On August 6, 2013, FDA published modifications to the list of medical device related standards they recognize. News was made of the fact that additions to the recognized standards addressed areas such as cybersecurity and interoperability. While there were many revisions and some additions of a variety of standards, this blog post will focus on the news making standards related to medical device connectivity.
The published modifications are divided between two separate recognition lists, number 31 (pdf) and 32 (pdf). Here is the Federal Register version (PDF). Recognition list number 31 includes one standard under the Software/Informatics category: Laboratory Automation: Data Content for Specimen Identification; Approved Standard (NCCLS AUTO-7A). The 20+ standards listed in recognition list number 32 are all new additions under Software/Informatics and focus on the following topics:
- IT governance in hospitals for networked medical devices,
- Medical device connectivity and interoperability, and
These are all great standards (although they are of varying relevance and usefulness). So where is the confusion, you might ask?Read More
On August 14, 2013, AAMI reports that the FDA has, “issued a new guidance document on integrating RF technology into medical devices.” You can read the FDA blog post on this guidance here. The draft version of this guidance on RF wireless medical devices was published more than 6 years ago in 2007 (blog post here). At the time, I thought the draft guidance was not earth shattering but a solid example of the application of the Quality System regulation to wireless medical devices.
In order to effectively use this guidance, or the earlier draft guidance, one must have a working understanding of wireless technologies and the FDA’s Quality System regulations. Only then is there sufficient context to be able to properly apply the guidance to the design, manufacture, installation and support of wireless medical devices. Like many initial connectivity efforts, dealing with these wireless issues can be a case of not knowing what you don’t know.Read More
On July 21, 2011 the FDA released its “Draft Guidance for Industry and Food and Drug Administration Staff – Mobile Medical Application.” We have discussed this draft and mobile apps generally here, here, and here. As with all draft guidance documents, following the release of the draft the FDA is supposed to receive and review comments (reported to be about 130), and then issue a revised draft, a final guidance document, withdraw the draft, or do none of these for an extended period, just letting the draft sit. The latter appears to be the fate of many drafts. The two years that this draft has been out probably qualifies as an extended period. However the FDA did tell Congress, and the public, that the guidance would be released by the end of this fiscal year. Outsiders cannot tell if the appropriate FDA people are hard at work on this item, or if they are distracted in part by other issues. The FDA’s claimed devotion to transparency does not include being able to see how such things are progressing.Read More
The FDA has issued a draft guidance document on the expected content of premarket submissions with respect to medical device cybersecurity. This guidance targets individual medical devices rather than the network they may be resident on, and it also includes non-networked devices. The FDA notes that both networking capability and portable media increase vulnerability. The latter issue might be called intermittent or remote connectivity.
Guidance documents tell interested people what the FDA’s current thinking is relevant to its regulatory authority, in this case the review of 510(k), PMA and related submissions. A draft guidance is in effect what the FDA is thinking about thinking. Drafts go through a comment period (90 days in this case) after which the FDA contemplates the comments and, after an unspecified time, either issues a guidance document, issues a revised draft, withdraws the draft, or just lets it sit there. Since guidance documents are not requirements, there is standard language that you can use an alternate approach if you can justify it. An open question for me is whether even a draft sufficiently establishes an FDA expectation that should be followed in the interest of a smooth submission review.There are many draft guidances currently under comment or post-comment review, including the long awaited guidance on medical apps discussed here.Read More
There are currently several private entities that seek to certify medical apps, connectivity solutions, EHR record exchange, and other products, services and people in our sphere of interest. Given the ongoing proliferation of private certifications, there is a growing need to evaluate them, judge their relative costs and benefits, and determine which – if any – are worth adopting as either the one certified or as the consumer of certified products or services.
These private activities are usually distinct from governmental requirements (e.g. FDA or FTC compliance, or state licensing), although in the case of EHR Meaningful Use (MU) certification, private entities function on behalf of the federal government to certify compliant EHRs. Note here that compliant EHRs are those that are capable of achieving MU. Purchasing a product that is thus certified is a prerequisite for a provider then achieving MU.Read More
The medical app and regulatory pot is being stirred as products continue to appear, including those with questionable FDA credentials, or lack of credentials.
As discussed in our earlier posts on apps regulation (here and here), an app is a medical device if its meets the congressionally mandated and FDA enforced definition of a medical device as something whose intended use “is for the diagnosis of disease or other conditions, or the cure, mitigation, treatment, or prevention of disease, or is intended to affect the structure or any function of the body of man”. As stated in the FDA’s Draft Guidance, omitted from this definition, and therefore not medical devices, are apps “that are solely used to log, record, track, evaluate, or make decisions or suggestions related to developing or maintaining general health and wellness.”Read More