HITPC: Workgroup presents draft health IT regulatory framework

The Food and Drug Administration Safety and Innovation Act (FDASIA) Workgroup, tasked with developing a report that contains a proposed strategy and recommendations on a regulatory framework for health IT, submitted its draft recommendations at the Aug. 7 Health IT Policy Committee meeting.

Specifically, the workgroup said that health IT should not be subject to the FDA's pre-market requirements, except in the case of:

• Medical device accessories
• Certain forms of high-risk clinical decision support to be defined more clearly by the FDA
• Higher risk software use cases

“The framework must be sufficiently robust to be able to meet future undefined needs,” said FDASIA workgroup chair David Bates, senior vice president for quality and safety for Brigham & Women’s Hospital in Boston. “We need to avoid creating an inclusive inventory for determining what is regulated.”

The framework also should define characteristics for what should be included as health IT, he said, including user type, phases of product lifecycle, developer/manufacturer type, distribution model, conditions of use, product categories and more.

Bates said it is much easier to classify lower risk applications and much harder to classify more complex software precisely because it is more dependent on the context of use, the greater effort and expertise required to implement, more interfaces to other systems, greater reliance on the quality measure process and more.

The workgroup also said that vendors should be required to list products considered to represent some risk if a "non-burdensome approach" to doing so is identifiable.

Additionally, the workgroup recommended taking a collaborative approach to creating better post-market surveillance of health IT, saying that "spontaneous reporting" and post-implementation testing could help to ensure the inclusion of safety-related decision support. The report calls for the definition of clear criteria for software functions that warrant regulation or at least greater attention, and the “creation of a robust surveillance mechanism to track adverse events and near misses for the majority of software functions that lie in between,” Bates said.

"FDA and other agencies need to take steps to strongly discourage vendors from engaging in practices that discourage or limit the free flow of safety-related information,” the committee report said.

Farzad Mostashari, MD, ScM, national coordinator of health IT, questioned the committee’s approach. “It’s not about the device per se; it’s about the full range of implementation issues.” That could lead to a different set of approaches, he said, plus he suggested looking at this “not as an isolated issue but a hospital safety reporting issue in general.”

Bates acknowledged that “this is a hard problem to address. When you look at the problems that have occurred, a lot related to people implementing in ways that just did not follow good implementation practices. How to decrease the likelihood of that is a challenge.”

View the FDASIA Workgroup’s complete draft recommendations.