The regulatory landscape is changing rapidly to accommodate new technologies as government regulators strive to find a balance between security and encouraging innovation in medicine.
The Internet of Medical Things Resilience Partnership Act (2017) calls on the FDA and NIST (National Institute of Standards and Technology) “to build a team of healthcare and security professionals drawn from the public and private sectors to consolidate known cybersecurity best practices into one centralized frame of reference,” basically, to create a universal best-practices guide for healthcare providers.
In addition, the increasing number of ransomware attacks on healthcare providers resulted in the FDA releasing guidance and webinars to address cybersecurity issues in healthcare.
The FDA provides guidelines on how to approach cybersecurity at Software as a Medical Device (SAMD): Clinical Evaluation.
Conversely, the Changes to Existing Medical Software Policies Resulting from Section 3060 of the 21st Century Cures Act provides a list of software products which are “no longer considered medical devices” and are, therefore, no longer under the FDA’s jurisdiction.
Furthermore, state regulations are catching up to the popular use of telehealth, with 44 states collectively introducing over 200 pieces of legislation on the subject. It is important for physicians to track the regulations in their own states as all states differ in how telehealth is defined and regulated. State Telehealth Laws and Reimbursment Policies provides an overview of telehealth-related laws, regulations and policies for all 50 states and the District of Columbia.
Another tech snafu that physicians should be made aware of is that the government recently noted that Alexa, Amazon’s voice-activated assistant, is not compliant with HIPAA (Health Insurance Portability and Accountability Act).
This announcement became necessary due to the increasing number of providers who have started to use Alexa and its competing platforms in “innovative ways” in their facilities. Even should Alexa be made compliant, providers will still need “to execute a Business Associate Agreement with Amazon, or its related entities,” revise their policies and procedures to cover HIPAA-compliant use of Alexa, and update their privacy notices.
In conclusion, though some of these guidelines are voluntary at present, experts believe that early adoption will be beneficial. There is an expectation that more stringent regulations will be introduced down the road.
Source: AskWonder