Header graphic for print
Focus on Regulation

FDA Proposes Enforcement Discretion for Medical Device Data Systems, Medical Image Storage Solutions, and Medical Image Communications Devices

In a 20 June 2014 draft guidance, the Food and Drug Administration (FDA or Agency) proposed that, once the guidance is finalized, the Agency would refrain from enforcement of all regulatory requirements for a subset of hardware and software that transfers, stores, converts, formats, and displays medical device data or medical imaging data, which would include Medical Device Data Systems (MDDS), Medical Image Storage (MIS) devices, and Medical Image Communications (MIC) devices. The draft guidance titled Medical Device Data Systems, Medical Image Storage Devices, and Medical Image Communications Devices (Draft Guidance), informs manufacturers, distributors, and other entities that the Agency does not intend to enforce compliance with applicable regulatory controls for these products. The Draft Guidance also proposes conforming changes to its Mobile Medical Applications guidance released earlier this year.

Under the current regulatory regime, the FDA classifies each of the following as class I medical devices:

  • MDDS subject to 21 CFR 880.6310,
  • MIS devices subject to 21 CFR 892.2010, and
  • MIC devices subject to 21 CFR 892.2020.

MDDS products were only initially classified by the Agency in 2011. The FDA’s change of course described in the Draft Guidance appears to be driven by a number of factors, including greater Agency experience with these types of technologies, the low risk nature of these devices, public feedback received as part of the FDASIA Health IT proposed risk-based framework, and the role that these devices play in the larger health IT ecosystem. Based on the experience gained with MDDS products since 2011, the Agency has determined that these devices, as well as MIS and MIC devices, pose a low risk to patients. On the FDA’s Voice Blog, Bakul Patel, senior policy advisor in the FDA’s Center for Devices and Radiological Health (CDRH), also notes that in the course of the FDA’s work with the Office of the National Coordinator for Health IT, the Department of Health and Human Services, and the Federal Communications Commission, the agencies received extensive public feedback on the proposed risk-based regulatory framework supporting deregulation of these MDDS products, and that such a move is consistent with the proposed framework. Pointing to these devices as the foundation for intercommunication and interoperability among medical devices and between medical devices and other health IT, the FDA predicts that the move will encourage greater innovation in the development of these systems and advancing digital health.

In identifying MDDS devices subject to this policy shift, the Draft Guidance restates the definition of an MDDS, and provides the same specific examples of MDDS as set forth on the FDA’s MDDS webpage (with some minor clarifying language). As noted above, MDDS, MIS, and MIC products are all classified by the Agency as class I medical devices, which are subject to all of the FDA’s general controls, including registration and listing, premarket review, postmarket reporting, and quality system regulation (QSR). Under the Draft Guidance, if finalized, the FDA would not enforce compliance with any of these requirements. In addition, each of these product types is currently explicitly exempt (and would continue to be so) from premarket notification (i.e., 510(k) clearance) requirements. However, the FDA has historically set limitations on that exemption, including if the product is intended for use, for example, in diabetes management or in assessment of cardiovascular disease risk. The Draft Guidance indicates that even where these limitations on the exemption are applicable, the FDA does not intend to enforce the requirement for premarket notification. In other words, even for a system that is used in diabetes management, the FDA does not intend to require compliance with premarket notification or any other general medical device controls, including the QSR requirements.

As part of the proposed enforcement discretion for MDDS, MIC, and MIS devices, the Draft Guidance includes proposed changes to the final September 2013 Mobile Medical Apps Guidance. The majority of proposed changes serve to remove MDDS, related language about MDDS functionality, and specific examples of such devices from the group of MMAs subject to active FDA regulation. For the group of MMAs subject to enforcement discretion, the Draft Guidance proposes revisions to the description of mobile apps that provide patients with simple tools to organize and track their health information without providing recommendations to alter or change a previously prescribed treatment or therapy. Specifically, the proposed revision states that the FDA considers these apps to be “tools which are not intended to provide specific treatment recommendations and/or are NOT subject to limitations of exemptions referred in 21 CFR 880.9(c)(4) — For assessing the risk of cardiovascular diseases; or in 21 CFR 880.9(c)(5) — For use in diabetes management.” In light of the enforcement discretion position the FDA has taken with respect to MDDS intended for use in diabetes management or in assessment of cardiovascular disease risk, the proposed revision appears to be intended to take a similar position for similar apps, such that apps that allow a patient to log, track, or trend events or measurements for the assessment of the risk of cardiovascular disease or in diabetes management will be subject to enforcement discretion if they do not provide treatment recommendations.

Consistent with the proposed enforcement discretion for MDDS, additional examples have also been added to the group of apps subject to enforcement discretion, and one example was removed from the list of actively regulated examples.

This policy shift will likely be a welcome change for many in the industry who have either already entered the market with MDDS devices, or who have decided to forgo developing such products due to the significant burdens of complying with the QSR. In addition, the Agency’s specific reference to MDDS functionalities in systems intended to assess the risk of cardiovascular disease or for use in diabetes management appears to represent further loosening of regulatory oversight for simple tools intended to help patients track their health information related to these conditions.

The public is encouraged to submit comments on the Draft Guidance. The comment period will remain open for 60 days. It is likely this guidance will remain in draft form for some time as FDA policies in this area further evolve. For the time being, it is still prudent for companies with products that have an unclear profile to discuss the applicable regulatory requirements with the FDA informally or, where necessary, file a 513(g) petition with CDRH.