Within a year the Health and Human Services Department should stand up a federal agency--the Health IT Safety Council, which should be funded by HHS--to launch an in-depth investigation into the risks associated with health information technology use, according to recommendations from the Institute of Medicine.

If the council finds progress toward improving health IT safety unsatisfactory, the Food and Drug Administration should regulate technologies such as electronic health records and patient portals, but not IT components found in medical devices, advises IOM.

The recommendations come in a report published Nov. 8 through the National Academies of Sciences, and sponsored by HHS. The report says if such an investigative agency should be instated by Congress, its mission should be to report incidents and make nonbinding recommendations to HHS, health care organizations and vendors.

The report also says the agency would be responsible for establishing an incident-reporting framework for IT vendors and users to report health IT-related deaths, injuries or unsafe conditions. Report authors say private-sector action in addressing safety concerns has been inadequate thus far, making a federal response necessary.

According to the report, health IT-related safety data is lacking because there is no central repository for collecting, analyzing and acting on information. Contractual barriers also impede safety reporting as nondisclosure and confidentiality clauses prevent users from sharing information about health IT-related adverse events.

"These barriers limit users' abilities to share knowledge of risk-prone user interfaces," says the report.

"Some vendors include language in their sales contracts and escape responsibility for errors or defects in their software (i.e., 'hold harmless clauses'). The committee believes these types of contractual restrictions limit transparency, which significantly contributes to the gaps in knowledge of health IT-related patient safety risks," write report authors

For more:
- download the full report at National Academies Press
- download the report brief (.pdf)
- see the press release

Related Articles:
Big data in health IT requires new definition of 'research,' says federal advisory committee 
Contractor data breach compromises 4.9M military EHRs 
ONC releases 5-year plan for health IT