FDA Medical Device Approval Process
The U.S. Food and Drug Administration (FDA) is responsible for the approval of medical devices for sale in the US marketplace. They catalog approximately 1700 types of devices which are categorized as one of three primary types, Class I, II or III with Class I representing the most innocuous and Class III devices having the ability to sustain or impair life. Wikipedia has a reasonable summary of medical device classification structure here.
If you are in the HIT software business (such as EHR development, for example) why would you care about the FDA regulations? To date, the FDA has not enforced regulatory laws with respect to healthcare IT(9). That may be about to change. This article begins by summarizing the FDA market approval options and then moves into a summary of the current regulatory situation with regards to healthcare IT.
The FDA market approval process
There are three primary types of approval processes for medical devices - premarket notification, premarket approval and exempt status. The FDA provides an overview of the process here.
Premarket notification, also known as the 510(k), is usually meant for low-risk devices such as tongue depressors that make no real changes (from the patient risk perspective) to pre-existing devices called predicate devices that are already being sold in the marketplace. The information received from the manufacturer is used to make the decision – no FDA research is required, however at any time after notification, the FDA may conduct a quality inspection. Once this process is complete (typically 90 days), the manufacturer will receive an order from the FDA describing the device as “SE” or substantially equivalent and states that the device can be marketed in the US. This is the clearance for commercial distribution(5). A workflow to determine whether the device in question is substantially equivalent can be found on the FDA site. Each time a major change to the device takes place, another 510(k) must be filed. One area that the lay public might not consider to be a major change is product labeling which becomes just as important as product changes in terms of requiring re-submission after changes have been made. More detail on the premarket notification process can be found on the FDA site.
Premarket approval, known as a PMA, is used for higher risk devices such as pacemakers or other devices that sustain human life or have a significant ability to prevent (or cause) harm to human life. This is the most stringent approval process that the FDA undergoes, requiring extensive clinical trial documentation to support the approval process before the device can be sold. The process takes an additional 90 days for a total of 180 from the date of submission (which of course is after all of the clinical trials are complete) until the approval decision is required. A notice is published on the Internet of approvals or denial(6). More details on this process are on the FDA site.
Most Class I and some Class II devices are exempt from premarket notification. These are either exempted by regulation or they have been grandfathered in as devices that were marketed prior to 1976 and have not been substantially changed since(7). Further details, again, on the FDA site.
Regardless of the method of notification there are standards that manufacturers must follow. This includes quality control processes during manufacturing, adequate packaging/labeling, etc. which are known collectively as GMP or Good Manufacturing Practices(7).
There are advantages to the companies that go through this process aside from simply being able to sell their product. Often, especially in start up companies, initial marketing efforts will tout 510(k) approval by the FDA as a sort of stamp of approval when the reality is that the product in question may not have undergone rigorous study at all.
Another advantage of the approval process (premarket approval in this case) is that of immunity from prosecution. In a relatively recent (2008) case in the Supreme Court, the justices decided that FDA approval has the potential to render the medical device manufacturer immune from prosecution for injuries caused by defective medical devices. The courts subsequently dismissed thousands of lawsuits(2). Late in 2009, the Medical Safety Act of 2009 was going through congress in an attempt to circumvent this law and allow litigation to resume.
Recent trends and application to healthcare IT
Reports of abuse and manipulation of the system have led to a call for reform in the FDA approval process for medical devices. The focus is upon the 510(k) process(1). Upwards of 3000 device requests per year are submitted through the 510(k) process(1). Typically 2/3 of the approved devices only go through, at most, a single clinical trial before being ‘unleashed’ on the market. Additionally, academic review of FDA clinical trial submissions have brought these submissions under fire for poor study design (including inadequate sample, non-representative populations, accounting discrepancies and bias in the design). The GAO (in the summer of 2009) also described the FDA oversight as inadequate(2).
On February 26, 2010 the Health IT Policy Committee of the Health and Human Services Department conducted a safety hearing with regard to safety practices in the development of HIT. During this meeting, the FDA testified that they have received 260 reports of HIT-related malfunctions, some of which resulted in injury. Their recommendation is to impose some level of regulation. Whether that happens to be a reporting structure for issues (MDR) or a full blown quality regulatory process is unclear(9). The HHS committee recommendations are due out 3/1/2010 so there should be more known about this issue very soon. Of course the FDA has been intimating immediate jurisdictional changes for a while(10) so this may well simply be another step along the road with no immediate destination in sight.
For additional information regulation of CIS software and possible options, please visit this clinfowiki page.
Submitted by Gray Winkler