The Food and Drug Administration Safety and Innovation Act (FDASIA) required the FDA to develop:
a report that contains a proposed strategy and recommendations on an appropriate, risk-based regulatory framework pertaining to health information technology, including mobile medical applications, that promotes innovation, protects patient safety, and avoids regulatory duplication.
Here's the report: FDASIA Health IT Report (warning: PDF).
It looks like EMR/EHR vendors (administrative and health management functionality) don't have to worry about FDA regulatory oversight. The medical device category (of course) does:
FDA would focus its oversight on medical device functionality because, in general, these functions, such as computer aided detection software and remote display or notification of real-time alarms from bedside monitors, present greater risks to patient safety than health IT with administrative or health management functionality.