The federal government has released its long-awaited proposed healthcare IT regulatory framework, with technology divided into three general categories based on the risk it poses to patient safety.
Medical devices, such as EKGs and other computer-aided detection and diagnosis systems, would remain under Food and Drug Administration oversight. The Office of the National Coordinator for Health IT would oversee health management systems — a broad categorization that includes electronic health records (EHR), clinical decision support and other applications posing "generally low risk." Administrative systems, such as those used for billing and claims processing, would not be subject to additional oversight.
"Our proposed strategy and recommendations seek to advance a framework that is relevant to current functionalities and technologies yet sufficiently flexible to accommodate the future and rapid evolution of health IT," the report states.
Healthcare IT Regulatory Framework Can't Stifle Innovation
The 2012 Food and Drug Administration Safety and Innovation Act required the FDA, ONC and Federal Communications Commission to draft recommendations for a "risk-based regulatory framework pertaining to health information technology." The resulting FDASIA report comes from the FDASIA Workgroup, which included 28 public members and one member from each of the three agencies. (To further their collaboration, the three agencies plan to sign a joint memorandum of understanding.)
In drafting its recommendations, which the ONC's Health IT Policy Committee accepted in September, the workgroup wanted to avoid creating new areas of FDA oversight, says Dr. Jeffrey Shuren, director of that agency's Center for Devices and Radiological Health.
"We're aiming to address current technology while being agile for future innovation," he says.
Since "health management" represents the one set of health IT systems that does, based on the report's recommendations, need oversight, the report includes a four-part framework for evaluating these systems:
- Quality management, which is meant to address safety hazards as well as usability through the design, implementation, customization and use of clinical systems;
- Standards and best practices, primarily for interoperability and potentially using existing standards;
- Conformity assessment tools, which could include certification, testing or accreditation, and
- An environment of learning and improvement, which includes the creation of a Health IT Safety Center to better address patient safety.
Health IT Regulation Needs Stakeholder Input, Feds Say
Some of this framework is in place now — EHR certification through the meaningful use incentive program, for example, as well as myriad interoperability standards from ONC, FDA, FCC and the Agency for Healthcare Research and Quality.
Much of the framework, however, remains to be defined, including which clinical decision support systems do and do not merit regulation and how the industry should distinguish between "health" and "wellness" apps. To that end, stakeholders are encouraged to attend a public meeting in May with the ONC, FDA and FCC to discuss the proposed healthcare IT regulatory framework.
[ Analysis: ONC Stresses Flexible EHR Strategy ]
It's impossible to look at healthcare technology in isolation, Shuren says. Any time a system is reconfigured to meet the needs of a particular provider, risk is introduced.
"We need to understand how products are implemented and used with other products," says Jodi Daniel, director of the ONC's Office of Planning and Policy, "and we need to interact with a lot of people to understand that."
Brian Eastwood is a senior editor for CIO.com. He primarily covers healthcare IT. You can reach him on Twitter @Brian_Eastwood or via email. Follow everything from CIO.com on Twitter @CIOonline, Facebook, Google + and LinkedIn.