Worldwide: Virtual And Digital Health Digest

Welcome to the next installment of Arnold & Porter's Virtual and Digital Health Digest. This edition primarily covers March 2023 highlights across the virtual and digital health space. This digest focuses on key virtual and digital health and telehealth-related developments in the United States, United Kingdom, and European Union in the healthcare, policy, regulatory, and privacy spaces.

US News

FDA REGULATORY UPDATES

FDA Issues Draft Guidance on Marketing Submission Recommendations for a Predetermined Change Control Plan (PCCP) for AI/ML-enabled Device Software Functions. On April 3, 2023, FDA issued draft guidance titled "Marketing Submission Recommendations for a Predetermined Change Control Plan for AI/ML-enabled Device Software Functions" (PCCP Draft Guidance). The guidance, which applies to devices that are or include machine learning-enabled device software functions (ML-DSF), proposes what FDA describes as a least burdensome approach to support iterative improvement through modifications to such devices while continuing to provide a reasonable assurance of device safety and effectiveness. As further detailed in a 2019 discussion paper and 2021 work plan, one element of FDA's proposed approach to regulation of AI/ML-enabled devices is inclusion of predetermined change control plans (PCCPs) in premarket submissions. Although there are a few examples of AI/ML devices that FDA has cleared with PCCPs, the agency when issuing the work plan indicated that it may need additional statutory authorities to fully implement its proposed approach to AI/ML devices. The new PCCP Draft Guidance aligns with recent legislative changes providing FDA statutory authority relating to authorizing devices with PCCPs. As further detailed in the January 2023 issue of our Digital & Virtual Health Digest, as part of the recently enacted Food and Drug Omnibus Reform Act (FDORA), Congress gave FDA authority to approve a PCCP submitted in a premarket approval application (PMA) or 510(k) premarket notification (510K), provided the device remains safe and effective without the change and, in the case of a 510(k) device, remains substantially equivalent to the predicate. FDORA also expressly provides that a PMA supplement or new 510(k) premarket notification shall not be required for a change to an approved or cleared device if the change is consistent with an approved or cleared predetermined change control plan.

The newly issued PCCP Draft Guidance provides recommendations on the information to include in such a PCCP in a marketing submission for a MLDSF. For purposes of the guidance, the term "PCCP" refers to a plan that includes device modifications that would otherwise require a premarket approval supplement, de novo submission, or a new premarket notification. As proposed in the draft guidance, a PCCP describes the anticipated MLDSF modifications and the associated methodology to implement those modifications, which would be reviewed in the marketing submission to ensure continued safety and effectiveness of the device without necessitating additional marketing submissions for each modification described in the PCCP. The draft guidance outlines the components of a PCCP, including a detailed description of modifications, a modification protocol, and an impact assessment. Notably, the draft guidance explains that modifications to an authorized PCCP will generally constitute changes to the ML-DSF that require a new marketing submission for the device, which will include the modified PCCP. FDA encourages manufacturers to leverage the Q-Submission process for obtaining FDA feedback on a proposed PCCP prior to submitting a marketing submission.

Comments on the PCCP Draft Guidance are due by July 3, 2023.

FDA Issues Guidance on Timeline for Implementation of FDORA Medical Device Cybersecurity Information Submission Requirements. On March 30, 2023, FDA issued guidance entitled "Cybersecurity in Medical Devices: Refuse to Accept Policy for Cyber Devices and Related Systems Under Section 524B of the FD&C Act" (Cybersecurity RTA Guidance). This guidance relates to the new cybersecurity requirements established by FDORA, as codified in new section 524B of the Federal Food, Drug, and Cosmetic Act (FDCA). Section 524B requires the inclusion of cybersecurity information in premarket applications for "cyber devices" and makes failure to comply with the new cybersecurity requirements a prohibited act under the FDCA. The term "cyber device" is defined to mean a device that (1) includes software validated, installed, or authorized by the sponsor as a device or in a device; (2) has the ability to connect to the internet; and (3) contains any such technological characteristics validated, installed, or authorized by the sponsor that could be vulnerable to cybersecurity threats. In summary, under section 524B, sponsors of cyber devices must provide a plan to monitor, identify, and address any post-market cybersecurity vulnerabilities; establish and maintain procedures to ensure the device and related systems are cybersecure; provide a software bill of materials; and fulfill any other requirements FDA may develop to ensure the device and related systems are cybersecure. FDA may exempt certain devices or categories of devices from these cybersecurity requirements.

Although FDORA had an effective date of March 29, 2023, the Cybersecurity RTA Guidance explains that for premarket submissions for cyber devices submitted before October 1, 2023, FDA generally does not intend to issue "refuse to accept" (RTA) decisions based solely on information required by section 524B. Rather, FDA "intends to work collaboratively with sponsors of such premarket submissions as part of the interactive and/or deficiency review process." For cyber device premarket submissions submitted beginning October 1, 2023, however, FDA may refuse to accept the submission if the cybersecurity information required under section 524B is not included. FDA expects that by October 1, sponsors of cyber devices will have had sufficient time to prepare premarket submissions that contain the information required by section 524B.

Additional information about other FDA reforms included in FDORA can be found in the Arnold & Porter FDORA Advisory.

FDA Releases Framework for the Use of Digital Health Technologies (DHTs) In Drug and Biological Product Development. On March 23, 2023, FDA released a document outlining its "Framework for the Use of DHTs in Drug and Biological Product Development" (DHT Framework), meant to guide the use of DHT-derived data in regulatory decision-making for drugs. FDA developed the DHT Framework to advance a Prescription Drug User Fee Act VII (PDUFA VII) commitment. The DHT Framework defines DHTs as "systems that use computing platforms, connectivity, software, and/or sensors for health care and related uses." DHTs include technologies intended for use as a medical product, in a medical product, or as an adjunct to other medical products (devices, drugs, and biologics), and may also be used to develop or study medical products. As noted in the DHT Framework, there is a large spectrum of DHTs available for potential use to support drug development and review, some of which meet the definition of a device under the FDCA and others that do not. DHTs, as described in the DHT Framework, often consist of sensor hardware that allows for continuous or intermittent recording of physiological and/or behavioral data (e.g., blood pressure, physical activity, glucose levels) and can also be software applications that are run on general-purpose computing platforms (e.g., mobile phone, tablet, or smart watch). DHTs may, for example, be used to administer electronic clinical outcome assessments, including electronic patient reported outcome and electronic performance outcome instruments.

The DHT Framework outlines a multifaceted approach to collaboratively address potential challenges with DHTs. Elements of the DHT Framework include: (1) creating a steering committee to ensure consistent policy across FDA regarding the use of DHT-derived data in regulatory decision-making for drugs; (2) holding public meetings or workshops with key stakeholders to gather input into issues related to the use of DHTs in regulatory decisionmaking; (3) identifying demonstration projects to inform methodologies for efficient DHT evaluation; (4) issuing guidance documents on the use of DHTs in drug clinical trials; (5) publishing guidance on regulatory considerations for prescription drug use-related software; (6) enhancing consistency across FDA centers with regards to the development, use, and review of DHTs and associated endpoints; and (7) enhancing IP capabilities to support the review of DHT-generated data.

FDA Issues Updated Draft Guidance on Electronic Systems, Records, and Signatures in Clinical Investigations. On March 16, 2023, FDA issued an updated draft guidance entitled "Electronic Systems, Electronic Records, and Electronic Signatures in Clinical Investigations" (Part 11 Draft Guidance). The Part 11 Draft Guidance provides information for sponsors, clinical investigators, IRBs, clinical research organizations, and others on the use of electronic systems, records, and signatures in clinical investigations of foods, medical products, tobacco products, and new animal drugs. As described by FDA, the goals of the draft guidance are to: (1) update recommendations for applying and implementing data integrity and data security controls, including the use of audit trails and the protection of records in the current environment of electronic systems used in clinical investigations; (2) provide additional recommendations on the risk-based approach to validation of electronic systems described in the August 2003 Part 11 guidance; and (3) facilitate the use of electronic systems, electronic records, and electronic signatures to improve the quality and efficiency of clinical investigations. The new draft guidance focuses on recommendations regarding the Part 11 requirements under which FDA considers electronic systems, records, and signatures to be trustworthy, reliable, and generally equivalent to paper records and handwritten signatures executed on paper.

As it relates to digital health technologies specifically, the new Part 11 Draft Guidance includes recommendations on the use of DHTs to remotely acquire data in clinical investigations. The recommendations include how to identify the data originator when using DHTs to capture data from participants, how data attribution should be ensured, considerations for the initial transfer of data from a DHT to a durable electronic data repository, and DHT-collected data FDA intends to inspect during an inspection. The new Part 11 Draft Guidance revises the 2017 draft guidance entitled "Use of Electronic Records and Electronic Signatures in Clinical Investigations Under 21 CFR Part 11 — Questions and Answers" and, when finalized, will supersede the 2007 guidance entitled "Computerized Systems Used in Clinical Investigations."

Comments on the Part 11 Draft Guidance are due by May 15, 2023.

Click here to continue reading . . .

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.