Request for Comments on Risk-Based Regulatory Framework for Health IT

    View Author 18 June 2013

    An interagency working group – composed of the Food and Drug Administration (FDA), Office of the National Coordinator for Health Information Technology (ONC), and the Federal Communications Commission (FCC) – is seeking public comment on elements that should be considered in developing a risk-based regulatory framework for health information technology (IT), which promotes innovation, protects patient safety, and avoids regulatory duplication.  This effort is the outgrowth of several regulatory developments regarding mobile medical applications and health IT in general.

    Health IT significantly assists providers in clinical decision-making and empowers patients to make informed decisions that improve the quality of their lives.  Equally, health IT has the potential to cause harm to patients if it is not properly designed, developed, implemented or used.  In July 2011, FDA issued draft guidance, indicating its intent to regulate a subset of mobile medical applications as medical devices under the Federal Food, Drug, and Cosmetic Act (FFDCA).  Recognizing the importance of a coordinated regulatory approach, Congress tasked FDA, ONC, and FCC with developing a proposed risk-based regulatory framework for health IT.  The agencies formed the Food and Drug Administration Safety and Innovation Act (FDASIA) Workgroup to provide input and recommendations on issues relevant to developing a health IT regulatory framework. 

    In February, the Bipartisan Policy Center (BPC) released its recommendations for a risk-based regulatory framework specific to health IT.  BPC emphasized that FDA’s current regulatory approach for medical devices is not well-suited for health IT.  Unlike medical devices, in which safety is largely dependent on manufacturing, safety in health IT requires a shared responsibility among designers, developers, implementers, and users.  BPC’s recommendations received endorsements in March by health care industry representatives during a series of three House Energy and Commerce (E&C) Committee hearings on health IT.

    FDA, ONC, FCC, and the FDASIA Workgroup seek broad public comment on the following topics:

    • Taxonomy.  What types of health IT should be addressed by the report developed by FDA, ONC, and FCC?

    • Risk and Innovation.  What are the risks to patient safety posed by health IT and what is the likelihood of these risks?  What factors or approaches could be included in a risk-based regulatory approach for health IT to promote innovation and protect patient safety?

    • Regulation.  Are there current areas of regulatory overlap among FDA, ONC, and/or FCC, and if so, what are they?  Please be specific if possible. If there are areas of regulatory overlap, what, if any, actions should the agencies take to minimize this overlap? How can further duplication be avoided?

    Comments may be submitted electronically (, ID: HHS-OS-2013-0003-0001) until 11:59 p.m. Eastern Time, August 31, 2013.  Comments submitted by June 30, 2013 will be considered by the FDASIA Workgroup, who will make recommendations to FDA, ONC, and FCC.

    For assistance in preparing your comments or additional background on the request for comments, please contact Paul Besozzi, Mel Gates, Martie Kendrick, or Karen Thiel.