The federal government should provide assurances that core consumer protections are met, while leaving the evolution of products—including their features and functions—to the private sector. The federal government should continue to play a role in non-regulatory functions, such as funding research to identify successful practices and adopting consensus standards within its own health IT to signal government support.
The work group agreed on the following key principles for an ideal oversight framework for health IT and digital health:
1. Encourage innovation by being flexible, technologically neutral, and not overly prescriptive; encouraging good development processes, rather than specific features and functions; supporting minimally necessary standards and baseline protections; and avoiding creation of unreasonable barriers to entry.
2. Be risk-based, assuring that the level of oversight is based on the risk of harm to patients.
3. Be stable and predictable, meaning that any changes must be implemented with sufficient notice and not create or add to uncertainty.
4. Be accountable to the public and enforceable, by gaining considerable input, making performance transparent, and assuring enforcement, as applicable.
5. Reflect the principles of a learning health system, by undergoing continuous improvement and innovation and embedding best practices as new knowledge is captured through experience.
The oversight framework should address the following six technology outcomes:
1. Interoperability. Technology should facilitate interoperability and information sharing, which play a critical role—along with other technology outcomes—in advancing higher quality, more cost-effective, patient-centered care.
2. Usability. Technology should reflect evidence-based, user-centered design principles; human factors science; and best practices. It should not create unnecessary burden on end users. It should be culturally competent, enabling access by users with diverse languages and abilities.
3. Safety. Technology should not create patient harm. Instead, it should help reduce patient harm by supporting the delivery of safer care.
4. Security. Technology should assure that information is available and accessible only to authorized individuals and processes and also provide assurance that information is not altered or destroyed in an unauthorized manner.
5. Patient Access to Information. Technology should enable and not create barriers to patients’ access to their own health information.
6. Support for an Evolving Health Care System. Technology should be adaptable and flexible enough to meet the changing needs of users and an evolving health care system.