The FDA has proposed to reclassify Medical Device Data Systems (MDDS) from a default class III to class I. (You can read the proposed rule here, and the public comments here.) This is based on the belief that “risks to health from this device would be caused by inadequate software quality. Specifically, the risk to health would be that incorrect medical device data is stored, retrieved, transferred, exchanged, or displayed, resulting in incorrect treatment or diagnosis of the patient.” In my opinion, this is insufficient. Consideration must also be given to the risk of interactions between MDDS and devices.
Until now MDDS has not been a term that was widely used in the medical device or health care information industries. The FDA has proposed a definition that can be summarized as “a device that provides one or more of the following uses: electronic transfer, exchange, storage, retrieval, display or conversion of medical device data without altering the function or parameters of any connected device” (emphasis mine).
First, it is important to point out that even though MDDS’ currently default to class III, the FDA has been operating under their discretionary enforcement policy and has not been enforcing the class III requirements for MDDS. Products that currently meet the MDDS definition have in effect been operating without classification or enforcement; thus the reason for the proposed re-classification. In principle, I agree with the FDA that these types of devices should be regulated, but the question I pose is “why go from class III to class I?” Shouldn’t the classification for MDDS’ be class II?
The FDA uses a classification system to broadly segregate medical devices into different categories, according to the risk posed to patients and users. Each class has control requirements that manufacturers must implement to “provide reasonable assurance of the safety and effectiveness of the device”; the more risk that is associated with a device, the more controls that are required to mitigate it.
All classes of medical devices are subject to the requirements of the Quality System Regulation (QSR). The QSR instructs manufacturers to use risk as the determining factor in deciding the level of diligence to be applied to any aspect of the QSR. ISO-14971:2007 (available from AAMI here) is the standard for risk management for medical devices. It mandates:
- Identification of intended and unintended uses
- Consideration of normal and abnormal operating conditions
- Addressing all foreseeable hazardous situations, including hazards associated with external equipment.
Normal operation of an MDDS involves sending commands to medical devices to initiate data transfer. This communication is handled in a number of ways, including direct cabled connections, and computer networks using both wired and wireless connections. It is foreseeable in such an environment that an MDDS could initiate a command to a medical device that results in unintended operation of the device. If that device happens to be a class III, life supporting device, the consequences could be catastrophic.
Capsule has over ten years experience extracting data from medical devices and providing it to clinical applications. We have observed these phenomena first hand in our lab, and have instituted practices to ensure these types of hazards are not seen in a clinical environment. We intentionally applied for, and were granted by the Agency, a class II categorization for our product for these very reasons. I strongly believe that general controls associated with class I devices, without premarket notification, are insufficient to provide reasonable assurance of the safety and effectiveness of MDDS. It is my opinion that special controls associated with class II devices along with premarket clearance through the 510(k) process are necessary to assure the safety and effectiveness of MDDS. Class I simply leaves too much margin for error in product development and risk assessment.
Back ground info:
The three categories of medical devices and their associated controls are:
- Class I: General Controls
- Class II: Special Controls and pre-market notification
- Class III: Special Controls and pre-market approval.
Class I devices are subject to the least regulatory control. They present minimal potential for harm and are often simpler in design than class II or class III devices.
Class II devices are those for which general controls alone are insufficient to assure safety and effectiveness. In addition to general controls, class II devices are subject to special controls and pre-market notification. The premarket notification or 510(k) is the means by which the FDA clears medical devices for sale. Manufacturers are required to submit product specifications, performance data and final product labeling in order to receive this clearance.
Class III is the most stringent regulatory category for devices. Class III devices are those for which insufficient information exists to assure safety and effectiveness solely through general or special controls. Class III devices are usually those that support or sustain human life. They require pre-market approval from the FDA with filing and processing requirements that are more lengthy and complex than Class II devices.
UPDATE: You can read the original post about the FDA's proposed MDDS rule here.