A workgroup established by the Department of Health and Human Services (HHS) to provide input into the development of recommendations for a risk-based regulatory framework for health information technology (IT), including mobile medical applications, held its final meeting last week. This was in preparation for the submission of its final recommendations September 4th to the Health IT Policy Committee—a federal advisory committee established under the Health Information Technology and Economic and Clinical Health (HITECH) Act in 2009.
As background, the Food and Drug Administration Safety Innovation Act (FDASIA) of 2012—passed and signed into law in July 2012—called for the HHS Secretary to work with the Food and Drug Administration (FDA), the Office of the National Coordinator for Health IT (ONC), and the Federal Communications Commission (FCC) to post a report within 18 months of enactment that contains proposed strategy and recommendations on an appropriate, risk-based regulatory framework pertaining to health IT, including mobile medical applications, that promotes innovation, protects patient safety, and avoids regulatory duplication.
The FDASIA workgroup’s latest report draft was posted for public review on August 13th. It contains many recommendations that align with those developed through a collaborative effort to develop an oversight framework for health IT, led by the Bipartisan Policy Center (BPC) and involving more than 100 experts and stakeholders across health care. These recommendations were included in the report, An Oversight Framework for Assuring Patient Safety in Health IT, which was released at a public event in February 2013.
The FDASIA workgroup recommendations that align with BPC’s framework include:
- Key principles of oversight that include a focus on shared learning, maximization of transparency, a non-punitive approach, identification of appropriate levels of accountability, and minimization of burden.
- A new framework that fosters both national accountability using national and international standards and a learning environment that encourages multiple solutions, continuous innovation, measurement of results, and participation.
- Better post-market surveillance of health IT, using a collaborative process with stakeholder participation.
The workgroup draft report also indicates that substantial additional regulation of health IT beyond what is currently in place is not warranted, with the exception of medical device data systems (MDDS), medical device accessories, certain forms of high risk clinical decision support, and higher risk software use cases, with which we agree. The draft report appropriately does not specifically define which agencies or organizations should carry out various aspects of the new framework.
Final recommendations from the FDASIA workgroup, along with public comments received by August 31, 2013 in response to an HHS formal FDASIA Request for Comments on the Development of a Risk-Based Regulatory Framework and Strategy for Health IT, are expected to inform the Secretary’s report, which is to be completed by January 2014.
BPC commends the administration for its thoughtful, inclusive approach towards informing its proposed strategy and approach for a health IT oversight framework, including the workgroup and its request for public comments. To that end, we encourage the administration to take into consideration input received through these processes, as well as its final recommendations for a risk-based regulatory framework for health IT, in any federal policy or guidance to be released that addresses issues covered by Section 618 of FDASIA.
BPC is in the process of drafting formal public comments on a risk-based regulatory framework to submit to HHS by the August 31 deadline in response to its request for comments, and plans to include additional reactions and input to the other findings and recommendations included in the 53-page FDASIA Workgroup draft report as part of that submission.
About BPC’s Work in Patient Safety and Health IT
Through a collaborative six-month effort, BPC conducted research and engaged more than 100 experts and stakeholders representing clinicians, consumers, health plans, hospitals, patient safety organizations, and technology companies to develop a set of principles and recommendations for an oversight framework for health IT that protects patient safety, promotes innovation, is flexible, and has the support of experts and stakeholders across every sector of health care. Key principles and framework elements outlined in BPC’s report, An Oversight Framework for Assuring Patient Safety in Health Information Technology, are summarized below:
Principles for an Oversight Framework for Health IT Drawn from BPC Report:
- Any oversight framework for safety should recognize and support the important role that health IT plays in improving the quality, safety, and cost-effectiveness of care, as well as the patient’s experience of care.
- Assuring patient safety, along with enabling positive patient outcomes, is a shared responsibility that must involve the entire health care system, including those who develop, implement, and use health IT.
- Any framework for patient safety in health IT should be risk-based, flexible, and not stifle innovation.
- Existing safety and quality-related processes, systems, and standards should be leveraged for patient safety in health IT.
- Reporting of patient safety events related to health IT is essential; a non-punitive environment should be established to encourage reporting, learning, and improvement.
Key Elements of an Oversight Framework for Health IT Drawn from BPC Report:
- Agreement on and adherence to recognized standards and guidelines for assuring patient safety in the development, implementation, and use of health IT.
- Support for the implementation of standards and guidelines as well as development and dissemination of best practices through education, training, and technical assistance.
- Participation in patient safety activities, including reporting, analysis, and response, by those who develop, implement, and use clinical software, while leveraging patient safety organizations.
- Creation of a learning environment through the aggregation and analysis of data to identify and monitor trends, mitigate future risk, and facilitate learning and improvement.
- Bipartisan Policy Center Resources on Oversight Framework
- Latest FDASIA Workgroup Recommendations, as of August 13, 2013
- HHS FDASIA Request for Comments on the Development of a Risk-Based Regulatory Framework and Strategy for Health IT (due August 31, 2013)
- BPC Report: An Oversight Framework for Assuring Patient Safety in Health Information Technology