IOM Report Recommends FDA Prepare to Regulate Health IT

Global Life Sciences Update: US-FDA

On November 10, 2011, the Institute of Medicine released a report, Health IT and Patient Safety: Building Safer Systems for Better Care, which evaluates the benefits and risks associated with health IT. According to the report, the current lack of federal oversight for health IT puts patients at risk. The report recommends the creation of a new agency to oversee health IT adverse event reporting and advises the U.S. Department of Health and Human Services (HHS) to lay the groundwork for future U.S. Food and Drug Administration (FDA) oversight in the event other recommendations prove inadequate to protect the public.

Health IT, as addressed in the report, encompasses a broad range of products including electronic health records (EHRs), patient engagement tools (personal health records), and health information exchanges. FDA has repeatedly asserted that it has the authority to regulate many types of health IT—such as electronic health records and decision support tools—as medical devices, but has so far exercised “enforcement discretion,” meaning that FDA has not enforced its medical device authority with respect to these types of products.

The report, which was commissioned by HHS’s Office of the National Coordinator (ONC), identifies the lack of a centralized adverse event reporting system for health IT as a critical safety gap. The report recommends that Congress establish a new independent federal agency to oversee the mandatory and voluntary reporting of adverse events and analyze the resulting data. The proposed agency would have the authority to investigate and make non-binding recommendations to the HHS Secretary, but would not have enforcement authority. The report also recommends that all health IT vendors be required to register with ONC and to comply with quality and risk management processes—to be developed by HHS—similar to medical device good manufacturing practices.

According to the report, although FDA’s current regulatory framework for health IT lacks the necessary flexibility to enable quality and safety without unduly constraining market innovation, future oversight by FDA must be considered. Specifically, the report recommends that if HHS finds in one year that the safety and reliability of health IT has not improved, FDA should then enforce its authority with respect to EHRs, health information exchanges and personal health records. The report recommends that FDA immediately begin developing the necessary regulatory framework in the event HHS directs them to regulate these products.

FDA Practice

Sidley Austin LLP has an internationally recognized food and drug practice, representing major pharmaceutical, biological, medical device and food/dietary supplement clients on matters relating to the development, manufacture and marketing of products regulated by the Food and Drug Administration (FDA) and other related government authorities.

For further information on the FDA Practice, please contact Raymond A. Bonner (+1.202.736.8679, or Coleen Klasmeier (+1.202.736.8132,

Sidley Global Life Sciences Practice

On three continents, Sidley’s Global Life Sciences Practice team offers coordinated cross-border and national advice on Food, Drug and Medical Device Regulatory, Life Sciences Enforcement, Litigation and Compliance, Healthcare Regulatory, Products Liability, Intellectual Property, Corporate and Technology Transactions, Securities and Corporate Finance, International Trade and Arbitration, FCPA/Anti-Corruption, Antitrust/Competition, Environmental/Nanotechnology.

Globally rated as one of the top life sciences practices, our team includes former senior government officials, medical doctors and leaders in various life sciences fields.

For further information on the Global Life Sciences Practice, please contact Scott Bass (+1.202.736.8684, +1.212.839.5613, or James C. Stansel (+1.202.736.8092,

To receive Sidley updates via email, please click here.

This Sidley update has been prepared by Sidley Austin LLP for informational purposes only and does not constitute legal advice. This information is not intended to create, and receipt of it does not constitute, a lawyer-client relationship. Readers should not act upon this without seeking advice from professional advisers.

Attorney Advertising - For purposes of compliance with New York State Bar rules, our headquarters are Sidley Austin LLP, 787 Seventh Avenue, New York, NY 10019, 212.839.5300 and One South Dearborn, Chicago, IL 60603, 312.853.7000. Prior results do not guarantee a similar outcome.