Regulation should keep health IT safe without slowing innovation

2014 09 05 16 20 22 178 Hirschorn David 175 20140905232044

The proposal by the U.S. Food and Drug Administration (FDA) to revise its regulation of mobile medical apps reflects the rapidly changing world of medical software, according to Dr. David Hirschorn, who previews his upcoming presentation at the New York Medical Imaging Informatics Symposium (NYMIIS) on September 18 in New York City. For more information, visit

In 1989, I was 18 and starting college at the University of Pennsylvania, majoring in a new field called bioengineering. The discipline was so new that students majoring in it had to have a minor in a traditional field of engineering, such as mechanical or electrical, to augment their course work. Such was the nascent relationship between the disciplines of biology and engineering at that time.

That was also the year the FDA started to grapple with computers as medical devices. The agency classified anything running software as a device under the FDA Policy for the Regulation of Computer Products. But as computer chips running software began to pervade every new medical device introduced on the market, the situation grew too complex to view them all as computer products, and in 2005 the FDA withdrew its policy.

Dr. David Hirschorn from Staten Island University Hospital.Dr. David Hirschorn from Staten Island University Hospital.

In 2007, a new computing revolution began with the introduction of the iPhone, and by 2010 MIM Software had launched the first mobile medical imaging app. The company viewed it as an extension of its desktop imaging software, which was already FDA-cleared, but the FDA unfortunately didn't see it that way.

The agency claimed that the app "was not substantially equivalent to predicate devices, based on its new proposed indication for displaying medical images for diagnostic use on a mobile/portable device," and that it possessed "new technological characteristics that raise new types of safety and effectiveness questions."

"The company will need to undergo the more rigorous and time-consuming premarket approval (PMA) process in hopes of gaining marketing clearance," the FDA stated.

While the FDA was evaluating the issue, technology marched on, and in 2010 Apple launched the iPad, a tablet-sized device that could run the same software as the iPhone. Apple also introduced a new iPhone with its high-resolution Retina display.

To its credit, when the FDA rendered its decision on the matter in 2011, the agency rendered it for both the iPhone and iPad, releasing the Draft Guidance for Industry and Food and Drug Administration Staff on Mobile Medical Applications.

"In its evaluation, the FDA reviewed performance test results on various portable devices," the agency said in a statement in February 2011. "These tests measured luminance, image quality (resolution), and noise in accordance with international standards and guidelines. The FDA also reviewed results from demonstration studies with qualified radiologists under different lighting conditions. All participants agreed that the device was sufficient for diagnostic image interpretation under the recommended lighting conditions."

Thus the green light was finally given from the FDA for mobile medical apps. However, the draft guidance did note some caveats.

"Mobile medical apps may pose additional or different risks due to the unique characteristics of the platform," the guidance stated. "For example, the interpretation of radiological images on a mobile device could be adversely affected by the smaller screen size, lower contrast ratio, and uncontrolled ambient light of the mobile platform; FDA intends to take these limitations into account in assessing the appropriate regulatory oversight for these products. "

The guidance was finalized in 2013.

Throughout the 1990s and 2000s, new storage media emerged, such as high-density digital tapes, CDs, DVDs, and hard drives with rapidly increasing capacity and decreasing price. The FDA didn't care what you used to store your personal files, pictures, and music, but it held storage systems for medical data to a strict standard.

In 2011, the FDA finally rolled back its policy on medical data storage devices from the dreaded class III -- requiring a PMA application -- to the simple class I, requiring only general controls.

Between the adoption of a policy toward mobile medical devices and the relaxation of controls over medical data storage systems, one could say 2011 was a busy year for the FDA.

In 2012, Congress passed the FDA Safety and Innovation Act (FDASIA), which mandated that the FDA work with the U.S. Federal Communications Commission (FCC) and the U.S. Office of the National Coordinator for Health Information Technology (ONC) "to propose a strategy and make recommendations on an appropriate, risk-based regulatory framework for health IT that promotes innovation, protects patient safety, and avoids unnecessary and duplicative regulation."

The ONC coordinates nationwide efforts to implement and use advanced health information technology and the electronic exchange of health information. You may notice that all health IT software used for the meaningful use incentive program must be ONC-certified to qualify. The FCC is involved, too, as all of this technology becomes increasingly dependent on strong, safe, and reliable communications, be it across the room or across the world.

In April 2014, the three agencies released the FDASIA Health IT Report, outlining a proposed strategy and recommendations for a risk-based regulatory framework. In it, they distinguished software by three increasing levels of risk:

  1. Administrative health IT functions -- for uses such as billing and scheduling; is considered low risk for patient safety and requires no oversight
  2. Health management health IT functions -- includes electronic health record (EHR), order-entry, and clinical decision-support software
  3. Medical device health IT functions -- includes computer-aided diagnosis (CAD) tools, bedside alarms, and surgical robotic tools

The FDA will continue to regulate this third category but not the second one, even if a device otherwise meets the definition of a medical device. Rather, it proposed to ensure safety for EHRs and the like via activities performed by the ONC in partnership with the private sector in four priority areas:

  • Quality management
  • Standards and best practices
  • Conformity
  • Learning and continual improvement

The FDA also proposed the creation of a Health IT Safety Center to promote a health IT learning system that avoids regulatory duplication and leverages and complements existing and ongoing efforts.

In May, I had the privilege of representing the American College of Radiology at a public workshop about this proposed framework, hosted by the FDA, ONC, and FCC and located at the National Institute of Standards and Technology (NIST) campus in Maryland. Representatives from both the professional and industrial sectors met, and we discussed the risks involved with clinical decision-support systems, particularly as they pertain to order entry in EHRs.

In sum, technology and engineering have become further embedded into everything we do in medicine, and ensuring the safety of medical devices and products no longer falls just upon the FDA, but involves the ONC, FCC, and other public and private stakeholders as well. This evolution in the approach to safety maintains a good balance, allowing enterprising software developers to make the best apps for healthcare, while still keeping patients out of harm's way.

And I couldn't help but laugh when I took my daughter to the University of Pennsylvania two weeks ago to begin her study of bioengineering there, because it is now the largest department in the school of engineering.

Dr. Hirschorn is the director of radiology informatics at Staten Island University Hospital.

The comments and observations expressed herein are those of the author and do not necessarily reflect the opinions of

Page 1 of 775
Next Page