At Medgadget we cover regulatory approvals of devices on a daily basis, and many of our readers are involved in these affairs at the companies they work for. The regulatory scene is changing to adapt to technological changes that are blurring the previously clear lines between software and devices, and between prescriptions and advice. We asked Rachelle D’Souza, an expert on these matters at Regulatory Heights Inc., to give our readers an overview of the latest regulatory adaptations the FDA has been undertaking.
Innovative technologies that are medical devices and are used for the diagnosis, treatment and prevention of diseases or conditions, are regulated by the United States Food and Drug Administration (FDA). This usually involves FDA approval / clearance for market launch of the medical device, the design and maintenance of a quality and safety reporting system and facility registration / listing. FDA’s medical device approval or clearance decision depends on FDA’s benefit risk assessment of the device. Various factors are considered by the FDA during their decision making. These include the medical necessity of the medical device, the type, magnitude and duration of its benefits, the medical device’s risks, uncertainties and risk mitigation controls, and patient and user preferences. Today, many manufacturers are offering patients innovative medical device technologies or technologies that are new to medical care. FDA has stepped up to provide regulatory oversight and guidance for these innovative technologies and to facilitate medical device market access. Here’s how.
Regulating Innovative Technologies
Increasingly today, mobile apps are involved in patient care. FDA has stepped up to regulate certain mobile apps used in medical care. Mobile apps connect to electrode sensors, speakers, microphones, cameras for active patient monitoring and / or patient data modification or analysis, to diagnose or treat disease. Examples include mobile apps associated with pulse oximeters or ECGs. Mobile apps control the function, operation or energy source of medical devices. Examples include mobile apps that alter the settings of cochlear implants, infusion pumps, CT or X-Ray machines. These are mobile medical applications (MMA) and are subject to all the regulatory compliance activities identified in the first paragraph above including FDA approval for market launch. Mobile apps that may be MMAs and are of lower risk are subject to FDA’s enforcement discretion and therefore should comply with FDA’s quality system regulation. Examples include mobile apps that support patient adherence to medications or use gaming technology for physical therapy. Manufacturers of mobile apps in health care must therefore first consult with a regulatory professional to determine whether their mobile app is a medical mobile app and then to determine the regulatory compliance activities appropriate for their MMA or medical device.
Wireless Medical Devices & Cybersecurity
As medical devices use wireless technology, FDA has made recommendations with respect to the selection, quality of service (QoS), coexistence, security and electromagnetic compatibility (EMC) of the wireless technology. Packet loss, signal to noise ratio, bit error rate are useful parameters for assessing wireless data integrity and transmission. The network’s signal priorities, accessibility, acceptable latency and acceptable probability level for information loss can be used to assess the QoS. Coexistence can be addressed by addressing adjacent channel and co-channel interference of the RF band from other medical devices and users. Wireless encryption and data access controls among others may be considered to address cybersecurity issues. To prevent EMI with other equipment, manufacturers can comply with FDA recognized standards with respect to EMC testing of their wireless technology.
For quality assurance and control, wireless technology and cybersecurity should be considered when designing a manufacturer’s quality system. For instance, a quality system can include a comprehensive premarket and post market cybersecurity risk management program based on the NIST framework for improving critical infrastructure cybersecurity. This would include identifying cybersecurity signals and defining essential clinical performance, characterizing and assessing vulnerability, performing risk analysis and threat modeling, analyzing threat sources, incorporating threat detection capabilities, analyzing cybersecurity signal impact across devices, assessing and prescribing compensating controls, and mitigating risk to essential clinical performance, perhaps through routine cybersecurity patches. FDA also recommends that manufacturers address cybersecurity of networked medical devices containing off-the-shelf (OTS) software.
Medical devices are often interconnected via an electronic data interface and so FDA is tackling the interoperability of medical devices to ensure their safety and effectiveness. FDA recommends that a manufacturer’s quality system design and medical device design consider the electronic data interface’s purpose, anticipated users of the medical device(s), risk management, verification & validation and labeling.
When designing the electronic data interface, for instance, a medical device manufacturer will need to consider the devices being connected, the data being exchanged, the data transmission method, any time synchronization requirement, the reliability of information like the sample or transmission rate, the medical device’s clinical context for the data exchanged, device functional and performance requirements, the effect of application programming interface (API) commands on device safety and effectiveness and other interface interoperability situations.
Malfunctions or failures could arise from device connections, direct or indirect, receiving and processing of invalid commands or data errors, or non-adherence to specifications. All potential and actual risks to device safety and effectiveness need to be adequately addressed through a suitable risk management plan in the medical device manufacturer’s quality system which may include device / system verification and validation activities and labeling controls. Manufacturers also need to appropriately inform anticipated device users in accordance with user interaction / function. For instance, a clinician would be interested in the clinical uses and risks of the device and electronic data interface, that the clinician would interact with. On the other hand, an engineer would need to know the functional performance requirements for network operation and maintenance or verification and validation activities.
Often today, in vitro devices are used along with therapeutic drug products for diagnostic purposes. These may include monitoring patient response to a therapeutic drug to alter treatment for greater drug safety or efficacy, identifying patients who will be more likely to have serious adverse reactions to the drug therapy, identifying patients who would most chance to benefit from a drug therapy or identifying a patient population where a therapeutic drug is found to be safe and effective after adequate study. When an vitro device is purposed as above and is essential to a therapeutic drug’s safe and effective use, such a device is considered to be an in vitro companion diagnostic device, and FDA regulates its co-development with that of the therapeutic drug product.
There are many FDA considerations and suggestions concerning the co-development of an in vitro companion diagnostic device (IVDD). These include the use of pre-analytical and analytical studies for demonstration of assay reliability and safety, analytical validation of all IVDD clinical performance parameters prior to any pivotal trial, utilizing clinical trial enrichment strategies, using a single study protocol for multiple sites, and more. Regulatory strategy and counsel are involved in pre-submission FDA consultations, determining the appropriate regulatory submission pathway and in co-ordinating drug and device regulatory timelines.
Facilitating Market Access
Devices for the diagnosis or treatment of life threatening or irreversible debilitating conditions or diseases usually require premarket approval (PMA) or de novo regulatory applications for FDA clearance. Manufacturers of such devices may opt for expedited market access if their devices have no legally marketed alternative, or where an alternative exists, the device is in the best interest of patients, has a clinically meaningful, significant advantage over the legally marketed device and is of a breakthrough technology. An expedited access pathway (EAP) designation by FDA is based on FDA’s consideration of a draft data development plan that forms part of the EAP submission and includes a synopsis and time plan of premarket and post market study data. An EAP designation from FDA entitles a manufacturer to FDA EAP program features including FDA interactive review, senior FDA management involvement, an FDA assigned case manager and priority review by FDA.
Sometimes there is no clear superior treatment option among a series of multiple therapies, evidence for any one therapeutic option may be inconclusive. Patients may differ in views on significant benefits and acceptable risks from health care professionals. In the past, FDA has found that information on patient preferences has facilitated market access and so, in 2015, established a Patient Engagement Advisory Committee (PEAC) for engagement with patients. Medical device manufacturers filing premarket approval applications (PMA), humanitarian device exemption (HDE) applications or de novo requests with FDA can now leverage the use of patient preference information (PPI) in their regulatory submission for market approval. Various medical devices can benefit from the use of PPI. These include devices of novel technology, high risk life saving devices, devices for unmet needs or rare diseases and conditions, devices affecting the quality of life, with significant health and appearance benefits, or with alternative benefits to marketed devices, and devices with a direct patient interface.
Leveraging Clinical Strategies
Medical devices subject to premarket approval applications (PMA), humanitarian device exemption (HDE) applications or de novo requests may be able to potentially extrapolate adult clinical data to the pediatric population. Additionally, electronic health record (EHR) data may be considered in clinical investigations provided that EHR data validity, reliability and integrity can be verified through inspection by FDA.
In conclusion, FDA is keenly monitoring the evolution of medical device technologies. Medical device manufacturers need to leverage regulatory intelligence, such as has been presented here, for expedited market access and avoid costly delays for regulatory compliance. This goal is attainable if medical device manufacturers and regulatory professionals work together, ideally from the earliest phases of device design, to design a viable strategic plan or path to market that is amenable to changing business objectives, budget constraints and regulatory compliance expectations.