In February, the FDA issued an important rule on Medical Device Data Systems (MDDSs), categorizing them as subject to FDA Class I general controls.
What is an MDDSs?
MDDSs are data systems that transfer, store, convert according to preset specifications, or display medical device data without controlling or altering the function or parameters of any connected medical device—that is, any other device with which the MDDS shares data or from which the MDDS receives data.
What are FDA Device categories?
The Federal Food, Drug, and Cosmetic Act (the FD&C Act) (21 U.S.C. 301 et seq.) establishes a comprehensive system for the regulation of medical devices intended for human use. Section 513 of the FD&C Act (21 U.S.C. 360c) establishes three categories (classes) of devices, depending on the regulatory controls needed to provide reasonable assurance of safety and effectiveness. The three categories of devices are class I (general controls), class II (special controls), and class III (premarket approval). General controls include requirements for registration, listing, adverse event reporting, and good manufacturing practice (quality system requirements) (21 U.S.C. 360c(a)(1)(A)). Special controls are controls that, in addition to general controls, are applicable to a class II device to help provide reasonable assurance of that device’s safety and effectiveness (21 U.S.C. 360c(a)(1)(B)).
A member of the legal community wrote me:
"John: I have been getting up to speed on the recent FDA rule governing Medical Device Data Systems. This rule would appear to regulate the development of interfaces between medical devices and hospital information systems. Have you or anyone on your team looked at this issue? "
I consulted one of the leading HIT vendors, which responded
"John: We have indeed studied the MDDS rule and after much deliberation, it does appear that vendor or healthcare organization developed black boxes or interfaces which store or transport data from a medical device to another database for use in clinical decision making, fall into the category of MDDS. (The EHR itself does is NOT fall into this designation).
We are preparing to register with FDA a series of interfaces such
as the following:
Lab Instrument results interface
Radiology/Cardiology PACS interfaces
Hemodynamic monitor interface
Dynamap interface
etc
The good news is that there are no 510K filings required but you do need to show that you follow Quality Management System protocols, such as ISO. We recently got ISO 9001:2008 certified in anticipation of more and more FDA regulations coming our way."
The regulation does include a review of the scope of the MDDS definition and notes CPOE and e-Prescribing are not MDDSs. However, the regulation should be studied by vendors and hospitals who build systems to identify the applications and modules that require registration with the FDA, adverse event reporting and possible organizational ISO 9001 certification as evidence of quality management.
The regulation strikes an interesting balance – how to encourage innovation while also requiring accountability for errors that result from software or hardware defects.
Definitely worth a read to ensure you are compliant!
In addition to his CIO role at BIDMC, Dr. Halamka is dean for technology at Harvard Medical School. He blogs at GeekDoctor.blogspot.com.