Digital Health's Disruption of FDA Regulatory Policy

Over the course of the last few weeks, the FDA has made several announcements that will significantly impact the industries it regulates, from drug and biologics to medical device and combination products. One common theme among them is the influence of innovation in the digital health space as a driver for regulatory policy change. While many of these changes involve visions for the future, some are actively being developed and implemented. Stakeholders across the life sciences spectrum should pay attention to how the shifting regulatory winds may impact them. The following is a summary of what I found to be particularly notable among the announcements.

Transforming FDA’s Approach to Digital Health

In his 2018 Health Datapalooza speech, the FDA Commissioner Scott Gottlieb, M.D. highlighted changes to the regulatory approach for digital health as well as new programs (directly and indirectly impacting the industry) that will be rolled out soon, including:

• Plans to 1) enable drug manufacturers to more easily leverage digital health tools as part of drug review and to form drug delivery systems; 2) establish a pre-certification program that simplifies the pre-market review of digital health tools as medical devices (see below for more details); and 3) foster the use of artificial intelligence (AI), by focusing on (potentially) real-world data as a means to validate AI-based Software as a Medical Device (SaMD);
• A new application of digital health tools to the FDA’s pre-market review of drug safety under the Premarket Digital Safety Program, creating a “unified data standard for meeting electronic reporting requirements under the expedited safety-reporting regulations of an Investigational New Drug Application”;
• A data science incubator, the Information Exchange and Data Transformation (INFORMED), the goal of which is to develop ways to integrate data analytics into regulatory decision making; and
• A fellowship program with Harvard University focused on innovating regulatory science through use of machine learning (ML) and AI algorithms, which includes 1) defining new clinical endpoints and developing methods to evaluate safety and effectiveness of therapies, and 2) constructing a regulatory framework founded on valid and strong evidence generated from AI/ML algorithms.

A “Working Model” of the Digital Health Software Pre-Cert Program

FDA’s Software Precertification Program has rapidly progressed over the last year or so, to the point that it is expected to roll out by the end of this year. The program focuses on a software development organization’s culture of quality and excellence as defined by five principles: 1) product quality, 2) patient safety, 3) clinical responsibility, 4) cybersecurity responsibility, and 5) proactive culture.

For those companies willing to volunteer to participate (i.e., to be probed in a new way by the FDA), this program offers a streamlined regulatory pathway, including potentially avoiding premarket review entirely. The primary trade-off for that benefit is a commitment to postmarket surveillance through analysis of real world performance and, of particular import, sharing of that performance data with the FDA. The program is still being developed and the FDA is genuinely looking for input from all stakeholders—particularly patients and physicians. Many of the details are still to be determined, so now is the time to influence the program’s design. Comments should be submitted to the public docket. Keep in mind that the FDA is taking a rapid, iterative approach to building out this pre-cert program, so look for regular updates (monthly) from the Agency with more details.

Draft Guidance on Multiple Function Device Products

After nearly 8 years of advocacy (check out A Call for Clarity: Open Question on the Scope of FDA Regulation of mHealth, a whitepaper I co-authored in 2010 describing challenges with the FDA's approach to regulating digital health, and the mHealth Regulatory Coalition's comments to the FDA's Mobile Medical Apps Guidance published in 2011) and ultimately the enactment of the 21st Century Cures Act, the FDA has finally embraced a modular view when it comes to regulating medical device systems. To be sure, the FDA published a guidance in 2016 (which was subsequently updated in 2017) that defined a new approach to regulating accessories to medical devices wherein the accessory would be regulated independently of the medical device to which it is associated. In a sense, the colloquially called “accessories” guidance was a precursor to the new “multi-function” guidance; however, the former focused on defining a new regulatory approach for finished product elements of a medical device system. This new draft guidance describes the FDA’s approach to regulating component-level elements of hardware and software systems (i.e., non-finished products that combine to form finished medical devices, device constituents of a combination products, and software used with a drug/biologic). Essentially, the FDA is proposing to no longer regulate modules that contain functionality that, if standalone, would not otherwise be regulated. Importantly, this new approach dramatically reduces the regulatory burden for life sciences companies, especially those in the digital health domain. Interestingly, the FDA went beyond the statutory requirement by applying this new approach not just to multi-functional software but to traditional hardware devices as well. Comments on this draft guidance can be submitted to the public docket.

Medical Device Safety Action Plan

To capture the comprehensive approach to ensuring medical device safety as it reduces regulatory burden for many of the innovative digital health technologies entering the market, the FDA has published its Medical Device Safety Action Plan. This plan describes many areas on which the FDA intends to focus in an effort to “refine” their regulatory oversight of medical device safety. Specifically, the action plan consists of:

1. Establishing a robust medical device patient safety net in the United States;
2. Exploring regulatory options to streamline and modernize timely implementation of post-market mitigations;
3. Spurring innovation towards safer medical devices;
4. Advancing medical device cybersecurity, including expanding pre- and post-market authority to impose new regulatory requirements, and creating a public-private partnership called the CyberMed Safety (Expert) Analysis Board (CYMSAB) to support the industry and the FDA in the assessment and validation of high-risk/high-impact device vulnerabilities and incidents; and
5. Integrating the FDA’s pre- and post-market offices and activities to advance the use of a “Total Product Life Cycle” approach to device safety.

Much of the proposed plan is aspirational and contingent on the FDA receiving its requested budget for 2019. If that doesn't come through, it will be interesting to see which of these new programs rise to the top of the priority list.