Regulatory uncertainty persists around medical software

On January 7th the FDA announced the launch of a new streamlined regulatory framework for digital health devices. Specifically, the framework is initially focused on products which the FDA classifies as “software as a medical device” or SaMD, and the framework may eventually be expanded to all medical device software.

For those of you who are not familiar with SaMD, this includes software intended to be used for a medical purpose and that is not part of a hardware medical device. Examples of SaMD include smart drug dosing algorithms, (some) clinical decision support software, personalized patient interventions, and more.

The new framework is adapted from the typical de novo 510(k) review process where there is no option for establishing substantial equivalence since there are no available predicate devices – or in this case, predicate software.

New classifications, guidance documents and regulatory frameworks. How can biopharma and medtech keep up?

This announcement marks yet another update from the FDA on how it plans to regulate digital health solutions.

The numerous updates on digital health from the FDA in recent years suggest that regulations for software products will evolve at an increasing pace, adding complexity to biopharma and medtech companies’ already demanding regulatory responsibilities.

I caught up with Bradley Merrill Thompson, Medical Device, Digital Health and Combination Product Regulatory Attorney from Epstein Becker Green on the most recent FDA announcement.

“Over the last several years FDA has been churning out new guidance and regulations applying broadly to medical devices and specifically to software as a medical device. While policymakers generally say they want to encourage innovation, these new requirements often add significant complexity and unfortunately confusion to an already dense regulatory system. For those who may be new to the health technology space, or who simply lack the internal dedicated resources to monitor the regulatory landscape carefully, it seems to me the best way to succeed is to partner with a medical device manufacturer that has the experience with FDA regulation necessary to succeed.”

While the agency should be lauded for keeping up with the fast-moving digital health market by issuing its constant stream of regulatory updates, keeping tabs on the agency’s current thinking has proven to be a regulatory challenge in its own right.

In the past three years the FDA has issued a number of new regulatory clarifications:

• In February 2015 the FDA released a new risk-based approach to regulating mobile medical apps. The guidance notes the agency plans to use regulatory “enforcement discretion” to leave lower-risk medical software alone.1
• Additionally, the agency down-classified medical device data systems (MDDS) to a Class I device. A year later, however, the 21st Century Cures Act changed the definition of “medical device” to exclude certain medical device software, including MDDS.2
• In June 2017 the FDA issued a guidance document on how it approaches digital technologies used in clinical trials.4
• That same year the FDA signaled that for lower risk software products the agency is weighing a move to the pre-certification model, which would first focus on the software developers instead of their individual products.5
• The agency also announced final guidelines in 2017 for how best to determine whether combination products should be classified as drugs, biologics, or medical devices.6
• In December 2017 the FDA issued a new clinical and patient decision support software draft guidance, which attempted to provide clarity regarding software used by both clinicians and patients. 7
• FDA has issued several new and updated guidance documents on cybersecurity. The guidance requires significant documentation about the product’s cybersecurity protections (many inherently software solutions).
• There is some indication that FDA is recognizing the inevitable introduction of Artificial Intelligence and Machine Learning (AI/ML) algorithms into the medical device field. We have not seen guidance, but there is discussion about utilizing the software pre-cert program for such software.
• Draft guidance was issued on Clinical Decision Support (CDS) software that was intended to define whether CDS meets the definition of a device. The criteria is based on result transparency; many thought leaders including Bradley Merrill Thompson have suggested a better approach to CDS scrutiny would be risk based, not transparency.

We wrote a white paper that dives deeper into this topic and highlights the regulatory factors you need to consider when developing a digital health solution. You can access the paper here.

How BrightInsight can alleviate the digital health regulatory burden

Given the persistently unclear and complex regulatory environment biopharma and medtech companies face when considering a more decisive move into digital – along with the significant regulatory investment such a move requires – their reluctance is understandable.

We listened to our customers and have developed a regulated platform and managed service to alleviate much of the regulatory burden. Our managed service allows our customers to forgo building software regulation and development expertise in-house, which results in upfront cost savings related to headcount. We also manage the FDA filing and maintenance of that filing – including change control notifications to clients and regulatory authorities – for the BrightInsight software aspects of our customers’ products.

I welcome the opportunity to discuss the evolving digital health regulatory landscape and our BrightInsight platform. Connect with us here.