top of page

Author: Alex Chang

I applaud FDA for being forward thinking in their intentions to update their traditional regulatory process in their efforts to be more aligned with the 21stCentury. The precertification pilot program for Digital Health products is a move towards the right direction, but I have some reservations.

Back in 2017, FDA took a chance with 23andMe direct-to-consumer’s genetic health risk (GHR) tests and created a framework that allowed 23andMe to bypass premarket notifications for individual GHR tests once they receive approval for their one-time submission. The company was exempt from premarket notification on future genetic tests provided that they maintain a “Quality of Excellence” and follow certain post-market commitments. This milestone helped to shift FDA’s thinking on how they plan to regulate In Vitro Clinical Test (IVCT) as stated in the proposed 2018 VALID Act. This proposal includes a precertification process for IVCT which shared some similarities with the program for digital health products. But more about the VALID Act at another day.

The Precertification Pilot Program for Digital Health Products is a way for FDA to respond to the growing number of digital health products and digital medicine that’s rapidly becoming a critical sector of our health care system. The idea of this program is for FDA to precertify manufacturers of digital health products based on their software design, validation and their post-market commitments. Instead of approving (or clearing) digital health products in a “product-by-product” basis, FDA is putting their trust on the manufacturer’s “culture of quality and organizational excellence.”

What is old is now new. The Clinical Laboratories under CLIA have something similar where CMS would certify the labs and permit them to provide services on non-FDA approved products, such as Lab-developed Tests (LDTs) provided that the lab has trained personnel and that they too demonstrate a “culture of operational excellence.” But we know how the public feels about LDTs and companies like Theranos didn’t do the labs any favors.

If the precertification program becomes the norm, I hope that FDA allows the program to be given the flexibility to adapt to the changes of technology. This pre-cert program may work for today’s digital health products, but we cannot predict how digital health products will evolve in the future, especially with the growth of artificial intelligence and machine learning.

My concern is really about tech giants like Apple, Verily and Fitbit entering into the health industry. While there are brilliant scientists, engineers and programmers in these tech companies, they are still relatively new in understanding the rigorous undertaking in developing a medical product in a health-care environment. I would implore that these tech companies who are new to the health industry to invest heavily on sourcing personnel who are well-versed in navigating the regulatory hurdles.

The precertification pilot program is a gift to companies to reduce the regulatory burden of product submissions to deal with the rapidly evolving changes in technology. I just hope that it’s not a message to manufacturers that FDA is relaxing the regulatory requirements and that regulatory submissions aren’t required for precertified companies. In fact, FDA intends to develop a risk-based framework to aid in the determination on whether a submission is required based on (1) the company’s precertification level and (2) the risk categorization of their products based on the IMDRF risk categorization.

Regardless of whether to submit or not, I hold a long belief that regardless on whether the product needs to be submitted to the agency or not, product development should follow good engineering practices and that they follow the traditional Design Controls process.

Five key points about the Precertification Pilot Program (per FDA’s website):

1. The program consists of nine companies and is limited to manufacturers of software as a medical device (SaMD). At least for now.

2. Manufacturers in this pilot program are to follow the Total Product Lifecycle Approach of the Software Precertification Program.

3. The five principles that FDA is interested in when determining a company’s operation of excellence are: patient safety, product quality, clinical responsibility, cybersecurity responsibility and proactive culture. In addition to the five principles above, FDA also want to see if the company has demonstrated a track record in delivering a safe and effective software product.

4. Review determination will be based on the company’s precertification level and the risk categorization of the product.

5. There is a focus in using real world evidence to provide insight on user’s experience, software performance data and clinical outcomes.

If you are interested in learning more about FDA's working model (version 1) of the Precertification program, please go to:

42 views0 comments

Author: Alex Chang

During the Precision Medicine meeting, hosted by FDLI and Genentech, key panel speakers shared their perspectives on how recent innovative technology will be impacting healthcare. The speakers were Michael Blum, Karen Corallo, Joseph Fireman, Kai Peters and Katja Schulze.

It's still a young and growing field populated by buzz words such as Artificial Intelligence and Machine Learning. If we dial it back a bit, it's the utilization of current data analytics technology into the health industry. If Artificial Intelligence scares you, don't worry. I don't think that it's any time soon that we replace our doctors with robots.

After hearing from the panelists, the concerns we have were: the ethical issues with data privacy and with cybersecurity. What was news to me until this meeting was the National Institute of Health's All-of-Us Initiative. This initiative is an effort to gather data from no fewer than one million people, taking into account their biology, lifestyle and environment, to further scientific advancement in precision medicine. This raises legal and ethical issues as it pertains to informed consent and the ownership of your data. Data privacy regulations such as the EU General Data Protection Regulations (GDPR) and the California Consumer Privacy Act is the step towards the right direction in safeguarding one's privacy. I envision that there will just be additional methods to de-identify patient data such that the patient identity and privacy will be protected. Even though Big Data is new to the healthcare industry, the protection of patient health information isn't.

Some other discussion was the possibility of having a government-funded organization to function as a central repository to handle all the data mining tasks and making the data readily available to the public. Tasks such as collecting, cleaning, identifying and verifying data are costly but the growing concern is that with the absence of a centralized repository, one will question the consistency and veracity of the data. There's no arguing that there's a lot of data out there. The challenge is analyzing and choosing only the meaningful data for your data analysis.

This meeting was only an hour and it really piqued my interest. I'm interested in learning more from tomorrow's meeting on Digital Health.

39 views0 comments

Digital health, including mobile apps, machine learning, artificial intelligence and wearables, are in the mainstream and the health-regulated industry is adapting to integrate these technological advances into medical devices and drugs. The Food Drug and Law Institute is hosting a 2-day event in the Bay Area with guest speakers from FDA and industry in discussing the regulatory pathway of digital health and FDA's recent initiatives in adapting this technology through the 21st Century Cures Act, 510(k) reform, the Office of Combination Products, and the Software Precertification Pilot Program (Pre-Cert).

I will be attending the event. Please say hi. Details of the event is as follows:

26 views0 comments
bottom of page