AAFP Offers Guidance on Framework for FDA Oversight of Health IT

July 16, 2014 09:27 am Sheri Porter

The ongoing national discussion regarding whether the FDA should regulate health information technology officially moved to the proposal stage in April. That's when the Federal Register(www.gpo.gov) published a request for comments on a newly released report titled FDA Safety and Innovation Act Health IT Report: Proposed Strategy and Recommendations for a Risk-Based Framework.(www.fda.gov)

[Two doctors sharing a laptop computer]

The report represents the combined efforts of the FDA, the Office of the National Coordinator for Health Information Technology and the Federal Communications Commission. It outlined a strategy for how the federal government -- with input from health care and health IT stakeholders -- should move forward as it develops a risk-based regulatory framework pertaining to health IT.

In an interview with AAFP News, Steven Waldren, M.D., director of the AAFP's Alliance for eHealth Innovation, said the issue is vitally important for family physicians.

"When considering FDA oversight of health IT products, the AAFP wants to ensure a balance between safety and innovation," said Waldren. "Ultimately, we need to separate those software products that have a low risk of harm to patients from those that have a high risk, and then focus our safety efforts on that high-risk group.

Story highlights
  • The AAFP responded to the FDA's invitation to comment on the agency's proposal for developing a risk-based regulatory framework for health information technology by offering several suggestions.
  • The Academy's letter focused specifically on health IT software that provides physicians with clinical decision support.
  • Clinical examples provided by the AAFP demonstrate how risk, transparency, competency and time should be considered before making decisions about possible regulatory oversight of a clinical decision support tool.

"Overregulation of software products that carry a low risk will only serve to inhibit and slow innovation at the very time the health care industry needs more proven health IT resources to flow into the market," he added.

Drawing on the AAFP's long-standing expertise in health IT -- and in light of its strong support for family physicians who are implementing electronic health records -- the Academy weighed in with comments and recommendations on the agencies' proposals.

In a July 2 letter(2 page PDF) to the FDA, AAFP Board Chair Jeff Cain, M.D., of Denver, noted the three categories of health IT functions covered in the report: administrative, health management and medical device.

The AAFP's comments focused on the medical device health IT functions -- specifically, clinical decision support (CDS) because it is viewed as a "type of health IT function that potentially straddles between medical device and the health management health IT functions," said Cain.

The report's authors specifically asked stakeholders such as the AAFP for guidance on what types of CDS functionality should be the focus of FDA oversight.

"The AAFP believes any given piece of CDS software should involve a three-part test in order to be regulated by the FDA," Cain said. The Academy recommended that the FDA

  • determine if the CDS software is considered a medical device,
  • assess whether the device poses enough risk to patients to merit regulation and
  • determine if the potential risk is "substantial."

The AAFP urged FDA regulation only if the software meets all three requirements and does not "fall under the (auspices) of the practice of medicine," an area over which the agency has no oversight.

Regarding the FDA's evaluation of potential risk to patients, the Academy spelled out its stance on how to determine what constitutes substantial risk by CDS by asking the FDA to focus on the

  • inherent morbidity and mortality risk of the medical decision being supported,
  • transparency regarding how the CDS recommendation was made,
  • competency of the intended user of the CDS, and
  • time available to the user to evaluate the recommendation and act on it.

The AAFP provided clinical examples to articulate how high inherent risk, low transparency, low competency and constrained time to evaluate could lead to a high-risk situation for the patient and, therefore, would warrant regulatory oversight.

Finally, Cain urged the FDA and the committee with which it worked to develop the report to "provide ample guidance to the industry" to limit confusion about when CDS would require FDA oversight.

Related AAFP News Coverage
Patient Safety Plan Calls on All Stakeholders to Examine Use of Health IT