On June 20 2014 the Food and Drug Administration (FDA) issued draft guidance entitled "Medical Device Data Systems, Medical Image Storage Devices, and Medical Image Communications Devices", announcing that it does not intend to enforce compliance with the regulatory controls that apply to software medical device data systems (MDDS), medical image storage devices or medical image communications devices, due to the low risk they pose to patients and the importance they play in advancing digital health. The draft guidance also proposes edits to the FDA's mobile medical applications (MMA) guidance (September 25 2013), which identifies MDDS software as an actively regulated device.

The draft guidance signals the FDA's continued efforts to regulate cutting-edge software through guidance documents, as opposed to notice-and-comment rulemaking. While the guidance process may allow the FDA to react more quickly to evolving technology, guidance documents do not have the force of law and provide less certainty to software developers than binding regulations. MMA developers, for example, may be left questioning the regulatory status of their devices that do not squarely fit into the definition of MDDS. The MMA guidance largely defines the parameters of devices which the FDA intends to regulate by providing examples; but those examples may become obsolete or - as seen with issuance of the MDDS draft guidance - may become irrelevant. Engaging the FDA during the development of MMAs may be a successful strategy to ensure that developers and manufacturers remain aligned with the FDA on the regulatory status of their devices.

According to the FDA's device classification rules, MDDS are hardware or software products that transfer, store, convert formats or display medical device data.(1) They do not modify data, are not intended to actively monitor patients and do not control the functions or parameters of any connected medical device. With the FDA's new 'hands-off' approach to MDDS, developers are free to create software and hardware solutions that connect medical devices without having to satisfy the regulatory requirements associated with the MDDS classification (ie, general controls, including registration and listing, pre-market review, post-market reporting and good manufacturing practice under the quality system regulation).

The draft guidance comes on the heels of the Food and Drug Administration Safety and Innovation Act Health IT Report (April 3 2014), which advocates a narrowly tailored approach to FDA regulation of health information technology.(2) The report identifies three categories of health IT products according to their risk to patients:

  • products with administrative health IT functions (eg, software for billing and claims processing or scheduling);
  • products with health management health IT functions (eg, software for health information or medication management, order entry software and most clinical decision support software); and
  • products with medical device health IT functions, such as software for bedside monitor alarms and radiation treatment software.

According to the report, the FDA will regulate only the last of those categories. The others will not be subject to active FDA regulation. The report recommends that a balance be struck bwteen the FDA's intention to regulate health IT under the medical device provisions of the Food, Drug, and Cosmetic Act, the need to foster continued advances in digital IT and the practical limitations on the FDA's ability to handle the volume of pre-market submissions that it would receive under the broadest possible application of its authority over 'devices' to software and related articles.

For further information on this topic please contact Allison Fulton, Coleen Klasmeier, Lauren R Silvis or Gail H Javitt at Sidley Austin LLP by telephone (+1 202 736 8000), fax (+1 202 736 8711) or email (afulton@sidley.com, cklasmeier@sidley.com, lsilvis@sidley.com or gjavitt@sidley.com). The Sidley Austin website can be accessed at www.sidley.com.

Endnotes

(1) 21 CFR 880.6310.

(2) Section 618 of the Food and Drug Administration Safety and Innovation Act of 2012, Public Law 112-144, mandated that the FDA, in consultation with the Office of the National Coordinator for Health IT within the Department of Health and Human Services and the Federal Communications Commission, issue a report with a proposed strategy and recommendations on an appropriate, risk-based regulatory framework for health information technology.