Custom Devices, Combo Product Surveillance in the News

Manufacturing a medical device is one thing, but doing so without crossing swords with the multiple regulatory jurisdictions now in operation is no mean feat, either. Custom devices are suddenly of interest for two regulatory entities so far in 2019, but the FDA’s final guidance for combination product postmarket safety reporting is another consideration on which device makers dare not sleep.

Custom Devices Topical for IMDRF, Anvisa

There are certainly more complicated regulatory requirements than those pertaining to custom medical devices, but Brazil’s regulatory agency, the National Sanitary Surveillance Agency (Anvisa) and the International Medical Device Regulators Forum both posted draft guidances for custom devices recently, making compliance rather complicated for companies doing business in multiple markets. Anvisa and the IMDRF are only the latest entries in this space because the American FDA and its counterparts in the U.K., Australia and Canada have each already put their own stakes in this regulatory ground.

Anvisa announced the draft guidance for custom devices in September 2018, which according to a consultant’s analysis will require registration for custom-made, adaptable, and patient-matched devices. Makers of class III and IV custom devices will have to undergo inspections, but this requirement will not be extended to class I and II devices. There has been a backlog of Anvisa inspections of all types for several years, but the agency said the backlog will soon be a thing of the past.

The IMDRF draft guidelines, with a consultation period that closed July 24, deal with regulatory pathways for custom devices and offer definitions for custom devices and related terms. The document also provides language for additive manufacturing and devices customized at the point of care, but the IMDRF said a number of regulatory bodies “are noticing questionable use of custom-made device exemptions,” including a growing volume of custom devices that fall into higher risk classifications.

The IMDRF’s discussion of additive manufacturing is brief, but it promotes the concept of a medical device production system (MDPS) when that equipment is used outside of a traditional manufacturing site. The draft said that regulation of such a system might be determined by the type of device that system is intended to produce, although the manufacturer of the system would still be liable for validating the use of that MDPS for a given device. There is seemingly the prospect of split and/or overlapping regulatory liability as well, however, as suggested by a passage in which the IMDRF said that responsibility for the medical device’s safety and performance is “with the manufacturer of the MDPS, along with the other responsibilities placed on a manufacturer in the jurisdiction where the MDPS is used.”

Inspections a Concern for Combo Postmarket Surveillance

The FDA needed three years to convert a 2016 rule governing postmarket surveillance of combination products into a working final guidance, but there was some language in the 2018 draft that carried over to the final guidance despite industry opposition. Another issue for some, however, was whether the Office of Combination Products at the FDA would ensure that FDA field investigators are on the same page where the guidance’s key principals are concerned.

The Combination Products Coalition gave voice to a number of concerns, but the group’s regulatory attorney, Bradley Merrill Thompson of Epstein, Becker & Green, also requested that the FDA clarify a few questions regarding the reporting timelines for combination products. Thompson suggested at one point that the FDA provide additional clarity as to when certain of the draft’s provisions are directed toward cross-labeled combination products. Thompson said the FDA is should take steps to provide field investigators understand the implications of the final guidance’s most important provisions.

In contrast, the Advanced Medical Technology Association made note of reservations regarding a sponsor’s liability for reporting when the device component of a combination product has malfunctioned. AdvaMed’s Steve Silverman suggested that the draft had crossed the unduly burdensome line by requiring the sponsor of a drug- or biologic-led combination device to evaluate the possibility that a malfunctioning device component would malfunction when used with other drugs or biologics.

Silverman said one problem with this approach is that the use of a given device with different drug or biotech products means there are differences in storage conditions, just one example of the complications arising from responding to a malfunction. Silverman also said that the requirement as spelled out in the draft removes the device maker – which is fairly certain to be in a better position to handle such a task – from the task of determining the risk of device failure when paired with other therapeutic agents. Despite the feedback from Silverman, a former director of the Office of Compliance at the FDA’s device center, this provision appears in the final guidance as well.

Innovation on Tap at FDA, HHS

Few major U.S. federal government initiatives move as quickly as hoped, but those initiatives are nonetheless crucial for stakeholders in the life sciences intent on bringing innovative products to the clinical setting. The Department of Health and Human Services recently unveiled a program that could bring new drugs and devices to the market more rapidly than has been the case up to now, while the FDA provided an update on its digital health plan that reinforced the notion that the plan will indeed take time to put into place, even as the agency makes changes with the intent of streamlining the plan.

HHS Eyes Faster Medical Product Access

The Department of Health and Human Services said in a recent announcement that it will hold a two-day meeting June 20-21 to obtain stakeholder feedback on how to decrease the time needed for drugs and devices to make their way into clinical use. This is one of the programmatic areas under the ReImagine HHS initiative, and among the topics to be discussed is whether the department should play a role in connecting medical product developers with private payers and Medicaid managed care plans.

HHS said this portion of the proceedings is in response to complaints from both developers and payers that the process of communication between the two sides is inefficient. The FDA’s device center already has an office to facilitate communications with private payers during the device development process, so this move on the part of HHS would presumably scale up the CDRH version and expand it to include pharmaceuticals and biotech therapeutics. Another subject for discussion is “knowledge sharing,” which again is intended to bolster the rate of transmission of medical product innovation to the marketplace, in this case by giving the public more access to both confidential and already publicly available HHS information.

Device makers have complained over the years that public health programs have stifled access to therapies and diagnostics that could represent a meaningful improvement over the current state of the art, and among the initiatives already underway to fix those problems are some changes to the Medicare local coverage determination process. The Centers for Medicare & Medicaid Services also proposed in the draft inpatient prospective payment system for fiscal 2020 to provide coverage to any products that are accepted into the FDA breakthrough devices program. The breakthrough devices coverage concept seen in the 2020 inpatient draft reflects an industry proposal designed to aid small device makers in developing the evidence needed to meet the reasonable and necessary standard for Medicare coverage. The combination of these developments suggests that HHS Secretary Alex Azar has determined that healthcare innovation is hindered by the size of government and the complexity of its regulatory instruments, and that patients are suffering as a consequence.

Precert Test Plan May

The FDA is inching along with its precertification program for software as a medical device, announcing recently that it will accept applications for the precert test plan that will unfold over the balance of the current year and possibly into next year. However, the agency said it will accept applications for the precert program that run dual tracks with either the 510(k) or the de novo program, the former of which was not an explicit part of the precert concept until recently.

The FDA had previously appended the de novo petition process to the precert program in a move some argued was prompted by a desire to avoid accusations that the precert concept was entirely extralegal. The addition of the 510(k) pathway seems to offer no additional benefit in that regard, however, although it would bring on some test cases that reflect the majority of class II device applications, those that are based on a predicate rather than those that represent a technological novelty.

The announcement reiterates that companies involved in the testing phase will not actually obtain precertification merely by virtue of participation in the test phase, although applicants need not subject themselves to the full gamut of precertification evaluation modules. However, the FDA said that participants in the test phase may be limited to companies that have a track record in developing software products, seemingly leaving software start-ups out in the cold. Also of note is that this test plan may run beyond 2019, a sign that regulatory innovation is no less a feat than innovation in medical technology.

FDA Revisits Combination Product Controversies

The FDA’s efforts to regulate combination products have run across some legal challenges, but more often the agency finds it difficult to implement regulations for combo products because of the complexities inherent to such products. In a recent notification, the FDA said it would continue to exercise enforcement discretion for some postmarket safety reporting requirements, but the agency ran afoul of the primary mode of action question yet again in a new draft guidance that takes up the product designation problem.

Another Day, Another Reporting Delay

The agency announced in April that it would continue to exercise enforcement discretion for a number of the postmarket reporting requirements for combo products, but the policy has been lingering for at least a year. The question arose in March 2018, when the agency posted a draft guidance that attempted to provide some direction for the December 2016 final rule for the same subject. This subject ranges back at least as far as 2009, however, the year of a proposed rule for combination product postmarket reporting, demonstrating that this topic has perplexed the agency for a decade.

Much of the difficulty revolves of course around the fact that there is no single combination product type, and there are differences in how each type makes itself felt upon the regulatory burden of the makers of each constituent part. The 2018 draft’s treatment of postmarket reporting for an approved component of an investigational combination product varies from the use of that component in an already-approved combination as well, and the net effect is to present stakeholders with three very different scenarios within a single document. Thus, some have called for a separate guidance for cross-labeled combination products at the very least, a proposal the agency may be unwilling to adopt.

One of the difficulties for the FDA is that stakeholders are not entirely united as to how the agency should approach these questions, but the deadlines for adverse event reporting requirements are already different for drugs and devices. These differences have fed calls for a pan-agency approach to the question of postmarket reporting requirements, a proposition that may strike some as only slightly less ambitious than a pan-agency approach to good manufacturing practices. Either way, the latest document is an immediately-in-effect policy statement that provides enforcement discretion through July 31, 2020, for combination products that fall under Medical Device Reporting requirements, and through Jan. 31, 2021 for products that employ the Vaccine Adverse Event Reporting System.

No Cure for the Cures Act

The FDA took another stab at the combination product designation question in a February draft guidance dealing with the principles of combo product premarket pathways, but as is often the case, the agency’s effort failed to win any converts among drug and device makers, due in large part to the question of a combination product’s primary mode of action (PMOA). That particular discussion has an interesting legal history, mostly involving France’s Prevor, which fought the agency to at least a draw in two visits to the U.S. District Court for the District of Columbia.

One of the notable features of the February draft guidance is that it stipulates that applicants provide enough data in an application to allow the centers of jurisdiction to review each component as though it were a separate application. The draft seemed largely mum on the cross-labeled combination product category, however, so much so that at least one observer questioned whether the FDA had intended to exclude cross-labeled products from the scope of the draft.

More than one trade group questioned the draft’s provisions that would seem to give the FDA wide discretion in assigning a combination product to a center that would ordinarily be inappropriate for the product’s PMOA. This question has roiled relations between the agency and industry at least as far back as 2004, the year the FDA opened a docket to deal with the PMOA question. A decade and a half of further consideration does not seem to have answered some of the underlying issues despite that the 21st Century Cures Act called on the FDA to resolve these problems.

The Cures Act directed the agency to assign primary jurisdiction for a combination product to the center that would be most appropriate for the component deemed to present the PMOA. Critics of the February 2019 draft guidance seem to have determined that the agency is resisting this legislative directive with all the regulatory muscle it can muster. The view of stakeholders may be that this draft guidance is unworkable in its present form, leaving industry with the prospect of another of those lingering draft guidances that is ultimately neither finalized nor withdrawn.

United States Supreme Court Decides that FDA Impossibility Pre-emption is a Matter for Judges, not Jurors

Jordan Lipp, Esq. | Managing Member, Childs McCune

It is a basic tenant of Constitutional law that if it is impossible to comply with both state and federal law, the state law is preempted and only the federal law controls. This is referred to as “impossibility pre-emption,” and is a frequently litigated issue regarding products regulated by the FDA, especially drugs. In approving warnings, the FDA is concerned not just with warning, but also preventing “overwarning” and making sure that warning language does not exaggerate the risk. In state law personal injury actions, however, plaintiffs frequently argue that the drug company should have provided more warnings or stronger warnings. This creates the significant possibility that a company regulated by the FDA may be put in a situation where the FDA does not permit it to over-warn under federal law, but at the same time it is faced with state law litigation arguing that it was required to over-warn by state tort law. When caught between this impossible position of not being able to comply with both federal and state law, the state law is preempted. When the state law is preempted, the personal injury lawsuit must be dismissed.

As the United States Supreme Court has stated (in a wonderfully confusing string of negatives): “‘absent clear evidence that the FDA would not have approved a change’ to the label, the Court ‘will not conclude that it was impossible . . . to comply with both federal and state requirements.’” Merck Sharp & Dohme Corp. v. Albrecht, No. 17-290, 2019 U.S. LEXIS 3542, at *3 (May 20, 2019) (quoting Wyeth v. Levine, 555 U. S. 555, 571 (2009), ellipses in original). An open question, until now, has been who makes this decision. Does the judge or the jury decide whether the FDA would not have approved a label change?

That question was answered yesterday by the United States Supreme Court. In Merck Sharp & Dohme Corp. v. Albrecht, the Third Circuit decided that it was a question for the jury whether the FDA would have rejected the atypical femoral fractures warning pushed by the plaintiffs in the Fosamax litigation. Merck appealed this decision. Yesterday, the United States Supreme Court disagreed with the Third Circuit. It found that “judges, rather than lay juries, are better equipped to evaluate the nature and scope of an agency’s determination.” Id. at *27. As such, “a judge, not the jury, must decide the pre-emption question.” Id. at *18. And, interestingly enough, all nine justices agreed with the judgment, although for different reasons. While this outstanding question on impossibility preemption has now been answered, the precise scope of impossibility preemption will continue to be litigated for many years.

FDA Moves on Device Safety as Promised

The FDA’s safety push is a matter of public record, but the agency has moved decisively on this area on several occasions in the month of April. Some of the moves were entirely expected, but one arose with little warning, making clear that while the agency has a definite safety agenda, that agenda can be modified at a moment’s notice.

The FDA advised industry in January it would be more active in the area of device safety via the medical device safety action plan, but the agency’s guidance agenda for the current fiscal year also lists a number of items that can be attributed to the push for safety. In mid-April, the FDA said it would pull the marketing authorizations for all surgical meshes for pelvic organ prolapse, a move that followed the agency’s 2016 up-classification of these devices/indications from class II to class III. The FDA notice indicated that the two sponsors that had decided to submit PMA filings had failed to demonstrate a reasonable assurance that those devices presented an acceptable benefit-risk profile, although devices that have been the subjects of Section 522 postmarket surveillance studies will have to complete those studies.

More recently, the agency posted a draft guidance for the use of nitinol used in medical devices, which was driven at least in part by contraceptive devices, although devices for the circulatory system are also caught up in this issue. Former FDA commissioner Scott Gottlieb and Jeff Shuren, director of the Center for Devices and Radiological Health, said in a statement that nitinol is not the only material of immediate concern at the agency as graphene, too, is on the agency’s safety agenda.

The impact of any moves on nitinol will be keenly felt in the cardiovascular space, thanks to widespread use in items such as aortic valve replacement devices. The draft guidance for nitinol in implanted devices is product agnostic, but the FDA makes reference to standards that have emerged for material characterization as a resource for ensuring device performance. One of the considerations is the material’s susceptibility to corrosion, but while the draft does not suggest any impending regulatory action, device makers may have to include more detail in their regulatory filings going forward.

The draft states that product labels may have to include warnings about allergic reactions to nitinol, although it is not clear whether a test for such sensitivities is routinely offered to patients. Among the entries in the literature on this point is an article in the March 6, 2017, issue of the Journal of Vascular Surgery Cases and Innovative Techniques, which describes a patient who experienced “a full-body, desquamating macular-papular pruritic rash” after implant of a stent in the popliteal artery for acute limb ischemia. The patient’s condition improved after the device was removed, although he continued to experience less severe episodes out to two years, which were blamed on exposure to other products that contain nickel, including occupational exposure and bottled alcoholic beverage containers.

Surgical staples, staplers also on the list

Surgical staplers and staples also fell under the FDA’s watchful eye, as demonstrated by several related announcements. In one instance, the agency proposed to reclassify some staplers from class I to class II, and an accompanying announcement lists a May 30 advisory committee to take up this question, but the issue is significant enough to warrant a statement from CDRH chief Jeff Shuren. Shuren said the agency has received in excess of 41,000 medical device reports for surgical staplers and staples for internal use, which includes more than 32,000 malfunctions and 366 patient deaths between January 2011 and the end of March 2018.

The agency also issued a draft guidance for labeling for staplers and internal-use staples, the scope of which captures four products codes. The draft would require that labels reflect a number of advisories, such as not to use a staple on large blood vessels, including the aorta. The agency is taking comment through June 23, but it seems plausible this draft will undergo more than the usual amount of revision before reaching final form, given that the advisory hearing will take place prior to the end of the comment period.

Cybersecurity Back on FDA Radar Screen

Cybersecurity is becoming an increasingly prominent concern for the FDA and the industries it regulates, but the latest draft guidance for premarket requirements for cybersecurity was not well received by device makers. However, the FDA also posted a notice on March 21 regarding cybersecurity related to several cardiology devices , a bit of bad news that gives the agency little leeway when it comes to tighter scrutiny.

The agency’s previous premarket cybersecurity guidance for medical devices was barely four years old when the FDA posted a new draft guidance in October 2018, a document that came with a five-month comment period. In the meantime, the agency held a two-day workshop to address cybersecurity, but shortly after the comment period on the 2018 draft closed, the FDA posted a safety communication for several models of implantable defibrillators and cardiac resynchronization devices. The agency said the affected units are associated with the use of a wireless telemetry protocol, which provides remote monitoring and allows clinician to make changes to the device’s settings. The telemetry device and software are alleged to lack encryption, authentication and authorization protocols, the FDA said, problems the manufacturer said it is working to address.

Cybersecurity Risk Framework Seen as Distracting

The October 2018 cybersecurity draft guidance proposed a two-tier cybersecurity risk framework that respondents to the docket said were impractical, given that they would seem to conflict with the underlying risk of the device. The draft guidance acknowledges that this approach “may not track to FDA’s existing statutory device classifications,” but said the two-tier cybersecurity risk framework is an attempt to align with cybersecurity standards published by the National Institute for Standards and Technology. That approach drew negative responses from several who commented to the docket, including the Medical Imaging & Technology Alliance (MITA) and the Advanced Medical Technology Association (AdvaMed), who said this approach would be cumbersome, confusing or both, particularly that the existing postmarket cybersecurity guidance does not feature this concept.

Another feature of this latest draft guidance is that it calls for a cybersecurity bill of materials (CBOM) to be provided with premarket applications. Brian Scarpelli with the Connected Health Initiative said the phrase “software bill of materials” (SBOM) is already in widespread use, and encouraged the agency to go with the SBOM moniker to avoid confusion. That position was echoed by MITA and AdvaMed, along with concerns as to whether an SBOM should include a listing of hardware and firmware along with software. MITA’s executive director, Patrick Hope, also said it is not clear whether the scope of the CBOM as described in the draft would be limited to known vulnerabilities, and the question of whether the terms of the draft would apply retroactively was also raised.

Other Agencies Involved, Possible Legal Liability

While the FDA is certainly in the lead among regulatory agencies when it comes to digital regulation and cybersecurity, there are other agencies that are pushing their own efforts along. Among these is Australia’s Therapeutic Goods Administration, whose December 2018 cybersecurity draft guidance is directed toward both pre- and postmarket considerations. The government of Singapore might feel compelled to jump on board the cybersecurity bandwagon in the near future as well, given that the Health Sciences Authority recently acknowledged in a press release that one of the agency’s vendors had not adequately protected a database with the records for hundreds of thousands of blood donors.

Regardless of where device makers stand on the FDA premarket draft guidance, it is clear that cybersecurity requirements across the globe will become both more commonplace, more stringent and more expensive to implement, particularly given that this is an area of liability law that has not yet been explored in the courts. However, the sponsors of at least one website dedicated to class-action lawsuits made it clear recently that they see cybersecurity lapses as fodder for liability claims.

Gottlieb Steps Down at FDA

The Trump administration is now searching for a new FDA commissioner thanks to the news that Scott Gottlieb is resigning from the post after only two years, citing his desire to spend more time with his Connecticut-based family. Gottlieb will stay on the job for another month, but this announcement comes only two months after Gottlieb quashed rumors of his intention to leave the FDA.

Gottlieb was at the helm of the agency as controversies over device approvals and inspections of overseas makers of active pharmaceutical ingredients roiled the media, but he also experienced success as a staunch supporter of expanding drug access via generic drug approvals as well as pushing the FDA digital health agenda forward. He may be remembered foremost for his dedication to the public health in reducing vaping and tobacco use by teens.

The obvious question is whether the White House will nominate someone of a similarly modest bent where regulation is concerned. Gottlieb’s tenure at the American Enterprise Institute and his skepticism regarding the FDA’s handling of commercial speech controversies won him no applause from some quarters. However, along with Gottlieb on Trump’s short list for the FDA job was Paypal co-founder Peter Thiel, who was seen as having a stronger anti-regulatory animus than Gottlieb and dangerous views regarding the role of the free market in supplanting FDA’s oversight.

It seems likely that Trump will nominate someone with a temperament similar to Gottlieb’s, although the Republicans retaining control of the Senate in the 2018 mid-term elections does allow the White House greater leeway. Whether drug and device makers will cheer the news of Gottlieb’s successor remains to be seen. Gottlieb took on the pharmaceutical industry with the release of a list of drugs that are off-patent as a way to foster generic drug development, part of the agency’s efforts to put a lid on drug prices, but he might also have played a significant role in development of legislation for the agency’s regulation of lab-developed tests. At the very least, the news portends significant disruption at the FDA, even if the agency’s policy compass holds to its current orientation.