Guest Column | December 12, 2016

Insights On FDA: What We Can Learn From Two New U.S. Inspector General Reports

OIG HHS Logo

By Cynthia Schnedar, Greenleaf Health

The Office of Inspector General (OIG) for the U.S. Department of Health and Human Services (HHS) recently released two reports that contain nuggets of interest to those who are watching for trends in the medical device industry.

On Nov. 10, OIG released its Work Plan for 2017, followed on Nov. 17 by Top Management and Performances Challenges Facing HHS. These documents focus on all of HHS, but they both contain sections devoted to the Food and Drug Administration (FDA) and its regulation of the medical device industry. By taking a closer look at these sections, those outside the agency can gain a valuable insight into what OIG identifies as areas of risk for FDA. This article first explains the role of OIG in providing oversight of FDA, and then discusses what the medical device industry can learn from these OIG publications.

What Is An OIG?

The Inspector General (IG) Act of 1978, as amended, created the federal inspectors general as independent units charged with combating fraud, waste, and abuse, as well as promoting integrity and efficiencies within their respective agencies. While inspectors general share their findings with the head of the agency and with Congress, according to the IG Act, they are to remain as “independent and objective” units within an agency. Inspectors general carry out their mission through audits, investigations, and evaluations of their respective agencies. Thus, HHS OIG is an important and independent voice on the challenges facing FDA and what FDA should do to address those challenges.

What Is The Significance Of The Top Management And Performance Challenges Report?

The Reports Consolidation Act of 2000 requires each inspector general to prepare an annual report on the top management and performance challenges facing the agency it oversees, more commonly known as the Top Management Challenges report.

The 2016 report recently released by OIG identifies 10 management and performance challenges facing HHS, one of which falls directly within FDA’s purview — “ensuring the safety of food, drugs, and medical devices.” To address this challenge, OIG said that FDA must grapple with four “particularly high risk” areas: food safety, drug compounding, complex drug supply chain and improper marketing activities. Of those areas, only improper marketing activities contained language directed towards FDA’s regulation of medical devices.

OIG noted that improper marketing of drugs, biologics, and medical devices “can put patients at risk of receiving inappropriate or harmful care and lead to fraudulent claims for payment from Federal health care programs.” OIG recognized that FDA, in conjunction with its law enforcement partners, has worked to pursue enforcement actions against improperly marketed medical products, while also engaging in outreach efforts to warn consumers about the medical risks that come from importing unapproved medical products. OIG also noted that FDA, in conjunction with its international partners, is working to improve its border screening process, so that it will have enhanced oversight of imported medical products. OIG urged FDA to continue its efforts to protect federal health care programs and beneficiaries from these potentially dangerous products.

While it may appear to be good news for the medical device industry that it is not at the center of FDA’s high-risk focus areas, OIG stated that all of HHS faces the top management challenge presented by “health information technology and the meaningful and secure exchange and use of electronic information.” Moreover, OIG’s work plan for 2017 makes clear that OIG believes ensuring the cybersecurity of medical devices is a serious challenge that FDA must confront.

What Does The HHS OIG Work Plan Say About FDA?

HHS OIG has a tradition of releasing its work plan for the upcoming fiscal year. While inspectors general are statutorily required to issue a Top Management Challenges report, there is no similar requirement to release a public annual work plan for OIG in advance. Thus, not all federal inspectors general issue individual annual work plans, so the HHS OIG annual work plan is an important source of information not afforded to all agencies and to the regulated industries that follow those agencies.

OIG is charged with the oversight of more than 100 programs administered by HHS, and the amount of work conducted concerning various programs is determined by available funds and the purpose limitations in the funding appropriated to OIG. For example, approximately 78 percent of OIG’s funding in fiscal year 2016 was specifically directed toward oversight of the Medicare and Medicaid programs. Because OIG’s mission is so broad and its resources are limited, it must carefully pick and choose which programs merit its attention. In choosing what to audit or inspect, OIG said it assesses “relative risks in HHS programs and operations to identify those areas most in need of attention.” Not surprisingly, the reviews and inspections identified in the HHS OIG work plan that concern FDA often are designed to assess how well the agency is addressing the relevant challenges identified by OIG in its annual Top Management Challenges report.

In its most recent work plan, OIG announced that it anticipates issuing reports, during the 2017 fiscal year, on each of the following three topics related to the medical device industry:

  • FDA’s Review Of Networked Medical Device Cybersecurity During The Premarket Process — OIG noted that, as medical devices increasingly become part of a cyber network, the need for protection against cybersecurity threats becomes more critical, as these networked devices are vulnerable to both intentional and unintentional intrusions that could adversely affect the device’s functionality and safety. Thus, OIG announced it will examine FDA’s premarket review of the cybersecurity controls of networked devices. OIG intends to review FDA’s policies and interview its staff to analyze the agency’s approach to reviewing networked medical device cybersecurity during the premarket process.
  • FDA Response Planning For A Networked Medical Device Compromise — OIG also noted the growing threat to the security and privacy of personal health information, as well as the safety of patients, presented by networked medical devices. OIG stated that networked devices like dialysis machines, pacemakers, radiology systems, and medication dispensing systems receive and transmit highly personal information related to a patient’s medical status. Moreover, patients rely on these devices to accurately regulate bodily functions. Because the tasks performed are increasingly complex, the devices often are required to have a network connection, unable to operate as stand-alone devices. However, OIG recognized that connecting to a network increases cyberattack vulnerability, and plans to review FDA’s process for communicating and addressing, in a timely manner, networked medical devices whose cybersecurity has been compromised.
  • Review Of Prescription Drug User Fees — OIG noted that, under the terms of the prescription Drug User Fee Act (PDUFA), FDA is expected to use those fees to meet its goals for the timely review of human drug applications. OIG intends to review FDA policies, procedures, and financial records related to prescription drug user fees to determine whether the agency appropriately expended user fee collections and accurately computed user fee rates. While this review is aimed at  management of PDUFA fees, OIG may provide recommendations that will apply to FDA’s management of user fees across the agency, including Medical Device User Fee Act (MDUFA) fees.

What To Watch For

OIG intends to issue the three reviews described above during fiscal year 2017. Each of those reports will contain not only OIG’s findings, but also its recommendations on how FDA can address those findings, plus FDA’s response to the recommendations.

Thus, those anticipated reports should contain another valuable assessment of OIG-identified shortcomings at FDA, and a description of what actions FDA may take to address those shortcomings. In addition, OIG is careful to state that work planning is a dynamic process, and that it adjusts its work plan throughout the year to respond to emerging issues. Therefore, it is worth keeping an eye out for any additional reviews OIG may launch in 2017. Those newly launched reviews could be smoke signals for other emerging issues in FDA’s regulation of the medical device industry.

About The Author:

Cynthia Schnedar is executive VP of regulatory compliance at Greenleaf Health. She was formerly director of the Office of Compliance for FDA’s Center for Drug Evaluation and Research (CDER), where she led a staff of more than 300 doctors, scientists, manufacturing experts, pharmacologists, attorneys, and administrative staff. During her time at FDA, she spearheaded efforts to protect the American public from unsafe and ineffective drug products by ensuring that companies comply with federal standards for quality and safety. Among her many duties, Cynthia advised the FDA Commissioner, the CDER Director, and other senior FDA officials on significant enforcement issues.

Before joining FDA in 2014, Cynthia spent more than two decades at the Department of Justice (DOJ), where she specialized in compliance and enforcement issues. During her tenure there, she served as Acting Inspector General where she led a nationwide work force in providing oversight of DOJ. She earned a B.A. from the University of New Mexico and a J.D. from the University of Texas School of Law.