The new federal regulatory framework proposed earlier this month for healthcare IT software is getting generally positive reviews from the radiology community. A first look at the proposal indicates that it strikes a balance between promoting innovation and protecting patient safety.
On April 3, a collection of U.S. government agencies released the Food and Drug Administration Safety and Innovation Act (FDASIA) Health IT Report, which proposes a three-tiered regulatory framework that features risk-based categorization and regulation of HIT software, as well as a number of nonregulatory initiatives designed to improve HIT.
The report was produced by the U.S. Food and Drug Administration (FDA) in collaboration with the Office of the National Coordinator for Health Information Technology (ONC) and the Federal Communications Commission (FCC).
Validating the current paradigm
The report is more of a validation and further explanation of the current regulatory paradigm, rather than a change in the way HIT functionality is regulated, noted Michael Peters, director of regulatory and legislative affairs for the American College of Radiology (ACR). He believes the report is consistent with the agency's approach prior to passing FDASIA, as well as its risk-based approach to mobile medical apps and other recent actions regarding patient safety.
Indeed, the FDASIA Health IT Report confirms that regulation of medical imaging informatics products will remain under the purview of the FDA, according to the Medical Imaging and Technology Alliance (MITA), which praised the report. Gail Rodriguez, MITA's executive director, said the organization is pleased that the report sets forth a logical and coherent regulatory structure and that it provides for jurisdictional boundaries between the FDA, FCC, and ONC.
"MITA commends FDA for developing the framework, and we look forward to ongoing collaboration with FDA to address details of how it will actually operate," Rodriguez said.
Areas of focus
In their report, the agencies advocate a "limited, narrowly tailored approach that primarily relies on ONC-coordinated activities and private-sector capabilities." In addition, they did not recommend any new or additional areas for oversight by the FDA.
Under the proposed framework, health IT products would be categorized into three categories based on their function and risk level:
- Administrative health IT functions
- Health management health IT functions
- Medical device health IT functions
The FDA will only focus its attention and oversight on the third group, medical device health IT functions.
The agencies believe that administrative health IT functionalities (such as billing and claims processing, practice and inventory management, and scheduling) pose limited or no risk to patient safety and do not require additional oversight. Health management functionalities include health information and data exchange, data capture and encounter documentation, electronic access to clinical results, most clinical decision support, medication management, electronic communication and coordination, provider order entry, knowledge management, and patient identification and matching; these also will not be an area of focus.
"We believe the potential safety risks posed by health management health IT functionality are generally low compared to the potential benefits, and that strategies to assure a favorable benefit-risk profile of these functionalities should adopt a holistic view of the health IT sociotechnical system," they wrote. "As such, if a product with health management health IT functionality meets the statutory definition of a medical device, FDA does not intend to focus its oversight on it."
Instead, the FDA will continue to focus on medical device health IT functionality, such as computer-aided detection (CAD) software, remote display or notification of real-time alarms from bedside monitors, and robotic surgical planning and control.
"Such products are already the focus of FDA's oversight because they generally pose greater risks to patient safety than administrative or health management health IT functionality, and FDA oversight is better suited to provide assurance of safety and effectiveness for these functionalities," the agencies wrote.
Just as it did in its guidance last year on mobile medical applications, the FDA reiterated that it employs a focused approach to standalone medical software that considers its functionality rather than its platform.
Priority areas
As part of the framework, the agencies have also identified four priority areas to more fully realize the benefits of health IT:
- Promote the use of quality management principles
- Identify, develop, and adopt standards and best practices
- Leverage conformity assessment tools
- Create an environment of learning and continual improvement
These priority areas can all be tailored using a risk-based approach, have relevance at all stages of the health IT product life cycle and to all health IT stakeholders, and support both innovation and product safety, according to the agencies.
"In each of these priority areas, we believe the private sector can play a strong role," they wrote.
The agencies also believe that creating a Health IT Safety Center would be an additional key component in the health IT framework as it relates to health management. This center would be a public-private initiative created by ONC in collaboration with the FDA, FCC, and Agency for Healthcare Research and Quality (AHRQ). Other federal agencies and health IT stakeholders would also be involved.
Clinical decision support
Notably, the FDASIA report also took steps toward clarifying questions regarding the regulation of clinical decision-support (CDS) software. Under the proposed framework, most of the products that would be considered CDS would be categorized as health management health IT functionality (and, therefore, not an area of focus for the FDA).
The agencies believe that nonregulatory approaches (quality management principles, standards and best practices, conformity assessments, and learning environment and continual improvement) described in the health management IT framework can be selectively applied to mitigate any safety risks posed by these types of software.
"In applying a risk-based approach, FDA does not intend to focus its regulatory oversight on these [CDS] products/functionalities, even if they meet the statutory definition of a medical device," the agencies wrote.
The agencies also recommend that health IT stakeholders work together to develop policies for the transparent disclosure of rules and information sources underlying individual health management IT CDS functionalities and products.
Continued oversight
A small subset of CDS software -- some of which is used in radiology and radiation oncology -- that consists of medical device health IT functionality does warrant continued focus and oversight by the FDA, according to the report. Examples include the following:
- Computer-aided detection/diagnostic software
- Remote display of notification of real-time alarms from bedside monitors
- Radiation treatment planning
- Robotic surgical planning and control
- Electrocardiography analytical software
"FDA will work with federal and private stakeholders to clarify the types of medical device clinical decision support that should be the focus of FDA's oversight," they wrote.
The agencies are seeking specific public input on clinical decision-support issues, including what types of CDS functionality should be subject to the health management IT framework and what types should be the focus of FDA oversight. They would also like to receive comments about how the priority areas identified in the Health Management Health IT Framework should be applied to CDS, and whether any additional safeguards for CDS, such as greater transparency with respect to CDS rules, are needed to appropriately balance patient safety and the promotion of innovation.
Clinical decision-support provider Medicalis is very supportive of the report, said John Delong, vice president of marketing.
"Medicalis does not see itself fitting into the CDS category that will require FDA oversight, so there is little to no impact to our current sales, deployment, or support model for decision support," he said.
Bob Cooke, vice president of marketing and strategy for National Decision Support Company, said the scientific rigor behind the ACR Select appropriate use criteria and its integration with computerized physician order-entry systems "go hand in hand with the intent to build a more formal process for CDS criteria as contemplated by the FDASIA report."
"These are important steps toward helping physicians comply with the newly passed Protecting Access to Medicare Act," aka the sustainable growth rate fix, Cooke told AuntMinnie.com. "We will be working in collaboration with the ACR to develop our comments to this document."
Next steps
The agencies involved in the FDASIA report are now seeking public comment on whether the proposed focus areas are appropriate and whether the steps proposed "will lead to an environment where patient safety is protected, innovation is promoted, and regulatory duplication is avoided," they wrote.
A public meeting will also be convened to discuss the proposed strategy and recommendations included in the report within 90 days.
ACR has participated in the stakeholder discussions, reviewed the report, and plans to submit comments under the leadership of its IT and Informatics Committee, ACR's Peters said.
The most important developments from the report will come during actual implementation of the framework, Peters noted.
"For example, potential guidance development activities at FDA related to CDS types that should fall into the third category [medical device HIT functionality] and the formulation of the public-private HIT Safety Center to address that second category [health management HIT functionality]," he said. "I think ACR will want to continue to be closely involved and help our federal agency partners when and where we can."