In response to pressure from members of Congress, a group of federal health IT regulators is clarifying which authorities a proposed Health IT Safety Center would—and would not—have.
In 2012, the Food and Drug Administration Safety and Innovation Act (FDASIA) was passed into law, and with it a requirement that US Food and Drug Administration (FDA), the Office of the National Coordinator (ONC) for Health IT and the Federal Communication Commission all work together to develop a cohesive approach toward health IT.
Section 618 of FDASIA called for the group to specifically consider mobile medical applications, how to best promote innovation in health IT, patient safety and regulatory simplicity.
The overarching goal of the initiative was to simplify health IT regulations such that companies understand which agency's—FDA or FCC—requirements they will be expected to meet and how they can expect to meet them when they want to bring a new product to market.
FDA, FCC and ONC all said they were looking to consider three things:
- types of risk that may be posed by health IT that impact patient safety, the likelihood that these risks will be realized, and the impact of these considerations on a risk-based approach
- factors or approaches that could be included in a risk-based regulatory approach for health IT that also promote innovation and protect patient safety
- approaches to avoid duplicative or overlapping regulatory requirements
Proposed Health IT Safety Center
In April 2014, ONC, FDA and the FCC released their final report, Proposed Strategy and Recommendations for a Risk-Based Framework, in which they called for the creation of a so-called "Health IT Safety Center," which would be run by ONC as a public-private entity with input from FDA, FCC and the Agency for Healthcare Research and Quality (AHRQ).
The center would be charged with promoting patient safety, as well as "assisting in the creation of a sustainable, integrated health IT learning system that avoids regulatory duplication and leverages and complements existing and ongoing efforts," the group wrote.
But, as legislators noted, that plan—while ambitious—may be too ambitious. In fact, at least four top legislators on the House Energy and Commerce Committee expressed their concern that the proposed center would seek to engage in regulatory activities, which the legislators said it had not been authorized by legislators to do. In addition, the legislators said the plan might also encroach on the authority of FDA to regulate medical devices, and asked for assurances that the Health IT Safety Center would not do so.
ONC Defends Center
But in a response to those same legislators, Karen DeSalvo, the national coordinator for Health IT, said the intent of the Health IT Safety Center is to be a coordinating body—not a regulatory one.
"The report did not propose that the Health IT Safety Center would have the authority to regulate health IT," DeSalvo wrote. "The draft report recommends that no new or additional areas of FDA oversight are needed. Instead, the draft report promotes flexibility and recommends a 'limited narrowly tailored approach that primarily relies on ONC-coordinated activities and private sector capabilities,'" she wrote.
The center, she continued, would serve the purpose of reporting, aggregating and analyzing health IT-related safety issues for the benefit of industry and government entities.
That may well placate House Republicans, who have been focused in recent weeks on ways to improve the regulation of healthcare products, up to and including digital health technologies.
What remains to be seen, however, is how the proposed safety center would obtain funding. DeSalvo admitted in her letter that a plan to levy user fees on companies appeared to be outside of the ONC's statutory authority. Without a dedicated funding stream, ONC and FDA's proposal may well be starved of funding and unable to function.
ONC Response to E&C