HHS has released a draft report that includes a proposed strategy and recommendations for a health information technology (health IT) framework, which promotes product innovation while maintaining appropriate patient protections and avoiding regulatory duplication. The congressionally mandated report was developed in consultation with health IT experts and consumer representatives and proposes to clarify oversight of health IT products based on a product’s function and the potential risk to patients who use it.

The report was developed by the FDA in consultation with two other federal agencies that oversee health IT: HHS’ Office of the National Coordinator for Health IT (ONC) and the Federal Communications Commission (FCC). The FDA seeks public comment on the draft document.

“The diverse and rapidly developing industry of health information technology requires a thoughtful, flexible approach,” said Kathleen Sebelius, HHS secretary. “This proposed strategy is designed to promote innovation and provide technology to consumers and health care providers, while maintaining patient safety.”

Innovative health IT products present tremendous potential benefits, including greater prevention of medical errors; reductions in unnecessary tests; increased patient engagement; and faster identifications of, and response to, public health threats and emergencies.

However, if health IT products are not designed, implemented or maintained properly, they can pose varying degrees of risk to the patients who use them. The safety of health IT relies not only on how a product is designed and developed, but on how it is customized, implemented, integrated and used.

As proposed in the draft report, posted on the ONC, FDA and FCC web sites, there would be three health IT categories, based on function and level of risk, that focus on what the product does, not on the platform on which it operates (mobile medical device, PC or cloud-based, for example).

The first category, products with administrative health IT functions, poses little or no risk to patient safety and, as such, requires no additional oversight. They include software for billing and claims processing, scheduling, and practice and inventory management.

The second category, products with health management heath IT functions, includes software for health information and data management, medication management, provider order entry, knowledge management, electronic access to clinical results and most clinical decision support software.

Products with health management health IT functions are of sufficiently low risk and thus, if they meet the statutory definition of a medical device, the FDA does not intend to focus its oversight on them. Instead, the draft report proposes relying primarily on ONC-coordinated activities and private sector capabilities that highlight quality management principles, industry standards and best practices. The draft report also proposes to rely on tools for testing, certification and accreditation of this category of products.

“ONC welcomes comment on the draft report and stands ready to collaborate with stakeholders to ensure that health IT is designed and used with both innovation and patient safety in mind,” said Karen DeSalvo, M.D., M.P.H., M.Sc., national coordinator for Health IT.

The third category, products with medical device health IT functions, is a narrowly defined group that could potentially pose greater risks to patients if they do not perform as intended. The draft report proposes that FDA continue regulating these products, which include computer-aided detection software, software for bedside monitor alarms and radiation treatment software.

“This proposed strategy will facilitate innovation, protect patients and support FDA’s focused oversight on higher risk technology, similar to medical devices that currently are regulated,” said Jeffrey Shuren, M.D., director of the FDA’s Center for Devices and Radiological Health.

Included in the framework is a proposal for ONC to create a public-private Health IT Safety Center in collaboration with the FDA, the FCC, HHS’ Agency for Healthcare Research and Quality (AHRQ) and other stakeholders. The Health IT Safety Center would work on best practices and provide a forum for the exchange of ideas and information focused on patient safety.

“The draft report reflects FCC’s narrow but important role in encouraging new and innovative wireless medical technologies and ensuring that developers and users of these technologies are minimizing the potential for causing potentially harmful interference to radio services,” said Matt Quinn, director of healthcare initiatives at the FCC. “We look forward to future collaboration with all stakeholders to achieve the promise of health IT.”

The three agencies also intend to announce a public meeting to solicit comments on the draft report and gather feedback on the outlined strategy and approach. A docket will be available soon for the public to submit any additional comments.