In September 2019, the Food & Drug Administration (FDA) issued a new draft “Clinical Decision Support Software” guidance for public comments, which are due December 26, 2019. Concurrently, the agency published updates to four related guidance documents centered on regulation of digital health software products along with a consolidated summary titled “Changes to Existing Medical Software Policies Resulting from Section 3060 of the 21st Century Cures Act,[1] but is not soliciting comment on those. All of these guidance documents now account for the exclusion of certain software functions from the definition of “device” under the 21st Century Cures Act (Cures Act) amendments to the Food, Drug, and Cosmetic Act (FDCA) in 2016 and clarify FDA’s enforcement and monitoring positions vis-à-vis its legal authorities.

The rapid expansion of software and mobile medical applications in health care has made this guidance necessary in order to manage the FDA’s regulatory scope and provide clarity to medical device and health care companies seeking to use more software and mobile app solutions in their products and services. Digital health stakeholders, particularly medical device manufacturers, software developers, and mobile medical application developers should consider the effect of these guidance documents on their go-to-market strategies and submit comments regarding items from the FDA’s newest guidance documents that would create unnecessary burden or not address patient safety issues or other risks that FDA seeks to mitigate. We summarize the key points of each of the FDA’s guidance documents below.

  1. Clinical Decision Support (CDS) Software Draft Guidance (open for comment) – The guidance clarifies that FDA intends to focus its regulatory oversight on CDS functions that are intended to help health care professionals and patients inform their clinical management for serious or critical conditions and that are not intended for health care professionals to independently evaluate the basis of the software’s recommendations. It also provides details about the categories of CDS that would be subject to FDA oversight, the categories of CDS for which FDA will exercise enforcement discretion due to the low risk to patients, and the CDS categories that do not meet the definition of a medical device under applicable law.
  2. Policy for Device Software Functions and Mobile Medical Applications – This guidance clarifies FDA’s intention to only apply its regulatory oversight to a subset of software as a medical device (SaMD) functions and whose functionality could pose a risk to patient safety if it were not to function as intended.
  3. General Wellness: Policy for Low Risk Devices – This guidance states that FDA plans to apply section 52(o)(1)(B) of the FDCA to exclude from its oversight any software that is intended for “maintaining or encouraging a healthy lifestyle and is unrelated to the diagnosis, cure, mitigation, prevention, or treatment of a disease or condition” and general wellness products meeting this exclusion criterion.
  4. Off-The-Shelf Software Use in Medical Devices – This guidance sets out the criteria governing whether a medical device manufacturer must provide a premarket submission to the FDA when the medical device uses “off-the-shelf” (OTS) software.
  5. Medical Device Data Systems, Medical Image Storage Devices, and Medical Image Communications Devices – This guidance delineates FDA’s rationale for carving out from its oversight software functions in in medical device data systems (MDDS) and medical image storage and communications devices intended solely to transfer, store, convert formats, and display medical device data and results, including medical images, waveforms, signals and other clinical information.

Collectively, these FDA guidance documents should help digital health stakeholders understand their risks associated with agency oversight and enforcement as they rapidly ramp up their efforts to create innovative health care treatment and management solutions for patients requiring the capture, transmission, and analysis of health care data in heavy reliance on software functionalities. Submitting comments in response to the FDA guidance on CDS by the deadline, and taking advantage of other opportunities for commenting on upcoming guidance will ensure that the agency continues to address emerging risks and ambiguities in the regulation of software, mobile medical applications, and the devices that rely on them to function.

[1] FDA also notes that it is withdrawing the “Guidance for the Submission of Premarket Notifications for Medical Image Management Devices” because some software functions described in that guidance no longer meet the definition of a device as a result of the amendments to the FDCA by the 21st Century Cures Act.

Print:
EmailTweetLikeLinkedIn
Photo of Jodi G. Daniel Jodi G. Daniel

Jodi Daniel is a partner in Crowell & Moring’s Health Care Group and a director at C&M International (CMI), an international policy and regulatory affairs consulting firm affiliated with Crowell & Moring. She leads the firm’s Digital Health Practice and provides strategic, legal…

Jodi Daniel is a partner in Crowell & Moring’s Health Care Group and a director at C&M International (CMI), an international policy and regulatory affairs consulting firm affiliated with Crowell & Moring. She leads the firm’s Digital Health Practice and provides strategic, legal, and policy advice to all types of health care and technology clients navigating the dynamic regulatory environment related to technology in the health care sector to help them achieve their business goals.

Photo of Stephanie Willis Stephanie Willis

 

Stephanie Willis is a member of the firm’s Health Care Group in Crowell & Moring’s Washington, D.C. office. She counsels health care clients in matters involving regulatory issues, including fraud and abuse compliance, participation in new health care reform initiatives under the Affordable…

 

Stephanie Willis is a member of the firm’s Health Care Group in Crowell & Moring’s Washington, D.C. office. She counsels health care clients in matters involving regulatory issues, including fraud and abuse compliance, participation in new health care reform initiatives under the Affordable Care Act (ACA), as well as Certificate of Need (CON) and licensure matters. She has also advised clients on compliance with laws and regulations governing health IT initiatives and health care privacy and security, including the Health Insurance Portability & Accountability Act (HIPAA).

Photo of Shaina Vinayek Shaina Vinayek

Shaina Vinayek is an associate in Crowell & Moring’s Washington, D.C. office and is a member of the firm’s Antitrust and Health Care groups. Shaina’s antitrust practice focuses on antitrust business counseling, merger control, and government antitrust investigations of both horizontal and vertical…

Shaina Vinayek is an associate in Crowell & Moring’s Washington, D.C. office and is a member of the firm’s Antitrust and Health Care groups. Shaina’s antitrust practice focuses on antitrust business counseling, merger control, and government antitrust investigations of both horizontal and vertical conduct. Her health care practice focuses on complex litigation in federal and arbitral forums and regulatory counseling on digital health initiatives.