New Cybersecurity Guidances Under MDR and IVDR and Health Systems Invest in Remote Health Monitoring
The Medical Device Coordination Group (MDCG) published new guidance on Jan 6, 2020 to help manufacturers fulfill all the relevant cybersecurity requirements in Annex I of the Medical Devices Regulation and In-vitro Diagnostic Medical Devices Regulation. The new texts lay down certain new essential safety requirements for all medical devices that incorporate electronic programmable systems and software that are medical devices in themselves. They require manufacturers to develop and manufacture their products in accordance with the state of the art, taking into account the principles of risk management, including information security, as well as to set out minimum requirements concerning IT security measures, including protection against unauthorized access.
Presidents of the European Commission and European Council and UK Prime Minister Boris Johnson signed a withdrawal agreement that will see the UK continue to follow EU rules through the end of the year while seeking a deal for future ties with the EU. For medical devices and in vitro diagnostics, the current EU directives will still apply to the UK via the UK’s Medical Devices Regulations 2002 as amended by The Medical Devices Regulations 2019, which also transposes the upcoming EU Medical Devices Regulation and In Vitro Diagnostic Regulation into UK law. (RAPS 1/14/20)
The FDA warned that several GE Healthcare devices could be hacked to silence alarms connected to the devices, generate false alarms and interfere with alarms of patient monitors connected to these devices. The warning concerns GE’s Clinical Information Central Stations and Telemetry Servers, which FDA says are mostly used for displaying information such as a patient’s temperature, heartbeat and blood pressure, as well as monitoring a patient’s status from a central location in a facility, such as a nurse’s workstation. To date, the FDA is not aware of any adverse events related to these vulnerabilities.
The FDA has contracted the services of Dun & Bradstreet to conduct onsite verification of medical device facility information provided to the agency by registered and listed medical device manufacturers. Dun & Bradstreet may also contact firms not registered with the FDA that the agency has learned may be involved in the manufacture of medical devices. Participation is voluntary—if Dun & Bradstreet contacts your facility, we ask for your full cooperation so that we can verify your facility’s information is accurate. (FDA 1/8/20)
The proposed 2.3% tax on medical device sales have been eliminated because of a new federal spending package signed into law by President Trump late December. (MDDI 12/23/19)
88% of hospitals and health systems have invested, or plan to invest in remote patient monitoring technologies, including the use of smartphones and tablets, wearables, and electronic medical record portals. The combination of these trends and the reimbursement codes that were added in 2019 should create the “perfect storm” for remote patient monitoring to gain momentum in 2020. This will require an important adaptation of the current patient/provider paradigm, in which patient responsibilities are increased as they become an active participant in their own care delivery process.
(Healthcare IT News 1/21/20)
Payment for postoperative care is often included in surgical reimbursement rates, but chart reviews show that only a small amount of that care is actually delivered to patients. There is currently no mechanism in place for Medicare to verify the number and level of postoperative visits that each patient receives in bundled care programs. RAND researchers suggest that reimbursement rates for surgical procedures should not rely completely on physician survey data, but should also include information from electronic medical records and billing claims.
(Healthcare Finance 1/27/20)
Prior authorization (obtaining approval of payment from an insurance company before treatment) has become a standard part of the medical treatment process. The Council for Affordable Quality Healthcare, Inc. has found that cost of each prior authorization was $11 when performed manually, but that the cost is only about $4 when the transaction is completed fully electronically. Research estimates that complete adoption of electronic prior authorizations could save providers approximately $355 million.
(RevCycle Intelligence 1/24/20)
New common procedural technology (CPT) codes have been created by the American Medical Association to allow for billing for home use of an optical coherence tomography device. The new codes (0604T, 0605T and 0606T) are used for billing for the device, the set-up, and patient education. This is the first step in the process of establishing reimbursement for the new technology, the new codes will still have to be reviewed by Medicare, Medicaid and private health insurance companies for coverage determination.
(Healio Ocular Surgery News 1/9/20)
The Simbex Regulatory and Reimbursement Recap is a monthly briefing for news in the regulatory and healthcare reimbursement space relevant to Simbex areas of expertise. The briefing is curated by Amaris Ajamil, PhD, RAC, Simbex Senior Quality Assurance/Regulatory Engineer, Angela Smalley, PhD, Simbex Centers Project Leader, Project Evaluation, Mohammed Kazi, MS, Simbex Quality Systems Coordinator, and Laura Bleyendaal, MBA, Simbex Centers Fellow. A story’s inclusion does not imply endorsement by Simbex.