The FDA has proposed to reclassify Medical Device Data Systems (MDDS) from a default class III to class I. (You can read the proposed rule here, and the public comments here.) This is based on the belief that “risks to health from this device would be caused by inadequate software quality. Specifically, the risk to health would be that incorrect medical device data is stored, retrieved, transferred, exchanged, or displayed, resulting in incorrect treatment or diagnosis of the patient.” In my opinion, this is insufficient. Consideration must also be given to the risk of interactions between MDDS and devices.
Until now MDDS has not been a term that was widely used in the medical device or health care information industries. The FDA has proposed a definition that can be summarized as “a device that provides one or more of the following uses: electronic transfer, exchange, storage, retrieval, display or conversion of medical device data without altering the function or parameters of any connected device” (emphasis mine).
First, it is important to point out that even though MDDS’ currently default to class III, the FDA has been operating under their discretionary enforcement policy and has not been enforcing the class III requirements for MDDS. Products that currently meet the MDDS definition have in effect been operating without classification or enforcement; thus the reason for the proposed re-classification. In principle, I agree with the FDA that these types of devices should be regulated, but the question I pose is “why go from class III to class I?” Shouldn’t the classification for MDDS’ be class II?Read More
UPDATE: This post discusses the proposed MDDS rule that came out in 2008. If you’re looking for the final MDDS rule that came out in early 2011, look here.
On February 8, 2008 the FDA published a proposed new rule for public comment (pdf version). The new rule provides some definitions of connectivity software and proposes to reclassify some types of connectivity software. The rationale for the proposed rule is as follows:
Since 1989, the use of computer-based products and software-based products as medical devices has grown exponentially. In addition, device interconnectivity and complexity have grown in ways that could not have been predicted in 1989. This growth and expansion have created new considerations for elements of risk that did not previously exist.
Up to this point the FDA has relied on their “Draft Software Policy” published in 1989 (link – pdf). This software policy recognized that software could (and did) meet the definition of a medical device and extended the FDA’s purview from conventional devices to software. This was not a bureaucratic land grab, but a recognition that the legal definition of a medical device could and had been met by software.
What is an MDDS? From the proposed rule (emphasis mine):Read More
Connectivity enabled medical devices send patient data right out of the medical device to a network, be it a body area network, cellular broadband network, home or enterprise network. The network then conveys this medical device data to databases and applications that store, display and manipulate the data. When a medical device is directly attached to a patient, there is no question as to which patient the device data belongs. As soon as the data leaves the actual medical device via the serial port or a network connection, the association of that data with a particular patient is no longer obvious.
Much of the data used in establishing and maintaining patient association or patient context comes from, or is stored in, the patient management database. Patient management workflow is an important enabling component in the overall connectivity solution and key to patient context management.
It is critical to reliably know that the data from a medical device belongs to a particular patient. If the data is not associated with any patient it’s worthless; should the data be associated with the wrong patient it could be deadly. When patient data from patient A is misidentified as belonging to patient B, patient A can miss out on a life saving clinical intervention that is mistakenly applied to patient B. In this example, patient A may die due to a lack of care, and patient B may be injured or die as a consequence of receiving some clinical intervention that is not needed and could be contraindicated. Consequently, safe and reliable patient association or patient context management is a foundational capability for virtually any medical device connectivity or interoperability solution.Read More
On September 4, 2013, the FDASIA mandated workgroup presented their recommendations to the Health IT Policy Committee in Washington, D.C. Some reporting on the meeting cast the draft report as downplaying potential FDA regulation of healthcare IT applications (HIT), while others emphasized the uncertainty (subscription required) of the process and ultimate outcome. Such news stories are, by necessity, short and can’t cover all the issues but this one from iHealthBeat provides a good summary.
The final report (links to all draft documents) was submitted September 4, 2013 and was basically unchanged from the preliminary report.
The question to be answered by the workgroup was how to regulate HIT. I think we’re past the question of whether or not HIT should be regulated: there have been reports of patient deaths starting in 2005 (here and here), and that’s with almost zero reporting requirements on the part of providers or vendors, and the proliferation of HIT vendor non-disclosure and hold harmless agreements to supress reporting (see reports here and here).
The report, also called the “Section 618 report” for the section of FDASIA that mandates the workgroup and their report, is extremely concise and to the point – perhaps too concise for those outside the world of regulated medical devices. Of the three entities, FDA, ONC and FCC that are the focus of the report, by far the most focus was on the FDA. ONC and FCC received minor recommendations. This blog post focuses on the FDA issues and recommendations. You will have to read the workgroup’s recommendations yourself to pick up the specifics regarding ONC and FCC.Read More
On July 21, 2011 the FDA released its “Draft Guidance for Industry and Food and Drug Administration Staff – Mobile Medical Application.” We have discussed this draft and mobile apps generally here, here, and here. As with all draft guidance documents, following the release of the draft the FDA is supposed to receive and review comments (reported to be about 130), and then issue a revised draft, a final guidance document, withdraw the draft, or do none of these for an extended period, just letting the draft sit. The latter appears to be the fate of many drafts. The two years that this draft has been out probably qualifies as an extended period. However the FDA did tell Congress, and the public, that the guidance would be released by the end of this fiscal year. Outsiders cannot tell if the appropriate FDA people are hard at work on this item, or if they are distracted in part by other issues. The FDA’s claimed devotion to transparency does not include being able to see how such things are progressing.Read More