On April 17, 2018, the Food and Drug Administration (FDA) released its Medical Device Safety Action Plan which outlines FDA’s intended steps to address medical device safety while preserving enough space for innovation in the market.

The FDA’s plan is the latest effort by the FDA on medical device safety, including a recent budget request seeking $70 million to create a Center of Excellence on Digital Health that would, among other things, craft new regulations for third-party certification for developing medical devices. This comes as FDA is pushing guidance and innovative approaches for oversight of digital health (see our blog).

According to FDA Commissioner Scott Gottlieb’s announcement, the FDA’s plan organized into five points that seek to balance patients’ timely access to devices and safety and effectiveness.

1. Establish a robust medical device patient safety net in the United States

FDA has established the National Evaluation System for health Technology (NEST), which is intended to be an active surveillance and evaluation system that complements the passive surveillance approaches currently in use. NEST is a public-private partnership intended to optimize postmarket data collection, quality, completeness, and analysis, and facilitate detection of potential safety risks that would not otherwise have been identified as quickly, or at all. Data from NEST comes from different electronic health information sources, including device registries, electronic health records, medical billing claims, patient-generated data, and other sources.

To realize the potential of NEST’s synthesized data, FDA intends to work with partners to create capabilities in NEST to perform active surveillance; perform timely efficient postmarket safety studies; and develop, test, and apply new methods for enhanced safety signal detection and evaluation. FDA will also seek additional funding for NEST beyond the $6 million annually generated by user fee funding for the next 5 years. Finally, FDA acknowledges and specifies actions to address the quality and efficiency of real-world evidence generation for technologies used to address women’s health.

2. Explore regulatory options to streamline and modernize timely implementation of postmarket mitigations

Sometimes the FDA identifies new information, through postmarket surveillance or other methods, that impacts the original risk-benefit analysis for a particular device. Currently, the FDA can issue new rulemaking requiring mitigation – a time and resource intensive process – or rely on the manufacturer’s voluntary implementation of mitigation actions. To protect patient safety while facilitating an efficient process, the FDA is investigating ways to impose special controls when the agency identifies a risk requiring mitigation by the device manufacturer, such as by issuing an umbrella regulation under current statutory authorities.

3. Spur innovation towards safer medical devices

FDA will explore potential actions to spur innovation toward technologies that make devices and their use safer, like greater premarket interactions between FDA and developers and focusing FDA research activities on safety. FDA will also establish a voluntary, modernized 510(k) pathway for demonstration of safety and effectiveness for certain moderate risk devices by expanding the 510(k) program to allow the use of objective performance criteria identified by the FDA to demonstrate substantial equivalence. Lastly, in order to establish organizational performance and device quality metrics to facilitate continuous monitoring and improve visibility, FDA will pilot the use of a progressive maturity model appraisal approach to evaluate participants’ organizational excellence, identify any gaps, and recognize when a participant performs above a compliance baseline.

 4. Advance medical device cybersecurity

FDA will consider potential new premarket authorities to require manufacturers to build security updates and patches into a product’s design and to provide data about this capability to FDA as part of the device’s premarket submission. Additionally, manufacturers would develop a software bill of materials as part of their premarket submission, and make this information transparent to customers and users. FDA will also consider new postmarket authority to require that manufacturers adopt policies and procedures for coordinated disclosure of vulnerabilities as they are identified. This could be a significant step forward for better cybersecurity information and threat sharing among the medical device community.

FDA will also consider a public-private partnership to complement existing device vulnerability coordination and response mechanisms called the CyberMed Safety (Expert) Analysis Board (CYMSAB). The CYMSAB would assess vulnerabilities, evaluate patient safety risks, adjudicate disputes, assess proposed mitigations, serve in a consultative role to organizations navigating the coordinated disclosure process and serve as a team that could be deployed in the field to investigate a suspected/confirmed device compromise.

5. Integrate the CDRH’S premarket and postmarket offices and activities to advance the use of a TPLC approach to device safety

FDA plans to initiate a reorganization of the Center for Devices and Radiological Health (CDRH) from an office organized by the stage of a product’s life cycle (premarket, postmarket, compliance) into seven smaller device-specific offices that would each be responsible for premarket review, postmarket surveillance, manufacturing and device quality, and enforcement. In addition, one new office would be dedicated to clinical evidence and analysis, and would aim to advance the generation of more informative data across the Total Product Life Cycle about the benefits and risks of new devices that would help inform regulatory decisions of CDRH.

FDA welcomes public comments on this Plan through the public docket (FDA-2018-N-1315) at www.regulations.gov.

EmailTweetLikeLinkedInGoogle Plus
Photo of Jodi G. Daniel Jodi G. Daniel

Jodi Daniel is a partner in Crowell & Moring’s Washington, D.C. office and a member of the firm’s Health Care Group, where she provides strategic advice to clients navigating the legal and regulatory environments related to technology in the health care sector. Jodi is the former director of the Office of Policy in the Office of the National Coordinator for Health Information Technology (ONC), U.S. Department of Health and Human Services (HHS). She served for a decade as the director at the ONC and 15 years at HHS, where she helped spearhead important changes in health information privacy and health information technology to improve health care for consumers nationwide.

For more than a decade, Jodi has been responsible for thought leadership, policy development, and identifying policy drivers for health IT activities within the federal government, and ultimately established the HHS’ national health IT policy. As former director at the ONC, she addressed privacy and security issues to ensure that there was clear guidance on how the initial Health Insurance Portability and Accountability Act of 1996 (HIPAA) rules applied to health IT. Jodi set the strategic direction and set policy on consumer e-health and health IT safety. She is also credited with establishing the ONC’s regulatory capacity and led the development of all ONC regulations on health IT standards and certification.

As the first senior counsel for health information technology in the Office of the General Counsel (OGC) of HHS, Jodi developed HHS’s foundational legal strategies and coordinated all legal advice regarding health IT for HHS. She founded and chaired the health information technology practice group within OGC and worked closely with the Centers for Medicare and Medicaid Services in the development of the e-prescribing standards regulations and the Stark and anti-kickback rules regarding e-prescribing and electronic health records.

Traci Vitek


Photo of Payal Nanavati Payal Nanavati

Admitted in New York only; practicing under the supervision of DC Bar members