“First, do no harm.” Often attributed to the Hippocratic Oath, it has been a guiding principle for physicians and everyone else involved in health care for ages.

Unfortunately, there is not always agreement on what is appropriate and effective treatment, and in the U.S., we have extensive federal regulation of a wide-range of health-related topics ranging from medical devices to foods. The result can create some intimidating obstacles when a company wants to apply new technology to an existing health-related problem. Even the tech giant Apple has held talks with the Food and Drug Administration (FDA) over its plans for  medical applications using wearable technology.

Fortunately, efforts are underway to help coordinate the control of healthcare information technology (IT) by the various agencies charged with its regulation. Earlier this spring, The FDA (part of the Department of Health and Human Services) released a new report, the “FDASIA Health IT Report.” This report was developed by the FDA in concert with the two other agencies charged with oversight of health IT: the Office of the National Coordinator for Health IT (ONC) and the Federal Communications Commission (FCC). The FCC’s involvement is critical due to the growing use of various wireless data connection technologies in order to communicate with mobile and wearable devices that could be used for health IT applications.

The report takes the position that regulation should be based on the relative risk to patients. Complicating matters are the requirements of the Health Insurance Portability and Accountability Act (HIPAA) that put strict limitations on the storage and sharing of patient health data. According to the report, health IT applications should be divided into three groups based on risk. The first level is for administrative functions, such as billing and claims processing. The second category would cover access to clinical results information, management of medication or other treatments, and clinical decision support applications. The top level would cover devices that could pose serious risk to patients if they malfunction. This would include applications that monitor a patient’s condition, and that either recommend or apply treatment automatically. It is this third category that the FDA suggests be the primary focus of regulation.

The report does not distinguish whether a device is based on existing consumer devices or application-specific products. It also would treat wearable, mobile, and fixed location devices under the same requirements.

The report also calls for the creation of a public-private Health IT Safety Center that would coordinate efforts by the FDA, the FCC, HHS’ Agency for Healthcare Research and Quality (AHRQ) and other stakeholders. This organization could serve as a clearinghouse for best practices and a channel for discussion about health IT and patient safety.

We are rapidly charting new territory in health IT ever day, and it is a challenge for small companies to be sure to remain in compliance with federal regulations when creating new products.The entire FDASIA Health IT Report is available as a free download here. You can add your voice to the discussion of federal regulation of health IT applications and devices; the FDA is accepting public comment on the report through July 7, 2014.