• Regulation
  • Accrediting suppliers for procurement isn't enough

    An important part of eHealth regulation’s accrediting suppliers. An aim’s to be sure that functionalities and standards in supplier’s solutions match health system’s information requirements. It’s a good idea to match the two perspectives before procurement. It also avoids wasting time where bidders don’t comply, but it’s not enough.

    A USA Senator, Dr Bill Cassidy and Sheldon Whitehouse, don’t think accreditation’s good enough. Whitehouse has said ”After a health IT product is certified for use, there’s no way to ensure that it continues to deliver as promised for doctors and patients, and no way to easily compare one product to another,” so, they’re proposing legislation, the Trust Act, to improve it. These are important developments for Africa’s eHealth regulation and procurement.

    It aims to make health IT suppliers accountable for their systems’ performances in:

    Security Usability Interoperability (IOp).

    It’ll achieve this by establishing a Health IT Rating System so consumers can compare certified health IT products on the three criteria. The bill also establishes a process to collect and verify confidential feedback from healthcare providers, patients, and other users on usability, security and IOP.

    Other measures include:

    Making information, such as summaries, screen shots, or video demonstrations, showing how certified health information technology meets certification requirements publicly available Requiring the certification programme establish that health IT products meet applicable security requirements, incorporate user-centred design, and achieve IOP consistent with the reporting criteria used in the Health IT Rating Programme Requiring health IT vendors to attest that they don’t engage in specified information blocking, such as nondisclosure clauses in their contracts, as a condition of certification and maintenance of certification Authorises ways to investigate claims of information blocking and assess civil monetary penalties on anyone, or entity, found to have committed information blocking.

    These enhanced requirements should enable health ministries and other users to track the performance of their health IT providers beyond the procurement stage and into routine operation. It’s an important activity for Africa’s health systems and can step up their market power in regulation and procurement.

  • Is Africa's eHealth usability at risk?

    As Africa moves ahead on using EHRs, regulation, usability and procurement will converge. Usability’s an essential component of benefits, and regulation’s essential to setting EHRs’ and other eHealth usability standards and supplier certification. Procurement’s where these are applied. Africa’s health systems have a few challenges.

    Their eHealth regulations are well behind good practice. A study of eHealth regulation in Sub-Saharan African countries by South Africa’s Greenfield Management Solutions found that specific eHealth regulations are minimal, with reliance on general regulations such as data protection and telecommunications regulations. This status provides no basis for setting User-Centred Design (UCD) standards for usability for eHealth vendors to apply. Two main sources for these are one generic and one for EHRs.

    ISO 9241-210:2010 is generic. It has six core design principles for usability where design’s:

    Based on an explicit understanding of users, tasks and environments Users are involved throughout design and development Driven and refined by user-centred evaluation An iterative process It addresses the users’ whole experience Dealt with by multidisciplinary teams with an appropriate range of skills and perspectives.

    The USA has specific requirements. It’s National Institute of Standards and Technology has adopts NISTIR 7741 NIST Guide to the Processes Approach for Improving the Usability of Electronic Health Records. It’s principles are:

    Understand user needs, workflows and work environments Engage users early and often Set user performance objectives Design the user interface from known human behaviour principles and familiar user interface models Conduct usability tests to measure how well the interface meets user needs Adapt the design and iteratively test with users until performance objectives are met.

    It has six types of compliance:

    0 – Incomplete, so unable to carry out the process

    1 – Performed, where individuals carry out the process

    2 – Managed, where quality, time and resource requirements for the process is known and controlled

    3 – Established, where the process is carried out as specified by an organisation, and resources are defined

    4 – Predictable, where the performance of the process is within predicted resource and quality limits

    5 – Optimising, where an organisation can reliably tailor the process to particular requirements.

    By including these usability standards in eHealth regulations, health systems can expect vendors to comply with good practice, leading to good benefit’s realisation. Health systems can also check how far vendors comply with the standards. This is the crunchy bit.

    A team, led by Dr Raj M. Ratwani of MedStar Health, Washington, DC, has written a research letter to the Journal of the American Medical Association (JAMA). It says that many EHR vendors don’t comply with the usability standards. It’s an important finding because many EHRs have poor usability.

    The team reviewed documentation of 41 of the 50 certified vendors:

    34% failed to state their UCD process 46% used an industry UCD standard 15% used an internally developed UCD process 63% used less than the standard of 15 participants 22% percent used at least 15 participants with clinical backgrounds One vendor used no clinical participants 17% used no physician participants 5% used their own employees 12% lacked enough detail to determine whether physicians participated 51% didn’t provide the required demographic details.

    This poor compliance occurred in a highly regulated system, and was revealed. With African countries limited regulation, they’re more vulnerable to eHealth usability limitations, leading to reduced benefits and wasted resources. The next step’s simple: enhanced eHealth regulation for procurement. 

  • Start making sense of eHealth regulation in Africa

    Is the heightened interest in eHealth regulation in Africa a sign of eHealth on the move?

    A key lesson from successful countries is that regulation development closely follows eHealth service expansion. Acfee’s team learned this during a 2012 review of eHealth regulation in 48 countries in sub-Saharan Africa. We were members of a South African led consortium that compared African countries’ approaches to five countries outside Africa that have mature eHealth regulation. The comparison showed that African countries have some catching up to do. Knowing where and how to start are two crucial questions that need detailed answers.

    Over the last year, I’ve attended a number of eHealth events in various parts of Africa. Regulation has been a key topic, with interest growing. Despite recognition of the importance of regulation, most commentaries are speculative. There’s little agreement on how to move forward, including where to start, what the range of options looks like and what practical steps may help. So here are some suggestions. They’re for any healthcare organisation, hospital group, district health service or national ministry wanting to support eHealth expansion.

    Three simple steps you could lead are:

    Select a key eHealth service you already have in place, or you’d like to expand Identify the regulations you need to strengthen to help the service grow, but no more than five, and probably three Invite all the stakeholders who might feel the impact of the new regulations to meet you to share ideas on how to handle them, including your legal team, because they’ll have to prepare options to enforce the ideas you come up with.

    None of this is easy, and you’ll need a few more steps in place to make progress. You’ll need to build an eHealth regulation action plan that sets out how you’ll move along the three steps above, then onto implementation and into the regulation drafting process, in an iterative cycle. You’ll also want to choose a regulator, or appoint one, to manage the overall regulatory development process for you, and set up compliance reviews. Tom Jones shared some options for this in an eHNA article.

    You’ll want the regulator to work closely with you and your stakeholder group to choose which regulations are broad concepts that need to go into formal legislation, to send a clear signal and lay down solid foundations, and which more detailed regulatory rules you prefer to leave in the hands of the regulator to maintain agility as eHealth changes and new issues emerge. Finding the right balance is part of the reason why you’ll need lots of stakeholders with you to help explore the options and weigh their risks.

    If you’re anything like the professionals I’ve been meeting, you won’t be satisfied with this article. You’ll want to hear some regulatory language. Something you can try on and see whether it fits your situation. Fair enough. Starting next week, the Acfee team will begin sharing sample regulations we’ve come across in good practice countries, designed to support their expanding eHealth services. We hope that’ll help, though matching the samples to your context will still need the three steps I’ve outlined above.

    Taking the first step is important. It has to be towards the right direction for you.


    Image from weblivejournal.com

  • Does mHealth need regulatory bodies?

    Africa’s steady growth in mHealth initiatives highlights an important limitation in the continent’s activities: eHealth Regulation. Acfee's regulation database shows that African countries have a significant deficit in eHealth regulation. As mHealth grows in a largely random way, it exacerbates the regulation shortfall. What will help?

    Ideally, each country needs an eHealth regulatory body that will deal with mHealth as part of its brief. If this takes too long to set up, mainly due the time it can take to complete legislative cycles, an interim mHealth body can fill the gap. On behalf of Ministries of Health, it can undertake a range of activities that support health services. They include:

    Set standards for mHealth developers to conform to Certifying mHealth developers, suppliers, products and services Register developers Set standards for health organisations in the way they use mHealth Register health organisations that use mHealth Complete compliance reviews of developers, suppliers and healthcare organisations Sustain a constructive dialogue between developers, suppliers and healthcare users.

    Developing these needs a structured training and development programme for the regulatory teams. Certification, standard setting, and compliance reviews are skilled activities. Current capacities and capabilities are likely to be limited because the opportunities to develop and apply the techniques needed have been limited in African countries.

    These are less onerous activities than for eHealth as a whole. An advantage of starting with mHealth is that it lays a foundation for introducing eHealth regulation. A drawback is that any enabling legislation needed for mHealth, such as maintaining privacy, confidentiality and security, should be general and generic enough to apply subsequently to all eHealth. Despite this, it offers a manageable way into eHealth regulation.

    Acfee can help, by sharing data on good practice and by including regulatory strengthening in its growing eHealth curriculum.

  • Botswana's cyber-security strategy's in the pipeline

    The UK government, through the Commonwealth Telecommunications Organisation (CTO), has pledged to help Botswana develop its National Cyber security Strategy. ITWEB Africa says the strategy is expected to establish a national cyber-security policy framework, develop and harmonise appropriate legislation to address cyber-security challenges, create capacity building and public awareness on cyber security issues, and establish a National Computer Emergency Response Team (CERT).

    Botswana's Minister of Transport and Communications, Tshenolo Mabeo said "It is very important that we jealously guard the safety, security and resilience of the cyberspace, so that we can enjoy its socio-economic benefits." He added that the evolution and use of the cyber-space on shared principles, norms and procedures as an open access system is one of the greatest innovations that mankind has ever experienced but warns that it needs protecting and guarding from cybercriminals.

    The framework aims to help to guard healthcare data, which is vulnerable to cyber-attacks. The next step after the framework is to develop and apply effective cyber-security measures. 

  • More mHealth lessons for Africa? Lessons learned 3

    mHealth is offered as an important component of African countries’ eHealth strategies. As investment grows, it’s important to incorporate the lessons learnt, both good and bad.

    There’s no doubt that mHealth and its apps can reach many people and communities who need healthcare and opportunities to improve their health. Both SMS and apps can have a positive role that supplements Africa’s heavily constrained health workforce. It leads to the most important lesson of using mHealth to focus on people, communities and specific health needs. The opportunities are expanding daily.

    Where this results in a series of apps for each disease or condition, the challenge then is to combine the data into individuals’ medical records. Where these are EHRs, architecture and interoperability are essential components of mHealth initiatives. Dealing with them needs dedicated resources as mHealth initiatives expand.

    For effective mHealth, the Journal of the American Medical Association (JAMA) has highlighted concerns that safety of mHealth apps is unknown. This leads on to a conclusion that many apps could be problematic for users and caregivers. Alongside this, there may be cyber-security and regulatory concerns. These lead to questions for mHealth projects, such as, is the service safe, beneficial, compliant with regulations and secure?

    Other regulatory features of mHealth that need setting in place include:

    Who’s data is it? How does it link to other eHealth data? How is the data used for secondary purposes, such as population health management? How is maintenance and obsolescence dealt with? How does mHealth link securely to the Internet of Things (IoT)?

    Acfee maintains a regulatory model of 64 regulatory aspects and a roadmap for closing gaps, which may help African countries move forward.

    Another lesson is to ensure that mHealth initiatives are evaluated rigorously before and after implementation. Findings from mHealth that’s already operational provide insights and knowledge for future assessments and investment decisions.

    These findings are valuable for decisions on scaling-up mHealth. It’s a common challenge. With very scarce resources, scaling-up an mHealth initiative denies resources for a new mHealth initiative. Choosing between them is not easy. A middle way offers the opportunity to expand and keep innovating. African countries can have a mHealth strategy that allocates resources and finance for scaling-up and new ideas. A medium-term financial plan can help plan the way ahead.

    mHealth is still in its infancy across Africa. In addition to individual projects, it’s important that health ministries set a longer-term context where mHealth in Africa is widespread, integrated and keeps expanding.  It can help to set a scenario where mHealth app developers can see how they fit their ideas and imagination into health and healthcare priorities and opportunities. It can help to stimulate the flow of sustainable new apps too.

  • Telehealth regulations and grants might boost investment

    Telehealth’s been around for decades, but seem resistant to its big-scale opportunities. A report from PricewaterhouseCoopers (PwC) says that the USA’s recent regulatory action may make a difference. In this context, regulation includes reimbursement arrangements for telehealth services that include remote chronic care management and seven new procedure codes for telehealth, including annual wellness visits, psychotherapy and prolonged services in the office. Over 28 USA states, so more than half, have mandated, or are proposing common payments between telehealth and in-person visits.

    The regulations are in parallel with $8.6 million of telehealth grants. Much of this is used for equipment.

    PwC says the benefits are lower costs and better access. Many telehealth visits cost under $50, about a third of the costs of about $150 for office visits. These are matched by lower travel costs.

    Despite this, there are still barriers. Physicians must have a license in the originating site’s state’ prescribing privileges vary by state and reimbursement still remains a key challenge, despite initiatives by more than 28 states. Providers wanting to offer telehealth must define a business model for it that includes how it’s integrated into workflows, managing large data volumes from, sharing data with patients’ care teams and determining when remote technology is better than visits in person. Privacy and security are challenges too.

    For Africa’s telehealth initiatives, these offer a profile that can accompany projects and set clear requirements for actions by health ministries, healthcare providers and telehealth suppliers. Integrating these initiatives across all stakeholders offers a constructive way forward, with health ministries setting out the required regulations, budgets and priorities as the initial framework, and payers developing reimbursement models to keep pace with telehealth implementation.

  • GSMA shows the way for Africa's eHealth regulation

    GSMA has reviewed eHealth and related regulation in ten African countries. Unsurprisingly, it found gaps. These are equivalent to the findings of the South African company Greenfield Management Solutions report on eHealth regulation in 2013.

    Seven countries have a score of over 60% on 14 regulation components. They’re Ghana, Zambia, then Cote d’Ivoire, Kenya, Nigeria, Rwanda, Uganda. The 14 are:

    eHealth strategy, roadmap and policy Implementation eConsulting, eDiagnosing, eAdvising, ePrescribing, eDispensing National, regional or local governance and policy for implementation, support and monitoring of the eHealth strategy eTransaction and eSignature legislation Consumer protection eHealth regulatory body eLegislation Restrictions on sensitive data Data protection legislation for minimum standards eHealth or telemedicine codes of practice and guidelines Limitation of Service Provider Liability Restrictions on offshore data transfers Data protection legislation.

    Some important findings about mHealth adoption and regulation are:

    Regulation should be proactive and enabling, not one-size-fits-all Solutions can draw from global and local solutions Engage with all national stakeholders Embrace private sector mHealth initiatives, including cooperation  Consider the changing nature of the socio-cultural environment Provide guidelines for the quality and content of health information Safeguard users’ rights as owners of their information Have adequate data security, data protection and privacy laws Ensure adequate standards for data transfer and exchange Encourage and find alternative and pragmatic methods in a virtual environment.

    eHealth regulation always follows eHealth initiatives, so always has gaps. The goal is to minimise the gap; it’s impractical to close it and keep it closed. GSMA’s report offers a good way to keep regulation close to eHealth development.

  • Why should telemedicine regulations differ from conventional services?

    Some anxieties are creeping into the excessive requirements for telemedicine services compared to the regulations for conventional healthcare. The American Telemedicine Association (ATA) guidelines propose a principle that provides for “a standard of care for telemedicine equal to that of in-person care in order to promote patient safety, increase the quality of care and expand access and patient choice in health services.”

    FierceHealthIT has a report on the ATA’s application of its principles in its submission to the Federation of State Medical Boards’ (FSMB) proposed telemedicine regulations, its Model Policy for the Appropriate Use of Telemedicine Technologies in the Practice of Medicine. They include:

    Allows patients to choose the physician providing telemedicine, rather than be assigned one at random Define telemedicine as videoconferencing or store-forward technology, not telephone or email consultations Allow physicians to treat Medicare patients across state lines, not just in patients’ jurisdictions Don’t require physicians to reveal their details or her credentials before treatment because it sets a higher bar in-person visits.

    As African countries expand their telemedicine services, there are some good principles in both the ATA and FSMB documents worthy of consideration.

  • eHealth regulation never stands still

    A few months after completing the European Space Agency’s (ESA) eHealth Regulatory Study, developments in eHealth mean that the tools, techniques and data need updating.  The study had five international comparators. Recent expanded regulations in other countries need including. Some SSA countries have made progress on eHealth regulation, and their changes need adding too.

    Greenfield Management Solutions (GMS), the lead organisation for the study, agreed with ESA that tinTree International eHealth, a global eHealth network, will incorporate these changes into the study’s Reference Regulatory Model (RRM). It ensures that it is content is up to date.

    Another critical improvement is that SSA countries need to develop their eHealth regulation processes and organizations before they can begin to adopt eHealth regulations. These supporting topics are being linked in to the study’s original Regulatory Readiness Index (RRI) and (RRM). These create a new, broader model, tinTree’s Framework for eHealth Regulation (FeHR) to use with SSA countries in moving their current situations towards developing sustainable, affordable eHealth regulation.

    eHealth News Africa will continue to disseminate developments in eHealth regulation.