eHealth is the use of new information and communication technologies to support or improve health and healthcare. Internet technology in particular plays an important role. Information and communication are of vital importance in healthcare.
Healthcare providers and patients are increasingly using electronic devices to communicate and share information. eHealth involves both risks and benefit for the safety of patients and products. It is important for the Inspectorate that there is a proper balance between these risks and the benefit. Risks have to be controlled as much as possible. The Dutch Health Care Inspectorate focuses on the themes below in supervising eHealth
Software as a medical device
A software product is a medical device if it has a diagnostic or therapeutic functionality. That is often apparent for software that is part of a medical device. For example, an MRI scanner, a medical device for imaging the internal body, contains software for the proper operation of this device. However, stand-alone software, i.e. software that is not part of a medical device, can also legally be a medical device itself. For example, a software product to display the MRI images for a healthcare provider. Products based on a patient's medical data that inform the user about illnesses that have not yet been discovered are also medical devices. Aside from the many possibilities these types of software products provide for patients and healthcare providers, they also introduce risks to patient safety. The Inspectorate considers it important that these risks are managed properly.
In 2013, the Inspectorate organised two conferences to inform manufacturers, software vendors and healthcare providers that software products with a medical purpose can also legally be a medical device. Aside from the Inspectorate, manufacturers and healthcare institutions provided presentations on software as a medical device. The Inspectorate revealed during the conference that starting from 2014, it would initiate enforcement activities in the event of unlawful practices.
Legislation on the subject:
Review article on medical software: development of rules and supervision
When is software a medical device according to the law? How does the Inspectorate judge this and has the Inspectorate monitored this up to now? In this article you will read about the development of software as a medical device and its supervision. The article describes the legislative framework and related standards such as IEC 62304 and ISO 27001. There is also more information about the main conclusions of the Inspectorate thus far. For example, risk analyses and clinical evaluation often show vulnerabilities at the manufacturers visited.
Secure transfer of information
Much goes wrong in the communication between healthcare providers. Use of ICT can facilitate communication. If parties use automated systems to communicate, there must be agreements on the terminology and technical standards. Agreements must also be made on a minimum core set of data that summarise the health of patients. An example is the (CCR) standard. The Inspectorate has called upon the field to address this and ensures effective implementation since these are important prerequisites for secure transfer of information in healthcare.
Secure safeguarding of confidential medical patient information from unauthorised access is a responsibility of the healthcare field. The standards below describe methods for ensuring availability, integrity and confidentiality. This concerns all the information needed to provide appropriate care of patients.
- NEN 7510 – Information security in healthcare (in Dutch).
- NEN 7512 – Information security in healthcare – Basis of trust for data exchange (in Dutch).
- NEN 7513 – Medical informatics – Logging – Documenting actions on electronic patient records (in Dutch).
The Inspectorate has included these field standards in its supervision.
Electronic Prescription System (EPS)
The Inspectorate believes that deployment of systems for EPS is important because it contributes toward improving medication safety. EPS offers assistance in complex medication decisions during prescription. Deployment of EPS also prevents errors resulting from unreadable prescriptions.
Safe use of eHealth
Several incidents in healthcare are known in which software played a significant role. Analyses show that software is often used irresponsibly. It involves, for example, specifying a schedule of requirements, validation, formal acceptance and then deployment of software. The Inspectorate is detailing this theme as part of its supervision on eHealth.
The NEN 8028 standard was developed for the appropriate development and safe use of eHealth; this formed the basis for its international equivalent, ISO 13131. These standards can only be accessed after payment.