Ideas. Action. Results.

The Future Role of Government in Health Information Technology and Digital Health

Tuesday, February 27, 2018

Health IT Now and the Bipartisan Policy Center convened a work group of organizations representing clinicians, patients, hospitals, and technology companies to assess the current regulatory landscape, identify the most pressing needs of users, and develop consensus on the ideal future role of government in a post-meaningful use era, and a rapidly evolving delivery system and technology environment. 

Work group members came together with the common understanding that while robust specifications were helpful in the early stages of HITECH implementation, over time, the level of prescriptiveness regarding health information technology (IT) contained within the Centers for Medicare and Medicaid Services (CMS) Electronic Health Record (EHR) Incentive Programs, CMS’ Merit-based Incentive Payment System (MIPS), and the Office of the National Coordinator for Health Information Technology (ONC) Health IT Certification Program, have contributed to
dissatisfaction and increased burden among technology users and developers.

There is considerable recognition within the federal government of the unanticipated consequences of existing regulatory requirements on key stakeholders. In fact, a number of work streams are now underway within CMS and ONC to reduce burdens and advance regulatory reforms.


The federal government should provide assurances that core consumer protections are met, while leaving the evolution of products—including their features and functions—to the private sector. The federal government should continue to play a role in non-regulatory functions, such as funding research to identify successful practices and adopting consensus standards within its own health IT to signal government support.

The work group agreed on the following key principles for an ideal oversight framework for health IT and digital health:

1. Encourage innovation by being flexible, technologically neutral, and not overly prescriptive; encouraging good development processes, rather than specific features and functions; supporting minimally necessary standards and baseline protections; and avoiding creation of unreasonable barriers to entry.

2. Be risk-based, assuring that the level of oversight is based on the risk of harm to patients.

3. Be stable and predictable, meaning that any changes must be implemented with sufficient notice and not create or add to uncertainty.

4. Be accountable to the public and enforceable, by gaining considerable input, making performance transparent, and assuring enforcement, as applicable.

5. Reflect the principles of a learning health system, by undergoing continuous improvement and innovation and embedding best practices as new knowledge is captured through experience.

The oversight framework should address the following six technology outcomes:

1. Interoperability. Technology should facilitate interoperability and information sharing, which play a critical role—along with other technology outcomes—in advancing higher quality, more cost-effective, patient-centered care.

2. Usability. Technology should reflect evidence-based, user-centered design principles; human factors science; and best practices. It should not create unnecessary burden on end users. It should be culturally competent, enabling access by users with diverse languages and abilities.

3. Safety. Technology should not create patient harm. Instead, it should help reduce patient harm by supporting the delivery of safer care.

4. Security. Technology should assure that information is available and accessible only to authorized individuals and processes and also provide assurance that information is not altered or destroyed in an unauthorized manner.

5. Patient Access to Information. Technology should enable and not create barriers to patients’ access to their own health information.

6. Support for an Evolving Health Care System. Technology should be adaptable and flexible enough to meet the changing needs of users and an evolving health care system.

The Future Role of Government

The federal government’s future role in health IT and digital health across all technology outcomes should focus on the following functions:

1. Provide assurance that core consumer protections are met. The federal government should carry out its traditional role of assuring core consumer protections. Any other regulatory activities should be transitioned to private sector accreditation, certification, recognition, and/or standards bodies or–if appropriate–eliminated.

2. Recognize standards and promote their adoption. The federal government should recognize private sector consensus standards, adopt such standards within federal programs, utilize market-sensitive policy levers—such as incentives, rather than technology mandates or penalties—to promote their adoption and use, and promote
adoption through education.

3. Convene experts and stakeholders. The federal government should bring together stakeholders and experts to identify issues that need to be addressed and strategies to address those challenges.

4. Fund research and development activities. The federal government should invest in research and development activities to assess the current state of the field, define key challenges, and identify best practices and other solutions.

Transitioning to this future state will require the following:

1. HHS’ continued implementation of 21st Century Cures Act provisions which clarify the boundary between FDA-regulated and non-regulated health technology, including those related to digital health.123

2. Continued enforcement of existing laws and regulations that create level playing fields and fair markets, including those overseen by the Federal Trade Commission, the Department of Health and Human Services (HHS) Office of Civil Rights (OCR), the HHS Office of the Inspector General (OIG), the Federal Communications Commission (FCC), and other agencies that focus on specific issue areas related to fair commercial practices, security and privacy, and interoperability/information blocking.

3. Changes and reduction in scope of the ONC Health IT Certification Program, which would involve narrowing its focus to core consumer protections and transitioning other requirements to private sector efforts.

4. Implementation of 21st Century Cures Act provisions to support a safer, learning health system by allowing software developer reporting to patient safety organizations (PSOs) and participation in patient safety activities.4

5. Reduction of prescriptive technology and burdensome reporting requirements included in CMS quality improvement, payment, and delivery system reform programs.


Health IT Now (HITN) is a broad-based coalition of patient groups, provider organizations, employers, and payers that supports incentives to deploy health information technology to improve care, patient outcomes, and to lower costs.

Learn more at


  1. Public Law 114-255 (2016). 21st Century Cures Act. Available at:
  2. Food and Drug Administration. “Digital Health Software Precertification (Pre-Cert) Program.” 2017. Available at:
  3. Food and Drug Administration. “Digital Health Innovation Action Plan” 2017. Available at:
  4. Public Law 114-255 (2016). 21st Century Cures Act. Available at:


Attached files