On April 3rd 2014, the federal mandate to publish an IT Risk framework for Healthcare IT was fulfilled with the publication of the "FDASIA Health IT Report: Proposed Strategy and Recommendations for a Risk Based Framework."

As per the FDA press release "the diverse and rapidly developing industry of health information technology requires a thoughtful, flexible approach,” said HHS Secretary Kathleen Sebelius. “This proposed strategy is designed to promote innovation and provide technology to consumers and health care providers while maintaining patient safety. Innovative health IT products present tremendous potential benefits, including: greater prevention of medical errors; reductions in unnecessary tests; increased patient engagement; and faster identifications of and response to public health threats and emergencies. However, if health IT products are not designed, implemented or maintained properly, they can pose varying degrees of risk to the patients who use them. The safety of health IT relies not only on how a product is designed and developed, but on how it is customized, implemented, integrated and used" 

We have studied the framework and in fact are releasing a syndicated report with details of our findings. But there are a couple of very significant points to capture from the report and our analysis examines these points in a bit more depth.

  • The framework defines a core process and product life cycle model which make both vendor, IT integrator, and Providor organization accountable for ensuring patient safety in terms of how they build, deploy and use the technology components defined in the framework.
  • The framework contains within it an implicit reference architecture for the provider enterprise. (See diagram below)
  • The essence of the framework moves a great deal of the governance and oversight of the architecture to private industry which will cooperate with the public sector in order to ensure that privacy, interoperability, and capability gaps are not exposed to the ecosystem. 


Reference Architecture Diagram, Federal Framework

The Functional architecture or capability map is displayed in a diagram

with the meta-architecture governance framework is portrayed above.

which supports the techno-socio environment of healthcare in the US