Insight on the FDASIA draft report on health IT, patient safety

Lots of thoughtful consideration went into the FDASIA health IT draft report, said Jodi Daniel, JD, MPH, director of the Office of the National Coordinator for Health IT’s (ONC) Office of Policy Planning, at the May 6 Health IT Policy Committee meeting. She stressed, however, that the report is still in draft form.

Federal law passed by U.S. Congress in 2012 requires that the FDA, in consultation with the ONC and the FCC, develop and post on their respective websites "a report that contains a proposed strategy and recommendations on an appropriate, risk-based regulatory framework pertaining to health information technology, including mobile medical applications, that promotes innovation, protects patient safety, and avoids regulatory duplication."

That law, the FDA Safety and Innovation Act (FDASIA), has resulted in the FDASIA Health IT Report: Proposed Strategy and Recommendations for a Risk-Based Framework, which was published in April and is now open to public comment.

To create the report, “we focused on how to leverage health IT to afford benefits to the system and to patients” by improving quality, reducing errors, reducing costs, increasing consumer engagement and more, said Daniel. “Whenever new technology is released there are great opportunities for improvements but we have to make sure that as we’re rolling out health IT we’re thinking about risk and how to mitigate that risk.”

The law calling for the report permitted the “convening of external stakeholders and experts for input,” so a workgroup was created. That workgroup includes 28 members and three ex officio agency members, making it ONC’s largest workgroup to date, said Daniel.

The report’s key recommendations include the following:

• The scope of risk-based oversight should be based on functionality which have been designated as administrative, clinical and medical device software.
• The agencies should address current deficiencies, ambiguities and duplications.
• Substantial regulation beyond current FDA regulations is not helpful.
• FDA should expedite guidance on mobile medical apps.
• Agencies should reevaluate and clarify the current regulations and implement the Institute of Medicine’s health IT safety recommendations to create a learning environment to promote safety and innovation.
• The framework should be flexible enough to accommodate evolving technology.

The workgroup considered several framework principles such as employing a risk-based approach to appropriately mitigate patient safety risks while avoiding unnecessary regulatory oversight, said Daniel. They also suggest leveraging the private sector’s knowledge, experience and expertise. “There are roles for government but there are also important opportunities and roles for the private sector. We wanted to make sure we’re leveraging that and not trying to do everything through the government.”

They also want the framework to facilitate rather than impede innovation; promote transparency on product performance and safety and focus on continual improvement “in order to have a culture of safety, not just a regulatory schema.”

True interoperability allows people to innovate on top of that, said Daniel, and helps ensure safety by making sure that the right data get to the right place. “Working toward interoperability can help both pieces of that equation.” The agencies recommended identifying agencies that can develop tests to validate interoperability, test product conformance with standards and transparently share the results of product performance to promote broader adoption of interoperable solutions.”

The report suggests federal oversight of health IT based on functionality. Administrative functionality would warrant no additional oversight; health management would be the primary focus of the proposed framework and medical devices would primarily be subject to FDA oversight.

Health management ideally would be addressed by public-private partnership, said Daniel. But, she noted that the report addresses function, not product. For example, billing functionality sometimes is part of an EHR and some functionality currently regulated by the FDA could be combined into an EHR. “It’s an important point to note that just because something is part of an EHR does not make the entire product something regulated by FDA.”

The report includes four main priorities: promote the use of quality management principles; identify, develop and adopt standards and best practices; leverage conformity assessment tools; and create an environment of learning and continual improvement.

Quality management principles can be used throughout a product lifecycle to help identify issues related to implementation, customization and use. Standards and best practices would “help ensure consistent use of processes and products. The conclusion the report made is that this is an important area to focus on to make sure we have high-quality products and services and they are implemented in a safe way.”

Conformity assessment tools should be used and applied in a risk-based manner to distinguish high-quality products, according to the workgroup, Daniel said.

The workgroup continually referred to an Institute of Medicine report on health IT and patient safety. Regarding the creation of a learning environment, “the IOM report encouraged us to think about safety not just a product space,” Daniel said. That includes looking at how IT is developed, used, implemented, maintained and customized to ensure safety. “We also know that we don’t have great data at this point about risk, opportunities and mitigation strategies.”

The conclusion, she said, is that the public and private sectors must work together to develop a culture of safety, transparency, learning, continual improvement and shared responsibility with better defined accountability. The workgroup proposed the creation of the Health IT Safety Center that would serve as a trusted convener of stakeholders and identify the governance structures and functions needed.

The workgroup is very interested in stakeholder input, Daniel said. The 90-day comment period ends July 7.