Dane Stout is director of the connected health and biomedical communication practice of The Anson Group.
I joined The Anson Group last fall. I’ve known the folks there for quite some time. The company has been around about 14 years. It grew up in the traditional medical technology / medical device space. I’m pharmaceutical. They’ve provided a lot of services over those years in regulatory quality systems. Helping them to put clinical trial protocols together, all that kind of stuff.
We started talking a while back about some of the changes that were happening in healthcare and this convergence of all these different players, and so we said, “There really seems to be a need for our services that we would put together to bridge the gap, really, between the traditional medical device, pharmaceutical companies — who are very familiar with the pretty onerous burdens of the regulations inside of healthcare — and then all the newcomers that are coming out of consumer electronics and general IT and telecom and you name it.”
Everybody’s flocking to healthcare because of the stimulus, because of the size of the market, and because of some of the margins. But I don’t think they have a real appreciation for what they have to deal with. That’s why my job here is to drive the “connected health practices”, is what we’re calling it. We’re really looking at a very network-centric perspective. To say, “All these new players are going to come in and they’re going to need ways (people) to help them get their innovation to market and still comply with the law and all the regulations that are a part of that.”
Give me some examples of some of those converging technologies that would be running on a hospital network.
We break it into two components. There’s what I would call the mission critical — I’ve classified it as more biomedical communication — so inside the walls of the hospital, you now are going to have all these medical devices that are there. They’re either just a closed-loop system sitting over in the corner, or they actually now have a private network.
I’ve read where the average hospital has somewhere around 240 distinct, private networks. There really isn’t that much value to that. What they would all like to do is to have the medical devices communicating with each other, communicating with the EMR connected to the order entry system, and be able to collect all this data and be able to feed that into data repositories and be able to improve on their performance using that.
A very different model in terms of a high-performance, high-critical response requirements that would be a part of that network. Being on the hospital enterprise LAN, now you’ve got medical devices that were designed from the ground up to operate in isolation that now all of a sudden have to be good network citizens and make sure that their security updates and software patches and all that don’t disrupt the other devices around them.
When you go into a hospital, who engages you? Would you typically be working through the IT department or straddling between IT and biomed?
That’s part of the other issue. There’s that convergence of the biomed, the clinical engineering staff, IT, the medical device vendors. The FDA, while they haven’t made a real definitive stance on the regulatory requirements, which we’re all kind of waiting with bated breath for the medical device data systems — guidance, which they continue to say, will be coming shortly — they did come out in November and said, “Look, the spirit of the IEC 80001 risk management framework is that the device vendors and the hospital IT staff share a joint responsibility for making sure that these things work together. They collaborate on implementing them correctly to maximize patient safety and the effectiveness of the devices inside the hospital.”
If a CIO is unsure about whether they need your services, what are some warning signs that it might be time to bring in an expert?
I think there’s a lot of questions. Where’s this all going? Who’s going to be regulated? I think there’s just a lack of understanding, and that’s one of the things that we’re spending a lot of time on. Just really educating people as to the FDA or the federal government’s view of what is a medical device.
I think people have this misguided understanding that, “Oh, well that’s Boston Scientific or GE.” The traditional people that make these big medical devices that we all see. That’s them. We’re not regulated. In fact, it’s really based on the intended use of the device. Is it really intended to diagnose or treat a disease? And if so, what kinds of claims are being made about that and by whom?
There are lots of examples of where you could combine multiple devices and create a new device. Hospitals even cross the line themselves where they become, in the eyes of FDA, actually a medical device manufacturer themselves.
Part of what we’re doing through our alliance with Epstein Becker & Green, which is the largest healthcare law firm in the country, is to help them, from an end-to-end process, understand what all those requirements are and to help them with the risk assessment, the regulatory assessment. You know, what does this mean in terms of HIPAA and privacy requirements, all the way through the process.
We’re equal opportunity players. We’re looking at as anybody that’s participating in connected health could be a potential client of ours, because they’re all going to have some impact from the change that the network introduction really drives.
Are you seeing an increased interest by the FDA in what they could or should regulate?
I don’t think it’s an increased interest in what they could regulate. I think it’s more how.
I just came back from the FDA Medical Device Interoperability Workshop. It was co-sponsored by the Continua Alliance, CIMIT, and the Medical Device Plug-and-Play initiative that’s being driven out of the Boston area, Dr. Julian Goldman, and then FDA. This was a three-day event that I attended at FDA’s White Oak Campus.
The whole discussion is — we get it that this future of what we have to deal with, in terms of devices, really it’s not just ARRA/Hitech driving this. It really is a requirement. That to make healthcare better, we’re going to have to have devices talking to EMRs. We’re going to have the ambulatory side of the business. We’re going to have to have all these connected devices and we’re going to have to figure out a way to regulate that because our mission hasn’t changed — protecting the public health and safety. We’ve just got to figure out a way to do that.
I think they’re open to figuring out ways to work with industry and to work with other groups inside the government, to try to figure out how do we do this in this new world of networked connectivity; which is very different than what’s really happened over the last 30 years since they started regulating devices.
Did you get any sense from the FDA that they have any interest in regulating electronic medical records, or only this new connectivity to what would always have probably been some sort of medical device?
I think when it comes to regulatory exertion of what they’re able to do under the statutes; they have a broad range of discretion. It’s what they regulate. You could make an argument that an ambulance with all the connectivity devices on it could be regulated. That was an example that they used.
They’ve chosen, obviously, not to get that far. But software? Certainly software is prevalent in medical devices, and there’s clear guidance offered up by FDA about software that’s used as part of diagnosis and treatment of disease and all the software that goes into traditional medical devices.
I think they’re saying, “Look, we may or may not do that. There’s two ways you can get our attention. You can come to us with a submission that you feel like this could be a medical device and you want to go through that process because you clearly see that it’s a diagnosis or treatment — it’s a clear case of that. Or, something happens and we have to make some intervention in that.” So it really depends on those two kinds of factors.
I don’t think they’re looking for more to do. I think they’re overwhelmed with the social media and pharma. There’s a lot of stuff that’s on their plate … the globalization of research … but they made no bones about it that they’re there to safeguard the public’s health and safety. They’re watching very closely, with interest, what is the development of the HIT software industry. Longer term, I think it would be naïve to think we’re immune from that. We’ve never been covered.
It really depends on the statutory classification of the device and their interpretation of that. I guess at the end of the day, they determine what they regulate based on the law. The vendors don’t get to pick. I think there’s some that we’ve talked to that think, “Well, no, I’m not a device.” Making that declaration doesn’t necessarily make it so.
Should software vendors be afraid of what FDA oversight would be?
You know, that’s really the message; because I don’t want it to be, “Oh, we’re the onerous coming in with all the bad news that you’re going to be regulated.” I think what we’re really suggesting is healthcare really needs the innovation of information technology. It needs the new entrants from consumer electronics. It needs it from the wireless providers. It needs it from the general IT players. I think it needs the HIT vendors that are well established inside the hospital — all the guys that are going to be at HIMSS — to say, “You know what? We just need to understand what our role is and what our potential requirements are in this space.”
Our message is that you can live with this. I mean, look at the industry. There are thousands of medical device companies. They all make pretty good margins and are pretty successful businesses. They just deal with the regulations that are required. It’s just part of the table stakes to get into the game. I think people don’t need to be fearful of it, but they don’t want to ignore it.
I think our job is to help them understand those requirements and to set their business strategy based on that. Don’t wait until you come out with a product to go out and tell the market you’re in healthcare, and then try to figure out how to deal with regulations. Make that a parallel effort right there up front as part of your strategy.
If you don’t want to be regulated, we can help you figure out a way where you totally stay away from that. You just provide components. Or, if you’re willing to accept the responsibilities with that and enjoy the really big margins, we can help you devise a plan to do that, too.
If you were advising vendors about practices they could voluntarily adopt that would prevent the FDA’s interest or would move them along the path that FDA wants them to take, what would you recommend?
I think following some of those quality system guidelines that are clearly laid out, which are a cut above ISO 9001. That’s another common fallacy, “Oh, we’ve got our supply chain; we’ve got our quality systems pretty well in hand with ISO 9001.” But it goes much more beyond that when you’re talking medical-grade systems.
I think there are some voluntary things that they could do to probably show the good faith of that, but there’s lots of ways to really strategize around that. That could be partnering with somebody that really has already embraced those requirements. If you look at GE, they have a broad footprint in healthcare. I think there are other examples. If you look at Intel, they clearly understand that they’ve moved in the device space. They did a 510(k) for Health Guide.
There are people out there looking at it saying, “This is something we’re going to take on directly.” There are some partnerships that other companies say, “I don’t really want to go to that extent. I want to stay away from that boundary line” that they can partner with.
I think the traditional players in software, the big EMR vendors and all, are going to really need to be monitoring this carefully and start thinking about the flipside of all of the interoperable health records. The connectivity inside the hospital does mean that things that were never involved before directly in diagnosing and treating patient illnesses now become a critical part of that.
I believe the folks in Washington are going to look at that very closely. Doing things the right way, maybe following some of those same processes that the device companies are already doing, and doing that voluntarily could certainly be a step in the right direction.
What kinds of innovation could run afoul with the regulatory environment if companies weren’t looking ahead?
I think all innovation is subject to that, but I think the ones that seem to be top of mind today are … I guess we really didn’t finish the first part. There are the two prongs of this. There are, inside the hospital wall, devices sitting on the enterprise LAN talking to the major software applications in place. There’s the other side of that, which is more of the remote monitoring care at home, monitoring of chronic conditions through wireless networks through your cell phone, connected to some other medical device to try to improve the quality of life, and to give people sort of this continuous monitoring of care and feeding that back to a call center where the nurse is.
There’s a lot of interest, there’s a lot of activity, and there’s a lot of great innovation that’s coming of that space, but I think there are some folks out there that may be pushing the envelope. I spent a long, 20-plus years in the traditional IT space and I know how IT marketing is. This one-upmanship. You’re always promoting your vision and you’re sticking it out there. You have to be much more deliberate about it when you start talking about marketing inside of healthcare, because you can find yourself backing into a situation where all of a sudden now you’ve completely put yourself in the purview of FDA regulatory requirements.
If you start making claims about things that your cell phone platform can do in terms of helping people monitor their diseases, you’re now involved in that. The same device … if you’re a manufacturer of a cell phone handset and you don’t make any claims about that and it’s just some of the other applications that are out there are using your device, then you can be exempt from that.
It’s an area that you can find yourself backing into it, and it’s a huge problem. Or, you can set that deliberate strategy and understand, “What are the areas that I need to stay away from?” That extends to not just marketing material you might have on your Web site, but it could be what your sales representative talks about, or what you talk about in a conference. There’s lots of ways you can communicate that, “Hey, I’m really involved in the care of patients” that companies need to be careful of.
The software vendors have traditionally just said, “We disclaim everything. We’re saying it’s not fit for purpose unless you say it is and it’s the clinician’s judgment.” Then bundle that with non-disclosure clauses, which would seem to be something the FDA wouldn’t want to see. Is that enough to keep the FDA away? Is just disclaiming your responsibility really a long-term solution?
No, not at all. It would have, really, no impact if there were a situation that they came up from somebody using one of these devices. Including software, because software clearly can be defined as a medical device under FDA current regulations — there’s no bones about it. They can step in and enforce that.
I think one of the telling things is if you look more deeply embedded in medical technology is this use of nanotechnology. On the Frequently Asked Questions page of the FDA Web site, they had a question about how you regulate nanotechnology. They said, “Look, we don’t regulate technology. We look at the statutes. We look at the claims. We look at all of the rules that apply to what our mission is, which is safeguarding the public’s health and making sure that the claims that are made about medical treatments are effective and valid and legitimate. That’s what we do, and we look at that regardless of what the technology is. So we’ll classify new, emerging technology according to our interpretation of the law.”
I think people are saying, “Well, they haven’t come out with any definition of how they’re going to regulate a network device.” Or, “They haven’t told us how we’re going to regulate nanotechnology.” But I mean, technology moves at such a fast pace. If you think about it, there were no medical applications for the iPhone until August of 2008. So the law and the regulatory requirements that move along behind that move at a much, much slower pace, but that doesn’t mean they don’t apply.
That’s really what we’re trying to help companies, our clients, navigate those two very diverse sets of reality. That you want to get that innovation out there; you want to continue to drive it. Again, there are some really interesting things that are going on in the connected health space, but at the same time you have to understand that you still have to play by the rules that all the established device companies have done for 30 years.
The connectivity to the devices will help hospitals accumulate large quantities of patient clinical information, which will probably have a lot more research value than anybody had really thought of. How do you see that tying together both the collection of data that maybe wasn’t really integrated with normal software-type data before, and then what the requirements will be to both collect it and use it?
Clearly that’s part of this whole notion of connected healthcare where we insert this interdependent network between all the different players. So you get the payer, the providers; you’ve got network participants right now that I think are pushing the bounds of … they’re both doing some really good things, but you start wondering about these decision support tools that you use based on some remote analytics engine and some big information repository out there in the sky. But now since it’s involved and the doctors directly rely on that and there’s some sort of workflow enablement that’s part of that, it really drives right to the heart of it.
To answer your question about the data … as it moves around, it can actually traverse different regulatory jurisdictions. So if you think about it, there’s a lot of interest by the big drug companies in looking at EMRs as the source for clinical trial data and for clinical trial participants. But as that data moves from an EMR to an electronic data capture system, let’s say, which is basically the same thing but it’s done for clinical trials, it’s now moved from the privacy rules of HIPAA over onto 21 CFR Part 50 and 56, which really governs the privacy and treatment of information for clinical trial subjects. So as data kind of moves around in the network, it can actually move between jurisdictions of different federal agencies.
Again, we want to provide a clear knowledge base so that people have a clear understanding as they’re setting up their strategies to say, “How I approach healthcare?” especially if they are new to this business. It’s very important to understand all the different layers of complexities, including one we haven’t really talked about much — how do I get paid for that?
As you know, inside the hospital, all those things are really being driven by how private insurers pay us. Is it medically necessary? If you look at CMS, it’s reasonable and necessary — and there’s very definite restrictions on that. I’ve talked to a number of companies that say, “We want to get into healthcare. We’re really excited. We’ve got all this cool technology.” Then we’re like, “OK, well how do you intend to get reimbursed for that?” “Oh no, we don’t even want to mess with insurance. We’ll just sell it to the consumer.” I think that’s a really flawed assumption when you’re moving into that space because most consumers are still going to look to their health plans to pay first. Even if it’s a comparable cost to maybe some big consumer electronics purchase, we’re just conditioned to look at that first.
So now they’re moved into this whole area of not only am I looking at FDA, but I also have to look at CMS, and then what do I have to prove to the medical directors at all the big insurance companies? Then, just throw in Meaningful Use along from ONC. There are lots of really small phrases that can have very impactful meaning.
I like to sum it up to say that with FDA, it’s safe and effective. CMS, it’s reasonable and necessary. ONC, it’s Meaningful Use, secure and interoperable. Those are fairly simplistic words, but they’re very complicated to actually deploy in real life.
Our big goal is that we have a vision, not to come in and be the bearer of bad news, but to say healthcare absolutely needs IT. When you put healthcare and IT together, it becomes HIT and it’s different.
What’s really different? I think it’s this aspect of clinical treatment of human beings. It’s different than retail. It’s different than manufacturing. It has important nuances to it that we want to make sure that they map into their strategies. We want to help them get that innovation to market and comply with the law and the regulations that are part of that. That’s our goal.