Senate Passes 21st Century Cures Act, Bill Heads to President’s Desk

On Thursday, December 7th, the US Senate passed the 21st Century Cures Act, sending the massive innovation package to the President’s desk to be signed into law. The legislation, passed by the House last week, contains a number of key health IT provisions, addressing issues ranging from information blocking to EHR reporting requirements, that will be implemented by various HHS agencies over the next several months and years. Given the number of provisions that impact health IT, over the next several weeks, we are going to use this space in our Policy Update to highlight a key provision.

This week, let’s take a look at Sec. 3060 - Clarifying Medical Software Regulation, which seeks to remove lower risk health-related software from Federal Drug Administration (FDA) regulation by differentiating “health software” from a “medical device.” 

The section, which closely tracks the Senate MEDTECH Act that passed out of the HELP Committee earlier this year, limits and clarifies the FDA's role in regulating administrative and financial software, wellness and lifestyle products, electronic health records (with certain conditions) and software that aids healthcare providers in developing treatment recommendations for their patients. The section does include a policy that grants HHS the authority and flexibility to regulate health software, under certain conditions, if it deems the product “reasonably likely to cause serious adverse consequences.” The Secretary is required to publish a report every 2 years that includes input from outside experts; examines information on risks and benefits to health associated with software functions that are excluded from the definition of a ‘device’; and, summarizes findings regarding impact of such functions on patient safety, including best practices to promote safety and education.

Sec. 3060 is consistent with HIMSS North America’s Board approved position on regulating health IT, which calls for Congress to “work with HHS to develop a risk-based oversight framework for such software or hardware that takes into account factors such as risk relative to intended use and cost/benefit of any proposed oversight, with the intent of ensuring patient safety.”

HIMSS Government Relations staff will be working with the appropriate federal agencies to provide input on implementation of all key 21st Century Cures health IT policies.