abe-oldenburgl@bennettjones.com                                                  HEALTH CARE IT LEGAL ISSUES              ...
-2-                                                                                                   abe-oldenburgl@benne...
-3-                                                                                                   abe-oldenburgl@benne...
-4-                                                                                                   abe-oldenburgl@benne...
-5-                                                                                                   abe-oldenburgl@benne...
-6-                                                                                                   abe-oldenburgl@benne...
-7-                                                                                                   abe-oldenburgl@benne...
-8-                                                                                                   abe-oldenburgl@benne...
-9-                                                                                                   abe-oldenburgl@benne...
Upcoming SlideShare
Loading in …5

Health Care IT Legal Issues


Published on

Health Care IT Legal Issues:
1. Enabling IT from Mobile Devices: mHealth, mDevices and Telemedicine.
2. Current Hot Topics in Health Care IT Contracting.
3. Medical management System Architecture.

  • Be the first to comment

  • Be the first to like this

Health Care IT Legal Issues

  1. 1. abe-oldenburgl@bennettjones.com HEALTH CARE IT LEGAL ISSUES Lisa Abe-Oldenburg Bennett Jones LLP IT.Can Roundtable October 29, 2012Index1. Enabling IT from Mobile Devices: mHealth, mDevices and Telemedicine.2. Current Hot Topics in Health Care IT Contracting.3. Medical management System Architecture.1. Enabling IT from Mobile Devices: mHealth, mDevices and Telemedicine.“If the Internet is humanitys planetary nervous system, we are now building our planetaryimmune system,” Dr Nathan Wolfe.mHealthIn the early manifestations of health care, African villagers used smoke signals to warn people tostay away from the village in case of serious disease. In the early 1900s, people living in remoteareas in Australia used two-way radios, powered by a dynamo driven by a set of bicycle pedals,to communicate with the Royal Flying Doctor Service of Australia. Care at a distance (alsocalled in absentia care), was also often conducted via post.Today, the provision of health care or health-related information can be provided through the useof mobile devices (typically mobile phones but also other specialized medical mobile devicessuch as wireless monitors). There are 6 billion mobile phones in use worldwide. 1 Mobiledevices are ubiquitous and personal and the nature of mobility provides users with 24x7anywhere access to networks and information. The health care sector can benefit from the pre-existing investment and development that has already been made into network infrastructure,connectivity, user interfaces, hardware, IT, billing models and user training. So much computingpower and communication already exists in the hands of so many people. It is only natural thatmobile devices become a vital part of health care.Dr. Wolfe sees great potential in the mobile phone. When he visits remote parts of the Congo notconnected by road or electricity grid, he often finds that locals are able to use a mobile-phoneservice, recharging their phones at night using portable generators. He recently left his post at1 According to the International Telecommunication Union, there were 5.98 billion mobile phones in use at the end of 2011.C:My DocsPaper by Lisa Abe-Oldenburg on Healthcare IT Legal Issues for IT.Can Conference Oct 29-30 2012.docx
  2. 2. -2- abe-oldenburgl@bennettjones.comthe University of California, Los Angeles, to head the Global Viral Forecasting Initiative(GVFI). Since most deadly viruses, like HIV and SARS, originate in wild animals, his team isdeveloping a software system to offer hunters of bushmeat who are in constant contact with suchanimals, a tiny financial reward to send an SMS message letting him know when they are ill,which would provide a useful early warning. Health workers would then be sent to test the ailingperson to see if there is cause for alarm.2Wireless communication systems, hand held devices, mass data storage and cloud computingwill revolutionize health care to become more patient-centric, allowing for care anywhere andprecision-based medicine, by providing personalized, participatory, predictive and preventivetoolkits that will help patients manage genetic vulnerabilities, chronic illness, and episodic acuteconditions.As a result of demographic changes, such as ageing and chronic illness, the public sector isrecognizing a need to optimize access and quality of care, and is driving regulatory reform topartner with the private sector for innovation, efficiency, improved outcomes and cost reduction.Much of this innovation is being achieved through the adoption of mobile technologies, whichare being developed and deployed more rapidly in emerging markets than developing countries.In developed countries, health care systems are hospital-centric, focusing largely on acute careeven while chronic conditions dominate the disease load In emerging markets however,inadequate health infrastructure limits are driving growth in mobile health care as a means ofproviding access to much-needed health services, where patients were previously poorly served,or not served at all.Mobile applications and services can include, among other things, remote patient monitors, videoconferencing, online or text decision support/consultations, personal health care devices, wirelessaccess to patient records and prescriptions, text reminders, coaching anddemonstrations/explanations, drug adherence and verification, general health and wellness datagathering and monitoring.As an example, in Africa, mPedigree operates a program in partnership with the principaltelecom operators, leading pharmaceutical industry associations and Fortune 500 technologycompanies, to empower African patients and consumers to protect themselves from the fataleffects of pharmaceutical counterfeiting. The mPedigree mobile health platform allowsconsumers purchasing drugs to text (via SMS) at no cost (via their own or a shared mobilephone) a coded number on the packaging and receive instant verification, which will eitherconfirm that the product is legitimate or warn that it is counterfeit. The UN estimates thatroughly half of the anti-malarial drugs sold in Africa—worth some $438 million a year—arecounterfeits. The WHO has been working with government agencies and manufacturers aroundthe world to create a database of products, giving each packet of medicine a new number. A newinitiative from mobile phone company Orange (part of France Telecom), allows for tracking ofdrugs at any point in the distribution pipeline using widely available and relatively inexpensivetechnology. According to mPedigree, counterfeit drugs cause at least 700,000 deaths annually.32 "A Doctor in your Pocket", The Economist, April 16, 2009.3 http://mpedigree.net/C:My DocsPaper by Lisa Abe-Oldenburg on Healthcare IT Legal Issues for IT.Can Conference Oct 29-30 2012.docx
  3. 3. -3- abe-oldenburgl@bennettjones.comCounterfeit drugs used to be a problem for poor countries. Now they threaten the rich worldtoo.4 Through the use of mobile technology, hundreds of thousands of lives will be saved andcounterfeiters can be caught and brought to justice.mDevicesThe use of mobile devices on wireless sensor networks (WSN) in health care is flourishing.Applications of wireless sensor technologies, devices, services and tools, can help monitor thehealth status of patients, providing prevention and early intervention, feedback and coaching, inorder to reduce costs associated with chronic conditions that are the leading cause of disabilityglobally and which put an enormous strain on most health care systems.Mobile devices that can be used to monitor human activities using sensor technology andnetworks, may be deemed medical devices and subject to regulation as well as licenses 5 fromregulators in order to be sold in Canada.6 The term "Medical Devices", as defined in the Foodand Drugs Act, covers a wide range of health or medical instruments used in the treatment,mitigation, diagnosis or prevention of a disease or abnormal physical condition. Health Canadareviews medical devices to assess their safety, effectiveness and quality before being authorizedfor sale in Canada. Medical devices may also require certification by the Canadian NuclearSafety Commission (CNSC), and compliance with radiation emitting regulations, prior tolicensing for operational or servicing activities. With the advent of new unproven technologies,regulators will face challenges in seeking a balance between patient safety and potential benefits.The applications of mobile devices in medical use can be of two types: (i) wearable, and (ii)implanted.Wearable devices are those that can be used on the body surface of a human or just at closeproximity of the user. Some of the wearable medical devices and applications are: temperaturemeasurement, respiration monitor, heart rate monitor, pulse meter, blood pressure monitor,glucose sensor, etc.The implantable medical devices are those that are inserted inside the human body. Thesedevices and their applications include for example: cardiac arrhythmia monitor/recorder, brainliquid pressure sensor, endoscopic capsules, etc.The non-medical devices and their applications in the area of health care can include real-timevideo streaming and real-time audio streaming. Besides the typical scope of monitoringapplications in health care facilities, there are other uses such as remote controlled applications,data file transfer, measuring body positions and location of the patient, and at home monitoring.4 "Poison Pills", The Economist, 2 September 2010.5 In Canada, certain devices must have a Medical Device Licence before they can be sold. To determine which devices need a Licence, allmedical devices have been categorized based on the risk associated with their use. This approach means that all medical devices are grouped intofour classes with Class I devices presenting the lowest potential risk (e.g. a thermometer) and Class IV devices presenting the greatest potentialrisk (e.g. pacemakers). Prior to selling a device in Canada, manufacturers of Class II, III and IV devices must obtain a Medical Device Licence.Although Class I devices do not require a Licence, they are monitored through Establishment Licences.6 The Therapeutic Products Directorate (TPD) applies the Food and Drug Regulations and the Medical Devices Regulations under the authorityof the Food and Drugs Act to ensure that the pharmaceutical drugs and medical devices offered for sale in Canada are safe, effective and of highquality. The TPD also administers fee regulations for drugs and medical devices under the authority of the Financial Administration Act.C:My DocsPaper by Lisa Abe-Oldenburg on Healthcare IT Legal Issues for IT.Can Conference Oct 29-30 2012.docx
  4. 4. -4- abe-oldenburgl@bennettjones.comTo address the growing use of sensor technology in this area, a new field known as wireless bodyarea networks (WBAN or simply BAN) has emerged. Also, a new concept of "people centric"and "urban" wireless sensor networking has been proposed and is gaining momentum.Radio Frequency Identification (RFID) and Wireless Sensor Network (WSN) are two importantwireless technologies that have wide variety of applications and provide unlimited futurepotentials most especially in health care systems. RFID is used to detect presence and location ofobjects while WSN is used to sense and monitor the environment. Integrating RFID with WSNnot only provides identity and location of an object but also provides information regarding thecondition of the object carrying the sensor enabled RFID tag.As most devices and their applications are wireless in nature, security and privacy are amongmajor areas of concern. The direct involvement of humans also increases the sensitivity. Whetherthe data gathered from patients or individuals is obtained with the consent of the person orwithout it due to the need by the system, misuse or privacy concerns may restrict people fromtaking advantage of the full benefits from the system. Also of concern is the risk of seriouspersonal injury. People may not see these devices safe for daily use. Public fear that such devicesmay be used for monitoring and tracking individuals by government agencies or other privateorganizations and that those devices could be tampered with or contain defects, raises policyissues, will require strict regulation and contracts that fairly allocate liability risk for vendors andsuppliers.7TelemedicineIn the health care sector, many organizations and/or health care professionals use telemedicine tofacilitate access to health care for patients. However, many more are using it to increase access todistance education opportunities or to reduce the amount of travel and cost involved in attendingmeetings."Telemedicine" has been defined as the use of telecommunications technologies to createaudio/visual linkages between physicians and patients in different locations, in actual or storedtime.The benefits of telemedicine include improving access and quality of care, by having the rightprovider in the right place at the right time. The Ontario Telemedicine Network (OTN) is one ofthe largest telemedicine networks in the world. More than 3,000 health care professionals inmore than 1175 sites across the province use OTN to deliver care to their patients. This year,OTN will deliver more than 135,000 patient visits.Using two-way videoconferencing, OTN provides access to care for patients in every hospitaland hundreds of other health care locations across the province. OTN offers a full range oftelemedicine services, including videoconferencing, webcasting, store forward and telehomecareto meet various clinical, educational and administrative needs.7 Security and Privacy Issues in Wireless Sensor Networks for Health Care Applications, Moshaddique Al Ameen, Jingwei Liu and KyungsupKwak, Journal of Medical Systems, Volume 36, Number 1 (2012), 93-101, DOI: 10.1007/s10916-010-9449-4.C:My DocsPaper by Lisa Abe-Oldenburg on Healthcare IT Legal Issues for IT.Can Conference Oct 29-30 2012.docx
  5. 5. -5- abe-oldenburgl@bennettjones.comAreas where Telemedicine is being used include Teleneurology,8 Teleradiology, Telepathology,Teledermatology,9 Telecardiaology, Telepsychiatry, Teleopththalmology and Fetal Monitoring.The connectivity of telemedicine involves telecommunications systems, and in particular phonelines, Internet, satellite and wireless communications.One of the major concerns with any mobile or tele-medicine application is the issue of privacyand data security. In Ontario, personal health information is subject to the requirements of thefederal Privacy legislation as well as the Personal Health Information Protection Act, 2004.Other provinces have similar legislation.Another issue is the regulation of medical professionals across jurisdictional borders. TheCollege of Physicians and Surgeons of Ontario ("CPSO"), which regulates doctors in theprovince, recognizes that telemedicine enables physicians to deliver health services acrossprovincial/territorial and international borders. In many cases, physicians in Ontario referpatients or provide patients’ information to a specialist located outside of the province. Wherethis occurs and the physician outside of the province is not registered with the CPSO, the CPSOexpects the physician in Ontario to inform the patient of that fact and that any potentialcomplaint would need to be considered outside of the province (for example, in the jurisdictionof the specialist). Providing this information is part of the process for obtaining the patient’sinformed consent to the medical consultation.For Ontario physicians providing care to patients outside of the province via telemedicine, theCPSO suggests that they: comply with the licensing requirements of any province/territory/country in which they are providing medical services; and in addition, understand that the CPSO maintains jurisdiction over its members wherever they may practice and therefore is required to review any complaint made to it about a member, even if made by a patient located in another jurisdiction.This is based on the principle that patients must be protected from harm and physicians heldaccountable for the quality of services they perform. Ontario physicians with a certificate ofregistration in another jurisdiction should also be aware that the CPSO may review concernsarising in the other jurisdiction and may take action with respect to the physician’s certificate ofregistration in Ontario.Telemedicine is in a constant state of evolution. The innovative technologies in telemedicineprovide endless opportunities for developing new approaches to the delivery of health services.In recognizing the tremendous potential for growth in this area, the CPSO acknowledges thattelemedicine will likely be one of the greatest influences on the way medicine is practiced in the8 The Telestroke Program of the OTN provides stroke patients in remote areas of the province with 24/7 access to life-saving emergency care thatthey might not receive without this real-time expert neurological assessment. Emergency Physicians use OTN to connect with neurologists toobtain urgent diagnosis and treatment advice, including the administration of time-sensitive medication.9 Otn.teledermSF allows a health care professional to take a digital image of a skin condition and upload it along with pertinent patient data to asecure server. An Ontario-based dermatologist accesses the server to review the information, returning a diagnosis and suggested treatment to thereferrer– all without a long wait, added costs or travel time for patients.C:My DocsPaper by Lisa Abe-Oldenburg on Healthcare IT Legal Issues for IT.Can Conference Oct 29-30 2012.docx
  6. 6. -6- abe-oldenburgl@bennettjones.comfuture. For this reason, the CPSO will continue to monitor future developments and provideupdates, in particular, on jurisdictional issues and certificates of registration. It also viewstelemedicine as an impetus for the future development of a national medical registry.2. Current Hot Topics in Health Care IT Contracting.Most national health systems are both vast and fragmented. Technology still presents challengesfor mHealth adopters. Both doctors and payors list privacy and security concerns as leadingbarriers to greater use of mHealth, and only around half of doctors believe that the mobileInternet facilities at their workplace are reasonably secure. Poor integration also impedes uptake.Just 53% of doctors say that the mHealth applications and services they use work with theirorganizations IT, and even fewer say they are integrated with technology in other parts of thehealth system, such as other hospitals and clinics.10 Integration of new systems, software andtechnologies give rise to a host of integration issues, which must be managed through adequatedesign, implementation, testing, correction, change and governance processes. Contracts mustset realistic and measurable boundaries on each partys obligations and liability, in particular forpersonal injury.The move to a more patient-centric health care model requires leadership and co-ordinationamong all stakeholders – physicians, hospitals, health insurers, pharmaceuticals, medical devicecompanies and government. In order to achieve desired results, conventional business modelsand contracts typically will not work. Contract negotiations need to involve all stakeholders andwill likely shift their focus to clinical outcomes, value and patient satisfaction. The followingkey principles will need to be addressed in health care IT contracts: Interoperability – representations, warranties and covenants as to interoperability of IT with sensors and other mobile and non-mobile devices, networks and systems, to share vast amounts of data with other applications, such as electronic health records and existing health care plans. Integration – services and deliverables to include integration activities and work products of providers and users. Qualitative Solutions – deliverables to be problem solving, real-time, qualitative solutions that realize measurable productivity gains. Outcomes to provide a return on investment not just in terms of cost but also access and quality of care based on health care objectives. Socialization – terms dealing with sharing of information, privacy, security and data access and retention across a broad community. Service Levels - that enable patient involvement and the provision of ubiquitous and instant feedback.10 "Emerging mHealth: Paths for Growth", a PwC survey and study of the mobile health market.C:My DocsPaper by Lisa Abe-Oldenburg on Healthcare IT Legal Issues for IT.Can Conference Oct 29-30 2012.docx
  7. 7. -7- abe-oldenburgl@bennettjones.comScalability and portability require open modular architecture and vendors are increasing the useof cloud computing and open source technologies to deliver IT services and systems. PeterNeupert of Microsoft argues that the rise of cloud computing (providing data storage andprocessing over the Internet), will be ―transformative‖ for wireless health.11However, cloud computing and open source technologies pose several risks, such as: security and privacy breaches, unauthorized access data mining uncertainty as to location of data at any point in time inability to properly audit cross-border data transfer difficulty with access to and return of data vendors standard cloud computing contract terms and open source licenses dont contain adequate protection for intellectual property, have unreasonably high limits on liability, no warranties or indemnities.Health care providers will need to assess and manage these risks, as well as seek legal advice incontract negotiations involving innovative technologies.3. Medical Management System Architecture.Access to the right information and the automation of complex tasks & workflow is the keyfocus of medical management systems, enabling freeing the staff to spend more time on caringfor patients and extending the reach of services. Such systems (and procurement/outsourcingcontracts) need to have the technical and functional specifications, as well as service levelrequirements (SLAs) of flexibility & scalability, comprehensive report types, ease ofcustomization, intuitive visuals and interactive graphics that simplify complex data analysis andpresentation. As well, seasoned professionals with relevant experience in the health careindustry, can help consult on, design, develop, configure, integrate and implement the systemthat incorporates the best health care practices and is designed to deliver key tangible benefits topatients and health care industry stakeholders.There is a huge spectrum of medical management systems and architecture that has beendeveloped over the past 10-15 years, and continues to be developed to provide solutions inmedical office administration, pathology, radiology, pharmaceutical delivery systems, medicalrecords management and other areas. There are increasingly extensive applications of newsystems techniques and methods in hospitals, clinics, physicians offices, including11 "M-Powered – The Convergence of Mobile Telephony and Health Care is Under Way", The Economist, Nov 11, 2010.C:My DocsPaper by Lisa Abe-Oldenburg on Healthcare IT Legal Issues for IT.Can Conference Oct 29-30 2012.docx
  8. 8. -8- abe-oldenburgl@bennettjones.comcommunication links between various health care providers, insurers, product suppliers, medicalrecords storage and retrieval and ancillary patient-support systems. With the amalgamation ofsciences, existing medical systems are constantly being modified to fit particular circumstancesand to solve specific problems.In a hospital setting, for example, computer hosts are dispersed to different locations in thenetwork. There are generally workstations, personal computers, lap tops, mobile devices, PDAs,modems, switches, hubs, printers, medical equipment, storage archives, servers and host systemsall configured to be connected through a LAN, WAN Intranet and the Internet.In medical management systems, the key functions a system must address include: Patient administration, such as front office appointments, reservations, registrations, admissions, discharge, payment, back office services, staff scheduling, doctor and nursing station orders, transfers, etc. Clinical management, such as diagnostic/laboratory, operation theaters, patient indecies, medical records, blood banks, telemedicine, physical management systems, care plans and personnel management, etc. Resource management, such as pharmacy, general stores, ambulatory, cafeteria, medical equipment and supply chain management, etc. Financial Management, accounting, payroll, health benefits admin, claims processing, etc. Information Management, such as clinical decision support, patient data monitoring and safety, medication-use process, research systems, enterprise application management, etc.With the progress and the development of information technology, the internal data in medicalorganizations has become extremely valuable and sensitive in electronic format. Moreover, theuse of the Internet has enhanced information communication as well as affected the developmentof the medical information management systems. Such systems are often networks within othernetworks, and when all are connected together, comprise a vast resource of useful informationthat can be analyzed for medical research, advancement in health care and improvement ofindividual health. However, the Internet is considered as a high-risk and public environmentwhich is easily invaded. The data in medical network systems is very sensitive and confidentialand it is necessary under the law to protect the personal privacy of electronic patient records,including ensuring data in health care facilities is properly authorization-controlled. As aconsequence, medical network systems are considered high security networks that requireexcellent protections and managerial strategies to prevent the risk of disclosure, misuse ofconfidential information and external attacks from happening. Health care organizations need toimplement secure medical managerial strategies to be applied to the network environment of themedical information system architecture, while allowing the medical system to work smoothlyand safely that not only benefits the patients, but also allows the doctors to use it moreconveniently, and further promote the overall medical quality. These objectives can be achievedC:My DocsPaper by Lisa Abe-Oldenburg on Healthcare IT Legal Issues for IT.Can Conference Oct 29-30 2012.docx
  9. 9. -9- abe-oldenburgl@bennettjones.comthrough proper design of the technology, as well as implementation of business processes thatminimize managerial mistakes, resulting in highly-reliable medical information systems.In todays hospitals, the medical workstation is a basic component of any image management andcommunication system. The design of such component can be very complex, because of thechallenging engineering requirements. Architectural models must ensure flexible and portablesoftware platforms upon which medical workstations can be realized. Some current models arebased on an overall framework of object oriented programming.12Biomedical Information Management Systems ("BIMS") is an example of software architecturedesigned to provide a flexible computational framework to manage the information needs of awide range of biomedical research projects. The main goal is to facilitate the clinicians’ job indata entry, and researcher’s tasks in data management, in high data quality biomedical researchprojects.The architecture methodology required in a health care setting, must be able to manage largeamounts of complex and dynamic information. In addition, to be fully functional, flexible andallow modeling and managing of large amounts of heterogeneous biomedical data sets, bothtextual as well as visual (medical images) information, the architecture would need to bedeveloped as a web-based application.In Medical Genetic Testing (MGT) Laboratories, there are existing knowledge management(KM) technology weaknesses. Information system (IS) architecture is being developed toestablish process automation and content management of the distributed workflow of knowledgegeneration and knowledge management (KG&KM) during MGT result interpretation. The ISwill validate the interpretation decision by using information systems/information technologies(IS/IT), especially KM tools, such as workflow management system (WFMS), search engine andgroupware. Once developed and implemented, such integrated systems will significantlyimprove MGT lab researchers KG&KM performance through increasing knowledge capture,improving documentation quality and maintaining (if not improving) users informationsatisfaction.13IT contracts for the development and procurement of such systems, require careful considerationof the terms and allocation of risks that are best managed between the parties. In the health caresector, the procurement Directive and guidelines must be followed. Contractual issues need tobe analyzed from a legal and business perspective. Contracts need to focus on issues arising inIT development and outsourcing, legal compliance (e.g. privacy), intellectual property ownershipand licensing, liability risk allocation, patient outcomes, impacts and results, as well as thefunctional and technical requirements (including testing) of the IS architecture.12 A software architecture for medical image processing stations, Boccignone, G. , Chianese, A., De Santo, M., Picariello, A., Image Processing,IEEE International Conference, Nov 1994.13 A System Architecture Design for Knowledge Management (KM) in Medical Genetic Testing (MGT) Laboratories, Gu, Y., Warren, J., Stanek,J., Suthers, G., Computer Supported Cooperative Work in Design, 10th International Conference, May 2006.C:My DocsPaper by Lisa Abe-Oldenburg on Healthcare IT Legal Issues for IT.Can Conference Oct 29-30 2012.docx