Best HIT Manufacturing Practices

1
Best HIT Manufacturing Practices

• Is Regulation Necessary?AHRQ Annual Meeting,
  Bethesda, MD, 9/14/09
• Bob Elson, MD, MS (bob.elson_at_gmail.com)
• President, Clinical Systems Design, LLC, Shaker
  Heights, OH
• Affiliated Researcher, MetroHealth Center for
  Healthcare Research and Policy,
• Cleveland, OH
• Any opinions expressed herein reflect the
  personal opinions of Dr. Elson. They are not
  intended to represent the opinions or policy of
  the MetroHealth Center for Health Care Research
  and Policy.

2
(No Transcript)
3
Best Manufacturing Practices for HIT

• State of the (quality control) market
• Best practices (variation)
• Opportunity lost
• Emerging landscape

4
State of the Union (Quality Control)

• Some (wide-scale) production examples
• Auto stop orders, juxtaposition errors,
  inappropriately flagged abnormals
• Not just commercial systems (VA, home-grown)
• Lack of consistent surveillance, labeling, client
  communications
• Industry response to Koppel findings is
  illustrative
• Would we have seen the same thing if report had
  been about 22 ways that Goodyear tire design
  coupled with inflation pressure causes blowouts?
• Industry is not immature, early lifecycle or
  teetering on the brink
• Market cap of big 5 public (Cerner, McK, Siemens,
  GE, Eclipsys 283B)
• 500 hospitals fully CPOE-adopted, many since
  mid-90s, some on 2nd
• 500M CPOE orders / yr (SWAG Nobody knows)
• 70M prescriptions / yr routed electronically
  doubling year over year

Koppel R, et al. Role of CPOE Systems in
Facilitating Medication Errors. JAMA.
20052931197-1203 Fictitious example
5
Best Practices (cGMPs)

• Design and testing (especially human factors)
• Defect handling (where safety rubber really hits
  the road)
• Surveillance (nothing even remotely systematic)
• Org structure (lack of necessary checks and
  balances)
• Structure ? process ? outcome
• Unacceptable variation in HIT software quality
  can be directly attributed to manufacturing
  structural and process variations

FDA. Medical Devices Current Good Manufacturing
Practice (CGMP) Final Rule. Vol 21 CFR Parts 808,
812, and 820. Federal Register. 1996
61(195)52601-52662. http//www.accessdata.fda.gov
/scripts/cdrh/cfdocs/cfcfr/CFRSearch.cfm?CFRPart8
20
6
Window Closing on Self-Regulation?

• 1986 The FDA states its HIT risk allocation
  rationale
• 1994 FDA moves blood bank IT systems to high
  risk
• 1996 FDA feigns retreat from yet-to-be-codified
  86 position
• 1997 AMIA, CHIM, AHIMA and others push back
• 86 position should be written into doctrine
• Local oversight committees
• Voluntary product registration, adverse event
  reporting, labeling
• Vendor best manufacturing practices guide in
  progress by CHIM
• (2009 None of above happened, including
  codification by FDA, though unofficial doctrine
  still governs FDA risk-allocation policy for
  HIT)

Young FE. Validation of medical software
present policy of the FDA. Ann Intern Med. Apr
1987106(4)628-629 Miller, Gardner et. al.
Recommendations for responsible monitoring and
regulation of clinical software systems. JAMIA
19974442-457 See Section II of
http//www.fda.gov/OHRMS/DOCKETS/98fr/E8-2325.htm
7
Learned Intermediary Valid for HIT?

• Basis for categorizing HIT as Class I device
  (lowest risk), but
• Legal doctrine developed to protect
  pharmaceutical manufacturers from liability
  related to malprescribing, not to protect HIT
  vendors from liability related to adverse events
  due to user errors
• Quite contrary to systems theory of human error
  implies that software cant systematically (and
  predictably) drive user error rates
• Importantly, this FDA pseudo-doctrine as
  articulated by Young in 86 was developed for a
  very narrow set of HIT functions (specifically,
  A.I.-based diagnostic and treatment
  recommendations), not for the typically
  full-featured HIT of today (or of 97, for that
  matter)
• What was AMIA thinking in 97 when it commended
  Young?
• Did the end (no FDA reg of HIT!!) justify the
  means (learned intermediary), no matter how
  distasteful? Probably so, but a post hoc
  analysis is overdue.

Ironically, systems theory was heavily invoked
in the 1990s in order to justify why HIT was
necessary in the first place especially CPOE
(see Berwick DM. A primer on leading the
improvement of systems. BMJ. Mar 9
1996312619-622). e.g., info retrieval /
display, documentation, order communication,
other workflow CDS
8
Its The Users Fault
Intelligent Intervening Provider (aka learned
intermediary)
9
Evolving Regulatory Landscape

• Lack of regulation indemnification no
  accountability
• By the way, CCHITs mission has little to do with
  ensuring public safety
• Policy agenda tied up w/ MU, privacy/security,
  workforce
• Missed opportunity for resource allocation during
  ARRA ask period
• Fear of spooking the funders (shame on us for not
  bringing up safety)
• Legal and non-HIT engineering communities
  speaking out
• Hoffman Podgurski. Harv Rev Law Tech. Feb 09
  and http//works.bepress.com/sharona_hoffman/7/
• Sweden and the EU
• FDAs MDDS proposal, otoh, newly endorses past
  approach

Improving patient safety in the EU Many Medical
Information Systems should be classified as
Medical Devices. 2009. http//www.lakemedelsverket
.se/english/All-news/NYHETER---2009/Improving-pati
ent-safety-in-the-EU-Many-Medical-Information-Syst
ems-should-be-classified-as-Medical-Devices/ r/c
move MDDS from Class III to Class I
http//www.fda.gov/OHRMS/DOCKETS/98fr/E8-2325.htm
10
Whats Next?

• AMIA Task Force (on vendor contracting not on
  regulation)
• If stick with HIT-as-low-risk approach, need a
  new framework to justify it! (learned
  intermediary iswellembarrassing)
• In parallel with addressing reg vs. no reg,
  should be thinking about ideal components of a
  workable reg program
• Most impact on best practices with least resource
  investment
• What can we learn from blood bank IT regulation?
• Might forced compliance to cGMPs, with auditing,
  be enough?
• Too late for voluntary adherence to best
  practices?
• Perhaps not, but usability which CCHIT and
  HIMSS have suddenly embraced (thats a good
  thing) is only one piece
• Defect handling, surveillance, and org structure
  must also be addressed
• 1/09 CCHIT rejected a proposed vendor best
  practices program