Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

23andMe Testing Shut Down by FDA

Posted on November 25, 2013 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I’ll admit that I’m not an expert on FDA clearance, but I found this notice from the FDA to 23andMe really interesting. As stated in the notice, “23andMe must immediately discontinue marketing the PGS until such time as it receives FDA marketing authorization for the device.”

The letter does specify that 23andMe has been working with the FDA since July 2, 2012, but something has gone wrong in 23andMe’s clearance process. It does offer the following explanation of the issues the FDA has:

This product is a device within the meaning of section 201(h) of the FD&C Act, 21 U.S.C. 321(h), because it is intended for use in the diagnosis of disease or other conditions or in the cure, mitigation, treatment, or prevention of disease, or is intended to affect the structure or function of the body. For example, your company’s website at www.23andme.com/health (most recently viewed on November 6, 2013) markets the PGS for providing “health reports on 254 diseases and conditions,” including categories such as “carrier status,” “health risks,” and “drug response,” and specifically as a “first step in prevention” that enables users to “take steps toward mitigating serious diseases” such as diabetes, coronary heart disease, and breast cancer. Most of the intended uses for PGS listed on your website, a list that has grown over time, are medical device uses under section 201(h) of the FD&C Act. Most of these uses have not been classified and thus require premarket approval or de novo classification, as FDA has explained to you on numerous occasions.

Some of the uses for which PGS is intended are particularly concerning, such as assessments for BRCA-related genetic risk and drug responses (e.g., warfarin sensitivity, clopidogrel response, and 5-fluorouracil toxicity) because of the potential health consequences that could result from false positive or false negative assessments for high-risk indications such as these. For instance, if the BRCA-related risk assessment for breast or ovarian cancer reports a false positive, it could lead a patient to undergo prophylactic surgery, chemoprevention, intensive screening, or other morbidity-inducing actions, while a false negative could result in a failure to recognize an actual risk that may exist. Assessments for drug responses carry the risks that patients relying on such tests may begin to self-manage their treatments through dose changes or even abandon certain therapies depending on the outcome of the assessment. For example, false genotype results for your warfarin drug response test could have significant unreasonable risk of illness, injury, or death to the patient due to thrombosis or bleeding events that occur from treatment with a drug at a dose that does not provide the appropriately calibrated anticoagulant effect. These risks are typically mitigated by International Normalized Ratio (INR) management under a physician’s care. The risk of serious injury or death is known to be high when patients are either non-compliant or not properly dosed; combined with the risk that a direct-to-consumer test result may be used by a patient to self-manage, serious concerns are raised if test results are not adequately understood by patients or if incorrect test results are reported.

The 23andMe website doesn’t say anything about the FDA letter, but the company did put a statement for the media on their Facebook page. I guess Facebook is the new media hub for organizations (although, I found it from this tweet)

We have received the warning letter from the Food and Drug Administration. We recognize that we have not met the FDA’s expectations regarding timeline and communication regarding our submission. Our relationship with the FDA is extremely important to us and we are committed to fully engaging with them to address their concerns.

That’s a pretty vague statement. It is interesting that they chose to acknowledge that they haven’t met the FDA’s expectations. You can be sure there’s a whole lot more to this story and 23andMe’s interactions with the FDA.

Considering the big name people behind 23andMe, it will be really interesting to see this battle play out. It could certainly set precedent for many other healthcare applications in the future.

Should Patients Care About Their Doctors’ Text Messages?

Posted on I Written By

The following is a guest blog post by Dr. Jose Barreau, CEO of Doc Halo.

For all the money they spend on state-of-the-art EMRs, compliance officers and other measures to ensure they’re protecting their patients’ medical information, many healthcare organizations have a gaping hole in their security.

Physicians and other clinicians are as apt as anyone to send a quick text to a colleague. Maybe an attending physician wants to ask a resident about test results or an office worker needs to pass along a patient’s question.

But standard SMS text messages are not HIPAA compliant. Communicating protected health information in this way could compromise patient privacy and expose your organization to substantial fines.

That’s not to say doctors shouldn’t text. Because of its instantaneous nature, mobile messaging can improve efficiency and quality of care. But healthcare providers should make sure they’re using a secure texting platform.

If you have a non-HIPAA-compliant texting habit, you’re in good company. In research last year, nearly 60 percent of physicians at children’s hospitals said they sent or received text messages for work.

It’s easy to view text messages as “off the record.” Chances are they aren’t going into an EMR, and there’s a sense that no one but the sender and recipient will see them.

But when you fire off a text, you don’t know where it will end up. Some of these text messages contain sensitive details of diagnosis and treatment that have been discussed.  Also it’s hard to say whose servers the messages might be stored on, or for how long.  When patients entrust healthcare providers to care for them, they expect their data to be cared for, too.

The Department of Health and Human Services certainly knows about the problem. Last year the agency told an Arizona physicians practice to address the issue in a risk-management plan. The group “must implement security measures sufficient to reduce risks and vulnerabilities to ePHI to a reasonable and appropriate level for ePHI in text messages that are transmitted to or from or stored on a portable device.”

Healthcare providers can text about their patients without violating HIPAA — but only with secure messaging technology. Here are features to look for in a healthcare texting solution:

  • Encryption at all levels — database, transmission and on the app — with federally validated standards
  • Tracking of whether messages have been delivered, with repeated ping of the user
  • A secure private server that is backed up
  • Remote mobile app wipe option if a phone is lost or stolen
  • Automatic logout with inactivity
  • Ability to work on all spectrums of cell data and Wi-Fi for broad coverage
  • Limited data life — for example, 30 days — for messages

Patients benefit when their healthcare providers have quick and secure ways to stay in touch. A secure text messaging platform can help you to provide better care while avoiding HIPAA violations.

Doc Halo, a leading secure physician communication application, is a proud sponsor of the Healthcare Scene Blog Network.