Congress Questions ONC’s Authority to Pursue Health IT Safety Center

The House of Representatives has grown increasingly skeptical of the Office of the National Coordinator for Health Information (“ONC”) and its plans to expand its programming and reach.  House members have questioned whether the ONC has the authority to make changes it has recently proposed.

In a June 3, 2014, letter to the Office of the National Coordinator for Health Information Technology (“ONC”), the United States House Committee on Energy and Commerce (“Committee”) asked the agency to explain its presumed authority to implement new regulatory measures in the realm of Health Information Technology (“Health IT”).  The letter, signed by Chairman Fred Upton (R-MI), Vice Chairman Marsha Blackburn (R-TN), Subcommittee on Health Chairman Joseph R. Pitts (R-PA), and Subcommittee on Communications and Technology Chairman Greg Walden (R-OR), asked ONC to respond to a number of questions, including “When the authorization for the Medicare and Medicaid Incentive program expires, under what statutory authority does ONC believe it is able to regulate Health IT and electronic health records, particularly in (but not limited to) non-Meaningful Use areas?”

In 2009, the Health Information Technology for Economic and Clinical Health, or HITECH, Act legislatively established ONC, which had existed by Executive Order since 2004.  ONC is mandated to develop a nation-wide health information technology infrastructure that, among other things, promotes the security and protection of personal health information, improves the quality of health care, and reduces costs.

As HITECH funding ends, ONC is facing the task of tightening its belt.  Last month, ONC released its plan to reorganize its structure and streamline operation.  Also, in its FY2014 budget, ONC introduced a proposal to collect user fees from Health IT vendors to offset the costs of EHR certification and standards development.  This proposal was ultimately not included in the Executive budget, and not proposed in the FY2015 budget.

In April, the FDA, FCC, and ONC released a Health IT Report, as required by § 618 of the Food and Drug Administration Safety and Innovation Act (FDASIA).  The report “contains a proposed strategy and recommendations on an appropriate, risk-based regulatory framework pertaining to health information technology . . . that promotes innovation, protects patient safety, and avoids regulatory duplication.”  A component of the joint-agency plan is the creation of a Health IT Safety Center.  A public-private entity created by the ONC, the Health IT Safety Center “would serve as a trusted convener of health IT stake holders in order to focus on activities that promote health IT as an integral part of patient safety with the ultimate goal of assisting in the creation of a sustainable, integrated health IT learning system that avoids regulatory duplication and leverages and complements existing and ongoing efforts.”

In its July 8th response to the Committee, the ONC defended the Health IT Safety Center, stating that it would not increase the regulation of Health IT but, rather, create an “environment of learning and continual improvement including transparent reporting, aggregation, and analysis of safety issues.”  The letter also outlined the ONC’s authorization to perform a “broad range of duties” under the HITECH Act, including establishing voluntary certification programs for health IT, as well as adopt standards, implementation specifications and certification criteria through rulemaking.

While it may seem like the ONC has clarified the issue, it appears that its response did not satisfy at least one member of the Committee.  During a Committee Hearing on July 17, 2014, Vice Chairman Blackburn noted that the ONC failed to address the concerns outlined by the Committee’s letter, noting that it still remains unclear under what authority ONC is now pursuing these enhanced regulatory authorities.  Vice Chairman Blackburn strongly urged the ONC and the FDA to work with the Committee as they move forward in order to prevent the potential for what Blackburn characterized as “mission creep.” 

The Committee’s Letter may be accessed here: http://energycommerce.house.gov/letter/letter-hhs-office-national-coordinator-regarding-expanded-regulatory-authority

 The ONC’s response may be found here: http://energycommerce.house.gov/sites/republicans.energycommerce.house.gov/files/letters/20140708ONCresponse.pdf

 The FDA-SIA Report may be accessed here: http://www.healthit.gov/FDASIA

Kathleen Evers wrote this post.  For more information about HIPAA, health information technology, or any of the other issues raised in this post, please contact Caitlin Monjeau.