February 1, 2012 (Vol. 32, No. 3)

Lisa A. A. Haile J.D., Ph.D. Partner, DLA Piper Co-Chair, Global Life Sciences Sector
Kimberly K. Egan partner and co-chair, Healthcare Sector DLA Piper

Convergence of Healthcare and Information Technology Has FDA Scrambling to Update Policies

Traditional healthcare has allowed physicians to serve as gatekeepers for patient information. However, this will all change in the future. The convergence of healthcare and information technology (health IT) is leading to a transformation in our healthcare system that allows patients to take a more active role in their choices and the quality of the healthcare they receive.

Advances in healthcare IT provide an opportunity for patients and healthcare providers to be connected and to access data and information in efficient and effective ways that will ultimately lead to improved treatment regimens.

Health IT is far more than just the electronic storage of health records. It includes a collection of technologies and analytics and has the ability to revolutionize the way people manage their own healthcare. Health IT is a way to transform our healthcare system and the way we receive medical care, making the system more patient-centric than ever.

By way of example, Health IT has the ability to reduce medical errors such as identifying potential drug interactions or inability to provide further prescriptions when multiple physicians are involved (e.g., the Anna Nicole Smith tragedy). Prescribing errors are one of the largest identified source of preventable errors in hospitals.

As patients become more involved with their healthcare decisions and those of family members, healthcare costs will be reduced. Further, health IT has the ability to provide early detection of infectious disease outbreaks around the country or the world. Accumulation of data as related to outbreaks or disasters will provide healthcare practitioners with immediate access to patients’ medical records and will allow for improved treatment plans on the spot.

In the U.K., an online monitoring tool that allows researchers to track the spread of seasonal flu was launched in November 2011. Flusurvey is aimed at collecting data directly from the general public, rather than from hospitals or physicians, which appears to be an advantage since many people with the flu never visit a doctor and are not included in traditional flu surveillance.

The Flusurvey shows data in Google maps and identifies areas of severity and trends for the flu early in the season. Recently an online survey was translated such that data from 10 participating countries could be accumulated, and information on the outbreaks—including relevant strains that are more prevalent—could be gathered, assisting with immediate decisions regarding viable vaccine options. Further, a set of interactive maps has been designed for healthcare workers and epidemiologists to examine how infections spread both within the U.K. and across Europe.

Looking Ahead to the Use of Mobile Devices and Social Media

Some of the key issues discussed in 2011 with respect to Health IT were mobile devices, data breaches, and patient privacy rights. Experts predict an upswing in mobile and social media usage with respect to healthcare data usage. How will these tools be regulated within the context of the healthcare system and the FDA?

Healthcare reform notwithstanding, the federal government has been slow to adapt. Until this year, FDA operated under a draft “Policy for the Regulation of Computer Products” that was written in 1989. In April, 21 years later, FDA observed apparently without irony that “[s]ince 1989 . . . the use of computer products and software products as medical devices has grown exponentially.”

In 1989, gas cost $1.12 a gallon. Cell phones were only a year old. Nintendo came out with the first Game Boy in 1989. Tim Berners-Lee was still two years away from announcing something he was calling the World Wide Web.

This disconnect between FDA policy and 21st century technology has not been helpful. Manufacturers struggle with outdated requirements and regulators struggle to fit this century’s technology into last century’s rules. It is like regulating hybrid vehicles as if they are Model Ts.

Now FDA is slowly catching up.

Until this year, if you marketed a medical device that managed sophisticated data such as radiographic images or heart rate information, your device would have been subject to stringent FDA requirements. Until this year, you would technically have had to prove to FDA that your data-management system device was safe, and you would have been subject to a variety of specific controls and possibly conditions for approval. Your ability to market your device might have been limited. You might have had to run clinical trials.

In April 2011, the FDA finally relaxed the rules for products designed simply to “transfer, store, convert from one format to another according to preset specifications, or display medical device data.”

FDA calls these types of products Medical Device Data Systems, or MDDS devices. To FDA, an MDDS is a device that moves medical data passively, without any processing, translation, characterization, categorization, or analysis. An example from FDA’s rulemaking is an outpatient product that collects data from a glucose meter for later review by a physician.

FDA’s new rule classifies MDDSs as Class I devices, which means they are exempt from FDA’s most onerous device regulations. The only requirements MDDS manufacturers must comply with now are FDA’s Good Manufacturing Practices (GMP) and its quality control requirements.

The MDDS rule caused a moderate degree of panic when it came out. The rule looked to many as if FDA was moving to regulate previously unregulated products, like your smartphone, your laptop, or your computer monitor. In fact, FDA’s MDDS rule loosens the rules on a category of previously very highly regulated devices. Part of the confusion was because FDA had never enforced the medical device rules against MDDS manufacturers before. And part of the confusion was because the definition of an MDDS is not easy to follow.

If your device does not qualify as an MDDS, that means one of two things. Some data-management devices that do not qualify as MDDS devices remain Class III or Class II devices, subject to FDA’s closest regulatory scrutiny. These include devices that generate medical device data, modify medical device data, change how medical data is displayed, diagnose conditions, or monitor patients. A blood pressure monitor that can send an alarm to a nurse’s station, for example, is not an MDDS, but it is still a regulated medical product.

Other data-management devices do not qualify as MDDS devices because they are not medical devices in the first place. A medical device is an “instrument, apparatus . . . [or] machine . . . including a component part, or accessory” that is designed to diagnosis, cure, mitigate, treat, or prevent disease. This means that laptops, desktops, most off-the-shelf software or hardware, thumb drives, all-purpose cameras, telephones, iPhones, iPads, Blackberrys, pagers, generic teleconferencing systems, etc., are not covered by the MDDS rule. Indeed, such products are, generally speaking, not regulated by FDA at all.

FDA’s Draft Guidance on Mobile Medical Applications

FDA’s policy disconnect also meant that for years industry had no meaningful guidance for mobile apps and other handheld software tools. That also changed this year. FDA released draft guidance for Mobile Medical Applications and announced that it plans to exercise regulatory oversight over apps that, among other things:

  • control a regulated medical device;
  • transform technology into a medical device by adding a feature, such as attaching a blood glucose strip reader to turn a product into a glucose meter;
  • produce patient-specific diagnoses or treatment recommendations; or
  • calculate drug dosages and other medication-specific metrics.

So even though FDA does not consider an iPhone or a Blackberry, standing alone, to be a regulated medical device, software on those devices could be regulated.

This, too, caused some momentary panic. Is the calorie counter on my iPhone a regulated medical device? Does my automated reminder for my self-administered insulin need FDA approval? The answer is no.

FDA explained that it has no plans to regulate apps that track nutrition, remind patients of appointments, or perform other wellness-related function. Nor does it plan to regulate apps that are marketed broadly for nonmedical uses, such as dictation apps, audio recorders, note-taking applications, or “general office operations” such as billing, inventory, coding, and scheduling.

This is all good news—FDA has begun to move forward from 1989 to 2011. Let’s see where we are in the next decade.


The FDA doesn’t consider smartphones themselves to be medical devices, but software programs on phones could still be subject to regulation.

Kimberly K. Egan is a partner in the Washington, D.C., office of DLA Piper US and is co-chair of the firm’s Healthcare Sector, specializing in Litigation and FDA matters; Lisa A. Haile, Ph.D. ([email protected]), is a partner in the San Diego office of DLA Piper US and is co-chair of the firm’s Global Life Sciences Sector, specializing in Intellectual Property law.

Previous articlePoll on ‘Strategy for UK Life Sciences’ Shows Divide
Next articleParexel, Asan Medical Center Ally to Provide Clinical Trials Services throughout Asia