Software that serves as a medical device accessory could be regulated, as well as software systems that have artificial intelligence functions that present a high risk to the patient, such as systems that provide computer-assisted diagnoses, the group concluded. Another area that could benefit from FDA oversight, the experts said, is software deployed in “higher risk” use cases in which “the intended use elevates aggregated risk.”
The group also called on health IT vendors to be required “to list products which are considered to represent at least some risk, if a non-burdensome approach can be identified to do so.” And the industry, through a “collaborative process,” needs to develop a better post-market surveillance and report system for health IT systems modeled after the National Transportation Safety Board reporting mechanism for malfunctions in the airline and other industries.
In a footnote in the group's slide presentation, it suggested extending to EHR vendors the legal protections afforded providers who report errors to patient-safety organizations, saying the protections “could boost reporting for minor infractions.”
Dr. David Bates, chairman of the Food and Drug Administration Safety Innovation Act workgroup, presented the recommendations Wednesday to the federally chartered Health Information Technology Policy Committee. Bates said there were a few changes to a preliminary report given to the policy committee last month.
The committee is normally an advisory panel to HHS' Office of the National Coordinator for Health Information Technology. This time, however, its input will also be shared with the Federal Communications Commission and the FDA.
HHS was charged by the 2012 FDASIA with producing a report by January 2014 on a “proposed strategy and recommendations on a risk-based regulatory framework pertaining to health IT, including mobile applications, that promotes innovation, protects patient safety and avoids regulatory duplication.”
In two additional prongs of a federal approach to health IT patient safety, the ONC hired the Joint Commission to investigate and analyze health IT-related adverse events and released a 47-page “Information Technology Patient Safety Action and Surveillance Plan” to continuously improve the safety of health IT.
Bates' group said that some method is needed to allow aggregation of data about “safety issues at the national level” and that federal support for such an effort is warranted, the group said.
The group also said “cross-agency collaboration will be essential” among three federal agencies whose jurisdictions overlap in regulating some health information technologies.
Finally, the group the said either the public or private sectors, or both, should work on improving health IT interoperability standards and develop a public process—facilitated by an independent group using validated measurement results—in which customers can rate health IT systems.
A list of documents and Bates' FDASIA workgroup slide presentation is available on the policy committee's website.
Follow Joseph Conn on Twitter: @MHJConn