The U.S. Food and Drug Administration (FDA), along with HHS’ Office of the National Coordinator for Health Information Technology (ONC) and the Federal Communications Commission (FCC, together with FDA and ONC, the “Agencies”) published their long-awaited report, FDASIA HEALTH IT REPORT: Proposed Strategy and Recommendations for a Risk-Based Framework. The report, mandated by the Food and Drug Administration Safety and Innovation Act (FDASIA), proposes strategies and recommendations for a risk-based framework to regulate health information technology (HIT).

The agencies are seeking public comment for 90 days following publication of the report on April 3, 2014.

The proposed HIT regulatory scheme seeks to strike a balance between patient safety and the rapid innovation of new HIT that has the potential to offer tremendous benefits to patients and providers. As anticipated, the proposed strategy reiterates a critical point made in the FDA’s final guidance for mobile medical applications, published last year — that the FDA will focus on functionality of the HIT in question, and not on the platforms or devices on which they run.

Three-Tiered Classification of HIT

A main feature of the report is the introduction of a three-tiered classification of HIT based on functionality and the level of risk of patient harm.

  • First-tier – products with administrative HIT functions (e.g. billing, scheduling or claims processing HIT).
  • Second-tier – products with health management HIT functions (e.g. health information and data management, medication management, provider order entry and most clinical decision support software).
  • Third-tier – products with medical device HIT functions (e.g. computer-aided detection software, bedside monitor/alarm software or radiation treatment software). 

The Agencies propose no regulation of first-tier products (administrative HIT) because such products pose little or no risk to patient safety. Similarly, the agencies propose decreased oversight of second-tier products (health management HIT) if such products meet the definition of “device” under the Federal Food, Drug, and Cosmetic Act. The agencies do, however, propose relying primarily on ONC-coordinated activities and private-sector capabilities to leverage quality management principles, industry standards and best practices to regulate second-tier products. Lastly, the proposed regulatory scheme allows the FDA to continue to regulate third-tier products (medical device HIT) because such products pose heightened risks to patients if they do not perform as intended. 

The proposed framework also calls for the creation of a public-private HIT Safety Center that would help set standards and facilitate learning and sharing of best practice ideas and information focused on quality and patient safety.

Report Comes Amid an Already Clouded HIT Regulatory Environment

Although there has been genuine interest in the proposed scheme, the Agencies recommendations have not won universal acclaim and the release of the report comes amid an already clouded HIT regulatory environment. As the regulators attempt to develop a coordinated approach, there are two pieces of pending legislation on capitol hill, the PROTECT Act and the SOFTWARE Act, both of which seek to limit the FDA’s ability to regulate low-risk HIT by removing third-tier HIT (medical device HIT) from the scope of the FDA’s regulatory authority. While some applaud the publication of the FDASIA report, many critics argue that it is too little, too late and call for clearer, less nuanced regulatory guidance to allow the industry to continue to innovate with clear expectations. Needless to say, this will be a particularly interesting area to watch as it develops over the coming months and years.