ONC queried on power to regulate IT

Leaders of the House Energy & Commerce Committee are questioning the authority of the Office of the National Coordinator for Health Information Technology to regulate health IT under a proposed interagency framework.

The letter (PDF), addressed to ONC head Dr. Karen DeSalvo, questions whether the agency is overstepping its statutory authority in proposing to oversee medium-risk health software, levy a user fee on industry members and create a safety center to look over the industry's safety record. It is signed by Reps. Fred Upton (R-Mich.), Marsha Blackburn (R-Tenn.), Joseph Pitts (R-Pa.) and Greg Walden (R-Ore.)

Blackburn introduced the SOFTWARE Act, a bill aiming to deregulate and clarify the regulations governing the sector. The Senate companion to the SOFTWARE Act, called the PROTECT Act, was introduced by Sen. Deb Fischer (R-Neb.).

The lawmakers are pushing back against a regulatory process stemming from the combined efforts of the FDA, ONC and the Federal Communications Commission. Supporters of this approach say the three agencies have the proper expertise to define working regulations to govern the sector and that legislation risks enshrining sloppy rules or definitions. Critics, though, argue that the agencies have been too slow to keep up with the pace of change in the industry.

The agencies issued a framework in April that would divide health technology into three bands: a high-risk band, regulated by FDA; a medium-risk band, primarily overseen by the ONC; and a low-risk band, largely left unregulated. The agencies are collecting comments on the draft report outlining the proposed framework through July 7.

The House members are asking DeSalvo to explain where the ONC derives its authority to oversee the medium-risk category, which includes “most” clinical decision support software, among other software functions. As the framework envisions the ONC having oversight responsibility over a large section of the sector, these questions point to the heart of the framework's logic. Additionally, the letter asks about a proposed Health IT Safety Center, intended to monitor the safety record of health software as used in the field, and a user-fee levy to finance it.

The letter also asks to what extent the 2015 edition of EHR software requirements under the federal incentive program “represents a shift in focus from interoperability, privacy, and security … to the regulation of data collection, functionality requirements, and other areas where market forces are more likely to promote innovation and efficiency?”

Dan Haley, the vice president of regulatory and governmental affairs with cloud computing EHR firm athenahealth, said in an e-mail that the House lawmakers are right to question the statutory authority of the regulatory framework, regardless of how one views the agencies' work. “How they presume to do it without Congressional authorization is beyond me,” he said.

Bradley Merrill Thompson, a lawyer with Epstein Becker Green, and a member of a working group that advised FDA, ONC and FCC on health IT regulations, likewise said the lawmakers are asking good questions.

Thompson, who has advocated for the regulatory approach in public forums, said the framework “was very thin on details so I think Congress has a legitimate right to ask for more information before simply writing a large check.”

Follow Darius Tahir on Twitter: @dariustahir