A few weeks ago, the US Food and Drug Administration announced the availability of an updated FDA IT Strategy for comment.  The document, which builds on the agency’s broader modernization initiatives, is an enterprise plan that is intended to “guide FDA’s Information Technology (IT) direction and investments for the next four years.”  And it highlights some of the fundamental challenges ahead for life sciences digital transformation.

The FDA IT Strategy

For anyone operating in the life sciences area, the FDA IT Strategy is an interesting read.  The strategy outlines six top-level goals in developing a more enterprise-focused technology strategy, which can be roughly summarized as:

  1. Creating a shared technology ecosystem across the organization designed to support communication, collaboration, trusted data, and transparency.
  2. Improving the base infrastructure through cloud technologies, flexible service orientation, and zero-trust principles.
  3. Cultivating scalable, cost-effective, tailorable, and secure enterprise services through stronger business alignment, digital transformation initiatives, and customer experiences.
  4. Embracing data as a core asset, including data governance, literacy, accessibility, exchange, and advanced analytics.
  5. Pursuing balanced, responsible, AI-based innovations that align to the organization’s mission.
  6. Attracting, cultivating, and retaining the right leadership and workforce.

At first glance, these seem like the right set of priorities.  In fact, it would be difficult to debate most of them: would anyone argue for less modernized technology that ignores data, for example?  The list is certainly consistent with non-agency IT priorities – virtually all of these strategic goals could have been copied from the business and technology plans of the agency’s life sciences stakeholders.  Regardless of organizational size or mission, these technology forces are top of mind for many industry leaders today.

The FDA IT Strategy has several recurring themes that are worth calling out.  First, there is a strong recognition of the need for stakeholder engagement and alignment.  That point is particularly important for the second recurring theme, which is around business process and service scalability.  If the agency is reflecting the broader IT ecosystem, leaders see process orchestration, automation, and streamlining as critical enablers for capturing economies of scale.  And, of course, a third recurring theme is unleashing the opportunity in AI, analytics, and data.

Artificial Intelligence and the Evolving Policy Landscape

Acknowledging the logic of the proposed plan, perhaps the largest issue facing the agency today will be more cultural than technological: how do you make an agency with the size, complexity, and longevity of the FDA agile?  That question has been asked before (i.e., combinatorial chemistry, precision therapy development), though it seems clear to most industry insiders that the pace of innovation in areas like AI is far greater than the ability of any federal agency to respond effectively.

But that’s not for a lack of trying.  The fall of 2023 has seen a flurry of policy and regulatory activity related to AI.  On October 30, 2023, President Biden issued an Executive Order on Safe, Secure, and Trustworthy Artificial Intelligence, the most significant executive branch foray to date in introducing AI safety and security measures into public policy. The proposed actions are primarily focused on mitigating the rapidly emerging risks associated with AI, addressing issues such as transparency, labelling, testing, and standards development.  From a life sciences perspective, the order was notable for calling out issues such as stronger provisions against algorithmic discrimination; protections for the engineering of dangerous biological materials; promoting AI research in healthcare; strengthening consumer privacy protections; and ensuring the safe and responsible use and reporting of AI in healthcare and drug development.

That White House Executive Order was followed two days later by the Office of Management and Budget’s release of a new draft policy on Advancing Governance, Innovation, and Risk Management for Agency Use of Artificial Intelligence.  The OMB policy, which is open for comment through December 5th, 2023, is intended to offer richer guidance to federal agencies regarding AI strategy development, governance, responsible use, transparency, reporting, protections, and risk management.  In parallel, NIST continues to advance their AI Risk Management Framework, and all of these activities are advancing in the context of the White House’s Blueprint for an AI Bill of Rights.

This oversight momentum is not specific to the US.  The European Union’s proposed AI Act offers a tiered risk model for AI-related regulatory obligations, and has already garnered significant traction.  In addition, the Group of Seven industrial nations produced an 11-point voluntary code of conduct regarding the use of AI. The code “aims to promote safe, secure, and trustworthy AI worldwide and will provide voluntary guidance for actions by organizations developing the most advanced AI systems, including the most advanced foundation models and generative AI systems.”  Interestingly, the stronger policies surfacing in western regulatory environments are not consistently mirrored in some Asian territories where countries are adopting a more relaxed posture.

Building a Strong IT Strategy

Forces like these place new obligations on the FDA to adopt technology strategies that strike the right balance between innovation, standardization, safety, quality, and scientific rigor.  It’s a tall order to be sure. Alongside other federal agencies, DHHS has provided a Trustworthy AI Playbook alongside an inventory of over 160 existing AI use cases, over 40 of which are specific to the FDA.  The question for FDA technology leaders – like their non-agency counterparts in the industry – is how to develop the right data and analytical competencies that can support the rising tide of AI and data sciences innovations and associated medical advancements.

The industry is clearly interested in the answer to that question.  The request for comments elicited feedback from a variety of organizations including Google, Health Verity, McKesson, The RWE Alliance, and others.  The nature of the comments varied widely, ranging from poorly masked advertisements to deeper dives into important technology considerations like APIs and data standards.

One of the more notable responses came in the form of a combined letter from BIO and PhRMA which echoed some of my own reflections on the document.  As a strategist looking at the FDA IT Strategy document, there were five areas where I felt the strategy could be improved, especially given the needs for AI-related agility and the themes above:

  1. Connect explicitly to business goals.  The best IT strategies directly connect their goals and tactics to corresponding business objectives.  By illustrating what IT investments are supporting which business goals, leaders can discern whether planned efforts are likely to deliver the needed results.
  2. Clearly define current and future states.  BIO and PhRMA shared that the strategy as stipulated reads more like a list of principles, and I think that’s right.  Effective strategies are based on an unambiguous, detailed description of both the current and future states of the organization.  What specifically are you committing to build, improve, re-engineer, etc.?  Those more detailed commitments should deliver business value that can be measured, and they offer opportunities for cross-functional (and cross-industry) alignment. This is especially important in the space of AI, where the deafening roar of hype can easily obscure the real opportunities for impact.
  3. Make Goals Empirical.  Strategies can often read as a list of attractive aspirations – sometimes called “motherhood and apple pie” – that don’t seem actionable.  When strategic goals have measurable performance metrics associated with each goal, it becomes easier to align investments and tactics to drive their growth.  How do we know if our IT strategy is being successful in year 1?  In year 2?  In year 3?  What is the benchmark from which we are measuring improvements?  These questions might seem cumbersome in their detail, but they actually help focus attention on the most value-creating activities.
  4. Include more “how.”  A good strategy helps you know when to say “no” to the continually emerging landscape of attractive opportunities that risk diluting resources.  We don’t just want to know what is “good”; we also want to know what is “important.” By intentionally selecting how a strategy is being pursued, organizations can more easily identify what activities and investments align with a focused execution of the strategy. For example, much like an electric car needs batteries, a comprehensive and effective data strategy would seem to be a critical element of the FDA’s growth plans. We often frame these elements of a strategy as strategic imperatives: the areas of operational focus and excellence required in order for a strategy to be successful. The FDA’s plan covers the need to share, govern, and improve the accessibility of data. But it does not reflect an explicit priority for a data strategy and architecture that directly address complex industry business process use cases such as cross-study data analysis; rapidly harnessing existing data for AI model training; near real-time industry data sharing with the agency; and other improvements in electronic information structures and submissions. These potential process automations can improve the timeliness of regulatory reviews and approvals. A more detailed version of the agency’s own Data Modernization Action Plan could potentially address these issues in the future, creating an opportunity for life sciences stakeholders to align their enterprise architecture plans and standards to better support the agency’s operating model.
  5. Incorporate timetables.  Strategies are usually not executed in weeks or months.  Typically, there should be a logical progression – a roadmap of milestones, phases, or success measures – that establish the expected implementation of strategic plans and associated improvements in performance.  In fairness, the strategy document refers to a future deliverable that will offer more of an IT roadmap, but ideally such phasing would also be reflected at this level of planning granularity as well.

Interestingly, much like the strategy itself, these improvement opportunities also commonly show up in the life sciences stakeholder organizations – so much so that part of the ISEP strategic planning methodology we use is designed to proactively address them.  And to be sure, the FDA’s CIO Vid Desai and the entire team at the agency should be commended on building this strategy.  It’s advancing an important conversation that can directly impact the speed at which patients around the world receive tomorrow’s life-saving therapies.  I’ll be excited to review the next iteration.