U.S. Food and Drug Administration 101
Prepared by Erin Fields, Intern
November 2011
1
© 2011 Institute for e-Health Policy
Contents
Introduction ................................................................................................................................................... 3
Organization of the FDA .............................................................................................................................. 3
Medical Devices............................................................................................................................................ 6
Medical Device Data Systems (MDDS) ....................................................................................................... 7
Classification of Other Health IT Software .................................................................................................. 7
Mobile Medical Applications ....................................................................................................................... 9
Radiofrequency Identification (RFID) .......................................................................................................... 9
Unique Device Identifier (UDI) .................................................................................................................. 10
The Sentinel Initiative ................................................................................................................................. 10
Informatics and Computational Safety Analysis Staff (ICSAS) ................................................................. 10
Future Involvement of FDA with Health IT ............................................................................................... 11
2
© 2011 Institute for e-Health Policy
Introduction
As part of the series of information papers on federal agencies and health IT initiatives, this
paper will provide a brief synopsis on the U.S. Food and Drug Administration (FDA).
The FDA is an executive agency in the United States Department of Health and Human Services.
The Federal Food, Drug, and Cosmetic Act of 1938 gave the FDA the authority to regulate and
ensure the safety of products such as food, drugs, biologics, cosmetics, medical devices, and
radiation-emitting products. 1 This act has been amended several times over the past 73 years. 2
Ultimately, the FDA is a scientific regulatory agency aimed to protect and improve public
health. 3
The FDA publishes various types of documents. Regulations are enforceable instructions that
must be met in order to abide by a particular law. Guidance documents portray the current views
of the FDA on a specific topic and offer recommendations to be followed in order to act in
accordance with a regulation. 4 Draft guidance documents are published beforehand and solicit
comments from the public that may be incorporated in the final guidance documents. The FDA
encourages the public to participate in its rule-making process. Members of the public can
comment on proposed rules by the FDA as well as petition the FDA to take a specified action. 5
The FDA’s regulatory authority extends to health information technology (IT). Health IT
products regulated by the FDA include medical device data systems (MDDS), radiofrequency
identification (RFID), and unique device identifiers (UDIs). The Sentinel Initiative and the
informatics and computational safety analysis staff (ICSAS) are two programs that utilize
technology to help regulate drugs and medical devices respectively.
Organization of the FDA
Headed by the Office of the Commissioner (OC), the FDA is comprised of nine offices and
centers (see the following organizational chart). The OC ensures that the mission of the FDA is
faithfully executed. The Office of Regulatory Affairs (ORA) is charged with field work and the
3
© 2011 Institute for e-Health Policy
enforcement of regulations. The Center for Food Safety & Applied Nutrition (CFSAN) is tasked
with ensuring the safety of cosmetics and America’s food supply. Overseeing food and drug
products intended for animals is the Center for Veterinary Medicine (CVM). The National
Center for Toxicological Research (NCTR) implements and improves methods of safety
evaluation on FDA-regulated products. The Center for Tobacco Products (CTP) manages the
enforcement of the 2009 Family Smoking Prevention Act and Tobacco Control Act. The Center
for Drug Evaluation and Research (CDER), Center for Devices & Radiological Health (CDRH),
and Center for Biologics Evaluation and Research (CBER) focus on guarantying the safety and
effectiveness respectively of drugs, medical devices, and biological products. 6
4
© 2011 Institute for e-Health Policy
7
5
© 2011 Institute for e-Health Policy
Medical Devices
All medical devices are classified by CDRH into one of three categories: Class I, II, or III.
Classification is based on the device’s intended use, associated risks, and the amount of control
required to ensure the safety and effectiveness of the product. The level of control increases
from Class I to Class III. Device classification helps determine if the device is exempt from
premarket submission or if it requires 510(k) clearance or premarket approval (PMA) before the
device can reach the market. 8
Class I devices, such as toothbrushes, comprise approximately half of the devices regulated by
the FDA. These low risk devices are subject to general controls and are typically exempt from
both the 510(k) clearance and PMA requirements. 9 Examples of general controls include the
registration of manufacturers and their medical devices, good manufacturing practices, and
labeling of devices. 10
Devices with moderate risk, such as ultrasound imaging systems, are classified as Class II and
are subject to special controls in addition to general controls. The general controls alone are
unable to ensure the safety and effectiveness of Class II devices. Special controls are based on
the device and may involve post-market surveillance as well as specific labeling requirements. 11
Class II devices generally must obtain 510(k) premarket notification before the device can be
marketed. 12 The 510(k) clearance process requires the device sponsor to demonstrate substantial
equivalence of the device to a marketed predicate device that did not require PMA. 13 The
510(k) process was recently analyzed by CDRH as well as by the Institute of Medicine (IOM),
and the FDA announced its plan of action to modify the premarket approval process on October
19, 2011. 14
Class III devices, such as dual-chamber implantable defibrillators, 15 possess serious risk or do
not have a substantially equivalent predicate device and, therefore, typically require PMA before
the device can be marketed. The PMA process is a longer, more extensive process than 510(k)
clearance and requires reasonable assurance of the device’s safety and effectiveness. The PMA
application typically requires manufacturing information and clinical data. 16
6
© 2011 Institute for e-Health Policy
Post-marketing surveillance is required of certain devices, as determined by the FDA, to further
determine the safety and effectiveness of the device. The goal of post-marketing surveillance is
to identify issues that arise with the use of a device that were not discovered during the premarket phase. 17 The FDA’s main source of information concerning problems with medical
devices is the adverse event reports received through its Medical Device Reporting (MDR)
system. The MDR system requires manufacturers to report to the FDA serious injuries, death, or
malfunctions associated with their devices. 18 The FDA relies on the manufacturers to self-report
and self-correct problems with the medical device. 19 Medical device manufacturers not only
have to register with the FDA, they must also have management controls in place for quality
assurance. 20 Quality system regulations (QSRs), which cover the development and
manufacturing of most Class II and III devices, are another measure to ensure the production of
safe medical devices. 21
Medical Device Data Systems (MDDS)
One such medical device that the FDA regulates is the medical device data systems (MDDS).
MDDS electronically transfer, store, convert into various formats, and display the data of a
medical device. In February 2011, the FDA down-classified MDDS from Class III to Class I. 22
As a result, time and expenses required to get MDDS to market will be reduced. Manufacturers
of MDDS now have fewer post-market requirements including annual registration, reporting of
adverse events, and enforcement of QSR. 23 This new ruling on MDDS has caused some
hospitals to now be classified as “medical device manufacturers” 24 and, consequently, must
abide by the aforementioned requirements. Electronic health records (EHRs) are not included
under the MDDS ruling.
Classification of Other Health IT Software
While the FDA has classified and currently regulates MDDS, other health IT software, such as
EHRs, is not classified or regulated as a device by the FDA. During the February 25, 2010 HIT
7
© 2011 Institute for e-Health Policy
Policy Committee hearing, Dr. Jeffery Shuren, director of CDRH, spoke about the likelihood of
the FDA regulating health IT software. Dr. Shuren stated that “under the Federal Food, Drug,
and Cosmetic Act, health IT software is a medical device” and will be classified into one of the
three traditional classes. As of February 2010, the FDA had received 260 health IT-related
adverse event reports. Dr. Shuren presented additional information regarding FDA’s relationship
with health IT at the HIT Policy Committee Meeting held on April 21, 2010. Dr. Shuren
described how the FDA works to ensure that users of medical devices are properly trained to use
technologically sound devices to minimize the possibility of user errors. QSR reports are
important for ensuring the safety of the devices. The users that submit QSR reports are deidentified to protect the users from legal consequences and to encourage submission. Since the
April 2010 meeting, the FDA has implied that EHRs may not actually be classified into one of
the three medical device classes. 25
The FDA has been working with the Office of the National Coordinator for Health Information
Technology (ONC) concerning the FDA’s involvement with patient safety and EHRs. 26 ONC
contracted the IOM in September 2010 to examine the influence of health IT on patient safety
through a yearlong study. 27 The IOM released their report in November 2011 recommending
that the FDA regulate health IT only if the Department of Health and Human Services (HHS) is
not satisfied with the progression of health IT safety. The IOM recommended that HHS annually
assess and report on the development of health IT safety. It was also suggested that an
independent federal entity be created to track health IT adverse events and make consequent
recommendations to the HHS. Proactive steps must be taken to guarantee the safety and
efficiency of health IT. 28 ONC plans to work with HHS, NIH, FDA, AHRQ, and CMS in
creating a safety and surveillance plan within the next 12 months.29
In December 2010, Dr. Jeffery Shuren provided four suggestions regarding the safety of EHRs.
Oversight of EHRs should be risk-based and focused on operational quality with interoperability
standards and a learning and surveillance system clearly established. Dr. Shuren also announced
that the FDA will provide guidance in 2011 on stand-alone applications with quality
management systems and mobile medical devices. 30
8
© 2011 Institute for e-Health Policy
Mobile Medical Applications
In summer 2011, CDRH created draft guidance regarding mobile medical applications (apps).
The development of mobile medical apps intended for use by patients and healthcare providers
creates potential public health risks. The platforms on which the apps function pose additional
risks as they often have a smaller screen and contrast ratio. The draft guidance proposes that
certain mobile medical apps will be regulated and classified into any of the three classifications.
Devices that can be described by any of the following four categories of apps would, therefore,
be regulated by the FDA: (a) display, store, or transmit original patient-specific medical data, (b)
control the function, use, mode, or source of energy of the medical device to which it is
connected, (c) cause the platform to become a regulated device, and (d) analyze medical data to
make recommendations or create new data. The FDA recommends that the manufacturers of
mobile medical apps follow QSR and correct any problems associated with their device in a
timely manner. 31
Radiofrequency Identification (RFID)
Another recent technology being implemented in the healthcare field is radiofrequency
identification (RFID). A typical RFID system consists of a small chip placed on an item that can
be detected by radio waves from an RFID reader. The small chip can store data, which can be
obtained by the RFID reader. RFID readers have the potential to track patients and hospital
equipment in addition to transmitting data for electronic medical record (EMR) systems. This
technology can also help with the regulation of medical products by aiding device recalls and
ensuring the proper delivery of drugs and medical devices. While the FDA has not received any
adverse event reports associated with the use of RFID, there is the potential for the radio waves
emitted by the reader to interfere with electronic medical devices. FDA testing has indicated that
RFID readers may slow pacemakers or instigate inappropriate shocks of implantable cardioverter
defibrillators. 32
9
© 2011 Institute for e-Health Policy
Unique Device Identifier (UDI)
In response to the 2007 FDA Amendments Act, the FDA is developing regulations for the use of
unique device identifiers (UDIs) to be used with electronic healthcare systems. 33 A public
meeting was held in September 2011 to receive feedback and input on the incorporation of UDIs
in healthcare systems. 34 According to Dr. Thomas Gross, the acting director of the Office of
Surveillance and Biometrics at CDRH, UDIs can aid in the surveillance of medical devices as
well as link multiple sources of data to improve post-marketing challenges. 35 UDIs will also be
helpful in EHRs through the documentation of specific device use in EHRs. Detailed
documentation is important when surveillance or adverse event reporting needs to identify the
device of interest in a timely manner. 36
The Sentinel Initiative
The 2007 FDA Amendments Act also required the FDA to use electronic healthcare data to
create a surveillance system for drugs. Consequently, the FDA introduced the Sentinel Initiative
in 2008, creating a new program to actively track all products regulated by the FDA. The
owners of the devices will manage their data and submit summaries of their data to the FDA.
The products will be actively monitored in real-time 37 and the implementation of UDIs has the
potential to aid in this active surveillance. 38 The FDA is still in the process of creating this
surveillance program and is seeking participation and comments from stakeholders. Webinars
and public meetings have been held and ongoing projects are being analyzed to investigate issues
related to this new program. 39
Informatics and Computational Safety Analysis Staff (ICSAS)
Informatics and Computational Safety Analysis Staff (ICSAS), a section of CDER’s Office of
Pharmaceutical Science, is dedicated to researching current and innovative regulatory
procedures. ICSAS is involved in the creation and improvement of drug development analysis
10
© 2011 Institute for e-Health Policy
databases. This division has helped reduce the need for preclinical animal testing and has
facilitated the drug review process through its databases and other tools. Screening programs
that identify potentially toxic or adverse compounds have been created and used by
pharmaceutical companies, minimizing the time and money spent on the research of
unsuccessful compounds. 40
Future Involvement of FDA with Health IT
Each of the nine offices and centers that comprise the FDA works to ensure the safety of the
public while also promoting the development of innovative medical products. The FDA is
currently involved in the regulation of several health IT products. Additional guidance and
regulations for health IT products may be developed as new technology is created and
implemented in the healthcare field. The proposed changes to the medical device pre-market
programs may also affect how some health IT devices are regulated and introduced to the
market. Communication between the FDA and medical product manufacturers is essential in
ensuring proper regulations are followed as well as receiving assistance from programs such as
the Sentinel Initiative and ICSAS. Healthcare professionals should remain up to date on the
rules and regulations for the medical products that they use.
Erin Fields is a graduate student at The George Washington University in Washington, DC
where she is completing a master’s degree in Health Sciences with a focus on Regulatory Affairs.
In 2011, she can be reached at [email protected]. Otherwise contact HIMSS at
[email protected].
1
Food and Drug Administration. Available at
www.fda.gov/RegulatoryInformation/Legislation/FederalFoodDrugandCosmeticActFDCAct/default.htm. Accessed
September 23, 2011.
2
Food and Drug Administration. Available at
www.fda.gov/RegulatoryInformation/Legislation/FederalFoodDrugandCosmeticActFDCAct/SignificantAmendment
stotheFDCAct/default.htm. Accessed September 23, 2011.
3
Food and Drug Administration. Available at www.fda.gov/AboutFDA/Transparency/Basics/ucm194877.htm.
Accessed September 23, 2011.
4
Pisano D, Mantus D. FDA Regulatory Affairs. New York: Informa Healthcare; 2008.
11
© 2011 Institute for e-Health Policy
5
Food and Drug Administration. Available at
www.fda.gov/RegulatoryInformation/Dockets/Comments/default.htm. Accessed September 26, 2011.
6
Food and Drug Administration. Available at www.fda.gov/AboutFDA/CentersOffices/. Accessed September 26,
2011.
7
Food and Drug Administration. Available at
http://www.fda.gov/downloads/AboutFDA/CentersOffices/OrganizationCharts/UCM274027.pdf. Accessed
November 7, 2011.
8
Food and Drug Administration. Available at
www.fda.gov/MedicalDevices/DeviceRegulationandGuidance/Overview/ClassifyYourDevice/default.htm.
Accessed September 23, 2011.
9
Pisano D, Mantus D. FDA Regulatory Affairs. New York: Informa Healthcare; 2008.
10
Food and Drug Administration. Available at
www.fda.gov/MedicalDevices/DeviceRegulationandGuidance/Overview/GeneralandSpecialControls/default.htm.
Accessed October 19, 2011.
11
Food and Drug Administration. Available at
www.fda.gov/MedicalDevices/DeviceRegulationandGuidance/Overview/GeneralandSpecialControls/default.htm.
Accessed October 19, 2011.
12
Pisano D, Mantus D. FDA Regulatory Affairs. New York: Informa Healthcare; 2008.
13
Food and Drug Administration, available at
www.fda.gov/MedicalDevices/DeviceRegulationandGuidance/HowtoMarketYourDevice/PremarketSubmissions/Pr
emarketNotification510k/default.htm. Accessed September 23, 2011.
14
IOM Public Meeting, September 16, 2011
15
Food and Drug Administration. Available at
www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfpcd/classification.cfm?ID=928. Accessed September 23, 2011.
16
Pisano D, Mantus D. FDA Regulatory Affairs. New York: Informa Healthcare; 2008.
17
Food and Drug Administration. Available at
www.fda.gov/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/ucm072517.htm. Accessed
September 23, 2011.
18
Brown LS, Bright RA, Tavris DR. Medical Device Epidemiology and Surveillance. New York: John Wiley &
Sons; 2007.
19
Pisano D, Mantus D. FDA Regulatory Affairs. New York: Informa Healthcare; 2008.
20
Pisano D, Mantus D. FDA Regulatory Affairs. New York: Informa Healthcare; 2008.
21
Food and Drug Administration. Available at
www.fda.gov/MedicalDevices/DeviceRegulationandGuidance/PostmarketRequirements/QualitySystemsRegulations
/MedicalDeviceQualitySystemsManual/ucm122391.htm. Accessed September 23, 2011.
22
Food and Drug Administration. Available at http://edocket.access.gpo.gov/2011/pdf/2011-3321.pdf. Accessed
September 26, 2011.
23
Food and Drug Administration. Available at
www.fda.gov/MedicalDevices/ProductsandMedicalProcedures/GeneralHospitalDevicesandSupplies/MedicalDevice
DataSystems/ucm251906.htm. Accessed September 26, 2011.
24
HIMSS. Health IT Standards Committee Clinical Operations Workgroup: Medical Device Interoperability
Hearing Summary. Available at www.himss.org/policy/d/20110401_medicaldevicehearing.pdf. March 28 2011.
Accessed September 26, 2011.
25
HIMSS. HHS EHR Patient Safety Regulation: Summary of FDA Activities to Date. August 25, 2010.
26
HIMSS. HHS EHR Patient Safety Regulation: Summary of FDA Activities to Date. August 25, 2010.
27
HIMSS. Institute of Medicine Committee on Health IT and Patient Safety. Available at
www.himss.org/policy/d/20101214_IOM_CommitteePatientSafetyHealth.pdf. December 14, 2010. Accessed
September 25, 2011.
28
IOM. Health IT and Patient Safety: Building Safer Systems for Better Care. Available at
http://www.iom.edu/~/media/Files/Report%20Files/2011/Health-IT/healthITbrief.pdf November 2011. Accessed
November 9, 2011.
29
F. Mostashari (personal communication, November 9, 2011).
12
© 2011 Institute for e-Health Policy
30
HIMSS. Institute of Medicine Committee on Health IT and Patient Safety. Available at
www.himss.org/policy/d/20101214_IOM_CommitteePatientSafetyHealth.pdf. December 14, 2010. Accessed
September 25, 2011.
31
Food and Drug Administration. Available at
www.fda.gov/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/ucm263280.htm. Accessed
September 23, 2011.
32
Food and Drug Administration. Available at http://www.fda.gov/RadiationEmittingProducts/RadiationSafety/ElectromagneticCompatibilityEMC/ucm116647.htm. Accessed September 23,
2011.
33
Food and Drug Administration. Available at
www.fda.gov/MedicalDevices/DeviceRegulationandGuidance/UniqueDeviceIdentification/default.htm. Accessed
September 23, 2011.
34
Food and Drug Administration. Available at
www.fda.gov/MedicalDevices/NewsEvents/WorkshopsConferences/ucm263947.htm. Accessed September 23,
2011.
35
Gross, T. Available at
www.fda.gov/downloads/MedicalDevices/NewsEvents/WorkshopsConferences/UCM272060.pdf. Accessed
September 26, 2011.
36
Food and Drug Administration. Available at
www.fda.gov/downloads/MedicalDevices/NewsEvents/WorkshopsConferences/UCM272061.pdf. Accessed
September 26, 2011.
37
Food and Drug Administration. Available at www.fda.gov/Safety/FDAsSentinelInitiative/ucm2007250.htm.
Accessed September 26, 2011.
38
Gross, T. Available at
www.fda.gov/downloads/MedicalDevices/NewsEvents/WorkshopsConferences/UCM272060.pdf. Accessed
September 26, 2011.
39
Food and Drug Administration. www.fda.gov/Safety/FDAsSentinelInitiative/ucm2007250.htm. Accessed
September 26, 2011.
40
Food and Drug Administration. Available at www.fda.gov/AboutFDA/CentersOffices/CDER/ucm092125.htm.
Accessed September 26, 2011.
13
© 2011 Institute for e-Health Policy