Statement on new steps to advance digital health policies that encourage innovation and enable efficient and modern regulatory oversight

FDA Statement

• For Immediate Release: September 26, 2019
• Statement From: Amy Abernethy, MD, PhD. ; Principal Deputy Commissioner - Office of the Commissioner

Today, the U.S. Food and Drug Administration released a suite of guidances to continue to encourage innovative approaches to the development of digital health tools, and to ensure the agency’s approach to overseeing these technologies advances along with it.

Patients, their families and their health care professionals are increasingly embracing digital health technologies to inform everyday decisions, from tools that more easily report blood glucose levels to smart watches that can detect atrial fibrillation. These tools provide patients with a wealth of easily-accessible information that can help them make better and more efficient decisions, take steps to improve their lifestyles and health choices, and experience better outcomes.

We believe that an appropriate regulatory framework that takes into account the realities of how technology advances plays a crucial role in the efficient development of digital health technologies. We’ve maintained, since we issued our Digital Health Innovation Action Plan in 2017, that our approach to regulating these novel, swiftly evolving products must foster, not inhibit, innovation.

Our plan outlined our efforts to reimagine the FDA’s approach to ensure all Americans have timely access to high-quality, safe and effective digital health products. As part of this plan, we’ve accomplished several key initiatives, including launching and testing the digital health software precertification pilot program (“Pre-Cert”) and taking steps to modernize our policies.

The guidances issued today continue those efforts announced as part of the Digital Health Innovation Action Plan and address key provisions of the 21st Century Cures Act, that offer additional clarity about where the FDA sees its role in advancing safe and effective digital health technologies. We’ve taken the goals we were entrusted with by Congress under the Cures Act and are building on these provisions to make sure that we’re adopting the full spirit of the intent to provide a practical oversight framework that is risk based.

The first guidance we’re announcing, Clinical Decision Support Software, is a revised draft guidance based on careful review of public comments received on the previous draft published in 2017.
We recognize that software that provides clinical decision support (CDS) has many uses, including helping providers, and ultimately patients, identify the most appropriate treatment plan for their disease or condition. An example of CDS could be software that analyzes family history, electronic health record data, prescription patterns and geographical data in order to help health care professionals identify patients who may be at risk for opioid addiction. These types of software programs are intended to inform the physician’s clinical management of their patient. This technology has enormous potential to improve clinical decision making. We want to encourage developers to create, adapt and expand the functionalities of their software to support providers in diagnosing and treating diseases, while also ensuring the software doesn’t introduce unacceptable risk to the patient.

After first publishing the draft guidance in 2017, the agency received feedback from many stakeholders advising us on improvements that could be made to better clarify the agency’s oversight of CDS products. We heard you and worked to incorporate that important feedback. More specifically, stakeholders asked that the FDA consider the inclusion of risk-based categorization of software products based on the risk to patients if a software product malfunctions, so we’ve leveraged the International Medical Device Regulators Forum (IMDRF) risk-based framework for categorizing products. The IMDRF final document, “Software as a Medical Device: Possible Framework for Risk Categorization and Corresponding Considerations,” progressing from our international harmonization efforts, establishes common principles that can be used by all stakeholders, including regulators, to promote safe innovation and protect patient safety. The draft guidance clarifies categories of CDS that would be subject to FDA oversight, categories of CDS for which we intend not to enforce applicable regulatory requirements (known as enforcement discretion) due to the software’s low risk to patients, and CDS categories that do not meet the definition of a medical device.

In this draft guidance, we propose to focus our regulatory oversight on CDS functions that are intended to help health care professionals and patients inform their clinical management for serious or critical conditions and that are not intended for health care professionals to independently evaluate the basis of the software’s recommendations. An example of a product we would focus our oversight on would be CDS that identifies hospitalized, type 1 diabetic patients at increased risk of postoperative cardiovascular events and which does not explain why the software made that identification to the health care professional. In this case, if the CDS provides information that is not accurate (e.g., inappropriately identifies a patient as low risk when he is high risk), then any misidentification could lead to inappropriate treatment and patient harm. Since the potential for patient harm is significant, FDA regulation plays an important role in evaluating the software’s safety and effectiveness.

We believe our proposed approach for regulating CDS not only fulfills the provisions of the Cures Act, but also strikes the right balance between ensuring patient safety and promoting innovation by clarifying which products would be the focus of FDA’s oversight and which would not.

Also issued today was the final guidance Changes to Existing Medical Software Policies Resulting from Section 3060 of the 21st Century Cures Act which addresses other digital health provisions included in the Cures Act. Specifically, this final guidance outlines the FDA’s interpretation of the types of software that are no longer considered medical devices under the amended definition of device. We’re making clear that certain digital health technologies – such as mobile apps that are intended only for maintaining or encouraging a healthy lifestyle – generally fall outside the scope of the FDA’s regulation. Such technologies tend to pose a low risk to patients, but can provide great value to consumers and the healthcare system.

The digital health technologies described in this guidance (3060) have been previously discussed in existing medical software guidances.  That’s why today we are also updating four previously issued FDA final guidances to align with interpretations and policies under the Cures Act: Final Guidance on Policy for Device Software Functions and Mobile Medical Applications; Final Guidance on General Wellness: Policy for Low Risk Devices; Final Guidance on Off-The-Shelf Software Use in Medical Devices; Final Guidance on Medical Device Data Systems, Medical Image Storage Devices, and Medical Image Communications Devices. Changes to these documents include clarification that many products previously under enforcement discretion no longer are medical devices under the 21st Century Cures Act, and therefore are not subject to FDA’s regulations and oversight.

Overall, these important guidance documents being issued today expand on our efforts to both encourage innovation in the ever-changing field of digital health and protect the public health. Our aim is to provide more clarity on our risk-based approach to digital health products, and, in particular, to provide more detail on those technologies and applications that would no longer be classified as a medical device subject to FDA regulation according to the Cures Act. These documents are critical elements of FDA’s comprehensive approach to digital health.  We are committed to promoting beneficial innovation in this space while providing appropriate oversight where it’s merited.

The FDA, an agency within the U.S. Department of Health and Human Services, protects the public health by assuring the safety, effectiveness, and security of human and veterinary drugs, vaccines and other biological products for human use, and medical devices. The agency also is responsible for the safety and security of our nation’s food supply, cosmetics, dietary supplements, products that give off electronic radiation, and for regulating tobacco products.