U.S. flag An official website of the United States government
  1. Home
  2. Medical Devices
  3. Digital Health Center of Excellence
  4. Digital Health Reports
  1. Digital Health Center of Excellence

The Digital Health Reports page houses digital health reports including the biennial Non-Device Software Functions Report and the FDASIA Health IT Report.

July 14, 2022

Patient Safety Input Requested: Software Functions Excluded from Device Definition by 21st Century Cures Act 

The U.S. Food and Drug Administration (FDA) requests input on patient safety, including best practices to promote patient safety, education, and competency, associated with medical software functions that are excluded from the medical device definition by the 21st Century Cures Act. This input will help the FDA develop a report on the risks and health benefits of non-device software functions, which include certain software functions intended for: 

  • Administrative support of health care facilities;
  • Encouraging a healthy lifestyle;
  • Serving as electronic patient records;
  • Transferring, storing, converting formats, or displaying data; and
  • Providing limited clinical decision support.

Who should comment: Patients and other health care consumers, health care providers, startup companies, health plans or other third-party payors, venture capital investors, information technology vendors, health information technology vendors, small business purchasers, employers, and any other interested stakeholders. 

Read: Development of 21st Century Cures Act Section 3060 Required Report: Request for Input.   

The comment period will be open for 30 days at www.Regulations.gov under docket number FDA-2018-N-1910-0047.

Submit Comments

Reports on Non-Device Software Functions: Impact to Health and Best Practices

Section 3060(a) of the 21st Century Cures Act, enacted on December 13, 2016 (Pub. L. 114-255), amended the Federal Food, Drug, and Cosmetic Act (the FD&C Act) to exclude certain software functions from the definition of device under section 201(h) of the FD&C Act (21 U.S.C. 321(h)). These functions are described in section 520(o)(1) of the FD&C Act (21 U.S.C. 360j(o)(1)) and are the focus of this report.

Section 3060(b) of the 21st Century Cures Act requires a report to be published every two years that examines information available to the Secretary on any risks and benefits to health associated with the software functions described in section 520(o)(1) of the FD&C Act, and provides summary findings on the impact of non-device software functions on patient safety, including best practices.

FDASIA Health IT Report

On April 3, 2014, the FDA, Federal Communications Commission (FCC), and the Office of the National Coordinator for Health IT (ONC) released the FDASIA Health IT Report outlining a proposed strategy and recommendations for a risk-based framework.


Health information technology, or health IT, is defined by the federal government’s Office of the National Coordinator for Health IT (ONC) as, “hardware, software, integrated technologies or related licenses, intellectual property, upgrades, or packaged solutions sold as services that are designed for or support the use by health care entities or patients for the electronic creation, maintenance, access, or exchange of health information.”

Health IT is the framework that enables the management of health information across multiple electronic systems and devices, such as wireless medical devices, hospital information systems, communications infrastructure, and electronic health record (EHR) systems.  Three federal agencies, the FDA, ONC, and the FCC each have unique responsibilities in the health IT arena.

As health IT evolves, the FDA believes that all stakeholders should understand regulatory requirements surrounding its use. Under the direction of the Food and Drug Administration Safety Innovation Act (FDASIA) of 2012, the FDA worked with FCC and ONC to propose a strategy and make recommendations on an appropriate, risk-based regulatory framework for health IT that promotes innovation, protects patient safety, and avoids unnecessary and duplicative regulation.

The three agencies are committed to a vision that supports a strong health system based on safe and innovative health IT that improves and advances public health.

On 4/3/2014, the FDA, FCC and ONC released the FDASIA Health IT Report outlining a proposed strategy and recommendations for a risk-based framework.

Related Pages

Subscribe to Digital Health

Sign up to receive email updates on Digital Health.

Back to Top