The FDA, the FCC and ONC issued a long-awaited joint report with a proposed strategy and recommendations for a risk-based framework for regulation of Health IT.
The report identifies four key priority areas and outlines next steps to take in each area:
I. Promote the Use of Quality Management
Principles;
II. Identify, Develop, and Adopt Standards and
Best Practices;
III. Leverage Conformity Assessment Tools; and
IV. Create an Environment of Learning and
Continual Improvement
This report should be read together with the FDA framework for regulation of mobile medical applications which was supposedly up in the air pending release of this report. It now seems that they are directed at related, but different, parts of the ecosystem. Both are part of a bigger story, including pending legislaton.
The nub of the report: the workgroup recommendation that the agencies leave regulation of much of health IT to the regulated community, in part through the creation of a public-private partnership under the umbrella of a newly proposed organization, the Health IT Safety Center. "The Health IT Safety Center would convene stakeholders in order to focus on activities that promote health IT as an integral part of patient safety with the ultimate goal of assisting in the creation of a sustainable, integrated health IT learning system that avoids regulatory duplication and leverages and complements existing and ongoing efforts.Things that create real risk of harm should be more closely regulated."
Health IT is divided up into categories (much like FDA medical device categories 1, 2 and 3). The first two categories (administrative health IT functions and health management health IT functions) include functionality that comes with relatively low safety risks, and therefore should not be the focus of regulatory scrutiny. ("We believe the potential safety risks posed by health management health IT functionality are generally low compared to the potential benefits and that strategies to assure a favorable benefit-risk profile of these functionalities should adopt a holistic view of the health IT sociotechnical system. As such, if a product with health management health IT functionality meets the statutory definition of a medical device, FDA does not intend to focus its oversight on it. Rather, FDA would focus its attention and oversight on medical device health IT functionality, such as computer aided detection software, remote display or notification of real-time alarms from bedside monitors, and robotic surgical planning and control. Such products are already the focus of FDA’s oversight . . . . ")The report wraps up with the following:
Health IT presents many new opportunities to improve patient care and safety. To promote innovation, protect patient safety and avoid regulatory duplication, the Agencies propose the creation of an agile, narrowly-tailored, risk-based health IT regulatory framework that primarily relies on ONC-coordinated activities and private sector capabilities, and focuses on health IT functionality rather than on the platform(s) on which it resides. We believe that active and ongoing stakeholder engagement is critical to the successful development and implementation of such a framework. After receiving public input and finalizing the proposed framework, the Agencies intend to continue active engagement with stakeholders in an ongoing collaborative effort to implement a health IT framework that promotes the electronic use and exchange of health information and helps the American public realize the tremendous potential benefits of health IT.
My loyalties are divided on this issue. I was a dyed-in-the-wool central health planning sort of regulator when I worked in government, way back when. These days, I am more of a free-marketeer, though I really haven't fully unshackled myself from the notion that some regulation is a good thing, particularly where we do not have a proven efficient market and where public health is at stake. I have been through enough cycles of regulation and de-regulation (and can deliver the rhetoric supporting each in my sleep) to know that neither theory has a monopoly on Truth. Thus, while I like the government's espousal of an agile regulatory framework — as far as I'm concerned, the jury's still out on the decidedly hands-off approach described in this draft.
Detailed feedback is sought on the report's recommendations; comments may be filed through July 7, 2014.
Update (6/20/2014): FDA Gives Medical Device Data Systems a Free Pass
Consistent with the FDASIA risk-based framework for regulation released a couple months back by FDA, FCC and ONC —
Because they pose such a low risk, FDA does not intend to enforce compliance with the regulatory controls that apply to medical device data systems. FDA believes that this will encourage greater innovation in the development and maturation of these systems.
See more at: FDA Voice.
David Harlow
The Harlow Group LLC
Health Care Law and Consulting
;
