For Richard Cook, M.D., the question of whether the U.S. Food and Drug Administration should regulate health information technology systems is a no-brainer.

Cook served as a member of the Institute of Medicine committee that issued a report on HIT safety in November 2011. The report was reluctant to embrace FDA regulation, but Cook issued a blistering dissent on that position.

HIT systems are clearly medical devices, asserted Cook, who at the time was director of the Cognitive Technologies Laboratory at the University of Chicago and is now a professor of health care system safety at the Royal Institute of Technology in Sweden. "Electronic medical records, digital imaging, provider order entry and test results delivery do not 'have an effect' on core medical functions, they are core medical functions," he wrote. These components, he added, "participate directly in diagnosis, cure, mitigation, treatment and prevention of specified individual human beings. Health I.T. is a medical device and FDA is or should be its regulatory body."

But there's plenty of room for debate over if and how the FDA and an alphabet soup of agencies and committees should take action. Linn Freedman, a partner in the Nixon Peabody law firm specializing in HIT issues, asserts that a medical mobile app linked to leads attached to or in the body to take physiological readings and upload data is invasive, a medical device and subject to regulation, she contends. But mobile apps that consumers use to record and track blood pressure, weight or other vital signs are informational and should not be subject to regulation. Nor should an EHR, Freedman contends. "How could a paper chart be considered a medical device? An EHR is no different except it takes all the information and puts it in one place. An EHR is informational; it's not touching the patient."

Into the middle ground is Luis Saldana, M.D., associate CMIO at Texas Health Resources, with 25 hospitals serving the Dallas-Fort Worth region. Providers, he says, often believe regulation doesn't solve anything and can get in the way. They want concrete steps on HIT safety from the government, "but not to embrace the highest levels of regulation unless found to be necessary," he adds. "We need to understand the issues and where we are before making the next moves."

The Institute of Medicine committee decided to stop short of recommending regulation by citing concerns that imposing FDA's lengthy process for giving market clearance to products was premature and could stifle HIT innovation.

However, it warned that if the industry did not self-police itself, it could well face regulation. The committee recommended that HHS annually monitor progress toward safety and reliability, and if it was deemed insufficient to "direct FDA to exercise all available authorities to regulate EHRs, health information exchanges and personal health records." Further, it called on the HHS Secretary to direct the FDA to develop a framework for regulation that would be in place if a higher level of oversight was necessary.

That effort, authorized by Congress under the Food and Drug Administration Safety and Innovation Act of 2012, is underway now. The FDA, working with the Office of the National Coordinator for Health Information Technology and the Federal Communications Commission, which has regulatory authority over wireless transmission of data, is expected to issue in January 2014 a proposed risk-based regulatory framework for health information technology.

In a separate but related initiative, the FDA expects by September 30 to finalize guidance for regulating certain medical mobile apps that are intended to perform a medical device function. The agency declined interview requests for this story.

In March 2013 testimony before a subcommittee of the U.S. House, Christy Foreman, director of the FDA office of device evaluation, explained that oversight of mobile apps will focus on those used as an accessory to a regulated medical device or which transform a mobile platform into a regulated medical device. Apps that perform the functionality of an EHR or personal health record would not be regulated under the mobile app regulation.

Other federal agencies that will have some degree of input into how to make health I.T. safer include the Centers for Medicare and Medicaid Services, the HHS Office for Civil Rights, the Agency for Healthcare Research and Quality, the National Institutes of Standards and Technology, and the Federal Trade Commission.

Joe Goedert’s feature story in the September issue of Health Data Management examines the debate behind moves to bring some degree of safety regulation to health information technology.

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access