Keeping tabs on technological advancements seems to be a running trend at the US Food and Drug Administration's (FDA) Center for Devices and Radiological Health (CDRH) in recent weeks. First, in June, the agency released a much-anticipated draft guidance on cybersecurity, saying it could lead to safer devices. Several weeks later, it followed suit with the recognition of a large number of standards intended to boost cybersecurity as well.
Now the agency is out with a new guidance document on the integration of wireless radio frequency (RF) technology into medical devices, including measures meant to account for the security of technology within the devices.
Radio frequencies have multiple applications within medical devices, but with respect to regulation, it has existed in something of a gray area between FDA and the Federal Communications Commission (FCC), which has traditionally held absolute authority over all information transmitted over the airwaves (i.e. radio frequencies).
As Regulatory Focus reported in April 2013, this paradigm has recently begun to change, with FCC publishing a new regulation that would serve to streamline the Experimental Radio Service (ERS), a block of radio spectrum meant to promote innovation in medical devices.
The ERS is basically a set of rules that "prescribe the manner in which the radio spectrum may be made available to manufacturers, inventors, entrepreneurs and students to experiment with new radio technologies, equipment designs, characteristics of radio wave propagation, or service concepts related to the use of the radio spectrum."
The FCC rule would essentially allow competition within this spectrum-particularly useful for medical devices which generally operate on low-power, short-range radio frequencies to communicate with one another. In addition, FCC established that any use of the ERS involving medical devices tested on human subjects would require FDA approval of an investigational device exemption (IDE) before clinical testing could begin. Without obtaining FDA approval, FCC will not approve the company's use of the ERS spectrum, the agency said.
Such radio frequencies have also formed the basis of another relatively recent FCC policy on Medical Body Area Networks (MBANs), networks composed of multiple wireless medical devices capable of communicating with one another. In May 2012, FCC said it would dedicate a block of spectrum to MBANs with the intent of spurring both innovation and a more stable regulatory framework for the devices.
In addition, other devices have already leveraged RF technology, including one cleared by FDA in May 2013 and another on far less firm regulatory footing.
The rapid growth of this technology is not lost on FDA in its new guidance document, Radio Frequency Wireless Technology in Medical Devices, in which it notes that "RF wireless technology considerations should be taken into account to help provide for the safe and effective use of these medical devices."
As with the cybersecurity guidance, FDA notes that RF-connected or -enabled devices are part of a larger ecosystem of products, one that allows for interaction between two or more devices. And as with devices connected to the Internet, RF technologies can affect both the safety and efficacy of medical devices.
For example, RF transmissions would become lost, corrupted, degraded in strength or delayed. In addition, those signals could be compromised or otherwise lack wireless security measures, allowing outside users or other devices to accidentally or purposefully influence their functioning.
FDA's guidance explains that these risks must be taken into account under a comprehensive quality system as required under 21 CFR 820.
"Because there are risks associated with RF wireless systems, we recommend that you carefully consider which device functions should be made wireless and which device functions should employ wired connectivity," the agency wrote. "FDA recommends that you address known safety issues involving RF wireless technologies early in the device design and development process. Safety issues might be discovered during the design and development process for which risk mitigation measures might be necessary to ensure an overall acceptable level of risk."
This risk acceptance should be tailored to the device and its applications, including experience with similar devices, FDA added-language nearly identical to that used in its cybersecurity guidance.
And security is mentioned prominently in the guidance, with FDA both referencing its cybersecurity guidance and calling for RF-specific protections, such as the use of wireless encryption, data access controls, protections against unauthorized wireless access to device data and device controls, and non-automatic connections (such as those found in Bluetooth technologies).
Premarket Submission Considerations
The remainder of the guidance goes on to describe the considerations sponsors should take into account when selecting a wireless technology for use in their devices, the quality of service necessary to ensure proper functioning in the device, the environment in which a device will operate (to ensure coexistence and compatibility), and the maintenance of the device.
The guidance also makes recommendations with respect to premarket submissions [premarket applications (PMAs) and 510(k) submissions], noting that all devices "should include … information specific to the wireless technology and functions," as well as "information to describe the wireless Quality of Service (QoS) needed for the intended use and use environment of the medical device."
Other factors, including test data summaries and labeling for wireless medical devices, are also described.
Radio Frequency Wireless Technology in Medical Devices