Skip to main content

Bipartisan Policy Center Calls for Congressional Action on Risk-Based Regulatory Framework for Health Information Technology

Health information technology (IT) plays a critical role in improving the health and wellness of individuals and the quality, cost-effectiveness and patient experience of care. Patients, physicians, hospitals and other health systems, employers, health plans, technology companies and federal and state leaders all believe that health IT is important to improving the nation’s health and health care.

There is broad consensus on the need for a risk-based framework for health IT–one that protects patient safety, promotes innovation and avoids regulatory duplication.

The Bipartisan Policy Center (BPC) engaged hundreds of experts and stakeholders across every sector of health care to gain agreement on a new risk-based oversight framework for health IT that protects patient safety, promotes innovation and reduces duplication. The results of this ongoing effort are reflected in the report, An Oversight Framework for Assuring Patient Safety in Health IT.

The Food and Drug Administration, Federal Communications Commission and Office of the National Coordinator for Health IT released in April 2014 the FDASIA Health IT Report: Proposed Strategies and Recommendations for a Risk-Based Framework, in response to the Food and Drug Administration Safety and Innovation Act (FDASIA) of 2012. The report called on the administration to provide recommendations to Congress on an appropriate risk-based framework. The FDASIA Health IT Report reflects principles and recommendations outlined in BPC’s Oversight Framework.

With the release of the administration’s recommendations in April, it is now time for lawmakers to pass legislation that achieves the complementary goals of protecting patients, ensuring safe and effective care and fostering continued innovation in a rapidly growing health IT field.

Members of Congress from both parties, federal agencies (including authors of the FDASIA Health IT Report), clinicians, consumers, employers, health plans, hospitals and technology companies have agreed publicly on the core components of appropriate regulation of health IT, which are consistent with the BPC Oversight Framework.

  1. A risk-based regulatory framework for health IT should contain three broad categories of health IT.
  2. FDA regulation should continue to be focused on the category of technologies that present a high risk to patient safety.
  3. Health IT that presents some risk should be subject to risk-based oversight that uses consensus standards and private certification bodies to verify that these health IT technologies function safely and well.
  4. Health IT that presents no risk should remain unregulated.

Current regulatory uncertainty stifles health care innovation. Within the broad community of health care stakeholders there is near universal agreement that regulatory certainty is essential for continued innovation. There is confusion in the market about what technologies may be regulated, by which agencies, and to what standards. This uncertainty creates barriers to the development of promising technologies that can help improve health and health care. The potential cost and delay created by current regulatory uncertainty may further deter software and system developers from creating products that have the ability to greatly benefit patients.

Considering the vast potential for improved outcomes, enhanced patient safety, and reduced costs, we hope that the administration and Congress will work together to pass legislation to clarify the lines of regulatory jurisdiction and update the law under which health IT is currently regulated.

Read Next