The FDA's device arm continued its light-touch approach to regulating medical software and other modern health information technologies that are either relatively simple or don't pose a clinical risk to patients. In technical terms, the FDA employed its "enforcement discretion," meaning the agency believes it has the authority to regulate the devices but opts not to.
Last week the FDA finalized its plan to steer clear of regulating medical device data systems (MDDS), medical image storage devices and medical image communications devices. The June draft guidance was replaced with a final one that contains virtually no changes.
In addition, the guidance on mobile medical applications was modified to make it consistent with the MDDS guidance. The change to the app guidance clarifies that the "apps subject to the FDA's enforcement discretion include those that assess the risk of cardiovascular diseases or are intended to be used in diabetes management," said the FDA Law Blog upon the release of the draft MDDS guidance in June.
"The MDDS guidance confirms our intention to not enforce compliance with applicable regulations for technologies that receive, transmit, store, or display data from medical devices. We hope that finalization of this policy will create an impetus for the development of new technologies to better use and display this data," wrote Jeffrey Shuren, the head of the FDA's device arm (CDRH), and Bakul Patel, its associate director for digital health, last week on the FDA's blog.
The move builds on previous draft guidance to not regulate low-risk general wellness devices and another one that aims to regulate medical device accessories less stringently than their parent devices. Congress has also been encouraging the FDA's move in the direction of less regulation in regards to health information technology.
The relatively short guidance document defines the term "medical device data systems" and describes the qualifying devices. The definitions in the guidance are pretty self-explanatory. Just remember that MDDS cannot modify the data they receive or use the information to control the functions or parameters of any connected medical device.
Examples include devices that convert data from one format to another and software that stores historical blood pressure information for later review by a healthcare provider, according to the final guidance.
The guidance lists two sets of devices that will not receive the agency's light touch. They are active patient monitors used in clinical settings, such as a nurse telemetry station, and "a device that receives and/or displays information, alarms, or alerts from a monitoring device in a home setting and is intended to alert a caregiver to take an immediate clinical action." That sounds like a rebuke aimed at homemade devices, like Nightscout, an open-source, do-it-yourself project to enable remote monitoring of blood glucose levels in patients with Type 1 diabetes.
Still, overall, industry has to be pleased with the final guidance.
"The implications are profound, both for MDDS-type software, but also for what it suggests about the future for health information technology generally," Brad Thompson, an attorney at Epstein Becker & Green, told sister publication FierceHealth IT in an email. "FDA is quite earnestly working to ensure that it uses the lightest regulatory touch appropriate for software. It's exciting, because it means that innovation in this space can truly flourish."