Digital health solutions supported by the PHDA can include clinical decision support, software as a medical device (SaMD), software as a service (SaaS), healthcare IT systems, mobile apps, wearables, telehealth, artificial intelligence (AI) solutions, clinical trial management tools, R&D and drug discovery tools, and more. The broad range of digital solutions requires us to always keep an eye on the latest developments in the regulatory guidance of digital solutions for healthcare applications.
In recent years, the FDA has established new guidelines and has updated existing guidelines to accelerate access to the ever-increasing number of digital technologies that are being developed. In this two-part blog series, we’re providing an overview of the regulatory review process and requirements for software solutions in the U.S.
Software systems that underlie medical devices have been regulated within the medical device categories using the 510(k)-clearance path or the pre-market approval (PMA) path, depending on the complexity and risk level of the medical device that is driven by the software. However, the standard regulatory framework is not suitable for medical software regulation, which has to be flexible due to the iterative, fast-paced nature of software development.
Consequently, standalone software solutions outside of the device definition remained largely unregulated for a long time until the 21st Century Cures Act (Cures Act) was signed in 2016. The Cures Act section 3060 is dedicated to digital health solutions and includes broad categories such as mobile health (mHealth), health information technology (IT), wearable devices, telehealth and telemedicine, and personalized medicine.
Since then, the FDA has released 14 guidance documents with digital health content, most prominently, the guidance on Software as a Medical Device in 2017 (SaMD). Software is stratified on two axes: whether the device informs care, drives care, or treats/diagnoses and whether the condition in question is non-serious, serious, or critical. Software that informs non-serious conditions is in the lowest-risk category, whereas software that treats or diagnoses a critical condition is in the highest risk category. Other critical guidance includes Clinical Decision Support Software in 2019, and most recently the guidance on multiple function device products in 2020.
Digital health regulation is spearheaded by the Center for Devices and Radiological Health (CDRH), which released the “Digital Health Innovation Action Plan” in 2017. The plan consists of three actions. In addition to issuing updated and modernized guidance documents focused on medical software, the FDA also set out to increase its workforce by adding experts with data science and computer science background. Lastly, the FDA developed the “Digital Health Software Precertification Pilot Program.” The goal of the Pre-Cert program is to accelerate access to digital health solutions by evaluating five excellence principles at the level of the organization that is applying for approval: patient safety, product quality, clinical responsibility, cybersecurity responsibility, and proactive culture. Applicant organizations undergo four steps:
- pre-certification for organizations that show operational excellence,
- review determination based on risk categories,
- streamlined review for SaMD that need FDA review, and
- identifying information that may be used to assess real-world performance.
Regulatory guidance for medical software is in flux and constantly changing, but the last five years have seen an increase in programs and initiatives at the FDA that aim to accelerate patient access to digital health technologies. Stay tuned for Part 2, which will focus on AI-driven technologies and the unique regulatory considerations that they pose.