This article was first published on iWatch News, an online publication of the Center for Public Integrity.

Health information technology has been touted as crucial to better healthcare, but a new report says an entirely new regulatory agency is needed to oversee this largely unregulated sector, which can also injure or kill patients if it’s not operating properly.

In pushing for a new oversight body, the respected Institute of Medicine, an independent research and advisory organization, is explicitly advising that the Food and Drug Administration (FDA) not be tasked with the job – a recommendation that is bound to be controversial.

The eagerly anticipated report, titled "Health IT and Patient Safety: Building Safer Systems for Better Care,” will be publicly released Thursday. A copy was obtained by iWatch News. The study details nine other recommendations for how to ensure patient safety when doctors and other health care providers use health information technology, or health IT. The findings from the report were presented October 28 to the Department of Health and Human Services (HHS) and its agencies.

The question of who should regulate these devices comes at a time when the federal government is pushing the use of health IT through a $27 billion dollar portion of President Barack Obama’s 2009 economic stimulus. The initiative includes programs that award financial incentives for providers who use electronic health records and an additional $550 million in grants to states for creating exchanges that allow the sharing of clinical data.

But the push is occurring so far without any agency really ‘watch dogging’ the safety of health IT – the software, hardware and systems that record and manage patients’ health information. These expensive devices by and large have not gone through any regulatory checks for safety in the way that food, drugs and other medical technology must; most of that oversight is handled by the FDA. But at the moment, no one is required to report instances of harm caused by health information devices and no government agency currently monitors their safety.

[See also: IOM to release new report on health IT and patient safety.]

“With all of that money, marketing and public outreach, most simply affirm the value of health IT as an article of faith, rather than investigate it via careful evaluation,” said Ross Koppel, adjunct professor of sociology at the University of Pennsylvania and investigator for RAND Corporation, who is listed as one of the reviewers of the report.

Though a variety of studies have concluded that the use of health IT may improve patient safety, mistakes made in the systems or difficulty using the technology can lead to serious injury or death, according to the report. An allergy might be omitted from a computer record, for example, or an incorrect medication dosage might be recorded. In Rhode Island, a Lifespan computer glitch caused about 2,000 patients to receive the wrong types of medications. In another instance in March 2009, an unattended patient suffered multiple seizures for hours after a computer failed to alert doctors the patient was moved from the intensive care into their ward.

As reports of patient harm began to emerge, the federal Office of the National Coordinator (ONC) for health IT asked the Institute of Medicine (IOM) a year ago to establish a Committee on Patient Safety and Health Information Technology to make recommendations to the government about how to maximize health IT safety.

In its report, the IOM committee says the FDA would likely restrict market innovation in health IT, which could also jeopardize patient safety. Stringent regulations “can negatively impact the development of new technology by limiting implementation choices and restricting manufacturers’ flexibility to address complex issues,” the report says. The FDA currently receives voluntary reports of health IT-related incidents, but has no resources or protocols through which to take action; the agency has long fought a losing battle with health IT vendors over trying to monitor the technology.

The report also notes the agency does not have the investigative capabilities, funding or manpower to regulate devices such as electronic health records, personal health records or health information exchanges.

Continued on the next page.