A prominent dialysis provider is warning both the US Food and Drug Administration (FDA) and the Office of the National Coordinator for Health Information Technology (ONC) that a new framework intended to ensure the safety of medical device applications could instead lead to "unintended consequences" and be "unduly burdensome" to the delivery of care to patients and requires carve-outs to ensure the safe practice of medicine.
The company, Fresenius Medical Services, is one of the largest providers of dialysis services in the world, reportedly providing treating more than 160,000 patients in the US on an ongoing basis. As part of that treatment, the company utilizes a number of electronic systems, including an electronic health record (EHR) system and other applications and clinical decision support tools.
"Such technology provides the infrastructure necessary to connect providers along the care continuum and minimize medical errors in health care settings," Fresenius wrote in a comment letter to FDA on 31 August 2013. "Such quality improvements and cost reductions are especially important in the care of end-stage renal disease (ESRD) patients, who represent a particularly medically-complex and costly patient population."
What has the company concerned, it continued, are efforts to regulate health information technology, such as software applications (sometimes referred to as "apps") and the "potential for regulatory overlap or redundancy between the risk-based regulatory frameworks" of various federal agencies.
Medical applications can best be understood as programs run on devices such as a computer, smartphone or tablet. A growing distinction, however, has been between traditional medical program software and so-called mobile medical applications, which allow a user to access a medical technology wherever and whenever they wish. For example, a smartphone application that uses a camera's phone to determine if a skin growth is likely cancerous would be considered a mobile medical application, as would a huge array of other already-cleared applications.
Members of the medical device industry have long been wary of excessive or duplicative federal intervention in the mobile medical application space, and have in recent years raised myriad concerns. Two issues seem to come to the forefront time and again:
- Which agencies should regulate medical apps-the US Food and Drug Administration (FDA), the Federal Communications Commission (FCC), the Federal Trade Commission (FTC) or just FDA?
- Which aspects of a mobile medical application should be regulated? Are all healthcare applications technically medical devices requiring premarket approval or premarket notification? And what of the mobile device that runs the application?
Those questions were answered in part in 2012, with both FDA and FTC releasing guidance documents regarding various aspects of mobile medical applications. FDA, for its part, said that it plans to exercise "enforcement discretion" regarding mobile medical applications, only going after those that would clearly be a medical device, while leaving all others to FTC.
A Report in the Works
In 2012, the FDA Safety and Innovation Act (FDASIA) was passed into law, and with it a requirement for FDA to issue a report in consultation with the Office of the National Coordinator for Health Information Technology (ONC) and the chairman of the FCC.
That report is required to "offer a proposed strategy and recommendations for an appropriate risk-based Health IT regulatory framework that would include mobile medical applications and promotes innovation, protects patient safety, and avoids regulatory duplication," the US Department of Health and Human Services (DHHS) wrote in a little-noticed Federal Register notice in May 2013.
To facilitate the development of that report, FDA is now working with ONC and FCC in the form of a new group called the FDASIA Workgroup to assist ONC's Health Information Technology (HIT) Policy Committee to provide recommendations.
Those recommendations fall into three areas, the group wrote in the notice:
- types of risk that may be posed by health IT that impact patient safety, the likelihood that these risks will be realized, and the impact of these considerations on a risk-based approach
- factors or approaches that could be included in a risk-based regulatory approach for health IT that also promotes innovation and protect patient safety
- approaches to avoid duplicative or overlapping regulatory requirements
Fresenius Weighs In
And while Fresenius said current efforts by FDA, ONC and FCC should be applauded, it said it wanted to "caution the agencies to avoid the unintended consequences that an unduly burdensome regulatory framework may have on current and future organized care delivery."
"We believe that clinical tools that pose little to no risk to patient safety should not be regulated as mobile medical applications," it added.
For example, non-commercial clinical protocols, calculators and algorithms developed for Fresenius' own uses should not be regulated by FDA, the company said. To regulate this type of activity would be "to regulate the practice of medicine," the company contends.
Precedence from FDA
That approach may well be reflected in any final guidelines, as FDA has already used a similar approach in its own draft guidance document, released in 2011. Under the guidance, FDA said it intends to regulate any applications that make specific disease or curative claims, but will leave to FTC the regulation of other devices under a more relaxed regulatory paradigm.
Thus, an application like a fitness tracking application or a calorie-counting application would not, by itself, be considered a medical device under that framework. However, an application which claims that by following its regimen you can reduce obesity, or an application that claims to emit a frequency that can cure tinnitus, would both be considered medical devices under the Federal Food, Drug and Cosmetic Act and would be required to undergo a review process. Still, experts say it's a distinction that's not always easy to make, and it's more a question of agency resources than anything else.
Fresenius, though, said this also raises a troubling question: Where does the regulation of one agency definitely begin or end?
"Specifically, Fresenius believes FDA should ensure that its final guidance on mobile medical applications aligns with the FDASIA regulatory framework that is intended to apply to all forms of health IT. We believe that there is a clear distinction between a mobile device that captures diagnostic information, and a mobile information service."
Calling this a "critical point," Fresenius commented that making sure the distinction is well-defined will ensure that FDA regulates within the scope of reason. "FDA may find a reasonable course to regulate the device that captures physiologic parameters, but it is not reasonable for FDA to regulate the system that informs a physician about those physiologic parameters and, thus, assists the physicians in making a decision on that collected information," it wrote.
Avoiding regulatory overlap, it added, should be of the utmost importance in keeping with the goals of FDASIA. To do otherwise could result in a stifled environment for innovation and a lower quality of care for patients, it concluded.