A group of 58 companies sent a letter to Congress today requesting that the Food and Drug Administration (FDA) implement a “risk based” framework for deciding when and how health IT companies should be regulated.

In April, the Obama administration provided recommendations to Congress on such a framework in a document called the FDASIA Health IT Report. Now a group of tech companies, including Athenahealth, IBM, and Oracle, are hot to have the recommendations codified into law before the end of the current (113th) Congressional session.

The group says that the regulatory framework the FDA is currently using is vague and is causing a lot of uncertainty in the marketplace. “We are concerned that there is significant confusion in the market about what technologies may be regulated, by which agencies, and to what standards,” the letter reads. “This uncertainty creates barriers to the development of promising technologies that can help clinicians access more evidence-based medicine, provide patient populations with specific needs more individualized care, and generate better patient-caregiver-provider engagement.”

Buy your ticket now for VentureBeat’s HealthBeat conference October 27-28. 

The companies want the law to divide health IT companies into three categories, each with different risk levels, and each with a different regulatory approach. Technologies that present little risk to patients should remain unregulated. Technologies that are diagnostic, or present some other significant potential risk to patients should require close FDA oversight.

“The third category, encompassing the remainder of health IT that may pose some risk, should be subject to risk-based oversight that uses consensus standards and private certification bodies to verify that these health IT technologies function safely and well,” the letter reads.

“There is broad consensus on the need for a risk-based framework for health IT,” the letter reads. “Members of Congress on a bipartisan, bicameral basis, along with other government officials, including the FDA, together with industry, care providers, patient advocates, and other healthcare stakeholders have agreed publicly on the core components of appropriate regulation of health IT.”

But that, it turns out, is just one version of the political reality.

“Fundamentally, I think many agree that legislation will ultimately be needed, but the fact is policymakers have not yet coalesced around the direction the legislation should go,” says Epstein Becker Green attorney Brad Thompson, who specializes in FDA regulation of health tech.

“Contrary to the October 7 letter, the three federal agencies did not make recommendations in April,” Thompson tells VentureBeat. “Instead, they floated a draft of recommendations for comment. And they received tons of comments. And many of the comments disagreed with the draft recommendations . . . Many patient and professional groups took strong issue with some of the recommendations.”

Some of the commenters, including Thompson’s firm, took issue with the idea that health technologies can be divided into three neat categories. “We observed that health IT is being woven together in a very complex web of software, and it is utterly impossible to divide that into three discrete groups,” Thompson says. “Instead, we urged that the three agencies consider a regulatory strategy that acknowledges the network, the fact that software and hardware is all becoming interconnected.”

Most of the stakeholders involved agree that clearer guidelines are needed to makes things a bit more predictable for health IT companies (and their investors). But there’s just no easy answer. A hastily written law could cause more harm than good.

Thompson’s firm is urging the FDA to publish guidance documents that clarify, at a granular level, which technologies get regulated and which don’t. “We are hopeful that yet this fall FDA will publish guidance documents on the difference between wellness and disease, the scope of medical device accessories, and the portion of clinical decision support software the agency regulates,” Thompson says.

The full list of companies that signed the letter follows:

Access Integrity
Alliance for Aging Research
American Association of Diabetes Educators
Applied Pathways
Brain Injury Association of America
Center for Data Innovation
Christus Health
Dicom Grid
Epion Health
Genetic Alliance
Health IT Now
Ingenious Med, Inc.
Institute for eHealth Policy
International Essential Tremor Foundation
Keona Health
LGBT Tech Partnership
Maven Medical
McKesson Corporation
Moxe Health
Nalari Health
National Alliance on Mental Illness
National Association of Manufacturers
National Council for Behavioral Health
National Retail Federation
Newborn Coalition
NTCA–The Rural Broadband Association
Open Minds
Oracle Corporation
Parent Project Muscular Dystrophy
Pediatric Hydrocephalus Foundation
Pharmacy HIT Collaborative
Sarcoma Foundation of America
Smart Scheduling
Suture Health
The Latino Coalition
Trice Imaging, Inc.
U.S. Chamber of Commerce
UltraLinq Healthcare Solutions Inc.
United Spinal Association
US Oncology Network
WellDoc, Inc.