jess_jacobs @FHCInnovation #HIMSS13 #mHIMSS #PolicyAdoption: Body of Evidence
  • 33. @jess_jacobs @FHCInnovation #HIMSS13 #mHIMSS #Policy Privacy and SecurityRunning the Show Backup Singer
  • 34. @jess_jacobs @FHCInnovation #HIMSS13 #mHIMSS #Policy Privacy and Security: OCR and HIPAA• HHS Office for Civil Rights promulgates rules to protect consumer health information.• Authority: – Health Insurance Portability and Accountability Act 1996 – American Recovery and Reinvestment Act 2010
  • 35. @jess_jacobs @FHCInnovation #HIMSS13 #mHIMSS #Policy Privacy and Security: OCR and HIPAA• HIPAA applies to Protected Health Information (PHI): – all "individually identifiable health information" – any form or media: electronic (ePHI), paper, or oral. – held or transmitted by a covered entity or its business associates. health care providers, health plans, health care clearinghouses, vendors
  • 36. @jess_jacobs @FHCInnovation #HIMSS13 #mHIMSS #Policy Privacy and Security: HIPAA• Rules: – OCR Privacy Rule: • Gives the consumer rights over his/her PHI • Sets rules and limits on who can view or receive PHI – OCR: Security Rule: • administrative, physical, and technical safeguards for PHI • Requires a risk assessment
  • 37. @jess_jacobs @FHCInnovation #HIMSS13 #mHIMSS #Policy Privacy and Security: FTC• The FTC protects consumer data privacy – Special rules for minors• FTC Health Breach Notification Rule: – Primarily applies to Personal Health Records• Authority: • Federal Trade Commission Act 1914 • Children’s Online Privacy Protection Act 1998
  • 38. @jess_jacobs @FHCInnovation #HIMSS13 #mHIMSS #Policy Privacy and Security: FCCNo Intercepting No Jamming
  • 39. @jess_jacobs @FHCInnovation #HIMSS13 #mHIMSS #Policy AgendaIntroduction Policy 101 Policy ContinuumWhat’s this mean?
  • 40. @jess_jacobs @FHCInnovation #HIMSS13 #mHIMSS #Policy What’s this mean? Question of Who. Manufacturer Healthcare Provider• Initiates Specifications • Hospital• Designs • Physicians• Labels• Creates a software system or application in whole or from multiple software components
  • 41. @jess_jacobs @FHCInnovation #HIMSS13 #mHIMSS #Policy Manufacturer Adoption Safety/Efficacy Communication Privacy/Security Make sure device If device, undergo Meet interoperability is FDA review and appropriate FCC compatible with oversight. technicalDevelopment ONC/NIST specifications specifications. Meet FCC and registration requirements for requirements. Make sure not RF. infringing on patents If device, If collecting PHI, fulfillDeployment postmarket HIPAA requirements surveillance. Have appropriate disclaimers and Don’t oversell to safeguards. avoid FTC oversight.
  • 42. @jess_jacobs @FHCInnovation #HIMSS13 #mHIMSS #PolicyHealthcare Providers and Facilities Adoption Communication Privacy/Security • Utilize • Use • fulfill all HIPPA certified EHRs appropriate requirements spectrum (Security specifications Assessment)
  • 43. @jess_jacobs @FHCInnovation #HIMSS13 #mHIMSS #PolicymHealth Policy Continuum AdoptionPrivacy/Security Safety/Efficacy Communication
  • 44. @jess_jacobs @FHCInnovation #HIMSS13 #mHIMSS #Policy Resources• FCC:• FTC:• FDA:• CMS:• ONC:• NIST:
  • 45. @jess_jacobs @FHCInnovation #HIMSS13 #mHIMSS #Policy Thank You! Questions? Jess Jacobs Special thanks to the 2011-12 mHIMSS Policy Workgroup W. Bradley, N. Falcone, R. Kennis, L. Kim, M. Kuriland, & D. Wongfor researching the whitepaper this presentation is based on.