FDA eases regulation of medical device data systems (MDDS), medical image storage devices, and medical image communications devices

The federal Food and Drug Administration (FDA) has been responding to an avalanche of new health technologies in ways that signal less, rather than more enforcement. The first wave of FDA guidance came with FDA tackling mobile medical apps — smart-phone applications that address health.

Mobile medical apps (MMAs), according to FDA guidance, meet the definition of a regulated medical device when they are intended to be used as an accessory to a regulated medical device, or, transform a mobile platform into a regulated medical device.

However, apps that pose minimal risks to patients and consumers, and mainly provide or track information, are not considered medical devices.

FDA has enforcement discretion. FDA has flexed its regulatory muscle against mobile app developers where FDA considers the app to be a medical device (see our post, FDA Mobile Medical App Guidance Reads FDA Medical Jurisdiction Expansively). So mobile app developers should consult legal counsel to see where they fall, especially as enforcement priorities shift.

A medical device data system (MDDS) is exempt from the burdensome 501(k) medical device submission. The new guidance on MDDS reaffirms this.

In an earlier, final rule on MDDS, FDA had already down-classified the MDDS from Class III (high-risk) to Class I (low risk). The new guidance on MDDS reaffirms this decision.

An MMDS is a device that, without controlling or altering the functions or parameters of any connected medical devices, is intended to provide:

• electronic transfer or medical device data
• electronic storage of medical device data
• electronic conversion of medical device data from one format to another format in accordance with a pre-set specification; or
• electronic display of medical data.

An MDDS may include software, electronic or electrical hardware such as a physical communications medium (including wireless hardware), modems, interfaces, and a communications protocol. (21 CFR 880.6310)

Examples include software that stores historical blood pressure information for later review by a healthcare provider.

Notably, an MDDS “does not modify the data, and it does not control the functions or parameters of any connected medical device. An MDDS does not include devices intended for active patient monitoring.”

The new MDDS guidance also applies to medical image storage devices and medical image communications devices, 21 CFR 892.2010 and 892.2020.

This means that for these devices, too, FDA does not intend to enforce compliance with medical device regulatory controls, such as:

• medical device registration and listing
• premarket review
• postmarket reporting
• quality system regulation

FDA’s position is consistent with its recently announced hands-off approach to low-risk general wellness products.

Although FDA’s position is undoubtedly a breath of fresh air to the health tech and health consumer products industry, wearable tech devices and other consumer products in the health tech space still can be regulated as medical devices if they meet the definition of a medical device.

Intended use matters. If the manufacturer or distributor makes claims that the product diagnoses or treats disease, even a low-risk product that might otherwise fall within the “general wellness” category, could be regulated as a medical device.

As well, a medical device data system (MDDS) that controls or alters the function of connected medical device, can be regulated as medical device.

Legal (regulatory) counsel should be consulted to determine whether the product is truly an MDDS, or falls within another FDA regulatory category, such as for example, a PACS (picture archiving and communications system – 21 CFR 892.2050):

A picture archiving and communications system is a device that provides one or more capabilities relating to the acceptance, transfer, display, storage, and digital processing of medical images. Its hardware components may include workstations, digitizers, communications devices, computers, video monitors, magnetic, optical disk, or other digital data storage devices, and hardcopy devices. The software components may provide functions for performing operations related to image manipulation, enhancement, compression or quantification.

PACS is regulated as a Class 2 medical device.

Even if the consumer product is not a PACS, and, does not fall within the definition of a medical device under FDA rules, the claims made for the product can still subject the manufacturer or distributor to enforcement scrutiny for false advertising from the Federal Trade Commission (FTC), or, from private plaintiffs. (See, for example, Marketing ‘wearable caffeine’ can get you in trouble with FTC, the regulatory watchdog over advertising).

Whenever you are marketing a consumer health product, be sure to follow a checklist including the following:

• Is my product a medical device? Look to the FDA definition of “medical device,” as well as definitions that might apply in guidance documents such as FDA’s guidance on mobile medical apps, MDDS, or low-risk general wellness products.
• If my product is a medical device, how is it classified? Class 1, 2, or 3? Is the device exempt? What are my regulatory obligations (registration and listing, quality system regulation, 510(k) or PMA, and so on)? If I need a 510(k), can legal counsel identify suitable predicate devices that are substantially equivalent to my product?
• Do the claims I am making in any of my marketing materials subject my product to medical device regulation? What is the intended use, as gleaned from the totality of the evidence of all my marketing content (including website)?
• Am I vulnerable to FTC enforcement for misleading advertising, or to a consumer plaintiff’s action based on my claims?
• From a contractual standpoint, am I adequately protected against liabilities, including those from claims made by others (for instance, my sales reps and distributors) for the product?
• What risks can be assigned, or mitigated, via wise contracting, or insurance; what risks will benefit from legal review and smart word-smithing; and what risks remain?

Ask your healthcare lawyer or FDA attorney to review all marketing materials for compliance.

FDA, FTC and private plaintiffs can easily hire staff to search online for terms that suggest exaggerated or unproven claims, and then can bring action if they find a violation. This includes a claim under consumer protection statutes such as California Business & Professions Code Section 17500.

In short, FDA’s strategy of carving out “safer” regulatory areas for consumer products may be wise from the standpoint of agency efficient, and good for the market overall, but you’re not completely out of the enforcement and liability woods.