Expect the new Congress to address healthcare software regulation, data security and data privacy issues, predicted Rep. Marsha Blackburn (R-Tenn.) Wednesday at a Bipartisan Policy Center event.
“We have a very aggressive agenda,” she said.
Blackburn confirmed that that the so-called SOFTWARE Act (Sensible Oversight For Technology Which Advances Regulatory Efficiency), which aims to confine Food and Drug Administration authority over health software to high-risk applications, will be part of the 21st Century Cures package scheduled to emerge from the House Energy & Commerce Committee in January.
Rep. Diana DeGette (D-Colo.) said Thursday that Sen. Lamar Alexander (R-Tenn.), the incoming chair of the Senate Health, Education, Labor & Pensions Committee, will be the chief Senate sponsor for the initiative.
The bill, which had 38 cosponsors, including many Democrats, would give the FDA the authority to regulate certain high-risk software, while leaving perceived medium- and low-risk software, like clinical-decision support, electronic health records and scheduling software, to other agencies.
The original bill was criticized for its lack of clarity. It did not specify how oversight for the medium- and low-risk software categories would be conducted, critics complained. Blackburn said that the bill was being rewritten, though she did not specify who would conduct such oversight, saying only that it would be “risk-based.”
Additionally, Blackburn said that she and other members of Congress are working on a data security and privacy bill, though she did not go into details about its provisions.
Earlier in the year, the Federal Communications Commission, the FDA and the Office of the National Coordinator for Health Information Technology issued their own draft framework for regulating health IT. But that framework has not yet been finalized.
One way the administration plans to oversee the sector is through a Health IT Safety Center, headed by the ONC. The center would bring together many health IT users—patients, providers, vendors and regulators—to share and aggregate problems related to the safety of health IT.
But such a center would require funding and House Republicans already have questioned whether the ONC has the legal authority under its current appropriations to create the center.
It therefore seemed a revealing admission when ONC senior policy analyst Kathy Kenyon said, “We certainly don't have money to do a safety center,” during a recent question and answer session.
But in a follow-up interview, she said she believes the agency has the legal authority to build a center, and the ONC is moving forward with safety center plans. The question is finding the financial resources. It has scheduled a series on health IT safety with contractor RTI International, which is creating a framework for the center. The ONC also intends to release analyses of patient-safety organization data for educational purposes, she said.
One major challenge will be to garner sufficient industry participation. “Everyone's busy,” Kenyon said, and many in the private sector have their own patient-safety efforts. Moving to a world where patient safety problems are shared requires demonstrating value to the private sector, she said.
Follow Darius Tahir on Twitter: @dariustahir