Historically, the Food and Drug Administration hasn’t regulated most clinical decision support software. But it might be time for developers of this type of software to start paying attention to the FDA, because that’s likely going to change.

In a surprise move, the FDA published a draft guidance in December that would regulate essentially all CDS software, unless it meets special requirements of the 21st Century Cures Act.

According to the 21st Century Cures Act, CDS software is exempt from FDA regulation if the software enables a professional user “to independently review the basis for” any recommendations the software presents so that the user does not need to rely primarily” on the recommendations.

If CDS fails to do that, FDA’s guidance suggests the software becomes FDA regulated almost without exception. That’s true even if the software advises the physician of the typical symptoms of the common cold. It would seem that, for the FDA, no risk is too small to be regulated.

According to the FDA, in a nutshell software qualifies as CDS if it:

  • Displays or analyzes medical information about a patient or any other medical information.
  • Supports or provides recommendations to a healthcare professional about prevention, diagnosis or treatment of a disease or condition.

That’s it. Pretty simple. Oh, and the CDS software can’t analyze an electronic signal from a medical device because then the FDA would regulate the software as an accessory to the medical device.

There are a large number of low-risk software programs on the market that display or analyze medical information for the purpose of supporting or providing a recommendation to healthcare professionals. In fact, many have been on the market for decades. So it comes as a surprise to most in the industry that the FDA now wishes to regulate them.

According to FDA’s proposed guidance, the only reliable way to avoid FDA regulation for CDS software is to abide by the new transparency standard Congress adopted. But Congress never intended that its transparency standards would be the only way to avoid FDA regulation.

In a 2014 report to Congress, FDA promised that the agency would develop a risk-based approach in its CDS guidance. In fact, in 2014 FDA also participated with the international regulatory community to develop a risk-based model for deciding how to approach software used for medical purposes. But somehow all of that got lost in the shuffle as FDA pushed out its proposed CDS guidance at the end of the year. FDA decided to regulate the vast majority of CDS, except software that met the transparency standard.

Compounding matters, the FDA seems to have departed from the legislative language to make its transparency test much more restrictive than the test Congress specified.

According to the FDA’s interpretation, to avoid regulation “the intended user should be able to reach the same recommendation [as the software] on his or her own.” But according to the statute, the intended user need only be able “to independently review the basis for such recommendations” so that the user does not need to “rely primarily” on the recommendation.

The difference is considerable. Under FDA’s test, the agency will extend regulation to any software that offers insights that the user might not be expected to come up with on her own. This would leave no room for the software to offer unique insights that an informed professional user might not arrive at independently. In contrast, under the statutory test, the user merely needs to be able to independently review the basis of the recommendation. The statute does not require that the user be able to devise the same recommendation on her own.

The FDA notes that software categories that the agency has previously declared to be subject to enforcement discretion remain so. Consequently, for example, a smart phone app that performs calculations routinely used in clinical practice, such as tabulating an Apgar score (adding five numbers between zero and two to arrive at a measure for a newborn infant’s health), is still subject to enforcement discretion. The agency has previously exempted a few categories of CDS in its Mobile Medical App guidance.

On the other hand, FDA has always regulated high risk CDS, such as programs that analyze medical images to assess whether a patient might have cancer. The new guidance was supposed to help industry understand where the agency draws the line between those two extremes.

Traditionally, CDS software developers believed the FDA had no intention of regulating low-risk products that merely helps a physician be thorough in her assessment and proceeded directly to market. These CDS software programs have been helping physicians keep up with new treatment options and avoid what might otherwise be a memory lapse, thus improving patient care. Now these old and new software programs are at risk of being subjected to FDA regulations.

While many in the industry are concerned, we will have to wait to see what the FDA ultimately does with its proposed guidance. But for CDS software developers who have existed outside of the FDA’s realm for many years, this could be the end of an era.

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access