On June 20, 2014, FDA issued a draft guidance titled “Medical Device Data Systems, Medical Image Storage Devices, and Medical Image Communications Devices” announcing that it does not intend to enforce compliance with the regulatory controls that apply to software Medical Device Data Systems (MDDS), medical image storage devices or medical image communications devices, due to the low risk they pose to patients and the importance they play in advancing digital health. The draft guidance also proposes edits to FDA’s Mobile Medical Applications guidance (Sept. 25, 2013), which identifies MDDS software as an actively regulated device.
The draft guidance signals FDA’s continued efforts to regulate cutting-edge software through guidance documents, as opposed to notice-and-comment rulemaking. While the guidance process may allow FDA to react more quickly to evolving technology, guidance documents do not have the force of law and provide less certainty to software developers than binding regulations. Mobile Medical Application (MMA) developers, for example, may be left questioning the regulatory status of their devices that do not squarely fit into the definition of a MDDS. The MMA guidance largely defines the parameters of devices FDA intends to regulate by providing examples, but those examples may become obsolete in short order or, as seen with issuance of the MDDS draft guidance, may become irrelevant. Engaging FDA during development of MMAs may be a successful strategy to ensure that developers and manufactures remain aligned with FDA on the regulatory status of their devices.
According to FDA’s device classification rules, MDDS are hardware or software products that transfer, store, convert formats, or display medical device data. 21 CFR 880.6310. They do not modify data, are not intended to actively monitor patients, and do not control the functions or parameters of any connected medical device. With FDA’s new “hands-off” approach to MDDS, developers are free to create software and hardware solutions that connect medical devices without having to satisfy the regulatory requirements associated with the MDDS classification (i.e., general controls, including registration and listing, premarket review, postmarket reporting and good manufacturing practice under the quality system regulation (QSR)).
The draft guidance comes on the heels of the FDASIA Health IT Report (Apr. 3, 2014), which advocates a narrowly-tailored approach to FDA regulation of health IT.1 The FDASIA report identifies three categories of health IT products according to their risk to patients: (1) products with administrative health IT functions (e.g., software for billing and claims processing or scheduling); (2) products with health management health IT functions (e.g., software for health information or medication management, order entry software, and most clinical decision support software); and (3) products with medical device health IT functions, such as software for bedside monitor alarms and radiation treatment software. According to the report, FDA will only regulate the last of those categories. The others will not be subject to active FDA regulation. The report recommends a balance of FDA’s intention to regulate health IT under the medical device provisions of the Food, Drug, and Cosmetic Act (FDCA), the need to foster continued advances in digital IT, and the practical limitations on FDA’s ability to handle the volume of premarket submissions that it would receive under the broadest possible application of its authority over “devices” to software and related articles.
Relevant Regulations and Guidance Documents:
- Draft Guidance, Medical Device Data Systems, Medical Image Storage Devices, and Medical Image Communications Devices (June 20, 2014)
- Guidance, Mobile Medical Applications (Sept. 25, 2013)
- FDASIA Health IT Report (Apr. 3, 2014)
FDA Classification Regulations:
- Medical Device Data System, 21 C.F.R. § 880.6310
- Medical Image Storage Device, 21 C.F.R. § 892.2010
- Medical Image Communication Device, 21 C.F.R. § 892.2020