On February 9, 2015, the United States Food and Drug Administration (FDA) issued a final guidance document describing the Agency’s intention not to enforce regulatory controls applicable to medical device data systems (MDDS), medical image storage devices, and medical image communication devices, due to the low risk such devices pose to patients and their importance in advancing digital health. The guidance, which finalizes draft guidance issued by the Agency in June 2014, reflects FDA’s continued efforts to apply a risk-based framework that avoids over-regulation of certain low-risk medical software products. Because classifying a device as an MDDS, medical image storage device, or medical image communication device will have the effect of removing those products from FDA regulatory requirements altogether, manufacturers should be careful to ensure that they properly characterize and classify products that may fall within these device types.
Enforcement Discretion for Medical Device Data Systems, Medical Image Storage Devices, and Medical Image Communications Devices
As Ropes & Gray reported in our Alert on the MDDS draft guidance, FDA has previously issued regulations classifying MDDS, medical image storage devices, and medical image communication devices as Class I, 510(k)-exempt medical devices. Under the regulations, these devices are subject to “general controls” such as establishment registration, device listing, postmarket reporting, and the Quality System Regulation (QSR).1
Although these regulations remain on the books, FDA’s recently issued guidance announces the Agency’s intention not to enforce compliance with them. The Agency states that it “has gained additional experience with these types of technologies, and has determined that these devices pose a low risk to the public.” FDA has not explained why, in light of this finding, it has not proposed to revoke these regulations altogether. It may be that FDA prefers this approach because, by keeping the regulations on the books, FDA retains the flexibility to revoke its policy of enforcement discretion and re-institute mandatory compliance with the regulations, should future events reveal that the Agency has underestimated the risks posed by one or more of these device types.
Clarification of “Active Patient Monitoring”
The guidance elaborates on the meaning of “active patient monitoring” as that term relates to the MDDS device type. The regulations define an MDDS as a device used for the electronic transfer, storage, conversion or display of medical device data, without controlling or altering the functions or parameters of any connected medical devices, and excluding devices intended to be used in connection with active patient monitoring.2 The guidance explains that devices are intended for active patient monitoring, and therefore fall outside the MDDS classification, when the clinical context requires a timely response (e.g., in-hospital monitoring) or the clinical condition requires a timely response (e.g., a monitor that is intended to detect life-threatening arrhythmias or a device used to actively monitor diabetes for time-sensitive intervention). For example, the following devices provide active patient monitoring and therefore fall outside the MDDS classification:
- a nurse telemetry station that receives and displays information from a bedside hospital monitor in an ICU, or
- a device that receives or displays information, alarms, or alerts from a monitoring device in a home setting and is intended to alert a caregiver to take an immediate clinical action.
Examples of devices that do not perform active patient monitoring, and therefore may be considered MDDS if they otherwise meet the MDDS definition, include software applications that:
- transmit a child’s temperature to a parent or guardian while the child is in the school nurse’s office or health room, or
- facilitate the remote display of information from a blood glucose meter, where the user of the meter can independently review the glucose readings, and which is not intended to be used for taking immediate clinical action.
Implications of the Guidance
The MDDS guidance is part of FDA’s continued efforts to take a risk-based approach to the regulation of low-risk medical software products. This action is consistent with other recent FDA pronouncements generally favoring industry self-regulatory standards, public-private partnerships, and other non-regulatory mechanisms for assuring the safety and effectiveness of low-risk medical software products, a trend that Ropes & Gray has discussed in previous client alerts discussing general wellness products and device accessories and regulation and oversight of health IT technologies.
Because classifying a device as an MDDS, medical image storage device, or medical image communication device will have the effect of removing those products from FDA regulatory requirements altogether, manufacturers should be careful to ensure that they properly characterize and classify products that may fall within these device types. When in doubt, manufacturers may be well served by submitting a “513(g) request” to FDA seeking the Agency’s views on the regulatory requirements applicable to a device, or by consulting with legal counsel.