The following blog article is drawn from the upcoming book
Cloud Computing Deskbook, which is set to be
released by Thomson Reuters West next summer. Cloud
Computing Deskbook covers the legal and regulatory aspects
of cloud computing, including those related to regulation by U.S.
Food and Drug Administration. Please contact the author with any
questions related to FDA regulation of cloud computing and software
Cloud computing involves the delivery of computing as a service
rather than a product. In a cloud computing solution, shared
resources, software, and information are provided much like a
utility, over a network to computers and other devices. Cloud
computing has been embraced by the medical industry, and is used as
a vital technology in electronic medical record systems and
telemedicine solutions, among other products.
The U.S. Food and Drug Administration ("FDA"), which
regulates the vast majority of medical products sold in the U.S.,
generally applies its existing regulatory scheme when facing new
technologies like cloud computing. This is typified by FDA's
approach to nanotechnology that was developed in the last
Cloud computing presents several challenges to FDA's
application of its existing regulatory scheme. For one, FDA, as a
regulatory agency, has responsibility over medical products shipped
in interstate commerce (specifically drugs, medical devices, and
biologics), but lacks authority over the services provided by
healthcare practitioners (i.e. "the practice of
medicine"). Cloud computing involves the delivery of computing
as a service rather than as a product, which complicates the
analysis of how a cloud computing solution would be regulated by
The second challenge for FDA is the increased complexity of
cloud computing software solutions. Medical device software has
traditionally been very conservative in that it is generally
installed on only one platform, with the hardware and operating
system parameters "locked down" to limit compatibility
issues. Further, communication is generally limited to interactions
between a device and the computer system. In a cloud computing
system, one or more cloud client software programs communicate with
the cloud server software, and all of these software programs may
be deployed on various hardware and operating systems. In fact, the
strength of the cloud model is this ability to interact with the
cloud server through a broad array of hardware and operating system
The third challenge to FDA's existing regulatory scheme is
in security. Medical information is scrupulously protected by the
Health Insurance Portability and Accountability Act of 1996
("HIPAA"), numerous state laws, and physician ethical
standards. As with financial information, medical information has
great value. In a cloud computing software solution, this highly
valuable and private medical information is often transmitted
wirelessly and through the Internet, exposing it to potential
theft. Further, the diffuse nature of cloud computing solutions and
the ability to consolidate medical information from thousands of
individuals in a single location poses significant liability risk
from the loss of a single laptop or USB drive.
FDA does not currently have any specific regulations applicable
to cloud computing. Further, FDA's regulations applicable to
computerized systems (21 C.F.R. Part 11) is currently being
enforced only in a very limited manner. Despite this, FDA's
existing regulatory scheme has been applied to products and
regulated processes that incorporate cloud computing services.
Recent guidance has addressed gaps in the existing regulatory
scheme, including FDA's draft guidance on mobile medical
Given the complexity with using cloud computing services in FDA
regulated medical products, it is critical to carefully consider
the regulatory impact of incorporating such services. Sheppard
Mullin has expertise in the legal and regulatory issues surrounding
cloud based services, including when using cloud computing in FDA
regulated products and activities. Sheppard Mullin's FDA
practice has experience providing companies with advice on cloud
computing issues, including counseling medical device software
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
My New Year's resolutions will likely be broken early and often in 2016. My consequences are mostly nonmonetary: a few more pounds, a little less savings, and not winning the triathlon in my age group.
Employers with more than 50 employees are usually aware that the Family Medical Leave Act (FMLA) may apply to their business and their workers. That law, which provides for protected leave for employees in certain situations and various amounts, can sound simple but is very complex in its details.
For the second time in less than a year, the U.S. Department of Justice (DOJ) has filed an antitrust complaint against hospital systems that agreed to not advertise on billboards or in print in each other's home county.
Arguing that the current state of the law weakens the patent system and poses a danger to life science innovators, biotechnology company, Sequenom, Inc., has filed a writ of certiorari with the U.S. Supreme Court, asking the Court to provide clarification regarding the limits of 35 U.S.C. § 101 as it relates to patent eligibility of diagnostic tests.