Upload
rolf-dale-carter
View
214
Download
1
Tags:
Embed Size (px)
Citation preview
Compliance with Compliance with FDA Regulations:FDA Regulations:
Collecting, Collecting, Transmitting and Transmitting and Managing Clinical Managing Clinical
InformationInformationDan C PettusDan C Pettus
Senior Vice PresidentSenior Vice President
iMetrikus, Inc.iMetrikus, Inc.
Confused?Confused?
• 25 Years in technology development
• 20 Years in Healthcare Informatics
• When it comes to FDA (HIPAA, and others) regarding regulatory requirements for telemedicine and clinical data …. and I’m still confused?
FDA CurrentlyRegulates
FOOD BiologicsAnimal Feed and
DrugsCosmetics
RadiationEmittingProducts
Drugs Medical Devices
PremarketApproval(s)
Contract ResearchOrganizations
(CRO)
Clinical Trials
PMA or 510(k)FDA Submission
QSR
Validation
Quality
ManufacturingRecords
IncidentReporting
CorrectiveActions
21 CFR Part 11“Cloud”
What does Regulation What does Regulation Mean?Mean?
For devices, drugs, etc., it means the For devices, drugs, etc., it means the manufacturer is held accountable for GMP manufacturer is held accountable for GMP and QSR under Title 21 parts 1 to 1299 and QSR under Title 21 parts 1 to 1299 (e.g., part 801- Labeling, part 820 – Quality (e.g., part 801- Labeling, part 820 – Quality System)System) Ability to electronically authenticate is permitted Ability to electronically authenticate is permitted
under 21 part 11 of the FDA regulationsunder 21 part 11 of the FDA regulations
The FDA issued guidance documents which The FDA issued guidance documents which identify portions of title 21 part 11 as being identify portions of title 21 part 11 as being applicable for clinical trials submissionsapplicable for clinical trials submissionsNOTE: Clinical Information may be regulated by NOTE: Clinical Information may be regulated by
additional state and federal agencies. HIPAA is a additional state and federal agencies. HIPAA is a good example. good example.
A Device is…A Device is…According to the FDA, a device is:According to the FDA, a device is: "an instrument, apparatus, implement, machine, "an instrument, apparatus, implement, machine,
contrivance, implant, in vitro reagent, or other similar or contrivance, implant, in vitro reagent, or other similar or related article, including a component part, or accessory related article, including a component part, or accessory which is:which is:
recognized in the official National Formulary, or the recognized in the official National Formulary, or the United States Pharmacopoeia, or any supplement to them, United States Pharmacopoeia, or any supplement to them,
intended for use in the diagnosis of disease or other intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or conditions, or in the cure, mitigation, treatment, or prevention of disease, in man or other animals, or prevention of disease, in man or other animals, or
intended to affect the structure or any function of the intended to affect the structure or any function of the body of man or other animals, and which does not achieve body of man or other animals, and which does not achieve any of it's primary intended purposes through chemical any of it's primary intended purposes through chemical action within or on the body of man or other animals and action within or on the body of man or other animals and which is not dependent upon being metabolized for the which is not dependent upon being metabolized for the achievement of any of its primary intended purposes." achievement of any of its primary intended purposes."
If the primary intended use of the product is achieved If the primary intended use of the product is achieved through chemical action or by being metabolized by the through chemical action or by being metabolized by the body, the product is usually a drug. Human drugs are body, the product is usually a drug. Human drugs are regulated by FDA's regulated by FDA's Center for Drug Evaluation and Center for Drug Evaluation and ResearchResearch (CDER). (CDER).
When is a device a When is a device a device?device?
Diagnostic Patient Monitoring – Diagnostic Patient Monitoring – yesyes Electronic Medical Record Systems – Electronic Medical Record Systems –
no?no? ICU Clinical Data Management ICU Clinical Data Management
Systems – Systems – no?no? Anesthesia Data Management Anesthesia Data Management
Systems – Systems – depends on who you ask?depends on who you ask? Telemedicine – Telemedicine – maybe?maybe?
Case History - ARKIVECase History - ARKIVE 1985-1986: Ohmeda develops a 1985-1986: Ohmeda develops a
semiautomatic electronic anesthesia semiautomatic electronic anesthesia record keeper as an “accessory” to its record keeper as an “accessory” to its gas machinegas machine
1986 Arkive files 510(k) as an 1986 Arkive files 510(k) as an anesthesia information system. FDA anesthesia information system. FDA classifies Arkive a gas machine classifies Arkive a gas machine accessory. FDA is informed that Arkive accessory. FDA is informed that Arkive is a stand-alone information is a stand-alone information management system and not an management system and not an accessory to anything. …FDA response accessory to anything. …FDA response – reclassify Arkive – no longer an – reclassify Arkive – no longer an accessory – it’s now a “gas machine”? accessory – it’s now a “gas machine”?
Is Telemedicine device?Is Telemedicine device?Although FDA does not regulate the delivery of health care services or the transmission of information related to care between physicians and patients, FDA does regulate the commercialization of technologies associated with health care delivery (devices). As FDA has stated; “The use of advanced telecommunications technology to deliver health care brings with it a host of concerns about safety and effectiveness.” In its White Paper, FDA’s Center for Devices and Radiological Health (CDRH) declared that many “products” used in telemedicine are medical devices subject to regulatory authority.
Clinical Data is Clinical Data is Regulated When:Regulated When:
It is part of a clinical trialIt is part of a clinical trial It is embedded as part of a regulated It is embedded as part of a regulated
devicedevice The data acquisition is an accessory The data acquisition is an accessory
to a regulated deviceto a regulated device Accessory to a regulated device is a bit Accessory to a regulated device is a bit
fuzzy fuzzy
In GeneralIn General The collection, transmission, and The collection, transmission, and
management of clinical data for the management of clinical data for the purpose of care management and purpose of care management and medical treatment is not usually medical treatment is not usually regulated by the FDAregulated by the FDA (May be regulated by other agencies and (May be regulated by other agencies and
laws, e.g., HIPAA)laws, e.g., HIPAA)
Reasonable efforts should be used to Reasonable efforts should be used to avoid deliberate or accidental disclosureavoid deliberate or accidental disclosure
Patients have rights under state laws and Patients have rights under state laws and HIPAA regarding privacy and disclosureHIPAA regarding privacy and disclosure
Best PracticeBest Practice
Policies and operating procedures that Policies and operating procedures that clearly describe your organization’s clearly describe your organization’s collection and use of clinical datacollection and use of clinical data Business Associate Agreement under HIPAABusiness Associate Agreement under HIPAA
Best practice to protect a patient’s privacyBest practice to protect a patient’s privacy Best practice to ensure security Best practice to ensure security
throughout the networkthroughout the network Regular audits that validate your processRegular audits that validate your process
Example of Technology SecurityExample of Technology Security
PIX Firewall
Marketing Servers
MediCompassServers
PIX Firewall
CITRIX Access
RedundantPIX 520Firewalls
RedundantF5 BiGIP
LoadBalancer
CheckpointFirewalls
OLTPDatabase Engine
OLAPDatabase Engine
Third-party andDomain Servers
Checkpoint VPN FirewallCustomer Access
Internet
SMTP ALERTS
SD
PROLIANT
6400R
POWERSUPPLY 2
POWERSUPPLY 1
SD
PROLIANT
6400R
POWERSUPPLY 2
POWERSUPPLY 1
SD
SD
SD
SD
PROLIANT
6400R
POWERSUPPLY 2
POWERSUPPLY 1
SD
PROLIANT
6400R
POWERSUPPLY 2
POWERSUPPLY 1
SD
SD
SD
Two MultiTech48 Wide Modem
Banks
RedundantTELCO PRI
Modem Lines
Checkpoint VPN FirewallEmail Campaign Server
SDPROLIANT 1850R
Email Server
VPN Server
SDPROLIANT 1850R
HTTP Layer AccessFirewall
Administration Firewall VPN Access Firewall Backend DatabaseFirewall
SDPROLIANT 1850R
Optic NerveReal-timeMonitoring
SD
PROLIANT
6400R
POWERSUPPLY 2
POWERSUPPLY 1
PIX Firewall
Siebel Web Server
Siebel Application andDB Servers
SDPROLIANT 1850R
SummarySummary
With regards to clinical information, With regards to clinical information, the FDA regulates devices and drug the FDA regulates devices and drug submissions (clinical trials)submissions (clinical trials)
Your organization may be required Your organization may be required to comply with FDA if the clinical to comply with FDA if the clinical information is part of a clinical trialinformation is part of a clinical trial
May be subject to other state and May be subject to other state and federal (HIPAA) regulations federal (HIPAA) regulations