Let’s strengthen healthcare software regulation
By Joe Whitney
KITCHENER, Ont. – Over the past 18 months, the eHealth industry in Canada has been twisting in the regulatory winds emanating from Ottawa. The biggest gust was a notice issued by Health Canada in August 2009 clarifying that patient management software was subject to the Medical Device Regulations (MDR). It came as a surprise to many unaware stakeholders and a frustration to those who had been willfully avoiding the MDR vortex.
While many stakeholders believe the 2009 notice was an out-of-the-blue decision by Health Canada, the fact is that regulation of health management software started at least three years earlier. In August 2006, MedManager Interactive Corp., was told by Health Canada that its patient portal technology was a Class II medical device subject to regulation. By 2007, Health Canada had updated its medical device classification guidance document to include patient management software, indicating a Class II designation.
The problem for the eHealth industry was the communication of these pre-2009 changes. There was none. Not until the notice in August 2009.
Since then Health Canada has faced intense pressure from groups supporting and opposing regulation. Compliant companies, as well as the two major industry associations ITAC Health and MEDEC, have come out in support of licensing and quality system certification. They regard it as the “right thing to do,” on behalf of Canadians.
Critics of regulation have focused on the potential negative impact on innovation and the viability of existing and future projects. There is also concern that the rules will be disproportionately strict in comparison to the actual risk associated with a wide variety of eHealth systems.
While these are understandable worries, they do not reflect what the average Canadian cares about, and that is being able to trust that healthcare providers and eHealth systems will not make them worse off.
The results of the lobbying have been two amendments to the original notice, which introduced a licensing moratorium and new “clarifications” to the rules. Combined with existing systemic problems, these changes have rendered the Canadian regulatory regime unfair and, practically, ineffective. This must be fixed.
Over the next few years, eHealth stakeholders and Health Canada will have to work together to evolve a set of regulations that reinforce what an effectual regulatory environment must do. First, it should minimize risk for the consumers it aims to protect. Second, it should offer a level playing field for the industry and products that are regulated. Neither of these requirements is fully met right now.
Interestingly, at a time when Health Canada is weakening its own world-leading regulation of health management software, other countries are moving in the opposite direction.
In the United States, government and industry are examining ways to regulate health IT due, in part, to the testimony heard last year by an advisory committee of the Health and Human Services Department (HHS) about 260 reports of health IT-related problems that included 44 injuries and six deaths over a two-year period.
The evidence to substantiate the links of injury and death is considered anecdotal, which is not surprising given the absence of a formal adverse event reporting system or the fulsome regulation of health software as a medical device in the US.
As HHS and the Food and Drug Administration (FDA) have been deliberating over regulation, a health care industry group, iHealth Alliance, has proactively established EHRevent.org. Launched in November 2010, the website enables reporting of suspected adverse events related to Electronic Health Records (EHR).
No similar reporting system exists in Canada. However, under the Medical Device Regulations, manufacturers and distributors of licensed software are subject to recall. Although far from perfect, the current recall rules, when applied to eHealth software, is much better than nothing at all.
Health Canada, by design or accident, has assumed global leadership on this issue, a position it is clearly not comfortable with. Rather than moving backward, though, Health Canada should strive to improve what it already has in place. The several areas highlighted below deserve particular attention if there is to be meaningful and effective medical device regulation in Canada.
Application Service Provider (ASP) Exemption
In its most recent communiqué, Health Canada stated that medical devices distributed by third-party ASP facilities are not subject to regulation because there is no purchase of a medical device. A sale to an end-user is instead considered a “compensation for use.” Strange, considering that the same notice alerts vendors that a sale, as defined by the Food and Drugs Act, does not require consideration at all, just a distribution.
Health Canada has opted for an interpretation of the rules that enables this illogical and dangerous loophole. What they have done is applied the MDR to a mode of transporting the medical device, rather than the intent or end use of the product. With the increasing use of the ASP model for the delivery of eHealth software, this leaves a gaping hole through which most future software could be guided, unlicensed. How does that protect Canadians? How is that fair to the manufacturers of similar desktop software?
(Ironically, the ASP exemption has resulted in MedManager’s medical device no longer being subject to regulation).
Public Sector “Manufacturers”
Present legislation permits healthcare organizations and professionals to create their own medical device for their own use without being subject to regulation. Perhaps the drafters of the rules did not envision hospitals with software development teams bigger than those of some vendors, with the ability to duplicate or create medical devices that could impact thousands of patients. These public sector manufacturers must be subject to the MDR, in the interest of fairness and consumer protection.
Limited Communication & Enforcement
To date Health Canada has been reluctant to communicate with some major private sector organizations about health software being subject to regulation. This includes a range of health benefit and insurance companies that are offering technology-enabled wellness programs, and firms such as Apple and RIM that are facilitating the distribution of thousands of unlicensed consumer health applications directly to Canadians. Resistance to even communicate with these private sector organizations will contribute to the continued proliferation of unlicensed products and enforcing compliance in the future will be all but impossible.
As more eHealth software vendors invest in compliance and more Canadians are exposed to the potential risks of eHealth systems, it is critical for these and other issues to be addressed. Involvement from all stakeholders will be essential.
Brendan Seaton, president of ITAC Health, says his organization will continue pursuing “collaboration between industry, Health Canada, Canada Health Infoway and provincial jurisdictions to determine appropriate regulations and standards, and to create a clear path to compliance.”
Health Canada, for its part, will also “…be monitoring the development of regulations and policies in other international jurisdictions with respect to software regulated as a medical device and may need to revise the current policy and regulations to ensure harmonization with other jurisdictions.”
Ultimately, though, if Health Canada cannot resolve the weaknesses of its current domestic regime, there is no sense in maintaining any regulatory system that treats compliant companies unfairly and does little to protect consumers.
Joe Whitney is VP, Marketing & Public Affairs at MedManager Interactive Corp
Posted April 21, 2011