On March 29, 2023, and March 30, 2023, the U.S. Food & Drug Administration (“FDA”) issued a series of FAQs[1] and a guidance document[2] clarifying the agency’s intended implementation of the Consolidated Appropriations Act of 2023 (the “Omnibus”), which amended Section 524B of the Food, Drug & Cosmetics Act (the “FD&C Act”) to require the demonstration of cybersecurity safeguards in pre-market submissions for certain medical devices.[3]
On December 15, the U.S. Food and Drug Administration (FDA) issued a draft guidance, titled “Circumstances that Constitute Delaying, Denying, Limiting, or Refusing a Drug or Device Inspection” (the “Inspection Draft Guidance”), which clarifies the types of behaviors that FDA considers to be inappropriately delaying, denying, limiting, or refusing access to an inspection, each of which constitutes adulteration of a drug or device under the Federal Food, Drug, and Cosmetic Act (FDCA).[1] The Inspection Draft Guidance clarifies certain behaviors described in FDA’s previous guidance on the subject (the “2014 Guidance”) and, most significantly, expands the previous guidance to apply to medical device manufacturers.
Continue Reading FDA Expands Inspection Guidance to Apply to Device Manufacturers
With a September 24, 2022 compliance date looming, the U.S. Food and Drug Administration (FDA) announced that will delay enforcement of its requirement to submit Unique Device Identifier (UDI) data for low-risk consumer health products. Consumer health products, as described in the FDA guidance, include class 1 devices that are typically sold directly to consumers, such as digital health products and consumables. The FDA guidance extends the compliance date for data submission from September 24, 2022 to December 8, 2022, giving manufacturers of consumer health products more time to prepare their submissions.
Continue Reading FDA Delays Enforcement of UDI Reporting Requirements for Consumer Health Products
The metaverse has been described as the “next frontier” and the “new era” of healthcare. Although still a loosely defined and relatively broad term, the “metaverse” generally refers to a shared virtual environment accessed by individuals via the Internet. Individuals generally enter the metaverse through the following four technologies: virtual reality, augmented reality, mixed reality and extended reality.
Continue Reading Digital Health in the Metaverse: Three Legal Considerations
On Thursday, March 16, the Office of the Inspector General for the Department of Health and Human Services (“OIG”) issued OIG Advisory Opinion (“AO”) No. 22-05, relating to subsidization of certain Medicare cost-sharing obligations in the context of a clinical trial involving medical devices (the “Proposed Arrangement”). This is the third AO in a recent series of AOs (see AO 21-17 on November 19, 2021 and AO 21-13 on October 4, 2021) focused on Medicare cost subsidies in a clinical trial setting for serious conditions that affect large portions of the population in the US. Like these other AOs, OIG found that while the Proposed Arrangement could generate fraud and abuse risks under both the Federal anti-kickback statute (i.e., Section 1128A(a)(7) and 1128B(b) of the Social Security Act (“Act”)) and the Beneficiary Inducements CMP (i.e., Section 1128A(a)(5) of the Act), the Proposed Arrangement nevertheless presented a minimal risk of fraud and abuse under the law on the facts presented. Medical device manufacturers should pay close attention to this trend when considering trial designs and patient populations.
Continue Reading OIG Advisory Opinion Alert: Yet Another Favorable Decision for Medical Device Manufacturers
The digital health sector has seen tremendous growth and innovation over the past few years. This momentum introduces new complexities within the legal and regulatory landscape that is trying to
Continue Reading Top 5 Legal Issues in Digital Health to Watch for in 2022
On December 22, 2021, the Food and Drug Administration (FDA) issued a draft guidance for sponsors, investigators, and other interested parties on using digital health technologies (DHT) to acquire data remotely from participants in clinical investigations. DHTs (such as wearables and sensors) are playing a growing role in clinical research, accelerated by the need for decentralized clinical trials and remote patient monitoring during the COVID-19 pandemic. Though largely directed to study sponsors using DHTs, the guidance raises issues that developers and manufacturers of these technologies will want to be mindful of given the ways in which their products might be used in a broader clinical use case than originally anticipated. Comments on the draft guidance are due March 23, 2022. The full text of the guidance can be accessed here.
Continue Reading FDA Releases Guidance for Digital Health Tech Used in Clinical Investigations
Utah recently signed into law SB 227, creating the Genetic Information Privacy Act (GIPA). The law, which is anticipated to go into effect in May 2021, is aimed at protecting genetic data collected from direct-to-consumer (DTC) genetic testing companies. Companies distributing DTC tests should evaluate their current data privacy policies and practices against the obligations the new Utah law imposes on data use and protection, including user consent, data security, and access and deletion rights, to ensure they are in a position to comply with the new law.
Continue Reading New State Genetic Privacy Law Directed at Consumer Genetic Tests
Many digital health app developers offering health and wellness solutions directly to consumers may find themselves in a space unregulated by the Health Insurance Portability and Accountability Act (“HIPAA”). While potentially outside the scope of HIPAA, developers in this space are reminded of the risks stemming from other federal and state privacy and security laws, including unfair or deceptive abuse acts and practices (UDAAP) laws. A recent Federal Trade Commission (“FTC”) settlement sheds light on the importance of accurately describing how information is collected, used, and shared.
Continue Reading Recent FTC Settlement Serves as Reminder For Digital Health Developers
At the beginning of February, the US Food and Drug Administration (FDA) Center for Devices and Radiological Health (CDRH) appointed Professor Kevin Fu as the first ever Acting Director of Medical Device Cybersecurity. Fu’s role also includes a one-year appointment with the Digital Health Center of Excellence (DHCoE), a division launched in September 2020 within CDRH. Many see this new appointment as an indication that the Agency will make cybersecurity a priority in 2021.
Continue Reading FDA Appointment Signals Increased Attention on Medical Device Cybersecurity
The US Food and Drug Administration (FDA) published an Action Plan for artificial intelligence (AI) and machine learning (ML) software on January 12, 2021 that provides near-term actions to develop a regulatory framework for AI and ML-based medical devices. The quick takeaway is that FDA will publish a draft guidance on change control plans, a key concept from its April 2019 discussion paper on AI/ML-based software devices (previously reported here). FDA also will hold a public workshop on algorithm transparency and engage its partners and stakeholders on other key initiatives, such as evaluating bias in algorithms. While the Action Plan proposes a roadmap for advancing a regulatory framework, an operational framework appears to be further down the road.
Continue Reading FDA’s Action Plan for Artificial Intelligence: Highlights and Insights for Developers