Health care providers and consumers are increasingly using mobile technology to exchange information. Many health IT providers readily acknowledge that some level of oversight is required to ensure patient safety and privacy protections, but many providers question whether the FDA is the right agency for the job and want to see the FDASIA recommendations.

Can the FDA, with its already limited resources and lengthy review cycles, regulate the fast-moving health IT industry? Should it? Health IT is fundamentally different from a medical device in many ways. For oversight purposes, the key differentiator between the two is the opportunity for clinical intervention in the use of health IT. Many medical devices interact directly with the patient (such as an infusion pump or pacemaker). Most health IT, on the other hand, merely provides information to clinicians, who ultimately make independent, experienced care decisions. Physicians are informed, but not controlled, by the information. This leads to a vast difference in the patient risk proposition and rigid regulatory oversight is not appropriate.

Advocates of a broad health IT oversight framework – which encompasses mobile health IT – are urging the FDA to delay release of its final guidance, particularly in light of a July 2012 Congressional mandate for the creation of a comprehensive oversight framework that avoids regulatory duplication.

But some mobile medical application developers are pressing the FDA to move forward immediately, believing its guidance will reduce the regulatory uncertainty that they believe is stifling innovation and investment in some aspects of mHealth.


The Draft Mobile Guidance states that the FDA does not presently intend to regulate electronic medical textbooks, apps that automate general office operations, and EHR apps…yet. That implied “yet” has given many in the health IT industry a pause. Contrary to the hopes of those who expect the Mobile Guidance, once finalized, to provide regulatory certainty to the mHealth industry, that “yet” underscores the fundamental uncertainty inherent in reliance on regulatory guidance – guidance is not binding and can be revised by the issuing agency at any time.

Recent FDA hearings have provided some clarity regarding specific categories of apps that will or will not be regulated, at least in the immediate term (see http://www.eweek.com/mobile/fda-clarifies-plans-for-mobile-health-app-regulation/). But gray areas remain depending on how the FDA ends up interpreting its own obligations, and a staggering number of apps could easily fall within the FDA’s regulatory purview.

For example, if the FDA regulates apps acting as clinical decision support tools (apps that essentially collect information, convert it using algorithms and provide a patient-specific result), reference tools like prescription reference apps, drug interaction checkers, and even arguably, EHRs, could become subject to FDA regulation. This would result in the regulation of technology merely because it automates a calculation that could be done by a physician less efficiently and with much greater possibility of human error. The Draft Guidance could result in the regulation of information delivered to physicians via mobile technology—essentially regulating technology by supposed category (“mobile”) rather than by true function. Such an outcome would stifle progress and innovation in the burgeoning mobile health IT industry, to the detriment of patients, care providers and the health care system.

Overbroad, heavy-handed regulation can and does stifle innovation. As the mHealth Regulatory Coalition has correctly pointed out, regulatory uncertainty can have no less an innovation-stifling effect. Congress’s FDASIA mandate is correct: any permanent oversight framework should be risk-based, appropriately taking into account the vastly different risk profiles of health IT compared to traditional medical devices. It should protect patients, while promoting innovation and avoiding regulatory duplication (both of which also protect patients, by allowing innovation to flourish).

The FDASIA Workgroup is working at a rapid pace not often seen in Washington. Final Mobile Guidance is unnecessary, would create rather than alleviate regulatory uncertainty, and would arguably be counter to Congress’s express mandate to avoid regulatory duplication.

Rebecca L. Jewell, Esq., is the assistant general counsel at Epocrates, Inc., an athenahealth company. Dan Haley is the vice president of government and regulatory affairs at athenahealth.

Share on Twitter

7 Responses for “Regulating Health IT: When, Who, and How?”

  1. Bobby Gladd says:

    Has the requisite FDASIA Section 618 Health IT report been published? That was due by July 4th, 2013, was it not?

  2. Sandra_Raup says:

    Thanks for the information. Usually risk/benefit is a balancing test. I’m the first one to say safety is important, and it certainly is not adequately addressed in healthcare right now. But we have to balance “risk of not enough or timely information” against “too many barriers from fear of having the wrong information”. I also believe “do no harm” is important – so do not want people to make decisions based on the wrong information or unduly risk uninformed information disclosure, but let’s not kid ourselves that what’s happening now is “risk free”. I don’t have all the answers – thanks for keeping the discussion going.

  3. Rob says:

    Is there any concrete evidence of harm done that would give some argument beyond theoretical considerations? Safety certainly is important, but I would say that many of the policies of payers do far more harm than any app would do. It just seems to be, to use a biblical analogy, straining out the gnat and swallowing the camel.

    • Sandra_Raup says:

      There is certainly evidence that physicians are at times held responsible for information they “should have known” but didn’t see or didn’t act upon. That’s a great fear of clinicians who argue against having tons of data available to them that they may not have the ability to digest and utilize. So do patients need to know enough to utilize the data themselves? Or do we need to create a system where all that data can be gathered and providers have a system of having that data available to them when it’s needed to avoid harm? I think it’s partly “yes” to both questions. The Quantified Self bunch seem to be moving on question one, and I think technology is moving in the direction of answering question two. I think providers, however, need to think about what information they do need at their fingertips and what they need to look at more retrospectively – it may help them figure out patterns but wouldn’t help immediately avoid harm. I don’t have the answers; I’m glad to have this conversation because I don’t think that there has been the right kind of communication to make physicians, other providers (LTC providers, dentists, etc.), consumers, family caretakers understand each others’ perspectives. Many in those groups need to stop advocating their position and start listening to others in the room, I think.

  4. The current vendor-based regulatory domain for connected devices and, in the future, connected apps is unsustainable because safety and effectiveness are increasingly beyond the control of the vendor. As devices and apps become part of a network, safety and effectiveness are determined by how they’re used, not how they’re made.

    It makes no sense to regulate construction crane vendors. It’s how the crane is installed and used that makes them safe, and that’s typically assessed by an independent inspection on-site.

    Medical schools are another example. A physician licensing exam is not seen as a barrier to innovation because clinical innovation happens afterward, in practice, in a network. Medical innovation safety and effectiveness are managed through decentralized peer review, open publication, open teaching and local institutional review boards. The only centralized gatekeepers have traditionally been publishers – but they, in turn, are a collection of competing and mostly volunteer peer reviewers. Secrecy is shunned in modern medicine.

    As we move paper-based medical practice into networked software and apps we seem to be losing sight of the big picture. If our experience with electronic health records is any guide, putting innovation under the control of proprietary vendors licensing secret code seems to be creating more problems of innovation, clinical usability and interoperability than we expected. Who do we know that’s eagerly waiting for Meaningful Use Stage 3?

    It’s unreasonable to expect the FDA to solve the innovation problem any more than we expect state medical licensing boards to solve innovation. Physicians must take ownership of our tools and systems as they become digital lest we become skilled, licensed technicians – like plumbers.

  5. Waldo says:

    When I originally commented I appear to have clicked the -Notify me
    when new comments are added- checkbox and now every time a comment is added I receive 4 emails with the same comment.
    There has to be an easy method you are able to remove me from that
    service? Cheers!

Leave a Reply

MASTHEAD STUFF

MATTHEW HOLT
Founder & Publisher

JOHN IRVINE
Executive Editor

JONATHAN HALVORSON
Editor

JOE FLOWER
Contributing Editor

MICHAEL MILLENSON
Contributing Editor

ALEX EPSTEIN
Director of Digital Media

MICHELLE NOTEBOOM Business Development

MUNIA MITRA, MD
Clinical Medicine

Vikram Khanna
Editor-At-Large, Wellness

THCB FROM A-Z

FOLLOW US ON TWITTER
@THCBStaff

WHERE IN THE WORLD WE ARE

The Health Care Blog (THCB) is based in San Francisco. We were founded in 2004 by Matthew Holt and John Irvine.

MEDIA REQUESTS

Interview Requests + Bookings. We like to talk. E-mail us.

BLOGGING
Yes. We're looking for bloggers. Send us your posts.

STORY TIPS
Breaking health care story? Drop us an e-mail.

CROSSPOSTS

We frequently accept crossposts from smaller blogs and major U.S. and International publications. You'll need syndication rights. Email a link to your submission.

WHAT WE'RE LOOKING FOR

Op-eds. Crossposts. Columns. Great ideas for improving the health care system. Pitches for healthcare-focused startups and business.Write ups of original research. Reviews of new healthcare products and startups. Data-driven analysis of health care trends. Policy proposals. E-mail us a copy of your piece in the body of your email or as a Google Doc. No phone calls please!

THCB PRESS

Healthcare focused e-books and videos for distribution via THCB and other channels like Amazon and Smashwords. Want to get involved? Send us a note telling us what you have in mind. Proposals should be no more than one page in length.

HEALTH SYSTEM $#@!!!
If you've healthcare professional or consumer and have had a recent experience with the U.S. health care system, either for good or bad, that you want the world to know about, tell us about it. Have a good health care story you think we should know about? Send story ideas and tips to editor@thehealthcareblog.com.

REPRINTS Questions on reprints, permissions and syndication to ad_sales@thehealthcareblog.com.

WHAT WE COVER

HEALTHCARE, GENERAL

Affordable Care Act
Business of Health Care
National health policy
Life on the front lines
Practice management
Hospital managment
Health plans
Prevention
Specialty practice
Oncology
Cardiology
Geriatrics
ENT
Emergency Medicine
Radiology
Nursing
Quality, Costs
Residency
Research
Medical education
Med School
CMS
CDC
HHS
FDA
Public Health
Wellness

HIT TOPICS
Apple
Analytics
athenahealth
Electronic medical records
EPIC
Design
Accountable care organizations
Meaningful use
Interoperability
Online Communities
Open Source
Privacy
Usability
Samsung
Social media
Tips and Tricks
Wearables
Workflow
Exchanges

EVENTS

TedMed
HIMSS South x South West
Health 2.0
WHCC
AHIP
AHIMA
Log in - Powered by WordPress.