Publications

---

Everyone is talking about “health IT” and “health tech,” “med apps” and “telemedicine.” The blogosphere predicts that in ten years our phones will tell us when our blood pressure is too high, our mirrors will call in prescriptions if we look jaundiced and our refrigerators will object if our groceries do not comply with the latest USDA nutrition recommendations.

The federal government has been slow to adapt, not only to the possible future but also to the actual present. Until this year, the FDA operated under a draft “Policy for the Regulation of Computer Products” written in 1989. In 1989, cell phones were only a year old and Tim Berners-Lee was still two years away from announcing a thing he was calling the World Wide Web. Twenty-one years later, in April 2011, the FDA observed – apparently without irony – that “[s]ince 1989…the use of computer products and software products as medical devices has grown exponentially.”

The disconnect between FDA policy and 21st-century technology has not been helpful. Manufacturers struggle with outdated requirements and regulators struggle to fit this century’s technology into last century’s rules. It is like trying to regulate hybrid vehicles as though they were Model Ts. Now the FDA is slowly catching up.

New rules for medical device data systems

Until this year, if a company marketed a medical device that managed sophisticated data such as radiographic images or heart rate information, the device would have been subject to stringent FDA requirements. For example, the company would have had to prove that its device was safe, the company would have been subject to specific controls and possibly conditions for approval, the device’s marketing might have been limited and the company might have had to run clinical trials.

In April, the FDA finally relaxed the rules for products designed simply to “transfer, store, convert from one format to another according to preset specifications, or display medical device data.” The FDA calls such products Medical Device Data Systems (MDDS devices), or devices that move medical data passively, without any processing, translation, characterization, categorization or analysis. An example is an out-patient product that collects data from a glucose meter for review by a physician.

The FDA’s new rule classifies MDDSs as Class I devices, exempt from the FDA’s most onerous device regulations. The only requirements MDDS manufacturers must comply with now are general controls on medical devices, including basic labeling requirements, and quality assurance and control through Good Manufacturing Practices.

The MDDS rule caused moderate panic when it came out because many believed the FDA was moving to regulate previously unregulated products, like smartphones. The confusion arose in part because the FDA had never enforced the medical device rules against MDDS manufacturers before, and in part because the definition of an MDDS is not easy to follow. In reality, the rule on a category of previously highly regulated devices is now looser.

If your device does not qualify as an MDDS, that means one of two things. Some data management devices that do not qualify remain Class III or Class II devices, subject to the FDA’s closest regulatory scrutiny. Such devices generate medical device data, modify medical device data, change how medical data is displayed, diagnose conditions or monitor patients. A blood pressure monitor that sends an alarm to a nurse’s station is not an MDDS, but is still a regulated medical product.

Other data management devices do not qualify as MDDS devices because they are not medical devices in the first place. A medical device is an “instrument, apparatus . . . [or] machine . . . including a component part, or accessory” that is designed to diagnosis, cure, mitigate, treat or prevent disease. This means that things like laptops, most off-the-shelf software or hardware, all-purpose cameras, telephones, tablets and pagers are not covered by the MDDS rule. Generally speaking, such products are not regulated by the FDA at all.

FDA’s draft guidance on mobile medical applications

The FDA’s policy disconnect meant that for years industry had no meaningful guidance for mobile apps and other handheld software tools. That also changed this year when the FDA released draft guidance for Mobile Medical Applications and announced it plans to exercise oversight over apps that, among other things:

• control a regulated medical device
• transform technology into a medical device by adding a feature, such as attaching a blood glucose strip reader to turn a product into a glucose meter
• produce patient-specific diagnoses or treatment recommendations, or
• calculate drug dosages and other medication-specific metrics

Even though the FDA does not consider smart phones, standing alone, to be regulated medical devices, software on those devices could be regulated.

This too caused momentary panic. Is the calorie counter on a smart phone a regulated medical device? Does an automated reminder for self-administered insulin need FDA approval? The answer is no. The FDA explained it has no plans to regulate apps that track nutrition, remind patients of appointments or perform other wellness-related functions. Nor does it plan to regulate apps marketed broadly for non-medical uses, such as dictation apps, or “general office operations,” such as billing, coding and scheduling.

The good news is the FDA is finally beginning to move forward from 1989 to 2011. Let’s see where we are in 2032.

For more information, please contact:

Kimberly K. Egan

Rebecca Jones McKnight

You may also be interested in DLA Piper’s blog “Health Care Law Matters.”