A Tangled Web

Abstract:Internet-based Software-as-a-service (SaaS) applications for organizations working under Food and Drug Administration regulations have additional complications not faced by other organizations. SaaS offers a number of benefits, including easy expandability, support for a mobile workforce, and lower per-organization costs. A regulated organization should treat SaaS like an outsourced activity. They should perform both a diligent study of available options prior to selection and regular audits of the software once it has been adopted. One area of particular concern is the fact that upgrades are performed by the supplier rather than the customer, so a procedure must be established for validating upgrades. Another issue is the interface between vendor software and regulated organization, a process that must also be audited and validated. With proper understanding between SaaS vendors and regulated customers, regulated organizations can take advantage of the benefits of SaaS …

Access this article
Other ways to access this article

Social Bookmarking

Digg, delicious, NewsVine, Furl, Google, StumbleUpon, BlogMarks, Facebook

Good article, but I have to express my disappointment with the lack ONE word in this article regarding one of the most rapidly growing sectors of IT development -- that of "HIT" (Health Information Technology) and, relatedly, "HIE" (Health Information Exchange). More and more HIT vendors are providing web-based "SaaS" subscription models. The ONC/NIST HIT "certification" program is egregiously inadequate with respect to these now-nearly 2,000 systems and modules.

I have spoofed the issue here:


More seriously, I have written at length about the myriad HIT issues on my independent REC blog, at


There have been recurrent calls for FDA regulation of Electronic Health Records per se ("EHRs," part of "HIT"), given the continuing significant concerns regarding patient safety and HIT "usability." Recalcitrant docs are grumbling, and not without reason. Vendor support gets lousier by the month as the HIT vendors scramble for market share amid the Meaningful Use Money Chase. Bugs and bug fixes continue to plague the sector. The tort lawyers are also circling, ready to plow new liability ground stemming from HIT problems. Things will get ever more complex as FDA regulated medical devices (including real-time telemetry and DICOM/PACS) increasingly get plugged directly into EHRs (and, by extension, HIEs).

When I joined the REC effort two years ago, ASQ Health Care Division Chair Dr. Joe Fortuna reached out to me to see whether we might leverage the combined efforts of ASQ and ONC to help with the ARRA/HITECH HIT push and health care QI more broadly (the "Marshall Plan" idea). In turn, I reached out to a number of other ASQ divisions (e.g., Service Quality, Bio-Med, Quality Management, and Software Quality).

The ONLY response I got back was one from a Software Quality Division member. He had but ONE question:

Did I have ASQ permission to use the linked ASQ logo on my blog?

Joe Fortuna and I got essentially no traction with ONC/HITRC. It was all very polite, but, they have their own agenda, I guess. Of the ~5,000 ONC/REC/HIE people registered on the HITRC (our national collaborative site), I am apparently the only ASQ member.

I renew my call for ASQ to get involved with HIT QA/QI, particular as these important apps moving increasingly online and "cloud-based."

Bobby Gladd
ASQ Section 705

--Bobby Gladd, 03-07-2012

Featured advertisers