Martin Ellis
It is an unfortunate fact of life, but on rare occasions the very health services that you rely on to make you better can end up causing you harm.
For example, errors in medication management, incorrect surgery and hospital acquired infection all contribute to patient mortality and morbidity. Fortunately, patient safety management is now a high priority for trust boards.
Similarly, while information technology is a powerful component of a healthcare provider’s strategy to help reduce clinical risks, it also has the potential to introduce new hazards for patients.
These include, for example, organisation-wide unavailability of electronic drug charts or the failure to correctly display critical clinical information.
This has sparked urgent debate in the international health informatics community about the risks of harm associated with introducing this new technology.
Many standards
Authorities with responsibility for procuring and implementing healthcare IT have also been considering the options for managing the associated clinical risks.
In England, the NHS has adopted the following two standards for managing patient safety in the manufacture and implementation of healthcare IT:
- NHS DSCN 14/2009 Health Informatics — Application of clinical risk management to the manufacture of health software.
- NHS DSCN 18/2009 Health Informatics — Guidance on the management of clinical risk relating to the deployment and use of health software systems.
Only this week the new international standard, ISO / IEC 80001-1: Application of risk management for IT-networks incorporating medical devices, has been approved.
This standard is aimed at healthcare delivery organisations, and at ensuring that they assess the risks associated with integrating a medical device into a health IT network. It relies on medical device manufacturers and IT suppliers having already conducted safety work prior to bringing their product to market.
Sweden and Canada have chosen to deem all healthcare IT a medical device and therefore subject to medical device regulations. The knock-on effect of this, and the degree of compliance, is unclear.
But it is unlikely that all IT vendors, and even authorities that may be producing their own software, will have robust systems in place to demonstrate compliance with medical device standards and regulations.
The Medical Device Directive
Meanwhile the Medical Device Directive (MDD) – the regulatory framework applicable across the European Union – has been recently updated to include reference to standalone software.
The regulatory framework for medical devices has been in place since 1993 and aims to ensure a high level of protection of human health and safety, harmonised across Europe.
A number of regulatory changes were proposed by the European Commission, which resulted in a revision of the MDD which started in 2007, with the changes coming into force on 31 March 2010.
The revision to the MDD defines a medical device to mean:
“any instrument, apparatus, appliance, software, material or other article, whether used alone or in combination, together with any accessories, including the software intended by its manufacturer to be used specifically for diagnostic and/or therapeutic purposes and necessary for its proper application, intended by the manufacturer to be used for human beings for the purpose of:
- diagnosis, prevention, monitoring, treatment or alleviation of disease,
- diagnosis, monitoring, treatment, alleviation of or compensation for an injury or handicap,
- investigation, replacement or modification of the anatomy or of a physiological process,
- control of conception,
and which does not achieve its principal intended action in or on the human body by pharmacological, immunological or metabolic means, but which may be assisted in its function by such means.”
Patient safety is our industry’s primary goal and, in principle, Intellect fully supports the aims of the revisions to the MDD, which are to improve safety for patients.
However, there is a need for greater clarity as to how to interpret regulations that are not currently suited for application to eHealth systems. Alongside this there needs to be appropriate guidance in place to support the implementation of the change in the UK.
Intellect is committed to work on addressing these issues on behalf of industry and is talking to bodies like the Medicines and Healthcare Products Regulatory Agency (MHRA) about our concerns and how we address these.
What’s in?
The MHRA has informed Intellect that software or systems that manipulate, carry out calculations, enhance captured data or interpret information for decision support or diagnosis are likely to be deemed to be medical devices. Similarly, Telehealth systems may also be deemed medical devices.
What’s out?
The MHRA has clarified with Intellect that software that archives, transfers and retrieves data, but does not intend to change the data, is not a medical device. Similarly, e-prescribing software that replaces conventional paper-based prescriptions and patient administration systems are unlikely to be classified as medical devices.
Guidance for industry
Intellect has been asked by the MHRA to help create interim guidance for qualifications and classifications for the UK to be placed on the MHRA website. We are currently working on providing input to this, and it will include examples of systems that will be qualified and not qualified as medical devices and their classification.
This is a positive development for us as it will help the MHRA and the IT industry have a better understanding on how the MDD will affect individual suppliers and eHealth systems.
Intellect will also assist the MHRA in the development of implementation guidance at the EU level to make sure the UK position is promoted to the community working on qualification and classification.
It will also be important for us to continue our work at the EU level to ensure that developments in eHealth, which are becoming more sophisticated with more applications and functionality, are not stifled by EU regulations not being flexible enough to accommodate these developments.
Due to the importance of these issues, Intellect will continue to focus on moving the debate forward and ensure that we get an appropriate and proportionate outcome, to the benefit of all those involved with health IT.
About the author: Martin Ellis
Martin Ellis has a clinical background and has worked in public sector healthcare organisations for 20 years in clinical roles and as a leader in clinical risk management. For the past five years, he has been working for BT Health, leading the implementation of BT’s clinical safety management system for the development and implementation of eHealth systems in the UK and Internationally.
As chairman of the Intellect Suppliers’ Safety Committee, Martin represents the UK’s eHealth industry in discussions with government, industry regulators and business regarding patient safety. Martin is a UK expert for the British Standards Institute, and has been a delegate in the development of international standards relevant to this field.