In a move certain to please developers of health information technology (IT) products, on February 6, 2015, the U.S. Food and Drug Administration (FDA) posted final guidance announcing its intent to exercise enforcement discretion in not requiring compliance with the regulatory controls applicable to the following Class I, 510(k)-exempt medical devices:
- Medical device data system (MDDS): a medical device that electronically transfers, stores, converts from one format to another in accordance with a preset specification, and/or displays medical device data without controlling or altering the functions or parameters of any connected medical device(s), provided the product is not used in connection with active patient monitoring
- Medical image storage device: a medical device that provides electronic storage and retrieval functions for medical images
- Medical image communications device: a medical device that provides electronic transfer of medical image data between medical devices
As set forth in the draft guidance, the FDA does not intend to enforce compliance with the regulatory controls—e.g., registration and listing, FDA pre-market review, post-market reporting and quality system regulation—for manufacturers of products falling within one of these categories. Notably, the FDA intends not to enforce the regulatory requirements applicable to such products even insofar as they include functionality that would ordinarily trigger the agency’s 510(k) pre-market clearance requirement (e.g., an MDDS that is an in vitro device intended for assessing the risk of cardiovascular disease or for use in diabetes management).
In addition, the FDA updated its mobile medical application guidance to be consistent with the above-described final guidance.
Developers and investors should welcome the FDA’s latest foray into the regulation of health IT devices. Under the final guidance, several types of low-risk digital health products may effectively be commercialized without regulatory oversight from the FDA.
The final guidance should also effectively remove manufacturers of these products from the scope of the medical device tax for these products, which is triggered by listing with the FDA. Insofar as a product falls within one of these product categories and is currently listed with the FDA, the product’s manufacturer may wish to consider de-listing the product as soon as possible.
The final guidance applies only to products with fairly limited functionality. For example, a device that performs any function in addition to transferring, storing, converting or displaying medical device data is not an MDDS. In this regard, a product is not an MDDS if it modifies, interprets or adds value to medical device data; creates or generates any of its own data; processes, characterizes, categorizes or analyzes medical device data; flags, prioritizes or graphs medical device data (if such functionality would add value to the data); or facilitates active patient monitoring. In light of these limitations, the final guidance does not offer long-awaited direction regarding the regulatory requirements that may be applicable to certain types of clinical decision support (CDS) software or electronic health records systems.
The final guidance is the latest milestone in the FDA’s development of a comprehensive regulatory strategy for health IT products. In January 2015, the FDA released draft guidance documents on the regulation of general wellness products and medical device accessories; certain provisions from these documents may be applicable to the FDA’s oversight of health IT products. Later this year, the FDA, in conjunction with the Office of the National Coordinator for Health Information Technology and the Federal Communications Commission (FCC), is expected to release a final report outlining the agencies’ approach to the regulation of health IT. The FDA is also expected to release draft guidance outlining its approach to the regulation of CDS software. Meanwhile, Congress continues to consider legislation that would limit the FDA’s authority to regulate certain low-risk health IT products. In light of this environment, developers of (and investors in) health IT products should stay apprised of developments in this area.