Digital Health & Medical Devices

With a September 24, 2022 compliance date looming, the U.S. Food and Drug Administration (FDA) announced that will delay enforcement of its requirement to submit Unique Device Identifier (UDI) data for low-risk consumer health products. Consumer health products, as described in the FDA guidance, include class 1 devices that are typically sold directly to consumers, such as digital health products and consumables. The FDA guidance extends the compliance date for data submission from September 24, 2022 to December 8, 2022, giving manufacturers of consumer health products more time to prepare their submissions.

Continue Reading FDA Delays Enforcement of UDI Reporting Requirements for Consumer Health Products

The metaverse has been described as the “next frontier” and the “new era” of healthcare. Although still a loosely defined and relatively broad term, the “metaverse” generally refers to a shared virtual environment accessed by individuals via the Internet. Individuals generally enter the metaverse through the following four technologies: virtual reality, augmented reality, mixed reality and extended reality.  

Continue Reading Digital Health in the Metaverse: Three Legal Considerations

On Thursday, March 16, the Office of the Inspector General for the Department of Health and Human Services (“OIG”) issued OIG Advisory Opinion (“AO”) No. 22-05, relating to subsidization of certain Medicare cost-sharing obligations in the context of a clinical trial involving medical devices (the “Proposed Arrangement”). This is the third AO in a recent series of AOs (see AO 21-17 on November 19, 2021 and AO 21-13 on October 4, 2021) focused on Medicare cost subsidies in a clinical trial setting for serious conditions that affect large portions of the population in the US. Like these other AOs, OIG found that while the Proposed Arrangement could generate fraud and abuse risks under both the Federal anti-kickback statute (i.e., Section 1128A(a)(7) and 1128B(b) of the Social Security Act (“Act”)) and the Beneficiary Inducements CMP (i.e., Section 1128A(a)(5) of the Act), the Proposed Arrangement nevertheless presented a minimal risk of fraud and abuse under the law on the facts presented. Medical device manufacturers should pay close attention to this trend when considering trial designs and patient populations.
Continue Reading OIG Advisory Opinion Alert: Yet Another Favorable Decision for Medical Device Manufacturers

On December 22, 2021, the Food and Drug Administration (FDA) issued a draft guidance for sponsors, investigators, and other interested parties on using digital health technologies (DHT) to acquire data remotely from participants in clinical investigations. DHTs (such as wearables and sensors) are playing a growing role in clinical research, accelerated by the need for decentralized clinical trials and remote patient monitoring during the COVID-19 pandemic. Though largely directed to study sponsors using DHTs, the guidance raises issues that developers and manufacturers of these technologies will want to be mindful of given the ways in which their products might be used in a broader clinical use case than originally anticipated. Comments on the draft guidance are due March 23, 2022. The full text of the guidance can be accessed here.
Continue Reading FDA Releases Guidance for Digital Health Tech Used in Clinical Investigations

Utah recently signed into law SB 227, creating the Genetic Information Privacy Act (GIPA). The law, which is anticipated to go into effect in May 2021, is aimed at protecting genetic data collected from direct-to-consumer (DTC) genetic testing companies. Companies distributing DTC tests should evaluate their current data privacy policies and practices against the obligations the new Utah law imposes on data use and protection, including user consent, data security, and access and deletion rights, to ensure they are in a position to comply with the new law.
Continue Reading New State Genetic Privacy Law Directed at Consumer Genetic Tests

Many digital health app developers offering health and wellness solutions directly to consumers may find themselves in a space unregulated by the Health Insurance Portability and Accountability Act (“HIPAA”). While potentially outside the scope of HIPAA, developers in this space are reminded of the risks stemming from other federal and state privacy and security laws, including unfair or deceptive abuse acts and practices (UDAAP) laws. A recent Federal Trade Commission (“FTC”) settlement sheds light on the importance of accurately describing how information is collected, used, and shared.
Continue Reading Recent FTC Settlement Serves as Reminder For Digital Health Developers

At the beginning of February, the US Food and Drug Administration (FDA) Center for Devices and Radiological Health (CDRH) appointed Professor Kevin Fu as the first ever Acting Director of Medical Device Cybersecurity. Fu’s role also includes a one-year appointment with the Digital Health Center of Excellence (DHCoE), a division launched in September 2020 within CDRH.  Many see this new appointment as an indication that the Agency will make cybersecurity a priority in 2021.
Continue Reading FDA Appointment Signals Increased Attention on Medical Device Cybersecurity

The US Food and Drug Administration (FDA) published an Action Plan for artificial intelligence (AI) and machine learning (ML) software on January 12, 2021 that provides near-term actions to develop a regulatory framework for AI and ML-based medical devices.  The quick takeaway is that FDA will publish a draft guidance on change control plans, a key concept from its April 2019 discussion paper on AI/ML-based software devices (previously reported here). FDA also will hold a public workshop on algorithm transparency and engage its partners and stakeholders on other key initiatives, such as evaluating bias in algorithms. While the Action Plan proposes a roadmap for advancing a regulatory framework, an operational framework appears to be further down the road.
Continue Reading FDA’s Action Plan for Artificial Intelligence: Highlights and Insights for Developers

On September 23, the U.S. Food and Drug Administration (FDA) published a proposed rule to modify its intended use regulations.  In its current form, the regulations have created long-standing confusion as to whether mere knowledge of an unapproved use of an approved product (i.e., off-label) automatically triggers a new “intended use,” for which clearance or approval is required.  The proposed rule clarifies that knowledge alone of off-label use would not create a new intended use, but confirms the Agency’s long-standing position that “any relevant source” of evidence (including knowledge) may be used to determine intended use.  Comments on the proposed rule are due within 30 days unless FDA grants an extension.
Continue Reading FDA’s Proposed Rule on “Intended Use” Confirms Agency Will Rely on “Any Relevant Source” of Evidence

On September 14, 2020, the U.S. Food and Drug Administration (FDA) released an update on the status of its Software Precertification (Pre-Cert) Program.  It is the only public update on the program in 2020.  According to the update, FDA will continue to evaluate its Pre-Cert program, which currently is only in pilot form.  Perhaps disappointing to many companies, the update did not suggest that FDA will be adding new participants to the pilot program at this time, nor did it signal that the program would be fully operational anytime soon.
Continue Reading Latest Update on FDA’s Software Pre-Cert Pilot Program