Apr 8, 2014

A new draft report by the US Food and Drug Administration proposes establishing a nationwide framework for regulating health information technology and medical devices. The FDA’s new proposals would involve three federal agencies (The FDA, Federal Communications Commission and the Office of the National Coordinator for Health Information Technology) in oversight of mobile medical apps and related technologies, and are intended to coordinate the roles of those regulators.

Functional categories

The FDA report emphasizes a health IT framework based on product functionality rather than platform—whether a device uses a mobile, installed or cloud-based platform is less important than what it does, according to the agency.

Report authors first indentify three broad health IT categories based on functionality:

  • Administrative health IT functionality includes software used for healthcare admissions, billing and claims processing. The FDA recommends no additional requirements beyond current regulations for products and devices in this category.
  • Health management IT functionality includes software for health data capturing and management, clinical decision support systems, medication management and patient identification. The FDA considers these products as relatively low-risk compared to the benefits they provide, and does not propose any major regulatory changes for this functional category.
  • Medical device health IT functionality includes software for clinical detection and diagnoses, radiation treatment and planning, and robotic surgery planning and control. Again, the FDA proposes no new major requirements for this category of devices, but does intend to clarify how existing medical device regulation impacts these products.

Four priorities

Although the report proposes no substantial new regulations per se for health technology devices and equipment, four priority areas are laid out that indicate how the US regulatory environment would evolve for healthcare technologies and devices.

First, and perhaps most significantly for some health IT product developers, the FDA proposes applying broad quality management principles to its national health technology framework. How this goal may translate into actual FDA GMP quality management system requirements for medical device and technology developers is not clear; the report states that the agency does not consider a “formal regulatory approach” necessary, but also seeks input on how to handle stakeholder accountability for adopting quality management principles—including, interestingly, using non-governmental entities to assess compliance.

Second, the report recommends developing standards and best practices applicable to health IT market participants. Specific areas identified by the report as standing to benefit from standards and best practices include design and development, local implementation and customization, interoperability, quality management and risk management.

Third, the FDA would utilize existing conformity assessment tools such as product testing and quality system assessments to evaluate health IT products and systems. Again, the report mentions the possibility of using third-party and non-governmental organizations to perform conformity assessments to avoid overtaxing of regulatory resources.

Finally, regulators suggest ongoing collaboration efforts between government and private-sector organizations to deal with issues such as adverse events, training and education, and sharing data on methodologies, best practices and research. This priority would also include establishing a Health IT Safety Center as a public-private program for to build out the health IT framework. The proposed Center would provide a centralized repository of health IT data and advocate for more widespread use of health IT as a vital tool for patient safety. Issues including Health IT Safety Center governance, data capture methods and health IT safety surveillance practices need to be worked out further, states the FDA.

More health IT regulations ahead?

Clearly the FDA’s 2013 final guidance on oversight of mobile medical applications and technologies was not the agency’s last word on US health IT regulation.  Based on the report, though, it seems that the agency would prefer to take a less heavy-handed, more collaborative approach to ongoing oversight of this fast-moving, rapidly changing sector. The more nuanced the FDA’s approach, the better.

Stewart Eisenhart


  • Stewart Eisenhart