regulatory and quality system professionals | 919.313.3960
FDA to Create a Digital Health Unit

FDA to Create a Digital Health Unit

The FDA has announced that it is forming a digital health unit within the Center for Devices and Radiological Health (CDRH). The digital health unit will develop software and technical expertise to assist manufacturers with devices that incorporate digital health technologies, as well as assessing digital health improvements and monitoring and reporting on the digital health premarket review timelines. Digital health includes categories such as mobile health (mHealth), health information technology (IT), wearable devices, telehealth and telemedicine, and personalized medicine. The creation of this unit is part of the Medical Device User Fee Act (MDUFA). MDUFA is the program that authorizes FDA to collect user fees from medical device manufacturers in support of streamlining the regulatory approval process. Negotiations between FDA and the medical device industry regarding the fourth version of MDUFA are currently underway. As part of the negotiation process, FDA proposed to hire technical experts to staff the new digital health unit. In addition to MDUFA, the 21st Century Cures Act requires FDA to develop a framework for evaluating real world evidence. FDA envisions that the digital health unit will monitor and implement the use of real world evidence to support the regulatory approval process. FDA issued a draft guidance in July 2016, Use of Real-World Evidence to Support Regulatory Decision-Making for Medical Devices, that identifies how real world data will be evaluated to determine if it is sufficiently relevant and reliable enough to be used. While the FDA sees the digital health unit as a means of streamlining the regulatory approval process, it also recognizes it will require coordination with industry and other government agencies because digital health touches on...
Cybersecurity’s Impact on Health Systems

Cybersecurity’s Impact on Health Systems

We are currently seeing significant technological advances in medical devices, hospital networks and patient care. As medical devices become increasingly interconnected via the Internet, hospital networks, other medical devices, and smartphones, there is an increased risk of exploitation of cybersecurity vulnerabilities, some of which could affect a device’s performance, functionality and safety to the patient. In recent years, researchers have demonstrated the potential threat of medical device and healthcare system hacking. They have been able to tamper with pacemakers, insulin pumps and other devices, which, if hacked, could cause serious harm, including death, to a patient. Recently, the FDA identified cybersecurity vulnerabilities in St. Jude Medical’s implantable cardiac devices and the corresponding Merlin@home Transmitter. These vulnerabilities, if exploited, could allow an unauthorized user, i.e., someone other than the patient’s physician, to remotely access a patient’s RF-enabled implanted cardiac device by altering the Merlin@home Transmitter. While no patients were harmed, this serves as a warning that similar devices containing configurable embedded computer systems can be vulnerable to cybersecurity intrusions and exploits, as well. To address these technological risks, in December 2016, the FDA finalized the guidance, “Postmarket Management of Cybersecurity in Medical Devices.” In reference to the guidance, Suzanne B. Schwartz, M.D., M.B.A., FDA’s Associate Director for Science and Strategic Partnerships, at the Center for Devices and Radiological Health stated that, “manufacturers should build in cybersecurity controls when they design and develop the device to assure proper device performance in the face of cyber threats, and then they should continuously monitor and address cybersecurity concerns once the device is on the market and being used by patients.” The new guidance...

How the 21st Century Cures Act Impacts Medical Device Software

There has been a lot of discussion surrounding medical device software and how it should be regulated. Concern about software of this nature will continue to rise to the forefront of conversations because there will be an increasing number of these products in the marketplace. The 21st Century Cures Act specifically addresses which types of medical device software will be exempt from regulation. Section 3060, Clarifying Medical Software Regulation, identifies five categories of medical software that will not be regulated as medical devices by the FDA due to their potential low level of risk to patients. The software categories that may be excluded from device regulation include: Administrative & Operational Software: that provides administrative support of a healthcare facility, such as that for appointment scheduling, health benefit eligibility and processing financial records. While this software is included in the provision, it was not considered a medical device to begin with. Wellness Apps: for maintaining or encouraging a healthy lifestyle that is unrelated to the diagnosis, cure, mitigation, prevention, or treatment of a disease or condition. This is consistent with FDA’s General Wellness and Mobile Medical Applications guidance documents. Electronic Patient Record Software: provided that it is only intended to transfer, store, convert formats or display the equivalent of a medical chart. There are some caveats to this exception, however: Records must be created, stored, transferred or reviewed by healthcare professionals; Records must be part of health information technology certified under section 3001(c)(5) of the Public Health Service Act; and The software must not be intended to interpret or analyze patient data or images for the diagnosis, cure, mitigation, prevention, or...
Cloud Vendor Selection for Life Sciences

Cloud Vendor Selection for Life Sciences

Benefits and Risks of Moving to the Cloud, Including Cloud Vendor Selection Migrating to the Cloud: What are the Benefits? According to the National Institute of Standards and Technology, the cloud is “a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.” Most companies’ IT infrastructure use less than 30% of their capacity. It took years to get the capacity to where it is today, and it takes months to increase capacity. Employing qualified resources to maintain such an infrastructure is difficult and expensive. Cloud providers utilize about 65% of their capacity and can add capacity quickly. In short, cloud providers benefit from economies of scale, which enables them to lower individual usage costs and centralize infrastructure costs. Companies benefit by only paying for what they consume. Companies can increase or decrease their usage rapidly, and can spend less time managing complex IT resources. Not only do efficiency improvements reduce costs, the nature of some costs can change from being capital investment in hardware and infrastructure (CapEx) to a pay-as-you go (OpEx) model. Maximizing IT capacity utilization, improving IT flexibility and responsiveness, and minimizing cost are not the only advantages of the cloud. Collaboration can be one of the most important advantages of cloud computing. Multiple users, from around the world, can collaborate more easily on documents and projects. Because the information is hosted in the cloud, and not on individual computers, business owners can collaborate with external stakeholders in a...