The Food and Drug Administration has dusted off a 7-year-old internal policy memo that lays out its right to treat healthcare software as medical devices, sending information system vendors scrambling to manage the fallout.
The FDA is proposing to classify software used in decisions about patient care into the same types of categories as medical devices, based on the relative risk to patients if the "device" doesn't perform as planned.
The process assumes an initial step to separate the more general healthcare software from the more sophisticated, and therefore regulated, brand of computer innovation.
Once the regulated classes are labeled according to risk, the FDA envisions regulatory hoops such as pre-market notification and documented proof of quality.
The tilt toward regulation could affect not only hundreds of software developers churning out high-demand clinical information systems but also multiple-site providers that develop or customize software on their own for internal distribution.
In a memo to the industry in advance of a policy workshop earlier this month that kicked off its software initiative, the FDA said any organization "that develops a software device and distributes that device to multiple establishments, whether or not corporately linked, is a manufacturer subject to full regulation."
The Center for Healthcare Information Management, a trade group for information system vendors and consultants, is preparing a proposal in response to the FDA's initiative. The proposal will be reviewed at a CHIM board meeting Oct. 10.
The trade group intends to seek a meeting with FDA representatives to explain the complexities of the information technology industry, said Carla Smith, CHIM executive director.
Until this month, the FDA had made noises but given little indication during the past several years that it would act on an internal policy toward software regulation that was developed in 1987 and revised in 1989.
But the September meeting signaled action. "Underlying the entire workshop was the view that the FDA will regulate medical software as a device, even though the agency has not produced any evidence of risk to public health and the agency acknowledges the potential difficulties of regulating this environment," Smith wrote in a letter to senior executives of CHIM member companies.
She said it appears the agency is looking at implementing the policy within the next year.
Singled out for scrutiny was software that suggests or recommends against clinical intervention. Classifications of risk would depend on the level of intervention allowed by clinicians and the latitude available to reasonably challenge a computerized conclusion.
The FDA said some examples include:
Software designed to help practitioners arrive at a diagnosis.
Software that analyzes for potential therapeutic interventions.
Software that records medical data for recall, analysis or action, including prescription ordering and drug interaction systems, emergency triage software and automated calculation of drug doses.