Another panel concerning digital health was entitled: “The Hidden Life of Devices: Cybersecurity and Embedded Medical Devices”. Debra Breummer, Manager, Clinical Information Security, Mayo Clinic, said that cyber security is of increasing concern because vendors do not share their software, so the end users do not fully understand the software and its potential vulnerabilities. Breummer is concerned that legacy devices may be a weak link in the system, because they use older code and cyber attackers may have developed ways to get access to information or cause device failures, jeopardizing health care systems. She expects vendors to develop appropriate security systems, but she wants to know what is at the end of the IP address. Scott Rea, VP of Government / Education Relations, Digicert, acknowledged that there is a “mature malicious community with capabilities to take advantage of new technologies.”
Bakul Patel, Associate Center Director for Digital Health, said that it is a paradigm shift to go wireless and into the Internet and cloud-based systems, requiring a partnership of developers, regulators, and many different parties. In response to questions whether there needs to be more standardization of systems, Bakul said he does not think you need standards per se—you need standards to understand user requirements. He said that developers need to design in security protections, noting there is a difference between security and safety, e.g., hackers can get personal information out of systems without harming the system (security), which FDA is less concerned about than hackers causing system failures or changes in performance that puts patients at risk (safety). And to the extent that developers try to use patches to fix issues over time, Bakul is concerned with the interconnectivity of what is being pushed out.
Mike Seeberger, Boston Scientific, agreed that manufacturers need to make sure their suppliers/developers think about security in development and that FDA’s guidance in this area has been an important first step. He is concerned about off-the-shelf software and believes it is important to develop internally to understand the systems better, because both security and safety are issues.
Other presentations featured FDA’s new quality initiatives with to work with AdvaMed and other joint partnerships to develop libraries of quality practices, which FDA is also engaged in. Despite such guidance, there are still inspection issues when it comes to combination products, Kim Lewandowski-Walker, FDA Office of Regulatory Affairs (ORA), National Expert Investigator, FDA, noted. She added, FDA is moving its ORA inspectors from a geographic (inspectors linked to regional offices) to a commodity model (inspectors linked to specific product types) with the hope for a greater linkage to total product lifecycle ways to address quality observations. Bill MacFarland, Director, Division of Enforcement B, Office of Compliance, FDA discussed FDA’s pilot program to target inspections with a focus to issues that were viewed as critical to quality (CtQ), which is so far only internal to FDA as was perceived (incorrectly) as a compliance tool. Instead, the plan is for the data to be incorporated into specific device guidances to help identify critical quality metrics for companies to consider.
The second day also included presentations on some newer FDA programs on expedited access and early feasibility studies in the context of unmet need and reimbursement, entitled: “Walking the Tightrope – Titrating Evidentiary Requirements for Regulatory & Reimbursement for Medical Devices”, moderated by Lakshman Ramamurthy, Vice President, Avalere Health. The concept behind the expedited access program is that the Center for Devices and Radiological Health (“CDRH”) will provide products that provide unmet need with early and often FDA review team involvement to help get those products to market faster, sometimes transferring the need to develop some clinical data to a post-market phase rather than pre-market. While this is a great step for startups, Ramamurthy explained, the additional FDA input is not correlated with reimbursement, sometimes translated to too much risk up front. But patients may be willing to take more risk when there are no other options for disease.
Perry Bridger, Vice President, Reimbursement & Public Policy, Edwards Lifesciences, cautioned that while CDRH’s unmet needs program is a great goal for more collaborative engagement, unless there is a postmarket registry, it is difficult to collect post-market data once it is no longer under clinical development. Jeff Shuren, Director, CDRH, FDA, agreed that medical devices are different than drugs when it comes to unmet need products, and FDA’s guidance for medical devices is the Center’s first iteration of the program. In his view, every product on the market is still investigational—they are just not called that—so benefit/risk is “baked” into every product.
Tamara Syrek Jensen, Director, Coverage & Analysis Group, CMS, agreed that all medical devices on the market are in some sense investigational, where there is a need to learn about their use to constantly improve the quality of care. If there is a promising device and with a good post-approval data plan, then CMS can be assured it will get information to gather more confidence in the product, but 510(k) medical product data can be more challenging to collect.
When it comes to early feasibility studies, Owen Faris, Ph.D., Clinical Trials Director (acting), Office of Device Evaluation, CDRH, FDA provided a good overview of the program at “Promoting Innovation in the U.S.: FDA’s Early Feasibility Studies”. Faris noted how the program forced CDRH to think more creatively for products, sometimes leveraging from previously-approved products, to permit early clinical studies without full preclinical programs. The program was also successful at proving that investigational device exemptions (IDEs) can be reduced to a median 30 days, which required lots of hard work and reviewers picking up the phone to resolve issues. Michael Morton, VP, Corporate Regulatory Affairs, Medtronic, described many of the advantages of the program, including how earlier U.S. approvals may help with obtaining foreign approvals.
CDRH’s Town Hall was a highlight for the last day of the program, providing a summary of the high level initiatives underway at CDRH. For example, Shuren described how FDA is working to get more insight from the European Medicines Agency (EMA) to figure out better ways to share information. Shuren said that programs such as early feasibility studies and its recent program for accelerated development for products with unmet needs have been helping CDRH understand how to improve its systems and what has been slowing down other programs. Medical device companies can help their development programs by providing CDRH with better information about their products and their quality control systems, perhaps including videos, he said. And an independent review of CDRH’s systems from Booz Hamilton showed how CDRH can help industry by asking the “right” questions and creating more flexible decision points, by seeking and listening more to input from patient stakeholders to learn what risks patients were willing to take, and working with the Office of Regulatory Affairs (ORA) to help reduce inspectional inconsistencies. CDRH also needs to move more nimbly with the times, such as digital health, by keeping regulatory paradigms in sync with the technology, which is why FDA’s mobile health guidance permitted this technology to develop without extensive regulatory oversight for low-risk products. And FDA need to consider more conditional approvals for some technologies where the value warrants it and postmarket surveillance is an option, Shuren added.
All in all, AdvaMed’s Annual Meeting delivered a good variety of programming for those in the medical device industry, along with ample opportunities for networking with colleagues in the field.