Digital Desires; the FDA’s December Guidance Trove

The end of the year is a time for reflection and maybe even gratitude, but as we can all testify, holiday shopping can be an irritating experience. The FDA got an early start on its holiday shopping list in the first week of December with the publication of several guidances as part of the overhaul of its approach to digital health. As might be expected, though, the experience is a decidedly mixed bag of items, one of which seems likely to be returned for exchange.

SaMD Final: A Leaner, Nicer Approach

On the positive side, the final guidance for software as a medical device (SaMD), the draft of which was written by the International Medical Device Regulators Forum, eliminates some of the seemingly compulsory tone of the draft. Nonetheless, the FDA went to some lengths to emphasize in the final that industry should not read too much into the use of words such as “requirements,” explaining that related provisions fall into the category of recommendations. Given the recent congressional emphasis on the least burdensome standard, the agency perhaps had little choice but to make such a conciliatory gesture.

The final SaMD guidance is 15 pages leaner than the draft (30 pages rather than 45), and large portions of the draft have either slimmed down or disappeared entirely. Definitions have become less descriptive, thus lending an unmistakable air of flexibility to the document. Whereas the draft commits page after page to discussions of generating evidence for scientific and analytical validity, the final guidance offers mere paragraphs for considerations such as analytical and technical validation.

The net effect is that of a high-level document that avoids the quagmire associated with the fine details of product development and testing. Whether this is the last word for some time on SaMD is difficult to forecast, but the reader will note that the agency took the unusual step of announcing the final guidance in the Federal Register, complete with the associated docket number.

The Risk of Saying Nothing About Risk

Conversely, the draft guidance for clinical decision support (CDS) systems presents the reader with a decidedly different dilemma, although it offers some useful content. The draft includes a section spelling out instances in which a CDS would not fall under FDA regulations, such as software that provides recommendations as to the use of a drug within the labeled indication. This document also provides a number of examples of uses of a CDS that would qualify the item as a device, but Bradley Merrill Thompson of Epstein Becker Green had a few choice words regarding the draft.

Thompson, who serves as the general counsel for the CDS Coalition, said the CDS draft lacks clarity on the point of how a vendor might determine how the risks associated with that product’s use might push the CDS into the agency’s regulatory territory. Thompson said this is particularly problematic given the recent and coming advances in artificial intelligence, although others indicated some relief that patient use of CDS was written into the document.

One way of looking at the risk question in this guidance – or more properly, the failure of the draft to directly address the risk question – is that the agency believes it might be a more economical use of its time to draw feedback from stakeholders before committing anything to ink. The docket is open for only sixty days, however, and it seems fairly plausible that the Feb. 6, 2018 deadline for comment will be extended if indeed the FDA intends to provide at least some discussion of risk. After all, the agency’s device center has expended a considerable amount of effort to talk about benefits and risks, including the final guidance on how the FDA will handle the hazards of dealing with problematic devices that may or may not warrant withdrawal.

The last of the three guidances released by the FDA on Dec. 7 was the draft guidance dealing with policy changes to four existing guidances, including the guidance for medical device data systems (MDDS). The agency’s proposal to regulate such software in 2011 sparked a lot of pushback from stakeholders with a lot of bandwidth on Capitol Hill, and the agency walked back from several major features of its early proposals several years ago. This guidance will be substantially revamped, although in its current form it is apparently not operational, as the saying goes.

The general wellness app guidance is also scheduled for a thorough rewrite, as are the guidances for mobile medical applications and off-the-shelf software used in medical devices. Device makers have the 21st Century Cures Act to thank for much of this, but the agency’s latest commissioner, Scott Gottlieb, might have pushed for many of these changes even without the help of the Cures Act. All in all, Dec. 7 was not a bad start to the holiday season, even if one or two items will eventually be re-gifted to the giver.

Going Solo, and Who Needs Government Anyway?

Some days it seems the idea of interdependence is really gaining ground, but then there are days that seem to trash the idea completely. Below are a couple of stories of the latter variety, stories that might seem more pointed to the diversity ethic that is also very much in vogue in these early years of the 21st Century. First, however, we ask whether the FDA’s device center is losing its appetite for heavy-handed regulation.

FDA Going Soft on Software?

The Center for Devices and Radiological Health at the FDA was pretty quiet for the first half of the year, but is a little more active recently. For instance, CDRH published a digital health action plan in response to pressure from Congress, but the plan is also a tacit admission from the agency that its quality systems regulations (QSRs) don’t always work well where software is concerned.

The reader may remember the FDA’s interest in medical device data systems dating back to 2011. Hospital administrators were wary of the cost and hassle of standing up a QSR-compliant regime in the first place, but four years would pass before the agency renounced the idea, undoubtedly with the help of some arm-twisting from Capitol Hill.

The FDA’s digital health innovation action plan includes a precertification pilot that calls for a review of a publisher’s approach to software quality control rather than a full-blown premarket review of each product. The program is limited to items that qualify as software as a medical device (SaMD), however, and excludes items such as software integrated into devices.

The precertification pilot does include site visits, but the agency is willing to conduct virtual site visits in lieu of the real thing. Ergo, one can argue that this is QSR-lite at worst. Still, one has to wonder how much time will pass before an SaMD will start pushing the FDA’s safety and efficacy buttons despite FDA commissioner Scott Gottlieb’s assertion that the program is strictly for “certain lower-risk devices.” That lower-risk assurance seems odd, given that the sponsor will be on the hook for collecting post-market data for that product.

The day one of these calls for a de novo application might herald a time when the agency will scrutinize these SaMDs individually, but how long after that will a sponsor discover they have tripped the class III/PMA trigger? Only time will tell.

Disharmony from Asia

Some see global regulatory harmonization as a pipe dream, and India’s Central Drug Standards Control Organization has released a draft guidance dealing with standards for safety and performance of medical devices that would seem to support that view. This document, which supplements a novel regulatory framework specific to med tech in India, suggests that CDSCO will handle stand-alone software in the same manner as traditional medical devices despite the FDA’s hands-off approach.

CDSCO gave interested parties only three weeks to comment, hardly sufficient time to absorb the implications of such a document, particularly since the document is undated, other than to note the month of publication (July). The agency said it does not want to dictate how a device maker might demonstrate compliance, but the scope of the 27-page document encompasses a wide range of product categories, including combination products, a breadth of scope which might come across to some as lack of specificity disguised as flexibility.

In any case, the document also takes aim at devices “that incorporate software and stand-alone medical device software,” which is where it rubs up against the new approach at FDA in a disharmonious manner.

As noted above, the American regulator is steering an entirely novel tack for its regulation of SaMD, which had said last year would revolved around a guidance drafted by the International Medical Device Regulators Forum. India is not a participant in the IMDRF effort, although it is a member of the Asian Harmonization Working Party (AHWP), which is an IMDRF affiliate and which has inked its own SaMD proposal, said to be built around the IMDRF effort.

One way of looking at this is that the FDA is the outlier and that the disharmony is coming from Silver Spring, Md., and not from New Delhi, although it may be instructive to note that the latter has a very limited body of experience with med tech-specific regulations. Either way, publishers of SaMD will continue to face very different regulatory regimes if they want to do business in both the world’s richest market and its second most populous market.

No DOJ? No Problem

As is commonly known, the Department of Justice does not dive head first into every qui tam action that pops up, but government attorneys seem to be involved in nearly every whistleblower suit that costs the target company money. Celgene of Summit, N.J. offers the exception, getting stung with a $280 million hit in a False Claims Act case that asked the federal government to do nothing more than accept a nice, fat check from the company.

The company denied any culpability, and Celgene may have a case given that the Centers for Medicare & Medicaid Services is somewhat more lenient about off-label use of oncology drugs. However, court documents indicated that Celgene helped patients financially by contributing money to two patient-directed organizations, which were said to have “acted as conduits for Celgene” and thus had “eliminated any price sensitivity” for both patients and prescribing physicians.

The court also said “the United States did not intervene” without comment, although the court pointed to two other qui tam actions against the company, both of which were dismissed.

The biggest problem for Celgene might have been that the company purportedly persuaded physicians to influence guidelines published by the National Comprehensive Cancer Network, and was alleged to have “caus[ed] doctors to change ICD-9 diagnosis codes.” The lay person sitting in a jury box might find it difficult to hear of manipulation of codes used in Medicare billing without thinking the source of that manipulation was up to no good, particularly given how much very visible emphasis there is these days on Medicare fraud.