Payers, Providers, and Patients – Oh My! Is Crowell & Moring’s biweekly health care podcast, discussing legal and regulatory issues that affect health care entities’ in-house counsel, executives, and investors. In this episode, hosts Payal Nanavati and Joe Records discuss recent FDA guidance related to digital health with Jodi Daniel and Shaina Vinayek. For

In September 2019, the Food & Drug Administration (FDA) issued a new draft “Clinical Decision Support Software” guidance for public comments, which are due December 26, 2019. Concurrently, the agency published updates to four related guidance documents centered on regulation of digital health software products along with a consolidated summary titled “Changes to Existing Medical Software Policies Resulting from Section 3060 of the 21st Century Cures Act,[1] but is not soliciting comment on those. All of these guidance documents now account for the exclusion of certain software functions from the definition of “device” under the 21st Century Cures Act (Cures Act) amendments to the Food, Drug, and Cosmetic Act (FDCA) in 2016 and clarify FDA’s enforcement and monitoring positions vis-à-vis its legal authorities.

The rapid expansion of software and mobile medical applications in health care has made this guidance necessary in order to manage the FDA’s regulatory scope and provide clarity to medical device and health care companies seeking to use more software and mobile app solutions in their products and services. Digital health stakeholders, particularly medical device manufacturers, software developers, and mobile medical application developers should consider the effect of these guidance documents on their go-to-market strategies and submit comments regarding items from the FDA’s newest guidance documents that would create unnecessary burden or not address patient safety issues or other risks that FDA seeks to mitigate. We summarize the key points of each of the FDA’s guidance documents below.


Continue Reading

Yesterday, the FDA released draft guidance on the management of cybersecurity in medical devices submitted to the agency for premarket review. Noting that cybersecurity threats to the healthcare sector have increased in number and severity, the FDA offered new recommendations for device design, labeling, and documentation that medical device manufacturers will need to consider during premarket submission processes.

The guidance comes shortly after the FDA’s launch of its Medical Device Cybersecurity Playbook, which provides a framework for healthcare delivery organizations to use in preparing for and responding to cybersecurity threats against patient medical devices.

Given rapid changes in technology and increasing innovation in the digital health market, the guidance intends to decrease the risk of cyberattacks that could render medical devices inoperable and potentially harm patients. Comments on the draft guidance are due on March 18, 2019.
Continue Reading

On October 3rd, the United States Senate passed a bipartisan opioids package with a sweeping vote of 98 to 1, after the U.S. House of Representatives passed the final version of the bill with a vote of 393 to 8. One of its components, the “Fighting the Opioid Epidemic with Sunshine Act,” expands the scope

On April 17, 2018, the Food and Drug Administration (FDA) released its Medical Device Safety Action Plan which outlines FDA’s intended steps to address medical device safety while preserving enough space for innovation in the market.

The FDA’s plan is the latest effort by the FDA on medical device safety, including a recent budget request seeking $70 million to create a Center of Excellence on Digital Health that would, among other things, craft new regulations for third-party certification for developing medical devices. This comes as FDA is pushing guidance and innovative approaches for oversight of digital health (see our blog).

According to FDA Commissioner Scott Gottlieb’s announcement, the FDA’s plan organized into five points that seek to balance patients’ timely access to devices and safety and effectiveness.
Continue Reading

The Food and Drug Administration (FDA) has announced several new initiatives that reflect its ongoing commitment to maintain patient safety, while also championing the need and opportunity for health care innovation.

During opening day of Health Datapalooza, FDA Commissioner Scott Gottlieb highlighted the critical import of novel digital health tools in achieving patient-centered care, and outlined how the agency is committed to moving the ball forward in health care innovation through the following initiatives:
Continue Reading

Despite the Trump Administration’s declaration of a state of emergency on October 26, 2017, the federal response to the opioid crisis largely languished on the back burner—much to the chagrin of states in the trenches of the opioid epidemic. However, based on the flurry of activity over the past several weeks, the federal government response now seems to be gathering substantive momentum, with various agencies and government actors launching attacks on all fronts—administrative, legislative, and enforcement alike. The federal government’s recent efforts present opportunities for health care organizations, life sciences companies, and health tech companies to get involved at the ground level to help influence opioid policy and provide needed products, services, and support to reduce the incidence of opioid abuse and address the health care needs of patients.

Continue Reading

The FDA is focusing on safety and effectiveness of interconnected medical devices with the issuance of final guidance on medical device interoperability, released last week. As the FDA notes, medical devices are becoming increasingly connected to one another and to other technologies, and it is critical to address their ability to exchange and use information safely and effectively.

For device manufacturers, this guidance provides clarity on how the FDA is thinking about interoperability and patient safety in the premarket submission process and provides considerations for manufacturers in the development and design of interoperability medical devices. It demonstrates the FDA’s focus on the safety and effectiveness of devices as implemented in an interconnected environment and the expectations of FDA on manufactures to anticipate and design for anticipated uses and reasonably foreseeable misuses. Manufactures should consider this guidance in the design, development, and on-going monitoring of connected medical devices.

This guidance may be helpful for other audiences as well:

  • Care providers that frequently interact with medical devices in the course of patient care
  • Hospital IT teams who make device purchasing decisions
  • Vendors of health technologies that frequently exchange data with medical devices


Continue Reading

On October 28, 2015, the U.S. Copyright Office of the Library of Congress (the “Office”) issued a Final Rule containing several exemptions to the Digital Millennium Copyright Act that expanded access to medical device computer programs and the patient data they generate.  The Digital Millennium Copyright Act allows intellectual property holders to install “technological protection measures” (TPMs) in their software which blocks unauthorized inspection of data to protect copyright.  Under the Act, the Library of Congress grants exemptions to TPMs every three years.

In the Final Rule, the Office included an exemption for researchers investigating computer programs on devices and machines for good faith security research. The Office found that legitimate security research has been hindered by TPMs that limit access.  Covered devices include medical devices used for patient implantation or corresponding personal monitoring systems, as long as they are not used by patients or for patient care.  The research exemption begins 12 months after the regulation’s effective date, meaning it starts on October 28, 2016.  Additionally, the Office created an exemption for patients who seek to passively access information that is already being generated by their own medical devices or personal monitoring systems.  Unlike the research exemption, the patient monitoring exemption takes effect immediately, and it is limited to patients themselves, as opposed to researchers or other parties.


Continue Reading

The Food and Drug Administration’s (FDA) March 2015 approval of Zarxio, the first biosimilar product licensed under the Biologics Price Competition and Innovation Act of 2009 (BPIA) is expected to usher in a new wave of faster approvals, greater choice, and lower costs for the biologics market. Along with these exciting opportunities, however, come a