New FDA guidelines for Health IT development: what are the implications?

20 May, 2014

The FDA has released a draft report called the FDASIA Health IT Report which outlines a proposed strategy and recommendations for a health information technology (health IT) framework. The purpose of the report is to advance a health IT infrastructure, with the aim of preventing medical errors, reducing costs, and improving efficiency and healthcare quality. Here we summarize the main recommendations from the report and comment on the key implications for medical IT developments.


The FDA defines Health IT as the “wide range of products, technologies, and services designed for use by health care entities, health care providers, and consumers, to electronically maintain, access, and exchange health information”.

Their proposed strategy focuses on a risk-based approach to system functionality and a platform-independent (e.g. mobile, cloud service etc.) view of regulation. The FDA’s clear intention is to enable the evolution and rapid growth of health IT systems.

The report highlights that the FDA considers there to be three categories of health IT system, in terms of increasing risk to the patient:  

  • administrative health IT functions
  • health management health IT functions and
  • medical device health IT functions. 

Within this classification, not all health IT systems are medical devices, with the boundary definition based on potential risks to the patient, the distinction between wellness and disease-related claims, and system integration with medical device accessories.

the move towards a risk-based approach represents a pragmatic solution to the problem of growing variation in system architectures and platforms

Furthermore, in seeking to promote the development of health IT systems, the FDA strategy will not impose a formal regulatory approach to health IT systems, preferring at the current time to promote the use of best practice. We believe these are promising signs that the FDA is recognizing the prohibitive obstacles in developing to regulatory approval, and that they are encouraging the widespread adoption of health IT systems. They have identified four priority areas for a risk-based approach to the health IT product lifecycle:

  • Promote the Use of Quality Management Principles
  • Identify, Develop, and Adopt Standards and Best Practices
  • Leverage Conformity Assessment Tools
  • Create an Environment of Learning and Continual Improvement

Undoubtedly, there are significant benefits in implementing these processes throughout the product life-cycle (health IT or otherwise), such as minimizing risk to the patient, enabling a more rigorous development process and reducing legacy issues later in the lifecycle.

In publishing this draft, the FDA has recognized the growing use of health IT systems, as well as their potential wide-ranging benefits, and is hoping to develop standards and encourage rapid development.  We believe that this is a really positive step towards clarifying previous confusion concerning the regulation of health IT systems.

In our opinion, the move towards a risk-based approach represents a pragmatic solution to the problem of growing variation in system architectures and platforms. The processes that the FDA is advocating for health IT systems are already established within medical device development, so any companies accredited to ISO13485 will already be applying these standards and are therefore well placed to take on health IT developments.


Dr Ed Tucker

Mathematical Software Consultant


Share Via:

Get in touch

By submitting your details you agree to us holding the personal data you've supplied for the purpose of processing your enquiry. For information about how we handle your data, please read our privacy policy