By Nancy Bradish Myers, Catalyst Healthcare Consulting, Inc.
CDRH’s Software Precertification Program And Where It May Lead Us
A watch that monitors cardiac health and tells you to take a moment and breathe. A psychiatric pill embedded with a sensor to track medication adherence and other vital signs. The wave of digital health is barreling toward White Oak, and FDA is donning its wetsuit and grabbing a surfboard in preparation.
Among the more interesting approaches that FDA’s Center for Devices and Radiological Health (CDRH) is taking is the development of its Software Precertification (Pre-Cert) Pilot Program, which will use a “firm-based” approach — rather than the traditional product-based approach — to regulate digital health products. CDRH currently is soliciting public comments on this Pre-Cert program; thus far, the agency has received 41 formal comments to the docket.
The docket will remain open through end of June and will supplement the feedback CDRH received during its recent workshop on the Pre-Cert program. This was a highly interactive meeting where input was solicited in ways that broke from FDA workshop traditions, and I believe it signals a significant change in thinking that is worth highlighting.
CDRH already has tried to clarify when it would use enforcement discretion on digital health products. For example, in December, as part of its Digital Health Innovation Action Plan, the agency issued three new guidance documents on digital health in an effort to clarify policies related to: decision support software; software products, such as mobile medical apps; and international harmonization efforts for software as a medical device.
However, this Pre-Cert pilot moves away from FDA’s long-held stance that it does not “approve companies,” as it crashes toward new thinking on how to regulate by reputation and continuous improvement loops, rather than reviewing each and every low-risk product. Might there be a way to replicate this type of thinking, focused on giving regulatory relief to a company with high-quality continuous improvement processes in manufacturing, for complex products or other platform-based biopharma products?
I am still being asked what exactly FDA is signaling through its recent moves in the digital health space, and what companies might expect from a firm-based precertification process. This article explores these questions and points to areas where further information from the agency is anticipated.
Modernizing FDA’s Digital Health Regulatory Pathway
The most recent workshop on digital health — or, more precisely, software as a medical device (SaMD) – comes on the heels of the agency’s Digital Health Innovation Action Plan, released last summer. Prompted by provisions in the 21st Century Cures Law, the plan maps out steps for modernizing CDRH’s 40-year-old regulatory framework for devices. Among its three main goals, the plan includes “Launching an innovative pilot precertification program to work with our customers to develop a new approach to digital health technology oversight (FDA Pre-Cert for Software).”
As FDA Commissioner Scott Gottlieb explained in an FDA Voice post in June, this program could allow low-risk software devices to be marketed without FDA premarket review, while higher-risk products could be marketed with a “streamlined” premarket review. Such an approach would allow digital health developers to continue innovating at a fast clip, and it would “create market incentives for greater investment in and growth of the digital health technology industry,” Gottlieb has said.
Three months after announcing the pilot, FDA selected nine digital health companies as participants. The agency visited each company to observe internal processes, and to begin developing a framework for measuring company excellence, focused on five FDA-generated principles:
Panelists from the participating firms discussed these site visits during the workshop, emphasizing FDA’s open, collaborative approach. For example: “We came in with a ‘quality system’ at top of mind,” explained Danelle Miller, VP of Global Regulatory Policy at Roche, but learned “the focus here is on organizational excellence — not just regulatory adherence.”
Jennifer Newberger, Senior Legal Counsel at Apple, said the visit “forced” Apple employees “to examine what we do” and “how to make it useful.” She said she is “hopeful” that the program will allow engineers to keep innovating without being stalled, since FDA is designing a regulatory framework that moves at “the pace at which software develops.” As CDRH Director Jeff Shuren said at the workshop, the new framework involves “designing the regulatory paradigm around the technology.”
Based on the experience of participating firms thus far, it’s clear that the FDA is not up to business as usual when it comes to digital health regulation, and it intends to move rapidly.
The Pre-Cert workshop was principally a call for stakeholder input, with the head of FDA’s Digital Health team, Bakul Patel, urging all digital health companies — not just the nine pilot firms — to “engage, engage, engage.” He emphasized that the Pre-Cert program is currently on its “very first step” – developing the “excellence” appraisal by which to score firms seeking precertification. By the end of 2018, CDRH will “build a minimal viable program to the entirety,” Patel said; however, to accomplish this, FDA needs “help and input.”
Gauging Excellence: “Trust But Verify”
“What makes a digital health firm excellent? And, how can we measure that?” These are the most pressing questions for CDRH’s digital health team.
In addition to the five excellence principles noted above, FDA will build the program around various related metrics, such as leadership engagement, strategic planning, customer satisfaction, and even societal impact. In addition, nontraditional corporate metrics that FDA has historically not examined — such as branding and financial resources — are on the table; however, based on stakeholder input at the workshop, such metrics may eventually be either scaled back or eliminated.
The ultimate goal for the excellence principles is to use them to let trusted developers move forward, thus enabling FDA to focus its resources on overseeing companies it perceives as higher-risk.
To strike the balance between facilitating innovation and ensuring appropriate oversight, FDA intends to create a process that is more stringent than the traditional 510(k) pathway, based on the “trust but verify” principle: After receiving initial FDA precertification, a company would not need to approach the agency every time an upgrade is made. However, to retain its precertification, a firm would have to continue to meet certain corporate, non-product-specific, standards. Patel said that, once certified, companies will likely undergo a “continuous model of evaluation” wherein FDA would “peek into” a firm to monitor performance.
From conversations with leaders at FDA, I expect that the agency will use an internal dashboard comprising a range of criteria, derived from the metrics discussed, to determine whether a company is a candidate for precertification. The agency also is garnering public advice for crafting a scorecard by which FDA — and firms themselves — could evaluate corporate excellence; refining the scorecard, for which a prototype already exists, was a top focus during the recent workshop.
The Wave Is Still Building
Overall, the actions FDA is taking demonstrate a willingness to step out of the agency’s usual regulatory approaches and move toward a more tailored approach to software regulation.
Although there are many different metrics under consideration for measuring a company's level of excellence, based on my experience, I think it is likely that some of those ideas will shake out. In the end, I expect to see a more pared-down set of criteria than what was discussed at the FDA workshop.
While FDA is starting to zero in on what it wants to see from software companies, there still are blank spaces that need to be filled in. For instance:
A chief concern for small firms is generating the resources necessary to conduct clinical trials. Thus, several individuals representing small companies at last month’s workshop argued that evidence expectations — as well as other corporate metrics — should differ according to company size.
As noted earlier, the requirements for precertification will likely be more stringent than for 510(k) applications; still, several individuals at the workshop recommended creating a self-evaluation that would allow companies to evaluate and, if appropriate, disqualify themselves from precertification before approaching FDA.
FDA is inviting companies, the public, and other interested groups to help them choose an appropriate board of reviewers. At this point it is not clear what criteria the board members will be evaluated on or what type of balance FDA will seek.We expect that FDA will build a board that establishes its credibility and not be overly weighted toward industry.
Looking out to the horizon, given the complexity and unique nature of the Pre-Cert pilot, FDA may experience some aggressive waves along the way. What they are proposing at this point represents very novel thinking and may fly in the face of traditionally established regulatory approaches. Ultimately, most expect the Pre-Cert program will allow serial software innovators to ride a more hands-off wave of digital health regulation by simplifying the regulatory path. Larger, more established companies that can afford to put in place additional measures to assure corporate excellence will likely be able to take advantage of the approach more easily than start-ups.
As Patel has indicated publicly, the first “viable product” may not be perfect, but this approach will allow FDA to “try it out” – referring to precertification – and “keep thinking.” I believe it will be in the best interest of digital health innovators to engage with FDA to help shape its approach moving forward. If you would like to provide insights that may help shape FDA’s approach, I encourage you to submit formal comments to the docket.
About The Author:
Nancy Bradish Myers, JD, president of Catalyst Healthcare Consulting, Inc., is a Washington, D.C.-based attorney with deep expertise in healthcare law and regulation, policy development, patient engagement, and government relations. Ms. Myers served as senior policy counsel in the Office of the FDA Commissioner, as well as special assistant/senior strategic advisor to the FDA acting deputy commissioner for operations. She has been closely involved in drug, biotechnology, and medtech regulatory issues for over 25 years. She currently advises clients on regulatory and health policy matters. You can reach Ms. Myers at firstname.lastname@example.org, or connect with her on LinkedIn