The health IT trade group expressed that opinion in a letter to a workgroup wrestling with the issue under the Food and Drug Administration Safety Innovation Act. The panel made its recommendations in a September report.
HIMSS acknowledged that “capabilities are continually evolving” and any of these products that might move toward increased regulation do so within the confines of a “new, risk-based framework that takes into account factors such as risk related to intended use and cost/benefit of any proposed oversight and the construct of shared responsibility” between vendors and systems users to ensure patient safety, efficiency and the improvement of care quality.
Under the 2012 law, HHS must work through the FDA and in consultation with the Office of the National Coordinator of Health Information Technology at HHS and the Federal Communications Commission to come up with a “proposed strategy and recommendations on a risk-based regulatory framework” for health IT, including mobile applications, by January 2014.
HIMSS also asked that any regulations be coordinated with the existing health IT testing and certification program run by the ONC under the EHR meaningful-use incentive payment program. The regulatory scheme, HIMSS said, should take into consideration that health IT is often highly customized once in the hands of the end user.
In a separate letter to Sebelius, the HIMSS-affiliated Electronic Health Record Association had more specific criticisms of the workgroup's output.
The workgroup's “risk grid,” the EHR vendor association said, does not provide “a valid and reliable basis” to assign risk to health IT applications and “lacks any formal model and associated weights” to make those determinations.
The EHRA, which asserted the regulatory scheme should promote innovation while protecting safety, recommended a “weighted model” for risk assessment be created with input from software developers and providers who use the technologies.
The trade association also pushed back against a proposal to require vendors to list with the FDA all products considered to have “at least some risk.” On that score, the EHRA said, the ONC's health IT product testing and certification program “should be sufficient.”
The EHRA also weighed in on a proposed health IT patient safety incident reporting system that would aggregate data about IT-related incidents at a national level. The vendors' group said such a system is needed, but the association wants to leverage the existing 76 patient-safety organizations, with coordination “to avoid duplicative reporting and potentially misleading information.”
Follow Joseph Conn on Twitter: @MHJConn