Today, the three federal agencies charged with regulating components of health information technology (“Health IT”) issued their long-awaited Health IT Report: Proposed Strategy and Recommendations for a Risk-Based Framework (the “Report”). The Report seeks to develop a strategy to address a risk-based regulatory framework for health information technology that promotes innovation, protects patient safety, and avoids regulatory duplication.
Congress mandated the development of the Report as part of the 2012 Food and Drug Administration Safety and Innovation Act, requiring the Food and Drug Administration (“FDA”), the Office of the National Coordinator for Health Information Technology (“ONC”), and the Federal Communications Commission (“FCC”) to coordinate their efforts to regulate Health IT. Notably, the Report identifies and distinguishes between three types of Health IT: (i) health administration Health IT, (ii) health management Health IT, and (iii) medical device Health IT.
The recommendations in the Report include continued interagency cooperation and collaboration, the creation of a public-private safety entity—the Health IT Safety Center—and a risk based approach to the regulation of Health IT. The Report emphasizes that the functionality of Health IT and not the platform for the technology (mobile, cloud-based, or installed software) should drive the analysis of the risk and the regulatory controls on Health IT.
In very good news for the Health IT community, the Report included a recommendation that, “no new or additional areas of FDA oversight are needed.” The report emphasized that even if the functionality of health management Health IT meets the statutory definition of a medical device, the FDA will not focus its oversight attention in this area. The Report gives additional guidance on clinical decision support (“CDS”) tools, clarifying that a number of CDS tools can be categorized as health management Health IT and do not require further regulation by FDA. However, the Report noted that certain types of CDS tools that are currently regulated as medical devices by the FDA would continue to be so regulated. These FDA-regulated CDS tools include computer aided detection and diagnostic software and robotic surgical planning and control tools.
The agencies intend to convene a public meeting on the proposed strategy within 90 days and to finalize the Report based on public input.