FDA Retreats on Regulation of Certain Software Products

By Jennifer D. Newberger –

Recognizing that even regulating certain software products as Class I medical devices is more regulation than necessary, FDA released a Draft Guidance document titled, “Medical Device Data Systems [MDDS], Medical Image Storage Devices, and Medical Image Communication Devices.”  This Draft Guidance essentially eliminates all regulatory obligations associated with those devices:  “[FDA] does not intend to enforce compliance with the regulatory controls that apply to MDDS, medical image storage devices, and medical image communications devices, due to the low risk they pose to patients and the importance they play in advancing digital health.”  Draft Guidance, at 4.  The regulatory controls no longer applicable to these types of devices include not only compliance with the quality system regulation (QSR), but also registration and listing and medical device reporting (MDR).  Though the Draft Guidance does not use the phrase “enforcement discretion,” it makes clear that FDA will in fact be exercising enforcement discretion with respect to these products.  This means that, while FDA considers these products to be medical devices, it will no longer regulate them as such.

The Draft Guidance notes that while these devices are exempt from premarket review, there are certain limitations to the exemption.  For example, 21 C.F.R. § 880.9(c) states that if an exempt device is used for assessing the risk of cardiovascular diseases or for use in diabetes management, the device is no longer exempt and must be submitted for premarket review.  The Draft Guidance eliminates these limitations to the exemption, and states that, “to the extent that these limitations apply, FDA does not intend to enforce compliance with regulatory controls for MDDS intended to be used in a system for assessing the risk of cardiovascular diseases (21 CFR 880.9(c)(4)) or for use in diabetes management (21 CFR 880.9(c)(5)).”  Draft Guidance, at 7.  This means that a manufacturer may market an MDDS, medical image storage device, or medical image communications device for assessing the risk of cardiovascular diseases or for use in diabetes management, and that device would not be subject to premarket review or any other regulatory controls.

Finally, the Draft Guidance proposes changes to the Mobile Medical Applications Guidance (Mobile Apps Guidance) released on September 25, 2013 (see our previous post here).  The changes are intended to reflect FDA’s position that it will be exercising enforcement discretion over these products.  For example, the Mobile Apps Guidance, as released, included an app that displays, stores, or transmits patient-specific medical device data as one that would be regulated by FDA.  The Draft Guidance proposes elimination of this example.  The revisions to the Mobile Apps Guidance would also make clear that apps subject to FDA’s enforcement discretion include those that assess the risk of cardiovascular diseases or are intended to be used in diabetes management.

By eliminating the regulatory obligations of these low-risk products, FDA seems to be acknowledging that it cannot reasonably regulate all, or even a majority, of marketed software products, and its resources must be dedicated to those that present a potentially higher risk to patients.  Software that does not analyze data or make patient-specific recommendations, but merely presents, retrieves, and displays data is not among those higher-risk products.  It is refreshing to see FDA take this risk-based approach, and hopefully it will continue to do so as it contemplates regulation of additional software products, such as clinical decision support software.