The federal government, in its new report on creating a risk-based regulatory framework for health information technology, focuses on the functionality of HIT products, not the platform whether it be cloud-based, installed or mobile.
Consequently, the framework from the Food and Drug Administration, Office of the National Coordinator for HIT and Federal Communications Commission identifies three categories of functionality: administrative, health management and medical device functions. Having these categories can help avoid regulatory duplication and prompt discussions to identify and clarify areas of ambiguity where it may be unclear where to categorize a particular function, report authors explain. Electronic health records, for instance, may have functions that span more than one category, as would privacy and security functions.
Administrative HIT functions include but are not limited to: software that facilitates admissions, billing and claims processing, practice and inventory management, scheduling, general purpose communications, analysis of historical claims data, determination of insurance eligibility, population health management, and reporting of communicable diseases and quality measures. These functions pose little or no risk to safety. “As such, the agencies recommend that no additional oversight of these products is necessary to protect patient safety and promote innovation.”
Health management HIT functions (clinical software), includes but is not limited to: health information and data management, data capture and encounter documentation, electronic access to clinical results, most clinical decision support, medication management (eMAR), electronic communication and coordination among providers and patients, provider order entry, knowledge (clinical evidence) management, and patient identification and matching. “The agencies believe the potential safety risks posed by health management IT functionality are generally low compared to the potential benefits and must be addressed by looking at the entire health IT ecosystem rather than single, targeted solutions.”
Even if some clinical functionality meets the statutory definition of a medical device, FDA does not intend to focus regulatory oversight on such functionality. Rather, Section 5 of the report outlines a proposed strategy for a risk-based regulatory framework that can “help to assure a favorable benefit-risk profile of these functionalities,” according to the report. “Section 5 articulates specific proposed priority areas and potential next steps that could help more fully realize the benefits of health IT.”
Medical device health IT functionality is where FDA will focus its oversight. “Examples include computer aided detection/diagnostic software, radiation treatment planning, and robotic surgical planning and control software. ONC and FCC may have complementary activities in certain areas (e.g., interoperable data exchange between a medical device and EHR, use of wireless spectrum for wireless medical devices, etc.). The strategies and recommendations for a risk-based health IT framework do not propose the need for new FDA authorities or additional areas of oversight.”
However, in Section 6 of the framework, FDA clarifies how it will regulate medical device accessories, clinical decision support software and software modules, in addition to mobile medical apps and the distinction between wellness and disease-related claims.
Originally published by Health Data Management.