A group of 58 companies sent a letter to Congress today requesting that the Food and Drug Administration (FDA) implement a "risk based" framework for deciding when and how health IT companies should be regulated.

In April, the Obama administration provided recommendations to Congress on such a framework in a document called the FDASIA Health IT Report. Now a group of tech companies, including Athenahealth, IBM, and Oracle, are hot to have the recommendations codified into law before the end of the current (113th) Congressional session.

The group says that the regulatory framework the FDA is currently using is vague and is causing a lot of uncertainty in the marketplace. "We are concerned that there is significant confusion in the market about what technologies may be regulated, by which agencies, and to what standards," the letter reads. "This uncertainty creates barriers to the development of promising technologies that can help clinicians access more evidence-based medicine, provide patient populations with specific needs more individualized care, and generate better patient-caregiver-provider engagement."

Buy your ticket now for VentureBeat's HealthBeat conference October 27-28. 

The companies want the law to divide health IT companies into three categories, each with different risk levels, and each with a different regulatory approach. Technologies that present little risk to patients should remain unregulated. Technologies that are diagnostic, or present some other significant potential risk to patients should require close FDA oversight.

"The third category, encompassing the remainder of health IT that may pose some risk, should be subject to risk-based oversight that uses consensus standards and private certification bodies to verify that these health IT technologies function safely and well," the letter reads.

"There is broad consensus on the need for a risk-based framework for health IT," the letter reads. "Members of Congress on a bipartisan, bicameral basis, along with other government officials, including the FDA, together with industry, care providers, patient advocates, and other healthcare stakeholders have agreed publicly on the core components of appropriate regulation of health IT."

But that, it turns out, is just one version of the political reality.

"Fundamentally, I think many agree that legislation will ultimately be needed, but the fact is policymakers have not yet coalesced around the direction the legislation should go," says Epstein Becker Green attorney Brad Thompson, who specializes in FDA regulation of health tech.

"Contrary to the October 7 letter, the three federal agencies did not make recommendations in April," Thompson tells VentureBeat. "Instead, they floated a draft of recommendations for comment. And they received tons of comments. And many of the comments disagreed with the draft recommendations . . . Many patient and professional groups took strong issue with some of the recommendations."

Some of the commenters, including Thompson's firm, took issue with the idea that health technologies can be divided into three neat categories. "We observed that health IT is being woven together in a very complex web of software, and it is utterly impossible to divide that into three discrete groups," Thompson says. "Instead, we urged that the three agencies consider a regulatory strategy that acknowledges the network, the fact that software and hardware is all becoming interconnected."

Most of the stakeholders involved agree that clearer guidelines are needed to makes things a bit more predictable for health IT companies (and their investors). But there's just no easy answer. A hastily written law could cause more harm than good.

Thompson's firm is urging the FDA to publish guidance documents that clarify, at a granular level, which technologies get regulated and which don't. "We are hopeful that yet this fall FDA will publish guidance documents on the difference between wellness and disease, the scope of medical device accessories, and the portion of clinical decision support software the agency regulates," Thompson says.

The full list of companies that signed the letter follows:

Access Integrity Acesis Alliance for Aging Research American Association of Diabetes Educators AMIA Applied Pathways Athenahealth Aviacode Brain Injury Association of America Center for Data Innovation ChartRequest Christus Health Clockwise.MD Dicom Grid Epion Health Genetic Alliance GoGoHealth Health IT Now Healthfinch IBM Ingenious Med, Inc. Institute for eHealth Policy Intermedix International Essential Tremor Foundation Keona Health LGBT Tech Partnership Maven Medical McKesson Corporation Moxe Health Nalari Health National Alliance on Mental Illness National Association of Manufacturers National Council for Behavioral Health National Retail Federation Newborn Coalition NTCA–The Rural Broadband Association Open Minds Oracle Corporation Ovuline Parent Project Muscular Dystrophy Pediatric Hydrocephalus Foundation PerfectServe Pharmacy HIT Collaborative QMedic Qpid RetireSafe Sarcoma Foundation of America Seratis Smart Scheduling Suture Health The Latino Coalition Trice Imaging, Inc. U.S. Chamber of Commerce UltraLinq Healthcare Solutions Inc. United Spinal Association US Oncology Network WellDoc, Inc. WellTrackONE