On April 3, 2014, the Food and Drug Administration (“FDA”), in collaboration with the Office of the National Coordinator for Health Information Technology (“ONC”) and the Federal Communications Commission (“FCC”), released a congressionally mandated report which proposes to clarify oversight of health information technology (“health IT”) based on a product’s function and the potential risk to patients who use it. The full draft report can be viewed here.

Similar to the FDA’s September 2013 guidance on how it would regulate mobile medical apps, this report proposes a strategy based on the premise that risk and corresponding controls should focus on health IT functionality– not the platform(s) on which such functionality resides.  As such, the FDA has identified three categories of health IT: (1) administrative health IT functions (2) health management health IT functions, and (3) medical device health IT functions.  The following table provides examples of the three categories and describes the FDA’s regulatory approach for each:

 

Health IT Category Examples (includes but not limited to) Level of Oversight
Administrative functionality Billing and claims processing, practice and inventory management,  scheduling, general purpose communications, determination of health benefit eligibility, population health management, reporting of communicable diseases to public health agency, quality measure reporting No additional oversight necessary
Health management functionality (sometimes referred to as “clinical software”) Health information and data exchange, data capture and encounter documentation, electronic access to clinical results, most clinical decision support, medication management, electronic communication and coordination, provider order entry, knowledge management, patient identification and matching Not focus of FDA oversight given proposed risk-based framework for health management  health IT
Medical device functionality Computer aided detection/diagnostic software, remote display or notification of real-time alarms from bedside monitors, robotic surgical planning and control Focus of FDA oversight

 

A significant portion of the FDA’s report focuses on the proposed framework for health management health IT functionalities.  Instead of recommending a new or additional area of FDA oversight, the report recommends a limited, narrowly-tailored approach that primarily relies on ONC-coordinated activities and private sector capabilities.  Four key priority areas for health management health IT include: (1) promote the use of quality management principles (2) identify, develop, and adopt standards and best practices (3) leverage conformity assessment tools and (4) create an environment of learning and continual improvement.

The framework also  includes a recommendation for ONC to create a public-private Health IT Safety Center, in collaboration with FDA, FCC, and Agency for Healthcare Research and Quality (“AHRQ”) and other health IT stakeholders. This Center would work on best practices and provide a forum for the exchange of ideas and information focused on promoting health IT as an integral part of patient safety.

What do you think about the FDA’s health IT report?  The FDA is seeking public input on a number of specific questions related to the report’s recommendations– the report is open to public input/comment for 90 days.  For more information about the FDA report or health IT regulatory issues, please contact Jefferson Lin or David Schoolcraft.