Health IT policy group debates merits of bringing FDA, others into EHR certification process.
The Health IT Policy Committee's certification workgroup is considering whether working with the Food and Drug Administration to craft a certification program for electronic health record systems would improve patient safety.
On one side are those who argue that the FDA could add significant value in crafting a program. "We could collaborate on certification criteria that improves patient safety," says Paul Egerman, healthcare software entrepreneur and co-chair of the certification and adoption workgroup. The Office of the National Coordinator for Health IT (ONC) and the FDA could use the agency's Quality Systems Regulation as a point of reference to see what parts might work well for EHR systems, Egerman said.
A post-market surveillance process would need to be developed to give software buyers, such as hospitals, physicians and consumers, a way to report vendors who aren't compliant with certification criteria, Egerman said. "The certification organization could then issue a warning or revoke the vendor's certification," he said. "That's a powerful lever, and the FDA can help us figure out the process, because the devil is in the details."
Not everyone agreed. The FDA might not be the best organization to help the ONC create an environment where people feel comfortable coming forward with incident reports, said Carl Dvorak, executive VP at EHR system provider Epic Systems and a workgroup member
Dvorak said he's also concerned that the FDA's QSR process wouldn't address problems people spoke about in recent workgroup testimony. "If the mission is to build a safer system, I don't know that the FDA can contribute toward that mission," he said.
The ONC is restricted to governing EMR certification so there may be instances where the FDA's greater leverage would be valuable, such as with pharmacies that use software that can't process cancellations or give compliance data back to physicians, Egerman said. "There are no policy levers at ONC to help us fix that," he said.
Dvorak suggested the Centers for Medicare and Medicaid Services (CMS) as a better partner for ONC. It's more likely to have the skills and processes needed enforce IT requirements at pharmacies, for example, he said.
Egerman said he favors the FDA as "potentially a valuable ally" but is sensitive to concerns that some FDA processes might be disincentives to innovation. Egerman said he had gone through the FDA software approval process with a company he owned. It added "a six-figure cost" to the software and restricted the amount of new development because each improvement would have triggered additional FDA approval processes, he said.
The FDA usually kicks into action only after a death or serious injury, other workgroup members noted. The ONC needs to create a system that would bring mere unsafe conditions to light, they said.
Workgroup member Joan Ash, professor and vice chair of the Department of Medical Informatics and Clinical Epidemiology at Oregon Health & Science University's School of Medicine, said, any surveillance process needs to appreciate that "these devices are embedded into a larger socio-technical system."
In an effort to move the discussion forward, Egerman added that the certification program needs to be "as good as it can be. This is a way we can put some patient safety concepts into it."
Egerman then asked, "Do we want to work with the FDA--that is the fundamental question?" HIT Policy Committee co-chair Paul Tang, M.D., chief medical information officer at the Palo Alto Medical Foundation, responded: "The FDA has advice to give us, so we don't want to not talk with them. They want to talk with us."
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.