On February 15, 2011, the United States Food and Drug Administration (FDA) issued a final rule formally “reclassifying” Medical Device Data Systems (MDDSs) from Class III into Class I. As Class I, 510(k)-exempt devices, MDDSs will not be subject to FDA premarket review or clearance. MDDS manufacturers will be required to register as medical device manufacturers and list their commercially distributed MDDS devices with the FDA by April 18, 2011. Manufacturers also must establish compliant quality systems for the design, manufacturing, and validation of their MDDSs, as well as adverse event reporting procedures, by April 17, 2012.
Medical Device Data Systems
A Medical Device Data System is a new category of medical device that acts as a communication conduit for electronic data obtained from other medical devices. An MDDS may be used for the electronic transfer, storage, conversion, or display of data. It may include software, electronic or electrical hardware such as a physical communications medium (including wireless hardware), modems, interfaces, and a communications protocol. MDDSs do not include devices that control or alter the functions of any connected medical devices or that are intended to be used in connection with active patient monitoring. Examples of MDDSs include devices that collect and store data from glucose meters for future use or that transfer lab results for future use at a nursing station.
Implications for MDDS Vendors, Hospitals, and Other Health Care Facilities
The FDA describes the reclassification of MDDSs as a de-regulatory move in which the agency down-classified MDDSs from Class III to Class I. While the FDA’s assertion is technically correct, in practice the FDA has historically exercised enforcement discretion not to subject such software products to active regulation. As a result, most MDDS vendors have not established FDA-compliant systems and procedures. For many MDDS vendors, establishing FDA-compliant systems will require adoption of more rigorous design, validation, complaint handling, and change control procedures than they are accustomed to following.
This new rule may also affect hospitals and other health care facilities that purchase and integrate MDDSs into Health IT (HIT) systems. To take advantage of federal and state HIT incentive programs, it will often be beneficial for HIT systems to download electronic medical data directly from devices used in patient monitoring or treatment. In response to comments on the proposed MDDS rule, the FDA acknowledged that such purchasers may become medical device manufacturers subject to the FDA oversight and regulation if they modify an MDDS outside the parameters of the original manufacturer’s specifications. Hospitals and other health care facilities that wish to avoid the FDA regulation therefore need to review their use of MDDSs, paying particular attention to any customization that they may have done or are planning to do to such systems.
The FDA’s action also may complicate the regulatory landscape for manufacturers of software that falls outside the narrow MDDS definition. In the preamble to the rule, the FDA says that devices such as clinical decision support tools (such as may be found in some HIT systems), software used for active patient monitoring, Electronic Health Records, and Personal Health Records, are not MDDSs. At the same time, the FDA emphasizes that it has withdrawn its earlier guidance describing the agency’s generally lenient approach to software regulation and that it considers unclassified software devices to be Class III, thus requiring FDA approval. These statements may create interpretive and compliance challenges for some software vendors.