Catalyst Corner: May/June 2014

by Marsha K. Millonig, R.Ph., M.B.A.

The FDA, in consult with the Office of the National Coordinator for Health Information Technology (ONC) and the Federal Communications Commission (FCC), recently released a report outlining recommendations for regulating health information technology, as required by the Food and Drug Administration Safety and Innovation Act (FDASIA). The new FDA report, entitled FDASIA Health IT Report, contains a proposed strategy and recommendation on an appropriate, risk-based framework for regulating HIT, including mobile applications. In the introduction, the authors point out that “A nationwide health information technology (health IT) infrastructure can offer tremendous benefits to the American public, including the prevention of medical errors, improved efficiency and health care quality, reduced costs, and increased consumer engagement. However, if health IT is not designed, developed, implemented, maintained, or used properly, it can pose risks to patients.” The report’s recommendations are designed to address these risks. The framework is to “promote innovation, protect patient safety and avoid regulatory duplication.” The report is based on significant public comments that were sought by the FDASIA Workgroup between May and August 2013. See the link to download the report in the box at right. The majority of the group’s recommendations reflect this stakeholder input.

Briefly, the FDASIA Workgroup writes that they assumed that “risks to patient safety and steps to promote innovation: 1) can occur at all stages of the health IT product lifecycle; and 2) must consider the complex sociotechnical ecosystem in which these products are developed, implemented, and used.” The group has taken a limited, narrowly tailored approach, relying on ONC-coordinated activities and private-sector capabilities. They do not recommend new or additional areas of FDA oversight. Instead, they wish to foster the development of a culture of safety and quality; leverage standards and best practices; employ industry-led testing and certification; and selectively use tools such as voluntary listing, reporting, and training to enable the development of a healthcare environment that is transparent and promotes learning to foster continual health IT improvement. They specifically say they do not believe that regulation should be or needs to be the first avenue used to meet these outcomes. That’s a refreshing approach, given how highly regulated the entire health IT process has become.

Web Site Resource

The new FDA report, entitled FDASIA Health IT Report, contains a proposed strategy and recommendation on an appropriate, risk-based framework for regulating HIT, including mobile applications.

http://www.fda.gov/    downloads/ AboutFDA/

Three areas of health IT identified in the report, and around which recommendations are framed, are: 1) administrative health IT functions, 2) health management health IT functions, and 3) medical device health IT functions. Administrative functions include:

  • Admissions.

  • Billing and claims processing.

  • Practice and inventory management.

  • Scheduling.

  • General purpose communications.

  • Analysis of historical claims data to predict future utilization or cost-effectiveness.

  • Determination on health benefit eligibility.

  • Population health management.

  • Communicable disease reporting to public health agencies.

  • Quality measure reporting.

The workgroup says these functions pose limited or no risk to patient safety. As a result, they suggest no further oversight is needed.

  • Health management health IT functions include:

  • Health information and data management.

  • Data capture and encounter documentation.

  • Electronic access to clinical results.

  • Most clinical decision support.

  • Medication management (electronic medication administration records).

  • Electronic communication and coordination (e.g., provider to patient, patient to provider, provider to provider, etc.).

  • Provider order entry.

  • Knowledge (clinical evidence) management.

  • Patient identification and matching.

I encourage readers to download the report. After receiving public input and finalizing the proposed strategy and recommendations, the agencies intend to actively engage stakeholders in an ongoing collaborative effort to implement the framework.

Here, the workgroup notes that the potential safety risks posed by health management health IT functionality are generally low, compared to the potential benefits, and must be addressed by looking at the entire health IT ecosystem rather than single, targeted solutions. The group goes on to say that “If such health management health IT functionality meets the statutory definition of a medical device, FDA does not intend to focus its regulatory oversight on such functionality because the agencies’ proposed strategy and recommendations for a risk-based framework for health management health IT, adequately assures a favorable risk benefit profile.”

The framework proposed for the health management health IT functions includes four key priority areas:

  • Promote the use of quality management principles.

  • Identify, develop, and adopt standards and best practices.

  • Leverage conformity assessment tools.

  • Create an environment of learning and continual improvement.

Specifically, the workgroup says the identification, development, and adoption of applicable health IT standards and best practices can help to deliver consistently high- quality health IT products and services to consumers. The specific focus areas for standards and best practices implementation identified are:

  • Health IT design and development, including usability.

  • Local implementation, customization, and maintenance of health IT.

  • Interoperability.

  • Quality management, including quality systems.

  • Risk management.

The creation of a Health IT Safety Center as a public- private entity with broad stakeholder engagement is called for under the auspices of ONC. It would include a governance structure for a sustainable, integrated health IT learning system and avoid regulatory duplication — and leverages and complements existing and ongoing efforts.

Finally, the third area, medical device health IT functionality, refers to computer-aided detection software, remote display or notification of real-time alarms from the bedside or home, robotic surgical planning, and control systems, among others. These systems are already the focus of FDA oversight because they pose greater risks to patient safety than the other two areas. The workgroup continues to recommend the FDA oversight approach.

I encourage ComputerTalk readers to download the report. After receiving public input and finalizing the proposed strategy and recommendations, the agencies intend to actively engage stakeholders in an ongoing collaborative effort to implement the framework. CT


Marsha K. Millonig, R.Ph., M.B.A., is president of Catalyst Enterprises, LLC, in Eagan, Minn. The firm provides consulting, research, and writing services to help industry players provide services more efficiently and implement new services for future growth. The author can be reached at mmillonig@ catalystenterprises.net.