The HIT Policy Committee said there's no need for substantial new regulation of health IT, but closer scrutiny according to regulation already in place--with cross-agency collaboration, of course. It said technology should be assessed according to level of risk and it called for greater transparency in the process.
Compiling its recommendations for the Food and Drug Administration Safety and Innovation workgroup, the Food and Drug Administration Safety and Innovation Act (FDASIA) of 2012 requires the secretary of Health and Human Services to report by January 2014 on a proposed risk-based strategy for developing a regulatory framework for health IT that promotes innovation, protects patient safety, and avoids regulatory duplication. The FDA, ONC and Federal Communications Commission will write the final framework.
The HIT Policy Committee predicted two categories: technology likely to be subject to regulation and that which is not. A key criteria, it said, would be whether the technology is intended to inform or change decision-making about a care intervention or a person's health management.
Among the technologies likely to fall under this definition:
- EHRs
- Decision support algorithms
- Visualization tools for anatomic, tissue images, medical imaging and waveforms
- Health information exchange software
While those likely to be exempt:
- Claims processing software
- Health benefit eligibility software
- Practice management / Scheduling / Inventory management software
- General purpose communication applications such as email or paging.
The technology would then be evaluated according to criteria including its complexity to use and maintain; its purpose; the severity of injury that could occur from it; and the likelihood that a risky situation could arise. Among the committee's recommendations:
- HIT should not be subject to FDA premarket requirements, with some exceptions.
- Vendors should be required to list products that pose some risk.
- Vendors should be required to list products that pose some risk.
- Establish clearer criteria for software functions that warrant regulation, or at least greater attention.
- Create a robust surveillance mechanism to track adverse events and near misses. A collaborative process is needed that includes self-reporting and vendor reporting.
- Approaches are needed to allow aggregation of safety issues at the national level. Cross-agency collaboration will be essential.
- It backed Institute of Medicine recommendations to encourage innovation and shared learning, maximize transparency, identify appropriate levels of accountability and minimize the burden of complying.
Fourteen groups weighed in with comments on the proposed framework. The Bipartisan Policy Center focused on the need for flexibility, so as not to stifle innovation.
Health attorney Bradley Thompson of law firm Epstein Becker Green, who serves as general counsel for the mHealth Regulatory Coalition, called the FDA's current regulatory framework outdated and called for a more holistic approach.
"Having multiple agencies overseeing a particular industry creates a substantial risk of throwing sand in the gears of innovation through duplicative and disjointed regulation," Thompson and his colleagues said in the white paper. "It can be very hard to serve two masters, let alone three."
To learn more:
- find the recommendations
- here's the Bipartisan Policy Center comments (.pdf)