The long road toward creating a new health-information technology
regulatory system passed another milestone at the stroke of midnight July 7, as comments closed for the administration's proposed new framework for overseeing the sector. The comments revealed some surprising positions on the issue, including criticisms from groups that might have been expected to support the regulations.
The U.S. Food and Drug Administration
, the Office of the National Coordinator for Health Information Technology
, and the Federal Communications Commission have proposed a system
that splits health IT functionalities into three categories: low-, medium-, and high-risk, with increasing levels of scrutiny by each. The high-risk category would be overseen by the FDA, and would encompass its typical strategies of pre-market clearance and approval. The middle category, overseen by the ONC, would rely on certification and conformity, structured similarly to its meaningful-use program. The low-risk category would mostly be left on its own.
Several key groups are “extremely concerned with the feasibility of a three-category system under which all health IT will be regulated,” a letter from the mHealth Regulatory Coalition stated. It called the proposed system a “simplistic approach … that assumes an ability to draw black-and-white lines between the different categories,” the coalition wrote.
A letter from the Clinical Decision Support Coalition added that the agencies involved have compounded problems by giving “very little guidance” as to how to sort various functionalities or kinds of software into different categories.
Accompanying those three risk-level bands would be a system to monitor products and their safety as they come into the market, overseen by a proposed Health IT Safety Center, which would be a private-public partnership. The Safety Center would be housed in the ONC.
Technologies are converging and that, the comments argued, renders the agencies' approach somewhat outdated. The idea that there are sharp distinctions between risk categories, the letters stated, is one “borrowed from the days of yore, and rapidly becoming extinct.” The groups' proposed solution is to encourage system-level oversight, and increased clarity on how to sort functionality into one category or another.
That clarity was better served, the letter writers think, in earlier recommendations. Continua Health Alliance, the CDS Coalition and the mHealth Regulatory Coalition—including its leader Bradley Merrill Thompson—served on a workgroup convened by the FDA, ONC and FCC last summer. The workgroup provided recommendations to the three agencies about to regulate the sector.
Thompson believes the approach unveiled by the workgroup is superior to the agencies' plan. It uses criteria such as the identity of the user, as well as the disease or condition treated, to sort functionalities between categories.
Another concern arising from Thompson's groups centered on how the agencies planned to monitor products on the market. For example, what would happen if middle-risk software, which wouldn't fall under FDA supervision in the proposal, introduced unexpected harm?
“FDA does not indicate how they might react [in that situation],” the letter said. “Will these products be monitored? What would push a product from one category to another?”
Indeed, the whole process for monitoring may not work, the comments argued. One letter said, “There do not appear to be compliance or financial incentives to drive involvement [from providers or vendors,] … The agencies are failing to do the very thing industry needs most, which is to make a decision.”
However, that approach may be appropriate right now, said Janet Marchibroda, director of the Bipartisan Policy Center's Health Innovation Initiative. “We generally agree with all the functionalities they put [in various risk categories]. Those are in good shape. It's just when you get close to the edges [that there's a problem],” she said, suggesting that the agencies might just need more experience or a precedent to know where to place IT functionalities.
“There's more work to do. That's probably the hardest category of work to do,” she said.
Marchibroda said her think tank's biggest concern—which met with several government agencies and proposed its own possible framework in early 2013—was developing quality management standards for the middle-risk category. Those standards, developed through a private-public partnership, would probably be enforced through a certification or conformity plan similar to ONC's meaningful-use program. “That's the first big step … that can happen very quickly,” she said.
To monitor products post-market, Marchibroda said that her policy center's plan was to require reporting for death and serious harm, with voluntary reporting for other harms, which she felt represented an overall improvement in requirements.
While the final form of the Health IT Safety Center hasn't yet taken shape, the advisory committee has emphasized that it expects the Safety Center to lack investigative powers, and it will therefore need to rely on voluntary reporting to monitor the market.
Marchibroda praised the administration's efforts and called for Congress to support the framework. “It would be great to see legislation to support the plan, because we think the plan is the right approach,” she said.
Congressional Republicans—joined by a few Democrats and one Independent—have introduced bills to deregulate the sector. House Republicans from the Committee on Energy and Commerce recently sent a letter to the ONC asking how it determined its statutory authority to create a Health IT Safety Center.Follow Darius Tahir on Twitter: @dariustahir