The Food and Drug Administration appears to be taking a proactive and long-term approach toward improving medical-device safety.
On April 17, the FDA released its Medical Device Safety Action Plan, in which regulators set out their goals for improving device safety, including tracking a product's safety throughout its life-cycle and sparking innovation that will make devices safer.
"Overall, this is a positive step to try to take proactive action to create a better environment for medical devices," said David Chou, chief information and digital officer for Children's Mercy Kansas City.
The FDA's current regulatory framework for devices is from the mid-1970s.
"Safety is an area where there are definitely gaps in device regulation," said Jim Shehan, senior counsel with Lowenstein Sandler and chair of the firm's FDA regulatory practice. "The FDA is trying to make the picture better, given the statutory tools that currently exist."
Updates in the plan include potential initiatives for making sure medical devices are safe, including pushing stronger cybersecurity and implementing a unique device identification system that would track medical devices as they're distributed and used.
But regulators don't explain how the unique device ID system would work with existing devices. "The document in general does not address the current in-market devices adequately," said Dan Dodson, president of Fortified Health Security.
In terms of looking ahead, FDA Commissioner Dr. Scott Gottlieb and his fellow regulators want to encourage innovation in device safety. The agency already supports that goal with the Breakthrough Device Program, established by the 21st Century Cures Act to speed up patient access to treatments for certain serious conditions.
FDA regulators are now considering a program for devices that don't meet the Breakthrough Device Program's criteria but nevertheless are safer than what's currently on the market.
The FDA is also targeting cybersecurity.
"Like computers and the networks they operate in, medical devices can be vulnerable to security breaches," Gottlieb said in a statement. "Exploitation of device vulnerabilities could threaten the health and safety of patients."
While no hacks of implanted medical devices have been recorded, the risk exists. A hacker could, for instance, break into an internet-connected device by first hacking into an insecure Wi-Fi network.
In response, the FDA will consider requiring manufacturers to enable patching of their devices from the get-go. The agency will also consider requiring companies to give the agency and users a software bill of materials, which would help users better manage their devices and those devices' software.
The agency could, in the future, require manufacturers to disclose when vulnerabilities arise, according to the plan. This fills an important gap, said Beth Pitman, a counsel with Waller Lansden Dortch & Davis. Just as HIPAA security rules apply to providers, so should similar rules for medical-device manufacturers, she said.
Another cybersecurity step regulators could take is setting minimum device criteria, Chou said. By enforcing those criteria, regulators could, for instance, make sure manufacturers and developers issue updates for devices still running Windows XP.
Nevertheless, Chou said, "there may be some challenges in working backwards on the existing devices."
What's more, all of these efforts will require significant investment, he said. "I just hope we're using the dollars effectively."
And it will take time, according to the Advanced Medical Technology Association. "Without further details, it is difficult to determine the immediate impact," a spokesperson said.
The plan will also require human capital, Dodson pointed out, but regulators don't sufficiently address that need in the plan.
Nor do they address the concerns of the future, Dodson added. But that's not enough, he said. "The plan is focused on today's problems and, as it's written, it will always be playing catch-up," he said. "We need to put in policy and practices that will prepare us for the future."
The FDA's push into device safety parallels Gottlieb's pushes in other areas, Shehan said. "You see a picture here of Commissioner Gottlieb leaving his mark on generic drugs, on food regulation, on tobacco, and now you have medical devices," he said. "Stay tuned—there's probably going to be more."
An edited version of this story can also be found in Modern Healthcare's April 23 print edition.
