Charged by Congress with coming up with a framework for health IT interoperability as more and more connected devices flood both the consumer and provider-side health care markets, a panel led by the Food and Drug Administration (FDA) released its first report, in which it proposed leaving most health care IT free of additional layers of regulation and focusing instead on the devices that have the most potential to interact with and cause harm to patients.
The panel, authorized by the Food and Drug Administration Safety and Innovation Act (FDASIA), consists of representatives from the FDA, the Federal Communications Commission (FCC) and the HHS Office of the National Coordinator for Health Information Technology (ONC).
Creation of the panel was driven by the need to build a regulatory framework around health IT, which runs the gamut from smartphone and tablet applications consumers are buying and using to track their own health, provider side database-type technology such as electronic health record (EHR), billing and scheduling software and clinical decision support technology, to devices that can automate delivery of actually ordered clinical care.
The early returns from the report, known as the FDASIA Health IT Report, are good news because the panel has largely recommended that most technology now in use and under development for health care use remain free of any sort of additional regulatory burden, beyond what presently exists to regulate those devices or technology.
In its release of the report, the panel stressed it plans to pursue a risk-based regulatory framework that reserves any additional regulatory efforts on the devices that hold the most potential to directly and negatively impact patients.
Remember, the draft report is just a first step. The panel plans to hold an open meeting in May to solicit additional feedback and plans to accept written comments on the report as well. Once the comments and feedback are received, the panel will follow with draft recommendations for any new or additional regulation. There would then be an additional comment period before anything is ultimately finalized.
The approach taken by the panel in the report was to divide health IT into three different areas – administrative health IT, health management health IT and medical device health IT.
First, let’s look at administrative health IT. The panel defined this as things such as admissions software, billing and claims management software and population or inventory management systems. No additional regulation was recommended for this area because the panel felt that there was no additional oversight necessary to ensure patient health.
Next is health management health IT. This includes encounter documentation and data capture tools, EHR systems, most clinical decision support that does not involve medical devices, order entry, clinical evidence management devices and medication management.
Again, the panel recommended not adding to the regulatory framework here, opting to pursue what it considers to be a risk-based framework because the overall patient risk from these devices is generally considered to be very low.
The risk-based framework relies on four priority areas:
- Promote the Use of Quality Management Principles – This relies on a quality systems approach when it comes to the design, development, implementation and customization capability of health IT.
- Identify, Develop and Adopt Standards and Best Practices – The purpose of this is to ensure the delivery of consistently high quality health IT products for both health care entities and consumers.
- Leverage Conformity Assessment Tools – The panel believes that ensuring products are delivered according to specified standards for performance will help ensure high-quality products are created and then distinguished from products that fail to meet risk-based standards.
- Create an Environment of Learning and Continual Improvement – Finally, the panel believes transparent reporting, analysis and aggregation of safety issues through a health IT safety center will provide an environment of openness with a goal of product improvement, rather than punitive reactions to incidents. Public and private stakeholders would be a part of the Health IT Safety Center.
It’s the panel’s belief that using this risk framework instead of going for specific regulation will foster an environment of continued product improvement, while being considerate of the low likelihood these health management health IT devices will cause patient harm.
Finally, the last area of health IT considered by the report is known as medical device health IT, which was defined by the panel as technology such as computer aided detection or diagnostic software, radiation treatment planning and robotic surgical planning and control software.
An example cited on a conference call announcing the release of the report focused on radiation treatment planning technology that facilitates the automatic and targeted administration of radiation doses based on a provider’s order. In that instance, the panel would want to make sure the patient was protected if the device were to malfunction, to be sure it would not either administer too much radiation, or administer it to areas where the patient didn’t need it.
The fact that this medical device health IT is the focus of regulatory efforts doesn’t mean that all areas are automatically assured of additional regulation. The panel was clear that, in many cases, the risk-based framework described above would be effective.
Examples cited for this approach included alerts for drug-drug and drug-allergy interactions, drug dosing and formulary guidelines, duplicate testing alerts, diagnoses suggested for a specific patient by an EHR and evidence-based clinician orders.
One area the panel plans to hone in on through the comment process is to differentiate the specific types of medical device health IT that need an additional regulatory framework from those that do not. It’s one of the specific areas where additional comments are being sought.
Areas where the panel needs more feedback
Throughout its report, the panel asked for comments on some specific areas as it prepares to move to draft recommendations. Here are some of those areas:
- What quality management principles should apply to health IT and how should they be applied to different stakeholders and different stages of product lifecycle?
- How should stakeholders be held accountable for adhering to quality management principles?
- Are there priority areas for standards in health IT?
- How can the private sector play a role in the development of health IT standards and best practices? Is there a role for a non-government entity?
- What conformity assessment tools should be in a risk-based health IT framework and how should they be applied to different stakeholders and different stages of the product lifecycle?
- Should interoperability be tested and, if so, how should standards be developed and adopted for conformity assessments?
- How should the intended user of health IT affect conformity assessments and how should results of conformity assessment be communicated?
- How should a Health IT Safety Center be governed in order to serve as a central point for a learning environment, complement existing systems, facilitate reporting, and promote transparent sharing of adverse events, near misses, lessons learned, and best practices?
- How can the private sector help to develop a non-governmental process for listing selected health IT products? What types of products and information should be included?
- What role should government play in creating an environment of learning and continual improvement for health IT?
- What types of clinical decision support tools and devices should be subject to a health management health IT framework?
- How should the four areas identified in the risk-based framework be prioritized when it comes to clinical decision support in a health management health IT framework?
- Does the certification of CDS functionalities, such as those functionalities currently certified under the ONC Health IT Certification Program, sufficiently balance patient safety and the promotion of innovation?
- How can the private sector help assure the facilitation of the development, application and adoption of high quality CDS with health management health IT functionality in lieu of a regulatory approach? What role, if any, should government play?