No, the real turning point was the release of the FDA’s final guidance on Clinical Decision Support (CDS) software, where the FDA ignored a Congressional mandate when the 21st was passed.St Century Cures Act of 2016.
Cures Act Refresher
Prior to the Cures Act, the FDA classified software for drug diagnosis or treatment, including CDS software, to meet the definition of a medical device. The Recovery Act changed many aspects of the FDA’s medical device rule. Under the Cures Act, the following practices and uses, under certain conditions, are not considered medical devices or subject to FDA oversight:
- Administrative Support: hospital management support, including processing and maintaining financial records, claims, credit information, patient population information, business analysis, operations and bookkeeping, analysis of historical claims data to predict future use, or cost-effectiveness, and population. health management
- Lifestyle/Lifestyle: maintaining or encouraging healthy lifestyles, unless the activity is related to the diagnosis, cure, mitigation, prevention or treatment of any disease or illness
- Electronic Patient Records: use as an electronic patient record, including information provided by patients, as the records are intended to transfer, store, change formats, or display the nature of paper medical records when records are created, stored, transferred, and reviewed by medical professionals or individuals working under their supervision, not intended to interpret or analyze the patient records, including medical imaging data, for the purpose of diagnosis, treatment, mitigation, prevention or treatment of any disease or illness
- Transfer / Storage of Medical Device Data: transfer, store, change formats, or display clinical laboratory test or other device data and results, the findings of a medical professional related to such data and results, general information about findings, and general background information about the test and other instruments, but The practice of interpreting or analyzing clinical laboratory test or other instrument data, results, and findings, and
- CDS softwareif that action:
- does not intend to obtain, process or analyze any medicinal form or signal from an in vitro diagnostic device or any sample or signal from a signal extraction system;
- the method of displaying, analyzing or publishing patient medical information or other medical information (such as clinical studies and clinical practice guidelines);
- means of supporting or giving advice to a healthcare professional (HCP) about the prevention, diagnosis or treatment of a disease or illness; a
- It is intended to enable that HCP to independently review the basis for such recommendations provided by such software so that such HCP is not expected to rely on any of those recommendations to make a clinical diagnosis. , or treatment decisions for the individual patient.
Why is CDS important?
Before diving into the details of the new CDS guidelines, it’s important to understand how important it is to medical device manufacturers and other organizations that are not expected to be regulated by the FDA. Under the Cures Act, many companies have brought software to market or invested in software in development designed to meet clear parameters. Based on the new CDS guidelines, FDA plans to inspect computers that Congress has removed from agency oversight. This comes as a shock to software developers and digital health providers who were forced into a new way of doing business by the Cures Act. Let’s dive into the specifics, and software developers should consider if they want to be part of the digital health ecosystem in the US
Your computer is considered a medical device (under the Cures Act and the CDS guidance) if the data originates from a medical form or a signal from an IVD or a sample/signal from a signal-taking system . The FDA defined the term “medical image” to include images created by medical imaging systems to view parts of the body, images obtained for medical purposes, and images not obtained by primarily for a medical purpose but is being processed or analyzed for a medical purpose. Software developers and medical device manufacturers should pay close attention to the definition of “sample,” which the FDA says is “multiple, sequential, or repeated measurements of a signal or from a signal-taking system.” Under the new FDA guidelines, software that evaluates or interprets the clinical effects or clinical relevance of an indication, model, or medical device is considered a medical device because it “receives , process or analyze.”
Figure 1. FDA CDS Guidance – Basic Data
Software developers and designers should pay close attention to the FDA’s new definition of “patient medical information” and “other medical information,” shared in the CDS guidance. The FDA considers “patient medical information” to mean information about patients “that is, can be communicated between HCPs in a clinical conversation or between HCPs and patients in the context of clinical decision-making, meaning that the relevance of the The information for clinical decision-making is fully understood and accepted.” The FDA interprets “other medical information” to include information such as “peer-reviewed clinical studies, clinical practice guidelines, and information that has been independently verified and validated as accurate and reliable.” , material information should not be excluded, and should be supported by evidence.” As you can see, the new guidance reflects the FDA’s hope to expand the definition of medical information and make the underlying computer a medical device.
Alarms And Danger Signs
The new FDA guidance will issue software that provides a risk score or potential risk as a medical device, regardless of condition. The FDA does not consider a computer a medical device if:
- provides disease, illness- and/or patient-specific information and options to an HCP to enhance, inform, and influence a health care decision,
- does not provide any preventive, diagnostic or therapeutic intervention,
- It is not intended to support ad hoc decisions, and
- it is not intended to replace or correct the HCP’s decision.
However, in reality, the FDA is making decisions about HCPs. According to the FDA’s new guidelines, “automation” — the tendency of a person to rely too much on an opinion from an automated system — can lead to errors, especially when the computer provides an output. one per user, as opposed to a list of options. and other information. A quick decision may not give HCPs time to independently review the basis for the recommendations that the computer will provide, and therefore, the FDA will weld them under an automated configuration. Some illustrative examples of software now considered medical devices with FDA oversight include:
- Long-term alarms intended to trigger potential clinical intervention to ensure patient safety or to provide a treatment plan for a patient’s condition or condition, and
- Information that a specific patient may “show symptoms” of a disease or condition.
The fourth section of the Cures Act requires HCPs to independently review the evidence base provided by the CDS, and the FDA’s new vision is that software manufacturers must:
- include the purpose or use of the product, including the HCP user and patient population;
- identifying required health inputs and clear language instructions on how to obtain inputs, relevance, and data quality requirements;
- provide a technical language description of the development and validation of the algorithm as a basis for CDS implementation, including a summary of the logic or methodology used, underlying data relied upon, and results from studies clinical trials used to validate the algorithm/recommendations; a
- provide, in a computerized version, patient information and other known/unknown data, such as corrupted or missing data, so that the HCP can independently review the evidence base and use their own judgment.
It is clear that the FDA expects software developers to disclose and share detailed information about their methods for developing, training, and using their algorithms.
The Bottom Line: What does this new (Final) FDA guidance mean to you?
First, software developers that currently sell CDS that want to comply with the FDA’s instructions must make significant updates to the information shared by the software and the associated label, to or pursuing a legal strategy that includes a pre-market filing process that facilitates trade secrets and intellectual property protection. .
Second, the new FDA guidelines eliminated the patient/caregiver option previously known as patient decision support (PDS). Therefore, PDSs in development or on the market must be reviewed under the traditional FDA framework.
Third, even though the FDA is expected to simply explain its regulatory approach, leaving the Cures Act without prior opportunities for industry and stakeholders to express their views will lead to some action. of the Council. However, until that happens, software developers for healthcare purposes should reassess whether their software functions as non-software CDS under this framework and document those analyzes and consider whether they are needed. work to deliver SaMD. In addition, since the FDA has not confirmed whether the control will affect the rest of the CDS-software, it is advisable to join the FDA to eliminate legal surprises.
Finally, even though the FDA has made the new CDS guidelines final, you can still comment on docket FDA-2017-D-6569, located at https://www.regulations.gov/docket/FDA -2017-D-6569.
- Pre-Cert Pilot Program: Assessing Total Health Benefits and Key Findings, https://www.fda.gov/media/161815/download
- Artificial Intelligence in Health Care: Benefits and Challenges of Machine Learning Technologies for Medical Indicators, https://www.gao.gov/products/gao-22-104629
About the Author:
John Giantsidis is the president of CyberActa, Inc, a leading consultant that empowers medical device, digital health, and pharmaceutical companies in their cybersecurity, privacy, data integrity, risk, compliance, and marketing efforts. He is the vice chairman of the Florida Bar’s Technical Committee and Cyber Aux with the US Marine Corps. He holds a Bachelor of Science from Clark University, a Juris Doctor from the University of New Hampshire, and a Master of Science in cybersecurity policy and compliance from the University of George Washington. He can be reached at [email protected]