The Inside Scoop on FDA Healthcare IT Regulation

By Daniel R. Matlis

Healthcare delivery has become increasingly reliant on state of the art medical devices and the Healthcare Information Technology (HIT) systems used to integrate them. To address the increased reliance on connected systems, the FDA has taken a series of actions to regulate HIT as a Medical Device Data System (MDDS).  The Agency has also issued draft guidance to industry on what it calls “Mobile Medical Apps” <>. FDA’s classification of Healthcare Information Technology (HIT) systems as a Class I medical device has driven IT giants like IBM, Microsoft and Cisco to register with FDA as medical device manufacturers. It has also prompted leading Healthcare providers including Partners Healthcare System, Intermountain Healthcare to register as Medical Device manufacturers.

To gain a better understanding of the FDA’s rationale and strategy for regulating HIT, I interviewed Casper Uldriks, FDA’s Associate Director for Regulatory Guidance and Government Affairs (RET) and currently Counsel at OFW Law in Washington, DC. Mr. Uldriks is a recognized expert on the FDA’s statutory provisions and regulatory programs for medical devices and was involved in the development of the Medical Device Data System (MDDS) rule.

According to Mr. Uldriks “Healthcare information technology presents an increasingly complex set of issues for FDA. The regulation of MDDS involves an issue that FDA has addressed for a couple of decades in terms of whether paper or electronic records were acceptable for the purposes of records and reports required by statute and regulations. Likewise, the use of electronic format for storing medical information has been used for decades. The MDDS rule established the scope of FDA’s regulation of IT usage in that regard. More importantly, the MDDS rule sets a boundary for what will not be regulated in the fairly benign way MDDS is. Software used beyond information storage and transfer faces greater regulatory burden steps outside the MDDS boundary.”

There seems to be some confusion among IT providers and Healthcare organizations regarding what FDA considers MDDS vs. General-purpose IT infrastructure. I asked Mr. Uldriks: How would he advise Manufacturers of General-purpose IT and Healthcare providers to evaluate HIT against MDDS regulatory requirements?

“The MDDS rule established the scope of FDA’s regulation of HIT usage in Healthcare environments, said Mr. Uldriks. “In those instances where MDDS functions and general IT functions cannot be differentiated or segregated, the use of a general IT function cannot preempt the purpose of FDA’s regulation as an MDDS system. The logic should be: If I put any medical information in a general IT function, I am subject to FDA regulation,” he added.

He commented that “Unfortunately, the general thinking seems to be: If I put everything into a general IT function, I escape FDA regulation. That is standing the regulation on its head!”

Beyond MDDS
HIT Systems used beyond medical device data storage, transfer, conversion and display faces greater regulatory burden and steps outside the MDDS boundary. “Systems requiring compliance above and beyond MDDS include operational functions that go beyond what information the healthcare practitioner considers (the information in the chart) to how they make their decision — the information operates within particular parameters established by the hospital which in turn affects medical decisions,” said Mr. Uldriks.

“For example, the doctor must use a treatment order through a software system established by the software manufacturer and the hospital. This could be seen as a customized system, like selecting the extra options for the base model of a car. (Not everybody wants a moon roof.) The options are selected to fit the buyer’s preferences, or needs. The question here is: Who is responsible as a manufacturer? Based on the activities involved, both the software platform manufacturer and the hospital can be manufacturers. ” stated Mr. Uldriks.

There is an App for That
Mobile Medical Applications (MMA) present a new frontier for FDA regulations. According to FDA, if a mobile app is intended for use in performing a medical device function it is a medical device. “A key concern for regulators is that the people developing the program may not be aware of how the MMA is actually used and under what circumstances. MMA seems like an over-the-counter device [available in an App store], so labeling alone, amongst other issues, becomes an almost unmanageable regulatory hurdle. Compatibility with interactive systems also presents potential problems. This is a new issue in many ways, particularly with the over-the-counter aspect, with regulatory impact unclear,” said Mr. Uldriks.

“Another concern that is getting more attention is the security of MMA software as the “hacking” of software and internet systems becomes more widespread. Is there some way to ensure that someone doesn’t hack into a pacemaker and cause it to suddenly stop functioning? How does the source of the MMA manage that kind of activity?” he added.

What Does the Future Hold?
“The issues we discussed will become very complex when someone tries to bring a device to market that is includes software that requires a Premarket Approval application (PMA). The easiest way to envision such a device is if the device actually makes a clinical decision rather than the doctor. For example, if these criteria are met (A, B, C and D) then perform a clinical treatment that is predicated on A, B, C, and D. The problem is that there may be an E factor that would be contrary to a Z treatment decision. This becomes a more complex issue with devices that operate with other devices based on integrated software systems. The inadequacy of one device may affect any of the other devices operating in tandem with one device’s defective software. This may require extensive verification and/or validation.” Mr. Uldriks added.

In the TV series Star Trek: Voyager, the ship’s Chief Medical Officer was a computer program called the Emergency Medical Hologram (EMH).

That’s all Science Fiction….it will never happen, you say? (Read: IBM’s Watson Supercomputer Could Help Doctors Improve Healthcare )

Last month, WellPoint and IBM announced an agreement to put Watson to work in Health Care. “Watson’s ability to analyze the meaning and context of human language, and quickly process vast amounts of information to suggest options targeted to a patient’s circumstances, can assist decision makers, such as physicians and nurses, in identifying the most likely diagnosis and treatment options for their patients…Watson is expected to serve as a powerful tool in the physician’s decision making process,” stated the press release.

Final Thoughts
“This appears like a game of technology tag with FDA trying to tag software technology. As is true for almost any federal agency, FDA runs as fast as it can, but always on the heels of its target,” concluded Casper Uldriks.

Medical Technology will play a progressively critical role in the delivery of Healthcare. As we become increasingly reliant on state of the art medical devices and HIT systems we must be mindful to mitigate the risks they may inject into the Healthcare ecosystem.

This article is part of a series providing a digest of interactions with Industry thought-leaders.

For the impact of the MDDS rule on Hospitals & Healthcare Providers read: When is a Hospital a Medical Device Manufacturer?

For the impact of MDDS on IT systems marketed to Healthcare providers read: The Impact of MDDS on Healthcare IT Suppliers, a Thought Leaders Perspective.

Scroll to Top
Share via
Copy link