July 17, 2019

July 16, 2019

Subscribe to Latest Legal News and Analysis

July 15, 2019

Subscribe to Latest Legal News and Analysis

Tri-Agency Health Information Technology Report Issued

Today, the three federal agencies charged with regulating components of health information technology (“Health IT”) issued their long-awaited Health IT Report: Proposed Strategy and Recommendations for a Risk-Based Framework (the “Report”).  The Report seeks to develop a strategy to address a risk-based regulatory framework for health information technology that promotes innovation, protects patient safety, and avoids regulatory duplication.

Congress mandated the development of the Report as part of the 2012 Food and Drug Administration Safety and Innovation Act, requiring the Food and Drug Administration (“FDA”), the Office of the National Coordinator for Health Information Technology (“ONC”), and the Federal Communications Commission (“FCC”) to coordinate their efforts to regulate Health IT.  Notably, the Report identifies and distinguishes between three types of Health IT: (i) health administration Health IT, (ii) health management Health IT, and (iii) medical device Health IT.

The recommendations in the Report include continued interagency cooperation and collaboration, the creation of a public-private safety entity—the Health IT Safety Center—and a risk based approach to the regulation of Health IT.  The Report emphasizes that the functionality of Health IT and not the platform for the technology (mobile, cloud-based, or installed software) should drive the analysis of the risk and the regulatory controls on Health IT.

In very good news for the Health IT community, the Report included a recommendation that, “no new or additional areas of FDA oversight are needed.”  The report emphasized that even if the functionality of health management Health IT meets the statutory definition of a medical device, the FDA will not focus its oversight attention in this area.  The Report gives additional guidance on clinical decision support (“CDS”) tools, clarifying that a number of CDS tools can be categorized as health management Health IT and do not require further regulation by FDA.  However, the Report noted that certain types of CDS tools that are currently regulated as medical devices by the FDA would continue to be so regulated.  These FDA-regulated CDS tools include computer aided detection and diagnostic software and robotic surgical planning and control tools.

The agencies intend to convene a public meeting on the proposed strategy within 90 days and to finalize the Report based on public input.

©1994-2019 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.


About this Author

Ellen L. Janos, Health care attorney, mintz levin law firm

Ellen specializes in providing regulatory and strategic advice to health care clients of all types, including hospitals, long-term care facilities, hospices, retail pharmacies, PBMs, and pharmaceutical manufacturers.

She also represents companies doing business with, and investing in, health care providers. She represents clients in Medicare, Medicaid, and third-party payor audits and investigations; in the development of corporate compliance programs, HIPAA, privacy and security compliance initiatives; and in the negotiation and implementation of Corporate Integrity Agreements. She...

Kate Stewart, Mintz Levin Law Firm, Boston, Health Care Law Attorney

Kate’s practice involves a variety of regulatory and transactional matters for healthcare providers, including hospitals, physician groups, clinical laboratories, retail health clinics, and pharmacies.  

Kate counsels health care clients on HIPAA compliance, telemedicine practice, licensure and scope of practice issues, clinical trial compliance, physician contracting and the federal Physician Payments Sunshine Act. 

For both Covered Entities and Business Associates, she has advised on initial implementation and updates to HIPAA-mandated policies and procedures, contracting matters, and analysis of and response to potential breaches under HIPAA and state data breach rules. She provided in-house HIPAA guidance to a third-party administrator during a secondment from the firm.  

In her transactional practice, Kate advises providers, payers, and investors in mergers and acquisition and joint ventures. 

Kate also counsels a variety of nonprofit organizations on entity formation, governance, tax-exemption issues, and mergers and acquisitions.   

Prior to joining Mintz Levin, Kate served as a law fellow at the O’Neill Institute for National and Global Health Law at Georgetown University. Her work there focused on international health governance, pre-exposure prophylaxis for HIV/AIDS, and food and drug safety issues.