Monday, May 23, 2011

Medical Device Data Systems

In February, the FDA issued an important rule on Medical Device Data Systems (MDDSs), categorizing them as subject to FDA Class I general controls.

What is an MDDSs?
MDDSs are data systems that transfer, store, convert according to preset specifications, or display medical device data without controlling or altering the function or parameters of any connected medical device—that is, any other device with which the MDDS shares data or from which the MDDS receives data.

What are FDA Device categories?
The Federal Food, Drug, and Cosmetic Act (the FD&C Act) (21 U.S.C. 301 et seq.) establishes a comprehensive system for the regulation of medical devices intended for human use. Section 513 of the FD&C Act (21 U.S.C. 360c) establishes three categories (classes) of devices, depending on the regulatory controls needed to provide reasonable assurance of safety and effectiveness. The three categories of devices are class I (general controls), class II (special controls), and class III (premarket approval). General controls include requirements for registration, listing, adverse event reporting, and good manufacturing practice (quality system requirements) (21 U.S.C. 360c(a)(1)(A)). Special controls are controls that, in addition to general controls, are applicable to a class II device to help provide reasonable assurance of that device’s safety and effectiveness (21 U.S.C. 360c(a)(1)(B)).

A member of the legal community wrote me:

"John:  I have been getting up to speed on the recent FDA rule governing Medical Device Data Systems.  This rule would appear to regulate the development of  interfaces between medical devices and hospital information systems.  Have you or anyone on your team looked at this issue? "

I consulted one of the leading HIT vendors, which responded

"John: We have indeed studied the MDDS rule and after much deliberation, it does appear that vendor or healthcare organization developed black boxes or interfaces which store or transport data from a medical device to another database for use in clinical decision making, fall into the category of MDDS. (The EHR itself does is NOT fall into this designation).

We are preparing to register with FDA a series of interfaces such
as the following:

Lab Instrument results interface
Radiology/Cardiology PACS interfaces
Hemodynamic monitor interface
Dynamap interface
etc

The good news is that there are no 510K filings required but you do need to show that you follow Quality Management System protocols, such as ISO. We recently got ISO 9001:2008 certified in anticipation  of more and more FDA regulations coming our way."

The regulation does include a review of the scope of the MDDS definition and notes CPOE and e-Prescribing are not MDDSs.   However, the regulation should be studied by vendors and hospitals who build systems to identify the applications and modules that require registration with the FDA, adverse event reporting and possible organizational ISO 9001 certification as evidence of quality management.

The regulation strikes an interesting balance - how to encourage innovation while also requiring accountability for errors that result from software or hardware defects.

Definitely worth a read to ensure you are compliant!

4 comments:

Deborah Leyva, RN, BSN said...

As usual John, you provide an excellent overview of the state of MDDSs. Earlier this month, I heard an excellent presentation by a HIMSS Colleague at a conference in Seattle on MDDS and FDA filings. One key idea for the integration of MDDS systems is the ability to transform device data to HL7 as input to the EMR. As Clinical Solutions Executive for Nuvon, Inc. I am always looking for opportunities to eliminate or mitigate inefficient processes.

As a nurse, knowing that my workflow can be improved by: 1) eliminating error-prone transcription of device data to the EMR, and 2) providing higher levels of patient care and safety with operational medical device systems that notify IT and Biomed of downward trends toward inoperable states.

OK, I realize that is a mouthful, but the bottom line is that other industries have exploited technology to eliminate inefficient processes, now healthcare has that same opportunity. Read more here.

drscarlat said...

John,

When connecting hemodynamic monitors to EHR / EMR or any other computer systems one has to pay attention to the danger of microshock.
If a computer (such an EMR in an Operating Room or Intensive Care Unit) is connected to monitors that have an invasive component – such as CVP, Swan Ganz or Intra Arterial pressure monitors – and the equipment is not well grounded – less than 10 microAmpere may initiate VF. Patient’s life is in danger at a much lower electrical current leakage, than regular electrical shock thru the skin. This current is also below the threshold humans may feel. The issue results from the catheter(s) being inside a blood vessel and providing an excellent conducting medium – salty blood – directly to the heart. What makes the above situation even nastier – is the difficulty in making the right diagnosis, of a patient suddenly developing arrhythmias while being under anesthesia / critical care. A tentative solution may be the use of optical couplers between the hemodynamic monitor and the computer housing the EMR.

John Moehrke said...

I think you should look into IEC 80001. It is a standard that expresses the importance of carefully managing the risks of connecting a Medical Device to a network. These risks are inclusive of Safety (the normal Medical Device focus), but also risks to effectivity and Security.

http://healthcaresecprivacy.blogspot.com/2010/11/iec-80001-risk-assessment-to-be-used.html

Medical Quack said...

I posted on this item too just before the April 18th date became effective. I think this slipped by a few folks too as it was not highly publicized for some reason.

If nothing else with registering the FDA is going to have a real good idea about how much mobile technology is moving around out there and who knows it could be a real eye opener on their end too:)

After seeing your list and from what I read on the Class 1 it pretty much pertains to any device sending data to a medical record system and not impacting any direct health situation for the patient. I just have a funny premonition on this that after more new technologies develop, it might get a little more complicated:)