FDA Creates Working Group on Regulation of Electronic Health Record Systems

April 2, 2009
4 minutes

FDA's Center for Devices and Radiological Health (CDRH) has created a working group to examine whether and how FDA should regulate electronic health record (EHR) systems. The working group includes representatives from CDRH's Office of Device Evaluation (ODE), Office of Compliance, Office of Science and Engineering Laboratories (OSEL), and Office of Surveillance and Biometrics (OSB). Although FDA has long known that it eventually would have to address EHR regulation, the issue has taken on a new urgency in light of President Obama's stimulus plan, which allocates $19 billion to facilitate the adoption of EHR systems. FDA's development of policy in this area will directly affect the regulatory burdens faced by developers and distributors of EHR systems and related software.

While there is no standard definition of EHRs, such systems generally aid in patient management by maintaining, displaying, and organizing patients' laboratory results, allergies, prescribed medications, diagnoses, and other important health information. EHRs also may include more sophisticated functionality such as order entry and management, decision support, online communication among medical team members, telemonitoring, clinical alerts and reminders, and tools for data analysis. These systems hold the promise of improving health care and generating efficiencies by easing access to health information, streamlining decision making, and helping to minimize medical errors.

FDA's working group is likely to examine how EHR systems and related software fit within the Federal Food, Drug, and Cosmetic Act's broad definition of "medical device." The group also will likely consider whether widespread use and integration of EHRs into medical practice carries with it the risk of patient harm. For example, one study of a hospital's computerized physician ordering entry system found 22 instances in which the computerized system increased – rather than decreased – the possibility of patient harm. (The study, entitled "The Role of Computerized Physician Order Entry Systems in Facilitating Medication Errors," was published by the Journal of the American Medical Association in 2005). Prominent scholars have recently argued that regulation is required to prevent such harm as well as to safeguard patient privacy.

The working group can be expected to survey the current state of EHR functionality as well as the likely future direction of EHRs. The more FDA finds that such systems function largely as electronic equivalents of traditional paper recordkeeping systems, the less likely it is that FDA will seek to regulate them actively. By contrast, to the extent that FDA finds such systems have clinically directive functions that health care providers may come to rely upon in treating patients, the more likely it is that FDA will scrutinize EHRs closely and consider actively regulating them. One option that FDA will likely consider is whether to establish a tiered system of regulation based on the degree of sophistication of a particular EHR system, similar to the classification scheme the agency created in the late 1990s for software systems that store, transmit, or manipulate radiological images.

FDA's examination of EHRs will not occur on a blank regulatory slate. FDA has been considering the regulation of medical software for more than two decades. Since the 1980s, however, FDA has taken a relatively hands-off approach to regulating medical software that is not embedded within other medical devices, particularly in environments where a trained health care professional has the time and capacity to evaluate any software-generated information, calculation, or medical recommendation.

Most recently, FDA issued a proposed rule governing "medical device data systems," which comprise software that transmits, stores, or displays data from medical devices without altering the function or parameters of any connected device and that does not contain any diagnostic, decision support, or alarm functions. FDA has proposed to "down-classify" such software from Class 3 to Class 1, the lowest risk device category, and to permit the marketing of such software without the submission of a premarket notification (a "510(k)") so long as the manufacturer of the software complies with other requirements generally applicable to device manufacturers, including the Design Control elements of the Quality System Regulation. FDA views Design Controls, which focus on software quality and validation, as the key to regulating software because the greatest risk that software poses is the potential for errors that might result in incorrect patient treatment or diagnosis. The MDDS rule, although purporting to lighten the regulatory burden on MDDS manufacturers, is controversial because many MDDS manufacturers have considered themselves to be exempt from FDA regulation based on the policies FDA announced in the 1980s. Thus, what FDA presents as a de-regulatory proposal is viewed by many as creating new regulatory burdens.

In light of the long history of relative FDA inaction in the medical software area, the paucity of data suggesting that EHRs present significant health risks, and the substantial burdens that EHR system developers would face if they were subject to FDA regulation, manufacturers of health IT and EHR systems can be expected to cast a skeptical eye on the need for FDA regulation of their products. In response to the proposed MDDS rule, for example, the Electronic Health Record Vendors Association commented that EHR systems do not meet the definition of a medical device and are outside of FDA's purview. This debate can be expected to be joined even more forcefully and by more players as FDA's working group moves forward on crafting agency policy on the regulatory treatment of EHRs.

Contact Information

If you have questions about FDA regulation of EHRs, or FDA regulation of software more generally, please do not hesitate to contact your regular Ropes & Gray contact or the attorney listed above.