Health IT Safety Regs Coming SoonThree Agencies to Release Proposal in March
Federal regulators aim to release by the end of March a report that proposes a risk-based regulatory framework to help ensure that patient safety is maintained as the use of electronic health records, wireless medical devices, mobile applications and other health IT continues to expand. The report will address cybersecurity issues.
The Office the National Coordinator for Health IT, the Food and Drug Administration and the Federal Communications Commission are co-developing the risk-based regulatory framework for health IT based on recommendations made last summer by an HIT Policy Committee workgroup (see Advisers Tackle Health Safety IT Issues).
Industry speculation was that the framework report would be unveiled by regulators at a session during the 2014 HIMSS Conference. During that Feb. 25 session, however, leaders of ONC, FCC and FDA instead provided an overview of the effort, saying the report was under review by the Department of Health and Human Services and a number of other government agencies. Once the report is released in March, FDA, ONC and FCC will collaboratively seek comment from industry stakeholders before issuing a final version of the framework.
The effort to create a risk-based regulatory framework for health IT was mandated by Congress in the Food and Drug Administration Safety Innovation Act of 2012.
The upcoming report will be a draft proposal for the framework, Bakul Patel, senior policy adviser to the director of the Center for Devices and Radiological Health at the FDA, told the HIMSS audience. Even after the report is reviewed by various government agencies and then publicly released, federal regulators will seek additional public comment before finalizing any regulations for health IT.
Patel tells Information Security Media Group that "cybersecurity threats are one of the risks that need to be considered" in health IT products and a risk management framework.
Jodi Daniel, ONC director of policy planning, points out that the framework will pinpoint areas of highest risk. For example, the decision support functionality that's embedded in an EHR has higher risks for patient safety than an a feature allowing an administrative function, she explains.
"HIT safety is not just about product design, it's how it's implemented, revised, updated," Daniel says. It's about the safety risks that can evolve during the lifecycle of the product, she adds.
Opposition to Framework
Even though Congress mandated the framework, there has been pushback by some members of Congress who are opposed to the FDA regulating health IT because they fear it will dash innovation. For instance, legislation was recently introduced by Senators Angus King, I-Maine, and Deb Fischer, R-Neb., that seeks to remove FDA oversight over clinical software.
Patel says the FDA "has a process in place to engage Congress" in the risk framework effort. "There's a role for everyone," he says.
Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.