In a proposed rule from the US Department of Health and Human Services (HHS), the agency is seeking input on whether to expand on the US Food and Drug Administration’s (FDA) digital health pre-certification (PreCert) program for purposes of health IT certification. Yet FDA has said it will limit PreCert participation, for now.
The 724-page proposed rule was unveiled on Monday by HHS’s Office of the National Coordinator for Health Information Technology (ONC). The move had been long-awaited by health IT developers, electronic health record systems vendors, care providers and patients, among many others, particularly since the enactment of the 21st Century Cures Act of 2016
. This was due to the lack of HHS regulations to achieve true interoperability and prevent information blocking—major barriers to patient health data.
“The proposed rule is designed to increase innovation and competition by giving patients and their health care providers secure access to health information and new tools, allowing for more choice in care and treatment,” ONC said
in its notice of proposed rulemaking. “It calls on the health care industry to adopt standardized application programming interfaces, which will help allow individuals to securely and easily access structured EHI [electronic health information] using smartphone applications.”
ONC proposed six deregulatory actions as part of its new regulation includes the recognition of relevant FDA certification processes. This provision features “a request for comment on the potential development of new processes” for the ONC Health IT Certification Program consistent with PreCert.
ONC and PreCert
Provisions of the Cures Act
prompted FDA to reimagine its approach to the regulation of digital health technologies. As a result, CDRH’s PreCert emerged in 2017 to begin exploring new approaches with the help from nine selected companies
. The 2019 action plan
for testing the PreCert concept will use both the excellence appraisal process and that of de novo classification requests, which provide a pathway for companies to establish new medical device types for which there are currently no set FDA regulations.
The goal of the PreCert pilot is to establish a more streamlined premarket review process for digital health tools that would expedite market entry to keep pace with their iterative nature. Temporary limitations of the program range from industry participation to the types of technologies.
Now, ONC is also proposing to offer additional benefits to those that participate in PreCert under new authority obtained from the Cures Act
. “We propose to establish processes that would provide health IT developers that can document holding precertification under the FDA Software Precertification Program with exemptions to the ONC Health IT Certification Program’s requirements for testing and certification of its health IT,” ONC said. The exemptions would cover two criteria under the 2015 Edition Health IT Certification Criteria
, though these would also receive certain updates under the proposed rule. The ONC criteria relate to quality management systems and safety-enhanced designs.
Yet the proposed recognition of PreCert for the purposes of ONC requirements hinges on the yet to be finalized framework. The 2019 test plan and the separately released framework for conducting the pilot within FDA’s current authorities resulted in another iteration of the PreCert working model, which made clear that the “innovative approach for software precertification…may require additional statutory authority to implement fully.” This can explain the decision to backpedal on CDRH’s 2018 commitment
to open up PreCert to more than the nine previously selected firms by the end of 2018.
Bakul Patel, associated director for digital health at CDRH, clarified during a PreCert webinar last week that the 2019 program will be limited to these nine companies in order to identify the areas in which additional authority would be required for others to participate.
PreCert will not only be limited to Apple, Verily, Phosphorus, Tidepool, Roche, Samsung, Fitbit, Johnson & Johnson and Pear Therapeutics but also to first-of-its-kind software as a medical device (SaMD). The 2019 limits are partly due to the increased burden CDRH is anticipating as it works to evaluate its two-pronged approach to reviewing selected de novo requests from PreCert pilot participants, Patel added.
ONC’s recognition of PreCert could cover clinical certification criteria, such as computerized provider order entry, clinical decision support and implantable devices, depending on CDRH’s final framework.
Recognition of PreCert for the purposes of the health IT certification program “may eventually be determined to be infeasible or insufficient to meet our goals of reducing burden and promoting innovation,” ONC said. Feedback is requested regarding sufficient operational alignment between ONC’s and CDRH’s programs. ONC also requested input on whether to take the same approach that CDRH took for PreCert for its health IT certification program. This relates to establishing “new regulatory processes tailored towards recognizing the unique characteristics of health IT by looking first at the health IT developer, rather than primarily at the health IT presented for certification,” ONC said.
In collaboration with the Federal Communications Commission, FDA and ONC previously proposed a new strategy and recommendations for a risk-based approach to health IT regulation in a 2014 interagency report