Published — November 7, 2011 Updated — May 19, 2014 at 12:19 pm ET

Panel recommends new agency to investigate safety of health information technology

Doctors, hospitals and insurance companies are making the switch to electronic health records. Lucy Pemoni/Associated Press

Institute of Medicine committee says FDA not right for the job at this time


Health information technology has been touted as crucial to better health care, but a new report says an entirely new agency is needed to investigate this largely unregulated sector, which can also injure or kill patients if it’s not operating properly. In pushing for a new entity, the respected Institute of Medicine, an independent research and advisory organization, is explicitly advising that the Food and Drug Administration (FDA) not be tasked with the job at this time — a recommendation that is bound to be controversial.

The eagerly anticipated report, titled “Health IT and Patient Safety: Building Safer Systems for Better Care,” will be publicly released Thursday. A copy was obtained by iWatch News. The study details nine other recommendations for how to ensure patient safety when doctors and other health care providers use health information technology, or health IT. The findings from the report were presented October 28 to the Department of Health and Human Services (HHS) and its agencies.

The question of who should regulate these devices comes at a time when the federal government is pushing the use of health IT through a $27 billion dollar portion of President Barack Obama’s 2009 economic stimulus. The initiative includes programs that award financial incentives for providers who use electronic health records and an additional $550 million in grants to states for creating exchanges that allow the sharing of clinical data.

But the push is occurring so far without any agency really ‘watch dogging’ the safety of health IT — the software, hardware and systems that record and manage patients’ health information. These expensive devices by and large have not gone through any regulatory checks for safety in the way that food, drugs and other medical technology must; most of that oversight is handled by the FDA. But at the moment, no one is required to report instances of harm caused by health information devices and no government agency currently monitors their safety.

“With all of that money, marketing and public outreach, most simply affirm the value of health IT as an article of faith, rather than investigate it via careful evaluation,” said Ross Koppel, adjunct professor of sociology at the University of Pennsylvania and its School of Medicine, and investigator for RAND Corporation. He is listed as one of the reviewers of the report.

Though a variety of studies have concluded that the use of health IT may improve patient safety, mistakes made in the systems or difficulty using the technology can lead to serious injury or death, according to the report. An allergy might be omitted from a computer record, for example, or an incorrect medication dosage might be recorded. In Rhode Island, a Lifespan computer glitch caused about 2,000 patients to receive the wrong types of medications. In another instance in March 2009, an unattended patient suffered multiple seizures for hours after a computer failed to alert doctors the patient was moved from the intensive care into their ward.

As reports of patient harm began to emerge, the federal Office of the National Coordinator (ONC) for health IT asked the Institute of Medicine (IOM) a year ago to establish a Committee on Patient Safety and Health Information Technology to make recommendations to the government about how to maximize health IT safety.

In its report, the IOM committee says the FDA would likely restrict market innovation in health IT, which could also jeopardize patient safety. Stringent regulations “can negatively impact the development of new technology by limiting implementation choices and restricting manufacturers’ flexibility to address complex issues,” the report says. The FDA currently receives voluntary reports of health IT-related incidents, but has no resources or protocols through which to take action; the agency has long fought a losing battle with health IT vendors over trying to monitor the technology.

The report also notes the agency does not have the investigative capabilities, funding or manpower to regulate devices such as electronic health records, personal health records or health information exchanges.

FDA representatives said the agency would not respond to the report because the Department of Health and Human Services was taking the lead on the issue. The Institute of Medicine also declined to comment because the report has not yet been made public. ONC, which is part of HHS, did not respond to repeated requests for comment.

To adequately oversee health IT safety, the committee recommends that the secretary of health and human services create and fund a new independent watchdog agency, along the lines of the National Transportation Safety Board. Like NTSB, the new agency would conduct investigations and make recommendations for all stakeholders, including the secretary of the health and human services, vendors and health care organizations. Vendors of the technology would be required to report adverse events, while reporting would be voluntary for clinicians. Like NTSB, though, the new agency would also have no enforcement power.

The panel also recommends that the HHS secretary publically report on the progress of health IT safety each year, beginning in 2012. If the secretary determines at any time that adequate safety progress has not been made, only then should the FDA take the regulatory lead and be given the resources to do so, the report recommends, adding that the agency should be developing a framework now to be prepared.

Creating a new independent agency would, of course, require resources; the current budget for NTSB is set at $559 million over the 2010 to 2014 period. In the current climate of fiscal restraint, convincing Congress to appropriate that sort of cash for a new government body might be a tall order.

Michael Ettlinger, vice president for economic policy at the Center for American Progress, a left-leaning research organization, said he couldn’t see that happening before the next election. “If the administration is for it then the Republicans are going to be against it,” he said.

But he does think it could happen if there is a compelling case for it, he said. “Having another agency doesn’t mean it’s going to cost a lot more if there is a reason that relates to efficiency,” he said. The biggest obstacles, he said, might be those who favor less government regulation.

Dr. Robert Wears, a professor in the department of emergency medicine at the University of Florida in Jacksonville, expressed support for the idea of a new, independent agency, though he said he thought it should have enforcement power. “FDA is nominally the logical place,” he said, “but their procedures are so convoluted and slow that I don’t think they would be suited to do it.”

Republican Sen. Chuck Grassley of Iowa, senior member of the Senate Finance Committee, said the new report “adds more to the list of unresolved questions, including which government agency, if any, should regulate health care information technology.” Grassley, who wrote HHS and health IT vendors two years ago asking what was being done to ensure the safety of the devices, said “the approach seemed to be, write checks first, solve the problems later, instead of the other way around.”

The Institute of Medicine committee does have one dissenter. Dr. Richard Cook from the University of Chicago feels the FDA is indeed the proper agency to oversee health IT safety. Cook writes that health IT is considered a “Class III medical device,” that is to say, a device that performs integral medical functions, which the FDA already has the jurisdiction to regulate.

The committee ruled out other agencies — including the Office of the National Coordinator, the Centers for Medicare & Medicaid Services and the Agency for Healthcare Research and Quality — as possible contenders for the position.

In its report, the IOM panel also recommended that more studies be conducted to quantify health IT-related deaths, serious injuries or unsafe conditions so that the safety concerns can be properly addressed. “You can only improve what you measure,” says the report.

Other recommendations in the report: establishing and enforcing criteria for the safety of electronic health records, funding a new Health IT Safety Council to set standards for safety, and requiring all health IT vendors to publicly register and list their products with the Office of the National Coordinator.

Read more in Health

Share this article

Join the conversation

Show Comments

Notify of
Inline Feedbacks
View all comments