Jodi G. DanielMaya UppaluruTraci VitekPayal Nanavati

On April 17, 2018, the Food and Drug Administration (FDA) released its Medical Device Safety Action Plan which outlines FDA’s intended steps to address medical device safety while preserving enough space for innovation in the market.

The FDA’s plan is the latest effort by the FDA on medical device safety, including a recent budget request seeking $70 million to create a Center of Excellence on Digital Health that would, among other things, craft new regulations for third-party certification for developing medical devices. This comes as FDA is pushing guidance and innovative approaches for oversight of digital health (see our blog).

According to FDA Commissioner Scott Gottlieb’s announcement, the FDA’s plan organized into five points that seek to balance patients’ timely access to devices and safety and effectiveness.

1. Establish a robust medical device patient safety net in the United States

FDA has established the National Evaluation System for health Technology (NEST), which is intended to be an active surveillance and evaluation system that complements the passive surveillance approaches currently in use. NEST is a public-private partnership intended to optimize postmarket data collection, quality, completeness, and analysis, and facilitate detection of potential safety risks that would not otherwise have been identified as quickly, or at all. Data from NEST comes from different electronic health information sources, including device registries, electronic health records, medical billing claims, patient-generated data, and other sources.

To realize the potential of NEST’s synthesized data, FDA intends to work with partners to create capabilities in NEST to perform active surveillance; perform timely efficient postmarket safety studies; and develop, test, and apply new methods for enhanced safety signal detection and evaluation. FDA will also seek additional funding for NEST beyond the $6 million annually generated by user fee funding for the next 5 years. Finally, FDA acknowledges and specifies actions to address the quality and efficiency of real-world evidence generation for technologies used to address women’s health.

2. Explore regulatory options to streamline and modernize timely implementation of postmarket mitigations

Sometimes the FDA identifies new information, through postmarket surveillance or other methods, that impacts the original risk-benefit analysis for a particular device. Currently, the FDA can issue new rulemaking requiring mitigation – a time and resource intensive process – or rely on the manufacturer’s voluntary implementation of mitigation actions. To protect patient safety while facilitating an efficient process, the FDA is investigating ways to impose special controls when the agency identifies a risk requiring mitigation by the device manufacturer, such as by issuing an umbrella regulation under current statutory authorities.

3. Spur innovation towards safer medical devices

FDA will explore potential actions to spur innovation toward technologies that make devices and their use safer, like greater premarket interactions between FDA and developers and focusing FDA research activities on safety. FDA will also establish a voluntary, modernized 510(k) pathway for demonstration of safety and effectiveness for certain moderate risk devices by expanding the 510(k) program to allow the use of objective performance criteria identified by the FDA to demonstrate substantial equivalence. Lastly, in order to establish organizational performance and device quality metrics to facilitate continuous monitoring and improve visibility, FDA will pilot the use of a progressive maturity model appraisal approach to evaluate participants’ organizational excellence, identify any gaps, and recognize when a participant performs above a compliance baseline.

 4. Advance medical device cybersecurity

FDA will consider potential new premarket authorities to require manufacturers to build security updates and patches into a product’s design and to provide data about this capability to FDA as part of the device’s premarket submission. Additionally, manufacturers would develop a software bill of materials as part of their premarket submission, and make this information transparent to customers and users. FDA will also consider new postmarket authority to require that manufacturers adopt policies and procedures for coordinated disclosure of vulnerabilities as they are identified. This could be a significant step forward for better cybersecurity information and threat sharing among the medical device community.

FDA will also consider a public-private partnership to complement existing device vulnerability coordination and response mechanisms called the CyberMed Safety (Expert) Analysis Board (CYMSAB). The CYMSAB would assess vulnerabilities, evaluate patient safety risks, adjudicate disputes, assess proposed mitigations, serve in a consultative role to organizations navigating the coordinated disclosure process and serve as a team that could be deployed in the field to investigate a suspected/confirmed device compromise.

5. Integrate the CDRH’S premarket and postmarket offices and activities to advance the use of a TPLC approach to device safety

FDA plans to initiate a reorganization of the Center for Devices and Radiological Health (CDRH) from an office organized by the stage of a product’s life cycle (premarket, postmarket, compliance) into seven smaller device-specific offices that would each be responsible for premarket review, postmarket surveillance, manufacturing and device quality, and enforcement. In addition, one new office would be dedicated to clinical evidence and analysis, and would aim to advance the generation of more informative data across the Total Product Life Cycle about the benefits and risks of new devices that would help inform regulatory decisions of CDRH.

FDA welcomes public comments on this Plan through the public docket (FDA-2018-N-1315) at www.regulations.gov.