eSafety in eHealth the focus of HISA professional practice standard
The Health Informatics Society of Australia (HISA) has released a draft of Australia's first professional practice standard for eSafety, aimed at assuring patient safety in the implementation of eHealth.
While Australia has yet to get to the litigation stage over patient harms caused by a health IT system, issues such as the development of software as a medical device and the acknowledgement that IT safety, like IT security, should be primary rather than an afterthought have led to the development of guidelines for health informaticians and organisations on standards for professional practice.
Edited by David Rowlands, John Zelcer and Trish Williams, Assuring patient safety in relation to eHealth systems and applications: a professional practice standard is open for comment and consultation from the health informatics community, with two webinars to be held this month and next.
The standard puts forward a set of requirements for a systematic approach to the achievement of patient safety in relation to eHealth and is “capability oriented”, articulating a set of requirements or expectations of the existence of capabilities that collectively provide evidence of a systematic approach.
Associate Professor Williams, associate dean of the computing and security discipline and eHealth research group leader at Edith Cowan University's School of Science, said the driving force behind the development of the guidelines was to fill a gap for the profession and to allow individuals and organisations that might already be focusing on eSafety to benchmark themselves against the rest of the industry.
“There is more focus on the safety of health IT systems now, whether it is software or medical devices, but there is no one particular guidance for people working in health IT about eSafety, nothing about what they should be doing,” Dr Williams said. “This is designed to fill that gap and to guide them in what to do.”
There is the possibility that the standard will become part of accreditation or credentialing in the future, but Dr Williams said the main goal was to get it embedded in the eHealth culture and to educate people on what it is they should be looking for and to try to ensure the highest safety possible.
“It's a bit like security – often people don't even realise that things have been breached,” she said. “That's part of this document too, that people can start to recognise when things might potentially cause harm and to prevent it rather than trying to deal with it afterwards.”
The document sets out a number of requirements that organisations and individuals “should or shall” do, but Dr Williams said it was not meant to be overly prescriptive.
“Obviously different organisations will have other processes already, but part of this, especially when you first try to use it, is to integrate it with what the organisation currently does,” she said.
“This also allows organisations to benchmark themselves and see how closely they already do some of these things. I think that's an important part of it – you need to know where to start, and until someone say these are all the good things you should be doing, you don't know whether you are doing the right thing or not.”
The development of HISA's guidance comes as a new international standard regulating health software is set to come into force. While medical devices have very stringent certification processes they must undergo with Australia's Therapeutic Goods Administration (TGA) and the US Food and Drug Administration (FDA), there is little oversight of medical software, which over the years has developed far more capabilities that simple electronic medical records or patient administration databases.
“It is recognised that medical devices have to be FDA- and therefore TGA-approved and there is quite a strict regulatory framework around that, but where it is becoming more complicated is where that medical device is actually software as a medical device,” Dr Williams said.
“This is where it's getting a bit blurred. This particular professional practice standard sort of touches on that, but internationally it is well recognised.”
She said a new standard is due to be published this year by the International Standards Organisation (ISO) about the safety of health software, to be named ISO 82304 (reflecting the original designation for medical devices, which was 62304).
“At the moment everyone is struggling with even trying to define what software is and what is it when it becomes a medical device,” Dr Williams said. “If you have an app on your phone and it is measuring an aspect of your health, say your heart rate, does that make the phone a medical device?
“Part of the definition of a medical device is whether or not whatever it is used to inform a clinical decision or provide treatment. If you going to make decisions based on data from an app, there is no certification of its accuracy or clinical oversight. You would not know if the data is inaccurate, and if that would result in decisions about your health that may cause harm.”
The professional practice standard, its supporting resources and an information paper outlining the reason for the development of the standard is available on the HISA website for public comment. The first webinar will be held on Tuesday, March 22.
Dr Williams said the standard had already been through expert review, but the team would like to gauge the wider industry's view on its applicability and practicality.
Posted in Australian eHealth