Health care information technology (health IT) facilitates the delivery of personalized medicine by providing and supporting the infrastructure for patients, consumers and health care providers to communicate and distribute information. The Office of the National Coordinator for Health Information Technology (ONC) and the Federal Communications Commission (FCC) (collectively, the Office) acknowledge the importance of the technology and the risks to the public if this infrastructure is not adequately maintained. In its report “FDASIA Health IT Report: Proposed Strategy and Recommendations for a Risk-Based Framework” (Report), the Office has proposed a strategy and offered recommendations to maintain the integrity of health IT while supporting innovation. The proposed strategy and recommendations are based on the premise that risk and corresponding controls should focus on health IT functionality and not the platform(s) on which such functionality resides or the product name/description of which it is a part. Embedded within the Report are several points that may be relevant to those involved with the development of products and services that support the delivery of personalized health care information that clinical decisions.
Clinical Decision Support
Clinical Decision Support (CDS) is described as the tools and services that provide health care providers and patients with “knowledge and person-specific information, intelligently filtered or presented at appropriate times, to enhance health and health care.” Report at p.26. Exemplified tools include computerized alerts and reminders for providers and patients, clinical guidelines, condition-specific order sets, focused patient data reports and summaries, documentation templates, diagnostic support, and contextually relevant reference information. The functionalities are not limited by platform, but can be deployed on any number of platforms, e.g., mobile, installed or cloud-based.
The Report notes that CDS is not intended to replace a clinician’s judgment, but rather to assist clinicians in making timely, informed, higher quality clinical decisions. Interestingly and importantly, the Report notes that the Office and the Food and Drug Administration (FDA) do not intend to focus regulatory oversight on these products/functionalities, even if they meet the statutory definition of a medical device. Examples of functionalities/devices that may be relevant to personalized medicine that could be excluded from regulatory oversight include:
- evidence-based clinical order sets tailored for a particular condition, disease, or clinical preference; most drug dosing calculations;
- reminders for preventive care; and
- suggestions for possible diagnoses based on patient-specific information retrieved from a patient’s electronic health record.
On the other hand, the Office and Report note that some medical devices and software pose a higher risk to the public and therefore warrant FDA’s continued focus and oversight. The Report provides examples of several medical CDS currently regulated by the FDA:
- computer aided detection/diagnostic software;
- remote display or notification of real-time alarms (physiological, technical, advisory) from bedside monitors;
- radiation treatment planning;
- robotic surgical planning and control;
- and electrocardiography analytical software.
Although the preceding examples are provided to assist stakeholders with the development and oversight of medical devices, software and health IT, the Report states that the FDA will continue to work with federal and private stakeholders to clarify the types of medical device clinical decision support that should be the focus of FDA oversight. In addition, some health IT may be under the supervision of, and regulation by, more than one agency. For example, use of wireless spectrum by wireless medical devices may be under the jurisdiction of the Federal Communications Commission (FCC) and the Office of the National Coordinator for Health Information Technology (ONC).
A Risk-Based Approach
While the FDA will continue to regulate “high risk” medical devices and software, the Report notes that the FDA does not intend to regulate those that do not fall within the “high risk” category. Rather, the FDA and the Office proposes a risk-based framework intended to promote innovation and protect patient safety based on the following principles:
- employ a risk-based approach to appropriately mitigate patient safety risks while avoiding unnecessary regulatory oversight;
- leverage private sector knowledge, experience, and expertise;
- facilitate, rather than impede innovation;
- promote transparency of product performance and safety; and
- create/support an environment of learning and continued improvement.
A Public/Private Collaboration
The Report concludes with a call to a collaborative approach to develop a culture of safety, transparency, learning, and continual improvement, and shared responsibility with better defined accountability for Health IT services and products. The FDA and the Office recommended the “creation of a public-private entity – the Health IT Safety Center- that would serve as a trusted convener of health IT stakeholders and identify the governance structures and functions needed for the creation of a sustainable, integrated health IT learning system that avoids regulatory duplication and leverages and complements existing and ongoing efforts.
A detailed review of the strategic initiative announced in the Report is beyond the scope of this post, but I recommend that those interested in health care IT review the Report. Not only does it provide a general overview of the challenges and opportunities in health care IT, it also provides insight into how to manage and plan for potential government agency oversight.