On February 9, 2015, the U.S. Food and Drug Administration (FDA) finalized its guidance, “Medical Device Data Systems, Medical Image Storage Devices, and Medical Image Communications Devices” (Final MDDS Guidance), the draft version of which was released last year on June 20, 2014 (Draft MDDS Guidance) and discussed in our June 24, 2014 client update (see Hogan Lovells Medical Device Alert). This document finalizes the FDA’s previously proposed approach to refrain from enforcement of all medical device regulations applicable to Medical Device Data Systems (MDDS), Medical Image Storage (MIS) Devices, and Medical Image Communications (MIC) Devices. As the FDA noted in its February 6, 2015, news release, the Agency finalized this policy with the hope of furthering the development of new technologies to better use and display these types of medical device data.
Since 2011, MDDS, MIS, and MIC products have been regulated as Class I, 510(k)-exempt, medical devices. Such devices are technically subject to all general controls under the Federal Food, Drug, and Cosmetic Act (FD&C Act) (e.g., establishment registration and device listing, quality system, labeling requirements, and medical device reporting). However, pursuant to the final guidance document, the FDA “does not intend to enforce compliance with the regulatory controls that apply to MDDS, medical image storage devices, and medical image communications devices, due to the low risk they pose to patients and the importance they play in advancing digital health.” The principles outlined in the Final MDDS Guidance are largely carried over from the 2014 Draft MDDS Guidance. In addition to some minor changes in the organization or language in parts of the guidance, the major differences between the final and draft versions of the MDDS guidance are as follows:
- The final guidance further clarifies what is meant by “active patient monitoring,” based on the definition provided in the preamble of the MDDS regulation.
- In addition, characteristics intended to identify active patient monitoring were added, such as whether the clinical context (e.g., in-hospital patient monitoring) or clinical condition (e.g., disease or diagnosis) requires a timely response. For example, the FDA clarified that a nurse telemetry station that receives and displays information from a bedside hospital monitor in an intensive care unit would be considered a device that provides active patient monitoring, and thus would be outside of the scope of MDDS devices and subject to regulatory controls. The guidance also added examples of devices that perform monitoring, but not “active patient monitoring,” such as an application that transmits a child’s temperature to a parent/guardian while the child is in the nurse/health room of a school.
- The final MDDS Guidance added in the formal definition of an MDDS device per 21 CFR 880.6310.
To reflect the changes implemented with the finalization of the MDDS Guidance, the FDA also updated the final Mobile Medical Applications guidance document (Mobile Medical Apps Guidance) that was previously issued on September 25, 2013. The edits incorporated in the updated Mobile Medical Apps Guidance are consistent with the changes previously proposed in the Draft MDDS Guidance. The majority of the changes served to remove MDDS, related language about MDDS functionality, and specific examples of such devices from the category of mobile medical apps (MMAs) subject to active FDA regulatory oversight. Instead, MDDS products have been added to the category of mobile apps for which the FDA intends to exercise enforcement discretion, i.e., the FDA does not intend to enforce requirements under the FD&C Act. Specific examples of MDDS and MIC devices have been added to Appendix B of the guidance to further exemplify the types of apps that would fit within these device categories. However, consistent with the draft and final versions of the MDDS Guidance, apps that display medical device data to perform active patient monitoring remain in the category of devices that are subject to regulation.
In addition, since the initial release of the Mobile Medical Apps Guidance, the FDA has been updating an informal list maintained on their website of app types that are “subject to enforcement discretion,” i.e., not actively regulated. The original version of that list was an attachment to the 2013 guidance. In this most recent version of the guidance, the FDA has incorporated those additional examples. For example, the updated guidance describes as subject to enforcement mobile apps that allow a user to collect, log, track, and trend data such as blood glucose, blood pressure, heart rate, weight, or other data from a device to eventually share with a heath care provider, or to upload to an online (cloud) database, personal or electronic health record. This example has also been incorporated in the updated Mobile Medical Apps Guidance. Notably, this category may not extend to all types of medical device data that are used by a patient for logging, tracking, and trending their medical information. For example, a recent downclassification created a new category of Class I devices for software that performs these functions with continuous glucose monitors, indicating that such products are indeed still actively regulated. Thus, the parameters around this category may still be somewhat unclear.
Updates were made for all of the categories of the MMAs described in the appendices of the guidance document, i.e., mobile apps that are not considered medical devices (Appendix A), mobile apps that are subject to enforcement discretion (Appendix B), and mobile apps that are the focus of the FDA’s regulatory oversight (Appendix C).
Although the Draft MDDS guidance was released by the Center for Devices and Radiological Health (CDRH) only, the Final MDDS Guidance was issued by the CDRH and the Center for Biologics Evaluation and Research (CBER), indicating that software manufacturers in the device and biologics spaces may benefit from the policies outlined in the final guidance.
Of the 25 public comments received regarding the Draft MDDS Guidance, the vast majority of the comments supported the enforcement discretion policy outlined in the draft guidance. Stakeholders and manufacturers largely agreed with the FDA’s approach to improve innovation and interoperability for these types of low risk devices. Several of the comments received asked for more clarity regarding the type of active patient monitoring that is excluded from the MDDS policy, which is consistent with the additional examples and definitions added in the final guidance, as described above. In addition, some comments also advocated for the Agency to proceed with rule-making to formally exempt the MDDS, MIS, and MIC products from regulation, rather than relying solely on a guidance document that is essentially non-binding on the Agency. It remains to be seen whether the FDA would consider moving forward with additional regulatory processes to further formalize its current enforcement discretion approach. The FDA did not address these specific comments when issuing the final guidance.
Considered together, these finalized and updated guidance documents further indicate the FDA’s current leaning to move away from active regulation of very low-risk software products. The FDA’s finalization of its enforcement discretion policy for low-risk devices, such as MDDS, MIS, and MIC, is also consistent with the proposed FDASIA risk-based framework for Health IT.
The FDA has scheduled a webinar on February 24, 2015 (2:00-3:30 p.m. ET), to describe the policies in these guidance documents (as well as the two draft guidances released last month regarding general wellness low-risk products and medical device accessories). Manufacturers and interested stakeholders will have the opportunity to ask questions during this session.