April 2008 Monthly Topic

FDA’s Proposed Rule to Downclassify Medical Device Data Systems
Provides Insight into the Future Regulatory Status of
Certain Computer and Software-Based Systems 

 

On February 8, 2008, the U.S. Food and Drug Administration (“FDA” or the “agency”) initiated a downclassification of certain computer- and software-based systems, which FDA has termed medical device data systems (“MDDS”).(1)   The recent proliferation of these devices has lead to considerable confusion regarding their regulatory status, especially since many MDDS manufacturers are not necessarily aware that they are manufacturing a medical device subject to FDA regulation.  In defining what constitutes an MDDS, the proposed rule provides some insight regarding the FDA regulatory implications of certain features of computer- and software-based systems.  This may be of particular importance for hospitals and hospital networks that often times develop and implement such systems across their various hospitals and facilities to facilitate the transfer, exchange, storage, and retrieval of patient medical data. 

The proposed rule defines an MDDS as a computer- or software-based system that stores, transfers, displays, or reformats patient medical data, but does not provide any diagnostic or clinical decision-making functions.  Specifically, an MDDS is a device intended for one or more of the following uses:

1. The electronic transfer or exchange of medical device data from a medical device, without altering the function or parameters of any connected devices (e.g., software that interrogates a ventilator and transfers the patient’s CO2 levels to a central patient data repository).
2. The electronic storage and retrieval of medical device data, without altering the function or parameters of connected devices (e.g., software to store historical blood pressure data for later review by a physician).
3. The electronic display of medical device data, without altering the function or parameters of connected devices (e.g., software that displays the previously stored electrocardiogram for a particular patient).
4. The electronic conversion of medical device data from one format to another format in accordance with a present specification (e.g., software that converts digital data generated by a pulse oximeter into a digital format that can be printed.

Systems used in the home may also be considered MDDS per the definition above.  For example, systems that collect data from a patient’s blood glucose meter or blood pressure device for later review by a healthcare provider may be considered an MDDS.  Notably, MDDS, as defined in the proposed rule, does not include software that merely performs library functions, such as storing, indexing, and retrieving information not specific to a patient.  These software programs are not considered medical devices.  In addition, MDDS does not encompass software that allows a physician to enter or store a patient’s health history in a computer file.

Per the above definition, medical device data may include many types of information, such as clinical values, alarm conditions, or error messages obtained from a medical device.  However, MDDS are not intended or designed to perform any active patient monitoring functions.  Accordingly, such systems can deliver and store alarm data, but cannot create, display, or detect alarm conditions, nor can an MDDS actually sound an alarm.  To fall within the definition of an MDDS, the system also cannot create alarms that are not already present from the connected medical devices.

At a baseline, MDDS are considered medical devices under the statutory definition of a medical device set forth in the Federal Food, Drug, and Cosmetic Act.  Because these devices are post-amendment devices, i.e., they were introduced after the 1976 Medical Device Amendments, FDA automatically placed them in class III, though the agency has chosen to exercise its enforcement discretion, meaning that FDA is not requiring existing manufacturers of MDDS to gain premarket approval for their systems.  Recognizing that certain basic computer- and software-based systems such as the basic systems encompassed by the definition of an MDDS, while they do present some risk for harm, present a low risk of harm, and can thus, be used safely under general controls.  Accordingly, the agency’s proposed rule serves to reclassify MDDS into a more appropriate class of products based on the low risk profile. 

Should the MDDS proposed rule be finalized, as a class I device, general controls would apply to manufacturers of MDDS, which includes registration and listing, conformance to applicable current Good Manufacturing Practice requirements, compliance with Medical Device Reporting requirements, and, depending on the particular features and functions of the system, 510(k) premarket notification requirements.  With regard to the latter requirement, the agency is proposing that when an MDDS device is indicated for use only by a healthcare professional and does not perform irreversible data compression, the device would be exempt from 510(k) premarket requirements.  On the other hand, if an MDDS device is indicated for lay use or performs irreversible data compression, the device will no longer be exempt from 510(k) requirements and premarket notification will be required prior to marketing the device.