Time to reform HIPAA and FDA regs for digital health era?
Digital health executives and professors testified about the ways they think federal regulation needs to change to create a robust digital health industry while still protecting the safety and wellbeing of patients.
The conversation spanned various regulatory bodies and federal programs including HIPAA, the FDA, FTC and Medicare.
“The regulatory framework for most of these apps is complicated and in some cases troubling,” Nicolas Terry, a law professor at Indiana University said in his prepared testimony. “The oversimplified binary of regulation versus innovation is a poor frame. Rather, we have a current technological space that is subject to both over-regulation and under-regulation.”
Terry identified three areas as problematic in the law with regards to health apps. First, he said that the FDA’s decision to exercise enforcement discretion for certain apps doesn’t address the lack of clarity mobile innovators face. Instead, he said, it “frightens off responsible innovators while the FDA lacks the bandwidth to deal with the many industry minnows selling apps that cross the regulatory line.” Second, the FTC should make it clearer that while the FDA regulates safety, they regulate effectiveness and should crack down on apps that don’t work as promised, even if they aren’t directly harmful.
Finally, Terry pressed for reforms to HIPAA that reflect the changing nature of health data.
“Let’s say I use an app to access my EHR,” he said during the Q&A. “The moment that that data leaves the EHR and enters the smartphone app, there is considerable confusion as to the legal state of it. If that app was provided by the hospital or a business associate, then the HIPAA shield would be all over it. If it was not, if it was an app the patient just purchased from the app store, it’s highly likely HIPAA would not apply. So now you have two sets of identical data, one bundle is subject to the most stringent privacy laws we have in this country, the other is essentially unregulated.”
AirStrip president Matt Patterson, MD, said that rather than classifying data based on where it originates, as HIPAA does, we need to take into account the nature of the data somehow.
“I liken it to recreational data and professional data,” Patterson said. “In my mind we have to set a very clear bar between what’s recreational and what’s professional. And I don’t think it’s ‘who’s using it’ but I think it’s more related to the level of risk and the safety involved. Subsequent to that, there has to be a crosswalk capability that allows recreational data to be ‘drafted to the big leagues.’”
A lot of the discussion revolved around how much mobile health technology should be made available directly to patients, bypassing doctors. Laura Ferris, MD an assistant professor of dermatology at the University of Pittsburgh who authored a study that ultimately led to an FTC crackdown on clinically unsound mole detection apps, argued that this technology needs to stay in the realm of physicians.
“In our study, we found that the three automated apps missed 30 to 93 percent of the melanomas, the most deadly form of skin cancer, we presented to them,” she said. “This means that if a patient decided to save time and money by trusting their health to one of these apps that was easily available on their smartphone, at least a third of the time they would be dissuaded from seeking medical attention for a skin cancer that is generally curable when caught early and fatal when caught late.”
Even when the technology has a better track record than that, Ferris believes the physician has a role to play as a mediator.
“I am working on a technology with computer scientists at Carnegie Melon in Pittsburgh where we are doing validation studies. We’re trying to understand how we can use technology to better understand melanoma,” she said. “We have very promising early results, however I would never put that out and make it available to my patients, because I feel that this is technology better used in the hands of a physician.”
[Buyers Guide: Intrusion detection and prevention tools]
But while bad information can cause harm to a patient — like the assertion that a mole is harmless when it’s not — a lack of information can also cause harm, according to Humetrix CEO Bettina Experton, MD.
“We’ve discussed how we want to avoid medical harm,” she said. “Today in America the third leading cause of death is medical errors. About one fourth of them are caused by the fact that a lot of the time a physician doesn’t have the full picture of the history of that patient. … When the physician asks a Medicare beneficiary that critical question, ‘What medication do you take?’, the patient might say ‘I take a pink pill but I don’t remember the name of it.’ Then comes the additional prescription, which can interfere with the medication the patient is taking. Those are the situations where more harm is being done with a lack of information, and providing the patient with that information is life-saving.”
Finally, Ray Dorsey, MD a professor of neurology and director of the Center for Human Experimental Therapeutics at the University of Rochester Medical Center, argued that Congress should encourage Medicare to catch up with private insurers when it comes to reimbursing telehealth. He spoke in favor of the Medicare Telehealth Parity Act, which would bring Medicare inline with Medicaid and the VA in its reimbursement for telehealth.
“Currently, Medicare pays neurologists about $150 to see a patient with Parkinson's disease in a hospital-based clinic, $80 for a visit in a community-based clinic, and $0 to see a patient remotely in her home,” Dorsey said. “In essence, Medicare subsidizes institution-based care and disincentivizes patient-centered care.”