FDA Issues Draft Guidance Eliminating Regulatory Controls on Medical Device Data Systems, Imaging Storage Devices, and Imaging Communications Devices
On June 20, 2014, the United States Food and Drug Administration (FDA) issued a draft guidance document announcing that the agency does not intend to enforce the general regulatory controls applicable to medical device data systems (MDDSs), medical image storage devices, and medical image communication devices, due to the low risks posed by such devices and their importance in promoting digital health. This draft guidance effectively exempts these devices from compliance with any FDA regulatory requirements. FDA will accept comments on the draft guidance through August 25, 2014.
This surprising about-face suggests continued evolution in FDA’s approach to regulating medical software.
FDA Regulations Classifying Medical Device Data Systems, Medical Image Storage Devices, and Medical Image Communications Devices
In the 1990s, FDA began in earnest to address the rapidly developing electronic data communications and storage technologies widely used in healthcare delivery. One key action was the issuance of guidance and later regulations addressing technologies used to store, transmit, copy, view, and process digital radiology images. After examining the range of devices used to handle such images, FDA established five classifications of radiology imaging devices. Two of these device types – medical image storage devices and medical image communications devices – were classified as Class I, 510(k)-exempt devices subject only to “general controls” such as establishment registration, device listing, postmarket reporting of adverse events, and the Quality System Regulation (QSR). In the final rule, FDA emphasized that general controls, “particularly the good manufacturing practices requirements” of the QSR, were sufficient to provide reasonable assurance of the safety and effectiveness of the two Class I, 510(k)-exempt device types.1
More than ten years later, FDA adopted a similar approach with respect to devices that had become ubiquitous in the hospital environment: software and associated hardware used to store and transmit electronic data obtained from other medical devices. Through a rulemaking process initiated in 2008 and completed in 2011, FDA defined an MDDS as a device used for the electronic transfer, storage, conversion, or display of medical device data. The carefully circumscribed definition excluded devices that control or alter functions or parameters of any connected medical devices or that are intended to be used in connection with active patient monitoring. Examples of MDDSs include devices that collect and store data from glucose meters for future use or that transfer laboratory results for future use at a nursing station. The 2011 final rule established a new Class I, 510(k)-exempt classification, but did not exempt this device type from general regulatory controls. Manufacturers of such devices were required to register with FDA as medical device manufacturers and list their commercially distributed devices, but were given more than a year, until April 1, 2012, to comply with the QSR and adverse event reporting requirements. As with radiology imaging devices, FDA emphasized the importance of QSR compliance in assuring the safety and effectiveness of these devices.2 FDA reaffirmed its view of the regulatory controls applicable to MDDSs as recently as September 25, 2013, in the Mobile Medical Apps guidance (MMA Guidance), which contained several examples describing the application of device regulations to MDDSs.
2014 Draft Guidance
In the recently released draft guidance, FDA states that, after gaining additional experience with MDDSs since the 2011 classification regulation, it has determined that these devices pose low risk to the public and that it is unnecessary to enforce compliance with regulatory controls for this type of device. Similarly, FDA states that it is unnecessary to enforce regulatory controls that apply to medical image storage devices and medical image communications devices. For all of these device types, the draft guidance would release manufacturers from the burdens of complying with general controls, including the QSR requirements FDA previously emphasized. Together with the existing regulatory exemptions of these devices from compliance with 510(k) premarket notification requirements, these devices would effectively be completely unregulated.
The draft guidance also proposes to adopt conforming changes to the MMA Guidance, modifying certain examples of regulated mobile apps and stating explicitly that FDA will exercise enforcement discretion with regard to mobile apps that meet the definition of a MDDS.
Implications of the Draft Guidance
The draft guidance represents a significant change in policy just three years after FDA completed a multi-year rulemaking process for MDDSs. It appears to reflect an evolving FDA view of the agency’s role in regulating low-risk digital health software, and is consistent with other recent FDA pronouncements generally favoring industry self-regulatory standards, public-private partnerships, and other non-regulatory mechanisms for assuring the safety and effectiveness of such products. Ropes & Gray previously commented on this development in our Alert on FDA’s final guidance on Mobile Medical Apps. This general approach was also evident in the April 2014 Health IT Report issued jointly by the FDA, Federal Communications Commission, and the HHS Office of the National Coordinator for Health Information Technology.
Manufacturers of MDDSs that already invested in processes to comply with general controls may perceive this FDA policy change as unfairly favoring competitors that had not made such investments. Nonetheless, manufacturers that have come into compliance with the QSR may conclude that such compliance, although no longer required, will continue to benefit them by ensuring traceability of design, helping identify necessary product corrections and improvements, and controlling bug fixes and other product changes.
Companies that design, produce, or distribute medical software should carefully review their products’ technological characteristics, labeling, and promotional materials to determine whether they fall within the device classifications affected by FDA’s draft guidance.