Thursday, April 3, 2014

HHS Publishes FDASIA Health IT Report

HHS released a draft report that includes a proposed strategy and recommendations for a health information technology (health IT) framework, which promotes product innovation while maintaining appropriate patient protections and avoiding regulatory duplication. The congressionally mandated report was developed in consultation with health IT experts and consumer representatives and proposes to clarify oversight of health IT products based on a product’s function and the potential risk to patients who use it.

The report was developed by the U.S. Food and Drug Administration (FDA) in consultation with two other federal agencies that oversee health IT: HHS’ Office of the National Coordinator for Health IT (ONC) and the Federal Communications Commission (FCC). The FDA seeks public comment on the draft document. Comments can be submitted HERE on regulations.gov

The agencies are also holding a three day public workshop on May 13, 14, and 15 2014 at the National Institute of Standards and Technology to discuss the framework and its components. I would encourage anyone interested in health IT including consumers, providers, and healthcare organizations to register for the workshop HERE. It will be available via webcast or in person, but registration is required.

“The diverse and rapidly developing industry of health information technology requires a thoughtful, flexible approach,” said HHS Secretary Kathleen Sebelius. “This proposed strategy is designed to promote innovation and provide technology to consumers and health care providers while maintaining patient safety.”

"ONC welcomes comment on the draft report and stands ready to collaborate with stakeholders to ensure that health IT is designed and used with both innovation and patient safety in mind," National Coordinator for Health IT Karen DeSalvo said.

“This proposed strategy will facilitate innovation, protect patients and support FDA’s focused oversight on higher risk technology, similar to medical devices that are currently regulated,” said Jeffrey Shuren, M.D., director of the FDA’s Center for Devices and Radiological Health. “FDA looks forward to additional stakeholder feedback on the proposed framework in this draft report.”

Included in the framework is a proposal for ONC to create a public-private Health IT Safety Center in collaboration with the FDA, the FCC, HHS’ Agency for Healthcare Research and Quality (AHRQ) and other stakeholders. The Health IT Safety Center would work on best practices and provide a forum for the exchange of ideas and information focused on patient safety.


In the FDASIA legislation Congress required the FDA, ONC, and FCC to develop “a report that contains a proposed strategy and recommendations on an appropriate, risk-based regulatory framework pertaining to health information technology, including mobile medical applications, that promotes innovation, protects patient safety, and avoids regulatory duplication.” This report fulfills that requirement. The report proposes a risk-based regulatory framework for health IT which focuses on the functionality of health IT products not the platform themselves. The report suggests there will be few changes to most regulatory policies, and although they touch on mobile health applications, they don’t provide any new details on how the FDA will regulate mobile health apps deemed to be regulated medical devices or accessories to medical devices.

The proposed strategy identifies three categories of health IT:
  • Administrative health IT functions (requiring no additional oversight),
  • Health management health IT functions (no FDA oversight), and
  • Medical device health IT functions (FDA oversight continues).

Medical device health IT functionality is where FDA will focus its oversight. Oversight of health management health IT will be through the enforcement of standards and through testing and certification, primarily overseen by the ONC. Conformance to standards will be used to meet some regulatory requirements. This is the area that will have the broadest impact on the health information exchange market. The report concludes that product testing, certification and accreditation can provide assurance that certain products, services, systems, or organizations meet specified standards or fulfill certain requirements. They recommend that these tools should be used and applied in a risk- based manner to distinguish high quality products, developers, vendors and organizations from those that fail to meet a specified level of quality, safety, or performance. They also recommend that non- governmental, independent programs to perform conformity assessments should be developed to fill current gaps.

As I mentioned, they have also proposed the creation of a Health IT Safety Center (funding has already been included in the President's budget request to Congress). This public-private entity would be created by ONC, in collaboration with FDA, FCC, and the Agency for Healthcare Research and Quality (AHRQ), with involvement of other Federal agencies, and other health IT stakeholders. They are seeking comment on how to best implement the creation of this entity. Instead of regulation, they will rely mainly on stakeholders reaching a consensus and voluntarily abiding by agreed-on industry standards.

Health management HIT functions (clinical software), includes but is not limited to: health information and data management, data capture and encounter documentation, electronic access to clinical results, most clinical decision support, medication management (eMAR), electronic communication and coordination among providers and patients, provider order entry, knowledge (clinical evidence) management, and patient identification and matching. “The agencies believe the potential safety risks posed by health management IT functionality are generally low compared to the potential benefits and must be addressed by looking at the entire health IT ecosystem rather than single, targeted solutions,” the report says. The report identifies the following four key priority areas for health management health IT functionality and then outlines some potential next steps that could be taken to help more fully realize the benefits of health IT:

  1. Promote the Use of Quality Management Principles;
  2. Identify, Develop, and Adopt Standards and Best Practices; They identified the following specific focus areas for standards and best practices implementation:
    • Health IT design and development, including usability;
    • Local implementation, customization and maintenance of health IT;
    • Interoperability;
    • Quality management, including quality systems;
    • Risk management.
  3. Leverage Conformity Assessment Tools; and
  4. Create an Environment of Learning and Continual Improvement.


The report recommends that entities be identified to develop tests to validate interoperability, test product conformance with standards, and transparently share results of product performance to promote broader adoption of interoperable solutions. It will be very important to engage with the agencies during the comment period and the public meetings that will be scheduled over the next 90 days. It is also very likely that there will be hearings on Capitol Hill to review the report and it is possible that additional legislative action could be taken

There was a teleconference held on Thursday April 3, 2014 at 4:00 pm by the FDA, ONC and FCC to discuss the report and respond to questions. The panel was moderated by Stephanie Joseph, MPH, Health Programs Coordinator, Office of Health and Constituent Affairs, Office of External Affairs, FDA

Panelists included:
  • Jeffrey Shuren, M.D., J.D., Director, Center for Devices and Radiological Health, FDA
  • Jodi Daniel, Director of the Office of Policy Planning,  ONC
  • Matthew Quinn, Director, Healthcare Initiatives, FCC
Audio of the panel is below