Feds look to risk-based IT regulation

“This isn’t about government working in isolation, this is about the health IT ecosystem working collaboratively"
By Diana Manos
10:44 AM
Capitol building

The health IT environment is changing very rapidly. Within a year, or two, or three, most healthcare IT developers and providers will be surprised by how much things have changed. Yet on bureaucratic time, federal regulators are trying to intervene on behalf of patient safety.

To this end, the Food and Drug Administration, Office of the National Coordinator for Health Information Technology, and Federal Communication Commission hosted a workshop this past week where panel members representing many aspects of the health IT and mobile app world participated, from providers to developers to consumer groups.

[See also: FDA goes for 'light touch' on health IT]

Opportunities for public comment were woven throughout the three-day workshop, and surprisingly, there weren’t a large number of commenters.

For the most part, the constituencies endorsed the risk-based approach proposed in the April 1 FDASIA report.

Mandated under FDA's Safety Innovation Act, the report proposes strategy and recommendations on an appropriate, risk-based regulatory framework for health IT that promotes innovation, protects patient safety, and avoids regulatory duplication, federal officials said. 

[See also: ONC gets down to nitty-gritty of mHealth]

“This isn’t about government working in isolation, this is about the health IT ecosystem working collaboratively together to have a framework in place for ongoing success,” said Jeffrey Shuren, MD director of the Center for Devices and Radiological Health at the Food and Drug Administration (FDA), adding that the workshop and public comments on the proposed regulation would inform FDA’s next steps. 

FDA, ONC and FCC, in fact, have established a memorandum of understanding to ensure greater interaction between the three agencies on health IT issues and will be adding on other federal partners, Shuren said

At the workshop’s kick-off, panelists bantered about what is most at stake.

Morgan Reed, representing ACT, a mobile app association, said the risk-based emphasis is a good place to start, however, the context in which an app is used is also important. A sensor may act as a medical device in a hospital, for instance, but not necessarily as a medical device when used in a consumer’s home. Further, this is only going to get more complicated into the future as sensors are going to be “truly revolutionary,” Reed said.

It’s hard to know where the issues of concern are with health IT and medical apps without reporting of near-miss incidents, said Janet Marchibroda, director of the Health Innovation Initiative at the Bipartisan Policy Center. “This is a loose framework that allows you to learn, adjust and apply,” she said.

Trust is the issue at stake, according to Paul Brown, government relations manager at the National Research Center for Women & Families. It goes back to enforcement. What if an app developer doesn’t want to voluntarily get certified or tested or voluntarily report incidents?

Tom Leary, vice president of government relations at HIMSS said it’s important to focus on the unique capabilities of health IT.

“What everyone keeps coming back to is intended use and capability,” Leary said.

The federal government is seeking comments on the FDASIA report through July 7.