Email Updates
The Role of the FDA in Ensuring Device Safety
Introduction
The Food and Drug Administration (FDA) plays a critical role in ensuring the safety of patients and the healthcare system as a whole. Under its federal mandate, the FDA is “responsible for protecting the public health by ensuring the safety, efficacy, and security of … drugs, biological products, and medical devices.” For this perspective, we will discuss the FDA’s ability to ensure the safety of medical devices.
Medical devices encompass an incredibly broad range of products, from routine examination equipment to implantable, life-saving devices.[1] Ineffective or unsafe medical devices can have detrimental consequences on care and patient outcomes, such as insulin pumps that administer an incorrect dose. Given the diverse range of medical device types and substantial variation in their potential to cause harm, the FDA established a classification system to categorize devices based on their potential risk. The Class designation dictates the FDA requirements that must be met by that device and its manufacturer before the product can be lawfully marketed.[2],[3]
- Class I: Devices of minimal potential risk to the user. Fifty percent of medical devices are Class I and ninety-three percent of these are exempt from pre-market review.
- Class II: Devices of moderate risk to the user. Forty-three percent of medical devices are Class II and require FDA review through pre-market notification. Devices in this class submit non-clinical, and sometimes clinical, evidence to demonstrate equivalence to an already marketed device.
- Class III: Devices that “sustain or support life, are implanted, or present potential high risk of illness or injury.” These devices require FDA review through pre-market approval. Devices in this class submit clinical and nonclinical data to demonstrate a reasonable assurance of safety and effectiveness of the device.
In addition to this classification schema, the FDA offers expedited review for Breakthrough Devices that provide more effective diagnoses or treatment for life-threatening or irreversibly debilitating conditions than products already on the market.[4]
Challenges in Ensuring the Safety of Medical Devices
Rapidly Evolving Technology
The rapid evolution of technology is one of the greatest challenges to the FDA. Not only does the agency have to ensure they are applying efficient and effective methods for evaluating new science and technologies, they have to consider how patients are interacting with devices and the complexity of the interface.
As technology has advanced, a specific growing challenge for the FDA is the role of software. Software that is intended for a medical purpose but is not merely an integral part of the device hardware is in itself considered a medical device (Software as a Medical Device [SaMD]). The definition of SaMDs encompasses a broad range of software, from programs that allow medical imaging to be viewed on handheld smart devices, to diagnostic software supporting clinical decision-making.[5] The recent increase in SaMDs incorporating artificial intelligence and machine learning poses a particular challenge to the FDA, as the greatest benefit from this technology is its ability to learn and adapt based on new data generated and analyzed through the course of everyday care. For the FDA, these modifications raise the question of how to ensure the long-term safety and effectiveness of the software when changes are expected to the SaMD following initial review and approval.[6]
Networking and Interoperability
Enhanced connectivity of electronic medical devices and software allows information to be shared more effectively in the healthcare setting, which can improve patient care, reduce errors and adverse events, and support innovation care practices. However, it is important that the transfer of information between systems occur safely and securely. While not specifically a patient safety issue, the FDA is concerned with the cybersecurity challenges that stem from inter-operability and connections made through the internet. While the agency does not have the authority to dictate how institutions may connect their electronic devices, they have issued recommendations and guidance for securing medical devices and systems from cybersecurity risks.[7]
Device Maintenance and Repairs
As with any technical device, medical devices require ongoing servicing for maintenance and repairs. Incorrectly performed repairs could cause the device to malfunction, placing the user and/or patient at an unnecessary risk. While the FDA does monitor all service activities performed by the original equipment manufacturer (OEM), the same level of FDA safety oversight does not apply to servicing performed by non-OEMs. As a result, the FDA has incomplete information regarding the quality of device servicing, raising concern about underreporting of device malfunctions.[8]
Post-market Safety Surveillance Capabilities
The FDA currently monitors medical device safety through adverse event reporting from the medical community. This includes events reported directly by clinical sites and those from device manufacturers. Since 1990, all clinical sites have been required to report all adverse events involving devices under the Safe Medical Devices Act (SMDA). To enhance this reporting, in 2002 the FDA launched the Medical Product Safety Network (MedSun) to facilitate mandatory reporting, but also to encourage voluntarily reporting of “close-calls” with devices that had the potential for harm.[9] The FDA provides educational webinar materials and resources to help providers understand the importance of reporting device issues. However, this passive approach to identifying device error relies on several assumptions: 1) that all events are correctly identified by people, typically healthcare professionals, 2) that these events are determined to be associated with the device, and 3) that they are all reported.
Another challenge after a device has been approved is that some FDA questions regarding the safety of a device require post-approval studies to ensure safety in a diverse patient population, which are challenging to perform or enroll patients if the data is not routinely collected as a part of usual care. This is because patients often lack an incentive to enroll in studies if they do not need to get access to the device.[3]
Future Directions
In response to these and other challenges, in 2018 the FDA outlined its Action Plan for ensuring medical device safety. The Action Plan highlights the enhancements the FDA has made- or is making- to their oversight of device safety through new regulations, partnerships, and programs. These enhancements include: establishing a unique device identification system, systematically leveraging real-world evidence, establishing the Signal Management Program, establishing a more patient-centric framework for evaluating device risk that also considers patient harms from not accessing the device, incentivizing device quality and safety, and addressing cybersecurity in the context of patient safety.
One critical enhancement highlighted in the Action Plan is FDA’s efforts to improve post-market safety surveillance via the National Evaluation System for health Technology (NEST). Established in September 2016, NEST is a multi-stakeholder partnership between health providers, patients, payers, industry, government, and data owners, such as healthcare systems that collect real-world data from electronic health records, claims, pharmacies, and other sources. Using this data, the agency hopes to complement existing passive surveillance with an active post-market surveillance system that analyzes raw data to identify device safety signals in a more timely and accurate way. Additionally, the FDA hopes that the availability of data will allow the agency to conduct analyses of device safety in diverse populations in a way that was only previously possible through post-approval clinical studies.[10] NEST has the potential to provide the FDA with critical early warnings of safety concerns as they occur, and to act on those concerns, rather than waiting for after-the-fact reporting.
Authors
Eleanor Fitall, MPH
Research Associate, IMPAQ Health
IMPAQ International
Washington, DC
Kendall K. Hall, MD, MS
Managing Director, IMPAQ Health
IMPAQ International
Columbia, MD
Bryan Gale, MA
Senior Research Analyst, IMPAQ Health
IMPAQ International
Columbia, MD
References
[1] Medical Device Safety: Safety and Effectiveness of Medical Devices. Premier. https://www.premiersafetyinstitute.org/safety-topics-az/medical-device-safety/medical-device-safety/. Accessed March 11, 2020.
[2] Consumers (Medical Devices): How are Medical Devices Classified. Food and Drug Administration. https://www.fda.gov/medical-devices/resources-you-medical-devices/consumers-medical-devices#How_are_Medical_Devices_Classified_. Accessed March 11, 2020.
[3] Medical Device Safety Action Plan: Protecting Patients, Promoting Public Health. Food and Drug Administration. https://www.fda.gov/files/about%20fda/published/Medical-Device-Safety-Action-Plan--Protecting-Patients--Promoting-Public-Health-%28PDF%29.pdf. Accessed March 11, 2020.
[4] Breakthrough Devices Program. Food and Drug Administration. https://www.fda.gov/medical-devices/how-study-and-market-your-device/breakthrough-devices-program. Accessed March 11, 2020.
[5] What are examples of Software as a Medical Device? Food and Drug Administration. https://www.fda.gov/medical-devices/software-medical-device-samd/what-are-examples-software-medical-device. Accessed March 11, 2020.
[6] Artificial Intelligence and Machine Learning in Software as a Medical Device. Food and Drug Administration. https://www.fda.gov/medical-devices/software-medical-device-samd/artificial-intelligence-and-machine-learning-software-medical-device. Accessed March 11, 2020.
[7] Medical Device Interoperabilty. Food and Drug Administration. https://www.fda.gov/medical-devices/digital-health/medical-device-interoperability. Accessed March 11, 2020.
[8] Hope, P. In Light of New FDA Report, Congressional Action Still Needed to Protect Patient Safety. Morning Consult. https://morningconsult.com/opinions/light-new-fda-report-congressional-action-still-needed-protect-patient-safety/. Published May 25, 2018. Accessed March 11, 2020.
[9] MedSun: Medical Product Safety Network. Food and Drug Administration. https://www.fda.gov/medical-devices/medical-device-safety/medsun-medical-product-safety-network. Accessed March 11, 2020.
Editor’s note: Jeffrey Shuren, MD, JD is the Director of the Center for Devices and Radiological Health at the Food and Drug Administration. Dr. Shuren is a member of the American Academy of Neurology and in his professional role has presented at numerous healthcare professional society conferences. We spoke with him about the role of the Food and Drug Administration in ensuring the safety of medical devices.
Dr. Kendall Hall: Could you please provide a short overview of your background and your current role at the FDA?
Dr. Jeffrey Shuren: I am a neurologist attorney currently serving as the Director of the Food and Drug Administration’s [FDA’s] Center for Devices in Radiological Health. I’ve been in this position for about ten years. Prior to assuming this role I was working on policy in the FDA Commissioner’s office.
KH: When we think about the FDA’s role in patient safety, it seems like we’ve come a long way. With so many more, and more complicated, devices and more patients using devices at home, how has your role evolved? How has the role of the FDA evolved in terms of device safety?
JS: We are responsible for overseeing all medical devices in the US marketplace and ensuring that they are safe and effective. Over time, our role has evolved in light of what you’ve pointed out: increasing complexity and total amount of the products on the market. There are about 190,000 different types of devices on the US marketplace. In the past we have had limited surveillance tools available to us. Our role has changed in that we have become more proactive in identifying, addressing, and preventing safety problems related to medical devices. We have become increasingly more collaborative and communicative.
For example, a few years ago we implemented a policy related to the issuance of notifications when we are dealing with an emerging safety signal. There are circumstances where we may not have full confirmation that there is a new or increased safety risk, or we know that there is a particular risk but we have not yet worked out what the appropriate actions are to take, but we believe it is in the best interest of public health to provide that information to patients and providers. We’ve also increasingly have been including the voice of patients in the decisions that we’ve made.
We’ve expanded the scope of what we view as “critical” for assuring the safety of products, and that includes the quality of products and manufacturing. We’ve also been advancing innovation to spur the development of safer medical devices. This includes our Breakthrough Devices Program, which covers devices intended to treat or diagnose life threatening or irreversibly debilitating conditions, as well as a new program that we are establishing called the Safer Technologies Program. Under this program, devices that don’t meet all the criteria to be considered a “breakthrough,” but otherwise may be safer than alternative medical products out on the marketplace, would receive the same additional benefits as under the Breakthrough Devices program.
KH: When thinking about surveillance and indicators that potentially unsafe conditions exist, is there a role for collaboration with another agency, such as the CDC [Centers for Disease Control and Prevention]?
JS: Yes. We work with other agencies, including the CDC around topics such as hospital acquired infections and outbreaks. Different agencies may have different tools available to them. In the case of the FDA and medical devices, the surveillance tools we have had historically had important limitations. Our system is based on passive surveillance: we rely on people to identify that a problem occurred and to then take the time to report it to us, or report it to the manufacturer who then reports it to us. Unfortunately, people can miss things, and they are certainly not going to pick up on all associated events, so it may take longer to identify when there is a safety problem.
KH: Is the FDA considering the use of artificial intelligence [AI] and pattern recognition in device safety surveillance?
JS: The limitations we were experiencing with our surveillance tools, as well as the challenge of getting clinical studies after a product is out in the marketplace, led us to develop a strategy in 2012 to establish a national system that leverages data collected as a part of routine clinical care. That system has been branded the National Evaluation System for health Technology, or NEST, and version 1.0 should be launched in 2020. The capabilities of NEST will eventually allow for active surveillance, as well as the use of software analytical tools and AI in the review of electronic data sets. These functions will allow us to identify potentially serious device risks that we did not know of beforehand. We will also be able to monitor for changes in the frequency with which particular adverse events may occur.
Keep in mind, any medical device and any medical product out on the market place will pose some risks – there is no such thing as a risk-free medical device or drug. The issues we are most concerned with are around the key questions, “do the benefits outweigh the risks?” and “do we provide useful information for providers and patients to make well-informed healthcare decisions?” We then want to make sure we have put in place good surveillance tools to capture any new risks or increased risks. NEST will allow us to build up an active surveillance capability in combination with our existing passive surveillance capabilities. Additionally, it will give us the opportunity to address questions using real world data sources, such as device registries or even electronic health records, where previously we would need traditional clinical trials. This can provide us with critical information more quickly and more efficiently. The NEST system is a little unique for FDA in that we don’t own or operate the system. It is being developed by an independent party and the governing structure has representatives from all the key stakeholders in the device ecosystem. You have patient representatives, provider representatives, payers, industry, and government, who all come together around this. With that representation you really have a system that is of, by, and for the device ecosystem.
KH: When events are reported, do you work with that data to look for root causes of the events?
JS: The device maker is responsible for reviewing the adverse event reports they receive, including assessing whether any complaints are associated with their device, and identifying the root cause of the event. However, we will work with manufacturers to help facilitate those analyses. In some cases, we have even looked at devices in our laboratory to try and identify the root cause of a problem, but we are not resourced to do that routinely.
KH: What do you see as the greatest challenge in ensuring device safety?
JS: I think the rapid evolution of technology is one of the biggest challenges. Technology can both solve and create problems. As we are asked to evaluate new science and new technologies, we are always trying ensure that we are keeping up with the science and applying efficient and effective methods for evaluating those new technologies.
KH: When new technology, such as AI, is developing and changing very quickly, how does the FDA approach its review to ensure you have a good grasp on how the technology may be different and what that means for safety?
JS: We deal with new technologies all the time and all moderate- and high- risk devices are reviewed by the FDA before they come to the market place. One of the challenges you see with medical devices is the fact that they can be modified, and in fact often need to be modified, to get the full value out of the device. Those kinds of continued improvements can be very beneficial to patients and are unlike pharmaceuticals, which remain the same over time. In the case of AI, most people are talking about machine learning algorithms that allow technology to learn and be modified. In some cases it can even modify itself. The FDA put out a white paper back in April of last year to propose an approach that could be applied for machine learning AI that would allow for changes to the technology to be made in near-real time in some cases, while still assuring that that device remains safe and effective.
KH: Is the FDA involved in cybersecurity?
JS: We are very involved in cybersecurity. We’ve issued policy regarding what manufacturers need to do regarding cybersecurity in the pre-market submissions they send us and what they need to do to remain vigilant once their product is out on the marketplace. Cybersecurity raises one of the interesting challenges around safety, although security is different than safety. Some of the challenges come from software technologies, or what we call software as a medical device or SaMD, where the technology really is the software. In these cases, the ability to make frequent changes to the technology is absolutely critical for assuring patient safety for several reasons. One is cybersecurity: manufacturers need to be constantly vigilant for cybersecurity vulnerabilities and threats, and make modifications as necessary to try to stay ahead of the curve. Second, increasingly technologies, predominantly SaMD, are connected to other technologies within a network. Therefore, changes in the network itself, or in other technologies that link to that network, may require that the device maker implement modifications to assure that they remain viable while not adversely affecting the performance of the medical device. That is one of the unique challenges we are seeing in the world of the internet: frequent modifications are becoming necessary to maintain patient safety.
KH: Is there going be a role at some point for the FDA for ensuring connected, networked technologies remain safe? Or is it going to be up to the device manufacturers to put in place safeguards?
JS: We don’t have authority over the healthcare facilities and how they may interconnect technologies. What we try to do is make sure that there is information available regarding those interfaces, so that hospitals can take that into account if they are connecting different technologies. On the cybersecurity front, the Department of Health and Human Services and the Department of Homeland Security engage across the healthcare sector to try and deal with these broader network issues. We participate in those efforts to provide a perspective from the medical device side.
KH: What’s next on the horizon for the FDA in terms of patient safety or threats to safety?
JS: With regards to medical devices, I think we talked about some of them. There are the security issues, which are not safety issues, but can affect patient safety. There are the challenges we face with increasingly networked technologies. We’ve also been focusing on select device materials, particularly where a subset of individuals may be predisposed to a hyper-immunologic response to those materials resulting in adverse events, such as in the case of metal-on-metal hip replacement devices. This can lead to adverse effects and device failure. Finally, there are the changes we’re making in national capabilities to identify safety issues.
KH: Is there anything we haven’t discussed that you think the patient safety community may want to hear about device safety?
JS: I think that what you’ll see from the FDA is our continued efforts to expand our partnerships with other parties, including the clinical and healthcare facility communities. This includes our work establishing medical device registries, our increasing work with industry, and also our expanded partnerships with other countries. We facilitate calls with other countries to share information regarding emerging signals that we are seeing, and to hear from them what they are seeing.
