Summary Recommendations for Responsible Monitoring and Regulation of Clinical Software Systems

Established in 1927 by the American College of Physicians

Article

	Table of Contents

	Abstract of this article Free

	PDF of this article

	Figures/Tables List

	Articles citing this article

Services

	Send comment/rapid response letter

	Notify a friend about this article

	Alert me when this article is cited

	Add to Personal Archive

	Download to Citation Manager

	ACP Search

	Get Permissions

Google Scholar

	Search for Related Content

Social Bookmarking

What's this?

PubMed

Articles in PubMed by Author:

	Miller, R. A.

	Gardner, R. M.

POSITION PAPER

Summary Recommendations for Responsible Monitoring and Regulation of Clinical Software Systems

Randolph A. Miller, MD, and Reed M. Gardner, PhD

1 November 1997 | Volume 127 Issue 9 | Pages 842-845

Clinical software systems are becoming ubiquitous.A growingliterature documents how these systems can improve health caredelivery, but concerns about patient safety must now be formallyaddressed. In 1996, the U.S. Food and Drug Administration (FDA)called for discussions on regulation of software programs asmedical devices. In response, a consortium of organizationsdedicated to improving health care through information technologydeveloped recommendations for the responsible regulation andmonitoring of clinical software systems by users, vendors, andregulatory agencies. These recommendations were revised andapproved by the American Medical Informatics Association PublicPolicy Committee and Board. Other organizations reviewed, modified,and approved the recommendations, and the Boards of Directorsof most of the organizations in the consortium endorsed theguidelines. The consortium proposes four categories of clinicalsystem risk and four classes of monitoring and regulatory actionthat can be applied on the basis of the risk level. The consortiumrecommends that most clinical software systems be supervisedlocally and that developers of health care information systemsadopt a code of good business practices. Budgetary and otherconstraints limit the type and number of systems that the FDAcan regulate effectively; therefore, the FDA should exempt mostclinical software systems and focus on systems that pose highclinical risk and provide limited opportunity for competenthuman intervention.

Health care practitioners, clinical facilities, industry, andregulatory agencies share an obligation to manage clinical softwaresystems responsibly by using a common framework. Clinical softwaresystems are defined as algorithmic programs, related knowledgebases, and embedded interfaces that directly contribute to thedelivery of health care as opposed to inventory or accountingfunctions. Clinical software systems are ubiquitous, and a growingliterature documents how these systems can improve health careprocesses and outcomes. Although no reports suggest that useof clinical software systems causes substantial harm to patients,concerns about patient safety must be addressed.

In mid-1996, the U.S. Food and Drug Administration (FDA) calledfor discussions on the regulation of software programs as medicaldevices [1]. A 1989 draft policy [2], never adopted formally,served to guide FDA conduct. That draft policy recommended thatthe FDA exempt from regulation generic software (that is, content-freespreadsheet and database programs), educational systems thatmerely provide information, and systems that generate advicefor clinician-users in a manner that users can easily override.In response to the 1996 announcement by the FDA, a consortiumof health information-related organizations developed recommendationsfor public and private actions that are intended to responsiblymonitor and regulate clinical software systems. For a list ofconsortium organizations, see the Appendix.

We present a concise statement of the consortium's position.A more thorough and technically oriented version of this manuscriptis currently in press elsewhere [3]. That document describesbenefits of clinical software systems, obstacles to evaluatingand monitoring such systems, justifications for each consortiumrecommendation, information on participating organizations,and a summary of the consensus process. That report also includesan extensive bibliography.

The Complexity of Clinical Software Systems

Because clinical software systems are diverse and complex, itis difficult to determine their safety. Thousands of clinicalsoftware products compete in the commercial marketplace. Manyhome-grown systems exist, and biomedically oriented World WideWeb sites of variable quality proliferate in an uncontrolledmanner. Many installations are unique. Significant functionalchanges occur when a software product is integrated locallyinto a clinical information management infrastructure. Upgradesand maintenance increase the functionality, variety, and complexityof clinical systems. Finally, interactions between clinicalsoftware programs and individual users may cause unpredictableoutcomes that are not related to software malfunctions.

Past and Current Regulation of Clinical Software Systems

Through its mandate from the U.S. Congress to safeguard thepublic, the FDA has regulated marketing and use of medical devices.Section 201(h) of the 1976 Federal Food, Drug, and CosmeticAct [4] defines a medical device as any

"instrument, apparatus, implement, machine, contrivance, implant,in vitro reagent, or other similar or related article, includingany component, part, or accessory, which is ... intended foruse in the diagnosis of disease or other conditions, or in thecure, mitigation, treatment, or prevention of disease ... orintended to affect the structure or any function of the body."

Representatives for the FDA have stated that clinical softwareprograms, whether they are associated with biomedical devicesor stand alone, are "contrivances" and, therefore, fall withinthe FDA's realm of responsibility.

The FDA regulates medical devices that are 1) commercial productsused in patient care, 2) devices used in the preparation ordistribution of clinical biological materials [such as bloodproducts], or 3) experimental devices used in research involvinghuman participants. Commercial vendors of specified types ofmedical devices must register as manufacturers and list theirdevices with the FDA. Upon listing, the FDA classifies medicaldevices by category. In its regulation of classified medicaldevices, the FDA usually takes one of three courses of action.First, the FDA can exempt specific devices or categories ofdevices that are deemed to pose minimal risk. Second, the FDAuses the 510(k) process (premarket notification) for nonexemptsystems. Through the 510(k) process, manufacturers attempt toshow that their devices are equivalent in purpose and functionto low-risk (FDA class I or class II) devices that have alreadybeen approved by the FDA or to devices marketed before 1976.Such devices can be directly cleared by the FDA. Finally, theFDA requires premarket approval for higher-risk (FDA class III)products and products with new (unclassified) designs inventedafter 1976. Through the premarket approval process, a manufacturerprovides evidence to the FDA that a product performs its statedfunctions safely and effectively. Premarket approval is especiallyimportant for products that pose substantial potential clinicalrisk. Premarket notification and premarket approval usuallytake a few to many months to complete and may involve numerousiterations.

Exemption can take place in two ways: A device can be exemptfrom registration and thus not subject to 510(k) requirementsat all, or a category of listed (classified) devices may bespecifically exempted from certain regulatory requirements.When a nonexempt product is modified substantially (as definedby FDA guidelines), the vendor must reapply to the FDA for clearancethrough the 510(k) or premarket approval mechanisms.

Consortium Recommendations

The consortium believes that users, vendors, and regulatoryagencies, including the FDA, should adopt the recommendationslisted below. Several of these recommendations involve innovationsthat should be developed and tested on a limited scale beforethey are widely adopted. Detailed analysis of the potentialeffects on health care providers, patients, and vendors shouldprecede implementation of any new procedures for the regulationand monitoring of clinical software systems. At the same time,it is important that manufacturers, users, and patients notbe required to tolerate delays in critical improvements to softwarethat might result from excessive governmental or local reviewand approval processes.

Recommendation 1

The consortium proposes four categories of clinical softwaresystem risks and four classes of measured regulatory actionsas a template for determining how to monitor or regulate anyclinical software system (Table 1).

View this table:
[in this window]
[in a new window]

Table 1. Consortium Recommendations for Monitoring and Regulating Clinical Software Systems*

Decisions about whether to install and how to monitor clinicalsoftware systems should take into account 1) the clinical risksposed by software malfunction or misuse; 2) the extent of systemautonomy from user supervision and control [that is, the lackof opportunity for qualified users, such as licensed practitioners,to recognize and easily override clinically inappropriate recommendationsor other forms of substandard software performance]; 3) thepattern of distribution and degree of support for the softwaresystem, including local customization; 4) the complexity andvariety of clinical software environments at installation sites;5) the likelihood that systems and their environments will evolveand change over time; and 6) the ability of proposed monitorsor regulators to detect and correct problems in a manner thatprotects patients.

Recommendation 2

Clinical software systems should be supervised locally if possiblethrough the creation of software oversight committees (Table 1).

Local software installation sites have the greatest capabilityto detect software problems, analyze their effects, and developtimely solutions. It would be advantageous to develop a programof institutional- and vendor-level controls for most clinicalsoftware products rather than to mandate universal, national-levelmonitoring, which is likely to be cumbersome, inefficient, andcostly.

Institutional review boards are a federally mandated local monitoringprocess for the conduct of clinical research. Like institutionalreview boards, software oversight committees would serve asguardians to ensure that institutional research processes thataffect patients are conducted properly. However, the analogybetween the software oversight committee and the institutionalreview board is not complete because the responsibilities ofthe two groups differ. Software oversight committees would monitorprocesses that are far less discrete than formal research protocols.To protect patient safety and ensure that software programsdo not disrupt the integrity of clinical practice, local softwareoversight committees should enlist members with expertise inhealth care informatics, health care delivery, data quality,biomedical ethics, patient perspectives, and quality improvement.Software oversight committees should work with system administrators,users, and vendors to ensure that appropriate ongoing monitoringis in place to detect and address adverse events and that theoverall system performs as designed. They might apply pressureto correct vendor-product related problems when the usual meansof customer-vendor dialogue fail. Although software oversightcommittees need not install software or monitor software functionsdirectly, they must ensure that others do so in a manner thatprotects patient safety and institutional integrity. It willbe important to specify ethical guidelines for conduct of thesoftware oversight committee and rules for avoiding conflictsof interest between local employees (including members of softwareoversight committees) and commercial vendors (including employee-ownedenterprises).

Recommendation 3

Budgetary, legal, and logistic constraints limit the type andnumber of systems that the FDA can regulate effectively. TheFDA should focus regulatory efforts on systems that pose thehighest levels of clinical risk and that afford limited opportunitiesfor competent human intervention.

Most clinical software systems should be exempt from FDA regulation(Table 1). The FDA should require producers of certain intermediate-riskclinical software systems to list them as products with theFDA for monitoring purposes and should require that such productsundergo either premarket notification or premarket approvalprocesses if more than a threshold number of validated adverseevents are reported. The FDA should develop new, comprehensive,appropriate standards for labeling clinical software products[5].

Recommendation 4

Health care information system vendors and local software producersshould adopt a code of good business practices. These practicesshould include but should not be limited to guidelines for qualitymanufacturing processes; standardized, detailed product labeling;responsible approaches to customer support; and use of industry-widestandards for handling and sharing electronic information, includingstandards for the format, content, and transport of health careinformation.

Recommendation 5

Health information-related organizations should work with othergroups, including clinical professional associations, vendororganizations, regulatory agencies, and user communities, toadvance understanding and knowledge of approaches to regulatingand monitoring clinical software systems.

Summary

Top
Summary
Author & Article Info
References

The consortium has provided recommendations on how to developand implement processes for responsibly monitoring and regulatingclinical software systems. The goal is to encourage a coordinatedeffort that will safeguard patients, users, and institutionsas clinical systems are implemented to improve clinical careprocesses and that will support the development of innovativeand more effective software systems.

Appendix

Consortium members are the American Medical Informatics Association,the Center for Healthcare Information Management (CHIM), theComputer-based Patient Record Institute, the Medical LibraryAssociation, the Association of Academic Health Sciences Libraries,the American Health Information Management Association, theAmerican Nurses Association, and the American College of Physicians.

The Center for Healthcare Information Management is an organizationof corporations whose membership includes for-profit vendorsof clinical software systems. Through its executive leadership,CHIM reviewed successive drafts of this paper and contributedto its writing; however, CHIM was not the sole author of anyportion of this document. Care has been taken on the part ofCHIM and other consortium members to ensure that no commercialvendor has influenced the consortium recommendations in anyself-serving manner.

The Boards of Directors or Boards of Regents of the AmericanMedical Informatics Association, the Computer-based PatientRecord Institute, the Medical Library Association, the Associationof Academic Health Sciences Libraries, the American Health InformationManagement Association, the American Nurses Association, andthe American College of Physicians have endorsed the consortiumrecommendations. The CHIM Board of Directors has not formallyendorsed the consortium recommendations; CHIM supports the consortium'sposition and holds the opinions expressed in this document inall areas except for the definitions for proposed risk categoriesof clinical software systems and classes of regulations.

The American Thoracic Society, the Association of OperatingRoom Nurses, the American Radiological Nurses Association, andthe Society of Gastroenterology Nurses and Associates have sentletters in support of the consortium's position.

Dr. Gardner: LDS Hospital, 315 Eighth Avenue, Salt Lake City,UT 84132.

Author and Article Information

Top
Summary
Author & Article Info
References

For the American Medical Informatics Association, the Computer-based Patient Record Institute, the Medical Library Association, the Association of Academic Health Science Libraries, the American Health Information Management Association, and the American Nurses Association.
From the American Medical Informatics Association, Bethesda, Maryland.
Note: This document represents the opinions of the authors and not the positions of governmental or regulatory agencies. Dr. Miller is Past President (1994-95) and Dr. Gardner is President (1996-97) of the American Medical Informatics Association.
Acknowledgment: The authors thank Harold M. Schoolman, MD, for insightful comments.
Grant Support: In part by grants 5-G08-LM-05443 and 1-R01-LM-06226 from the National Library of Medicine (Dr. Miller).
Requests for Reprints: Randolph A. Miller, MD, Room 436 Eskind Library, 2209 Garland Avenue, Vanderbilt University Medical Center, Nashville, TN 37232.
Current Author Addresses: Dr. Miller: Room 436 Eskind Library, 2209 Garland Avenue, Vanderbilt University Medical Center, Nashville, TN 37232.

References

Top
Summary
Author & Article Info
References

1. Federal Register. 15 July 1996. 61:36886-7.

2. Young FE. Validation of medical software: present policy of the Food and Drug Administration. Ann Intern Med. 1987; 106:628-9.

3. Miller RA, Gardner RM, American Medical Informatics Association, Computer-based Patient Record Institute, Medical Library Association, Association of Academic Health Sciences Libraries, et al. Recommendations for responsible monitoring and regulation of clinical software systems. J Am Med Inform Assoc. [In press].

4. Public Law 94-295. Medical Device Amendments to the Federal Food, Drug, and Cosmetic Act (passed on 28 May 1976).

5. Geissbuhler AJ, Miller RA. Desiderata for product labeling of medical expert systems. International Journal of Medical Informatics. [In press].

CiteULike

Complore

Connotea

Del.icio.us Add to Digg

Digg

Facebook

Technorati

Twitter What's this?

This article has been cited by other articles:

T. S. Field, P. Rochon, M. Lee, L. Gavendo, S. Subramanian, S. Hoover, J. Baril, and J. Gurwitz
Costs Associated with Developing and Implementing a Computerized Clinical Decision Support System for Medication Dosing for Patients with Renal Insufficiency in the Long-term Care Setting
J. Am. Med. Inform. Assoc., July 1, 2008; 15(4): 466 - 472.
[Abstract] [Full Text] [PDF]

P. M. Kilbridge and D. C. Classen
The Informatics Opportunities at the Intersection of Patient Safety and Clinical Informatics
J. Am. Med. Inform. Assoc., July 1, 2008; 15(4): 397 - 407.
[Abstract] [Full Text] [PDF]

J. M. Walker, P. Carayon, N. Leveson, R. A. Paulus, J. Tooker, H. Chin, A. Bothe Jr., and W. F. Stewart
EHR Safety: The Way Forward to Safe and Effective Systems
J. Am. Med. Inform. Assoc., May 1, 2008; 15(3): 272 - 277.
[Abstract] [Full Text] [PDF]

J. A. Osheroff, J. M. Teich, B. Middleton, E. B. Steen, A. Wright, and D. E. Detmer
A Roadmap for National Action on Clinical Decision Support
J. Am. Med. Inform. Assoc., March 1, 2007; 14(2): 141 - 145.
[Abstract] [Full Text] [PDF]

G. J. Kuperman, R. M. Reichley, and T. C. Bailey
Using Commercial Knowledge Bases for Clinical Decision Support: Opportunities, Hurdles, and Recommendations
J. Am. Med. Inform. Assoc., July 1, 2006; 13(4): 369 - 371.
[Full Text] [PDF]

R. A. Miller, for Journal of the American Medical Informatics As, T. Groth, for Computer Methods and Programs in Biomedicine, A. Hasman, for International Journal of Medical Informatics, R. Haux, for Methods of Information in Medicine, A. T. McCray, for Methods of Information in Medicine, et al.
On Exemplary Scientific Conduct Regarding Submission of Manuscripts to Biomedical Informatics Journals*
J. Am. Med. Inform. Assoc., January 1, 2006; 13(1): 113 - 114.
[Full Text] [PDF]

R. A. Miller, R. M. Gardner, K. B. Johnson, and G. Hripcsak
Clinical Decision Support and Electronic Prescribing Systems: A Time for Responsible Thought and Action
J. Am. Med. Inform. Assoc., July 1, 2005; 12(4): 403 - 409.
[Full Text] [PDF]

J. S. Ash, M. Berg, and E. Coiera
Some Unintended Consequences of Information Technology in Health Care: The Nature of Patient Care Information System-related Errors
J. Am. Med. Inform. Assoc., March 1, 2004; 11(2): 104 - 112.
[Abstract] [Full Text] [PDF]

D. W. Bates, M. Cohen, L. L. Leape, J. M. Overhage, M. M. Shabot, and T. Sheridan
Reducing the Frequency of Errors in Medicine Using Information Technology
J. Am. Med. Inform. Assoc., July 1, 2001; 8(4): 299 - 308.
[Abstract] [Full Text] [PDF]

D. C. Classen
Clinical Decision Support Systems to Improve Clinical Practice and Quality of Care
JAMA, October 21, 1998; 280(15): 1360 - 1361.
[Full Text] [PDF]

				P. M. Kilbridge and D. C. Classen The Informatics Opportunities at the Intersection of Patient Safety and Clinical Informatics J. Am. Med. Inform. Assoc., July 1, 2008; 15(4): 397 - 407. [Abstract] [Full Text] [PDF]

				J. M. Walker, P. Carayon, N. Leveson, R. A. Paulus, J. Tooker, H. Chin, A. Bothe Jr., and W. F. Stewart EHR Safety: The Way Forward to Safe and Effective Systems J. Am. Med. Inform. Assoc., May 1, 2008; 15(3): 272 - 277. [Abstract] [Full Text] [PDF]

				J. A. Osheroff, J. M. Teich, B. Middleton, E. B. Steen, A. Wright, and D. E. Detmer A Roadmap for National Action on Clinical Decision Support J. Am. Med. Inform. Assoc., March 1, 2007; 14(2): 141 - 145. [Abstract] [Full Text] [PDF]

				G. J. Kuperman, R. M. Reichley, and T. C. Bailey Using Commercial Knowledge Bases for Clinical Decision Support: Opportunities, Hurdles, and Recommendations J. Am. Med. Inform. Assoc., July 1, 2006; 13(4): 369 - 371. [Full Text] [PDF]

				R. A. Miller, for Journal of the American Medical Informatics As, T. Groth, for Computer Methods and Programs in Biomedicine, A. Hasman, for International Journal of Medical Informatics, R. Haux, for Methods of Information in Medicine, A. T. McCray, for Methods of Information in Medicine, et al. On Exemplary Scientific Conduct Regarding Submission of Manuscripts to Biomedical Informatics Journals* J. Am. Med. Inform. Assoc., January 1, 2006; 13(1): 113 - 114. [Full Text] [PDF]

				R. A. Miller, R. M. Gardner, K. B. Johnson, and G. Hripcsak Clinical Decision Support and Electronic Prescribing Systems: A Time for Responsible Thought and Action J. Am. Med. Inform. Assoc., July 1, 2005; 12(4): 403 - 409. [Full Text] [PDF]

				J. S. Ash, M. Berg, and E. Coiera Some Unintended Consequences of Information Technology in Health Care: The Nature of Patient Care Information System-related Errors J. Am. Med. Inform. Assoc., March 1, 2004; 11(2): 104 - 112. [Abstract] [Full Text] [PDF]

				D. W. Bates, M. Cohen, L. L. Leape, J. M. Overhage, M. M. Shabot, and T. Sheridan Reducing the Frequency of Errors in Medicine Using Information Technology J. Am. Med. Inform. Assoc., July 1, 2001; 8(4): 299 - 308. [Abstract] [Full Text] [PDF]

				D. C. Classen Clinical Decision Support Systems to Improve Clinical Practice and Quality of Care JAMA, October 21, 1998; 280(15): 1360 - 1361. [Full Text] [PDF]