Medical devices have historically been less regulated than their drug and biologic counterparts. A benefit of this less demanding regulatory regime is facilitating innovation by making new devices available to consumers in a timely fashion. Nevertheless, there is increasing concern that this approach raises serious public health and safety concerns. The Institute of Medicine in 2011 published a critique of the American pathway allowing moderate-risk devices to be brought to the market through the less-rigorous 501(k) pathway,Footnote 1 flagging a need for increased postmarket review and surveillance. High-profile recalls of medical devices, such as vaginal mesh products, along with reports globally of nearly two million injuries and more than 80,000 deaths linked to faulty medical devices,Footnote 2 have raised public health critiques regarding the oversight of these products. Should we follow the recommendation of the Institute of Medicine to reduce the use of the 510(k) pathway, and, if so, what should replace it? What would an ideal regulatory pathway, reflecting the twin goals of innovation and patient protection, look like in the twenty-first century? These questions are complicated by new tools and mechanisms that can be used to achieve our goals. For example, in an era of big data, where we have the capabilities to better follow postmarket incidents, what should postmarket review look like?
Speaking of new tools, there is a digital revolution happening in the field of medical devices. Devices have traditionally been hardware, but are now increasingly hybrids of hardware and software, or even software as a medical device (SaMD). Of course, software is revised much more frequently than hardware, especially when it involves machine learning. To address the challenges of overseeing SaMDs, the Food and Drug Administration (FDA) launched the software precertification program in 2017. The FDA proposed a new framework to review ongoing artificial intelligence algorithm changes for device software,Footnote 3 using a total product lifecycle approach to regulate these algorithms, and recently began to implement this framework.Footnote 4 What does a robust regulatory regime for medical device software look like in the coming years?
Across the Atlantic, the European Union adopted new medical device regulationsFootnote 5 that have been somewhat delayed by the COVID-19 pandemic but will be implemented in the coming years. These regulations are meant to address safety and effectiveness concerns, including increasing postmarket surveillance and establishing an EU database on medical devices, as well as a response to some of the innovations that have occurred in the medical device field. These new regulations, coupled with the experiences of the FDA in the United States, suggest that medical device regulation overall faces some global challenges, including the correct balance between patient protection and avoiding stifling business and innovation, the changing nature of medical devices that are increasingly software-based, and the difficulties of postmarket surveillance. How might these concerns be expressed and successfully addressed in a variety of countries, each with a different medical device market?
This edited volume provides an overview of the challenges facing medical device regulation in the twenty-first century. The volume will explore the tension between facilitating innovation and access to devices while protecting patient safety. At times the volume will pay specific attention to key developments, such as the rise of software and data as medical devices, the need to modernize regulation to accommodate these new products, and the differences between the American and European approaches to medical device regulations. The reader will gain a sense of the current state of medical device regulation, but also a framework for developments, opportunities, and challenges on the horizon.
This book is divided into five parts. Part I, AI and Data as Medical Devices, introduced by W. Nicholson Price II, focuses on what is perhaps the most exciting and cutting-edge topic currently in medical device regulation. These chapters explore the digital health revolution, and the struggle of regulators to keep up with the changing landscape of medical products. Certainly, algorithms and data sets used in medical treatment can be thought of as medical products that can impact patient outcomes and lives just as significantly as physical devices and pharmaceuticals. But how should we regulate these less-tangible products?
Kerstin Vokinger, Thomas Hwang, and Aaron Kesselheim, in their chapter, “Lifecycle Regulation and Evaluation of Artificial Intelligence and Machine Learning-Based Medical Devices,” introduce the reader to the most significant difference between regulating classic devices and software: the challenge of plasticity in attempting to regulate constantly updating products. Virtually all AI-powered software will include updates, meaning that the product on the market may differ significantly from what regulators evaluated during the approval process. The authors first consider the approaches already taken by the FDA as well as European regulators. They then argue that regulators must pursue a complex strategy based on the lifecycle of AI-powered software. This strategy would ideally incorporate significant evidence for safety and effectiveness prior to market entry, preapproved “safe harbor” updates and changes that would require minimal regulatory oversight to implement, and a high level of transparency to empower patients and providers using these products.
Barbara Evans and Frank Pasquale, in their chapter, “Product Liability Suits for FDA-Regulated AI/ML Software,” consider the interplay between the American regulatory and litigation systems when it comes to AI-powered software. They illustrate to the reader that choices made by regulators may shape how these products are treated in liability suits. By the very act of regulating at least some software as a medical device and therefore a product, the FDA essentially resolves the light wave-particle duality of whether these algorithms are products or services. This is an important development because it opens the door to potential product liability and shapes how tort law may govern AI-powered software systems in the future. This chapter demonstrates to the reader that there are multiple paths to consumer protection when it comes to medical devices, and that these paths do not exist entirely independent of each other.
Craig Konnoth closes this section with his contribution, “Are Electronic Health Records Medical Devices?,” which focuses more specifically on electronic health records (EHR) rather than AI-powered software. Konnoth articulates why EHR systems are poorly suited for FDA regulation, focusing particularly on their wide-ranging use that connects a variety of different stakeholders in the health care system. As a result, he argues, the FDA should not serve as the sole regulatory agency to govern EHR systems. Instead, other agencies, such as the Office of the National Coordinator for Health Information Technology, could better guide the development, implementation, and marketing of these products. Konnoth’s chapter is interesting to read directly after the work by Evans and Pasquale, because in a way they reach the same conclusion: with novel technologies there are multiple ways to regulate that could and should be implemented.
Part II, The European Regulation of Medical Devices, introduced by Timo Minssen, takes the reader from the United States to the European Union. Beyond the obvious geographical shift in focus, this part introduces the reader to a regulatory regime that involves significant change in its approach to governing medical devices. In 2017, EU Regulation 2017/745 and EU Regulation 2017/746 significantly changed the regulatory framework for medical devices and in vitro diagnostic medical devices. While the COVID-19 pandemic has delayed the implementation of these new regulations, stakeholders in the European Union are facing significant changes in the governance of medical devices in the next few years, including incorporating new laws, guidance documents, policy papers, and other sub-regulatory materials. The authors of the chapters in Part II explore the choices made by EU regulators, which parallel at times but also diverge at times from the decisions made by their US counterparts. These chapters all focus on some aspect of digital health, making Part II very much the European counterpart to Part I. This focus should indicate to the reader the importance of incorporating digital health products into the medical device regulatory framework, as well as the complexities of doing so.
Elisabetta Biasin and Erik Kamenjasevic open Part II with their chapter, “Cybersecurity of Medical Devices: Regulatory Challenges in the European Union.” Biasin and Kamenjasevic build upon the contributions from Part I to explore EU cybersecurity policy objectives. Their chapter also bears some similarity to Aboy and Sherkow’s as well as Gerke’s, in that they explore the intersection of two regulatory frameworks: in this case, the medical devices legal framework with cybersecurity regulations. Biasin and Kamenjasevic ultimately conclude that the cybersecurity needs of digital hospital systems and medical devices have not been met and urge EU regulators to take concrete action to address regulatory gaps in this area.
Hannah van Kolfschooten considers a different aspect of digital health in her chapter, “The mHealth Power Paradox: Improving Data Protection in Health Apps through Self-Regulation in the European Union,” namely the rise of mobile health and health-focused apps. van Kolfschooten introduces the reader to the General Data Protection Regulation (GDPR) that governs much of European data privacy and security. She concludes that the GDPR, coupled with industry self-regulation in app stores such as Google’s Google Play, does not provide sufficient protection for consumers. Similar to Biasin and Kamenjasevic, van Kolfschooten proposes several policy suggestions to better protect stakeholders, although she focuses her recommendations on the self-regulation practiced by app stores. This chapter flags for the reader that regulation is practiced not just by governmental agencies, but also by other stakeholders such as industry and manufacturers.
Janos Meszaros, Marcelo Corrales Compagnucci, and Timo Minssen also examine the application of the GDPR on digital health product regulations in their contribution, “The Interaction of the Medical Device Regulation and the GDPR: Do European Rules on Privacy and Scientific Research Impair the Safety and Performance of AI Medical Devices?” The three authors attempt to harmonize the new EU Medical Device Regulations with the GDPR’s requirements relating to deidentification and scientific research. Ultimately, they are concerned that the interaction of these regulatory regimes “might result in obstacles” for the development and implementation of medical devices relying on data. Again, the reader is reminded that multiple regulatory regimes govern the design, implementation, and marketing of medical devices and often their interactions create inadvertent problems. Here, the authors suggest that harmonization, with an eye to individual’s rights and patient safety, can help resolve their concerns.
Barry Solaiman and Mark Bloom turn the focus of Part II to a specific type of digital health product, wearables that utilize AI, in their contribution, “AI, Explainability, and Safeguarding Patient Safety in Europe: Towards a Science-Focused Regulatory Model.” Solaiman and Bloom unpack for the reader the difficulties in ensuring that AI-generated predictions are understood and explainable to stakeholders, including policymakers, medical providers, and patients. The authors emphasize that explainability is necessary for informed decision making. In this chapter the reader is asked to consider the relationship between technology and regulations in Solaiman and Bloom’s argument for a regulatory model that will “level-up” as the underlying technology improves.
Part II closes with Helen Yu’s chapter, “Regulation of Digital Health Technologies in the European Union: Intended versus Actual Use.” Yu’s chapter demonstrates for the reader that devices, including digital health products, are often used in ways that go beyond their initial purpose. Therefore, we need mechanisms to govern the actual use of medical devices. Unfortunately, both courts and regulators have been inconsistent in their treatment of manufacturers who encourage a gap between intended and actual uses of their products. Yu suggests that a framework is needed to regulate digital health products based on their actual use by consumers, and not just the intended use declared by manufacturers during the regulatory approval process. Yu’s chapter serves as a good transition to the latter half of the volume, which is concerned with the postapproval uses of medical devices.
Part III, Designing Medical Device Regulations, explores how regulation can shape the design and construction of medical devices. Introduced by I. Glenn Cohen, these chapters document how FDA choices in areas as divergent as patents, digital home health, and drug efficacy evaluations influence the products eventually available to consumers.
Mateo Aboy and Jacob Sherkow open this section with their chapter, “IP and FDA Regulation of De Novo Medical Devices.” Aboy and Sherkow explore the fairly recent policy change that allows for a De Novo device to serve as a “predicate” for a follow-on device application under the 510(k) pathway. This change has some significant implications for anticompetitiveness when the predicate device is patented because the holders of that patent can use the patent in question to prevent follow-on device applications from competitors. Striking a balance between promoting innovation, protecting the hard work of device creators, and ensuring patient safety can be very difficult, as Aboy and Sherkow demonstrate.
Matthew Herder and Nathan Cortez follow with their chapter, “A ‘DESI’ for Devices? Can a Pharmaceutical Program from the 1960s Improve FDA Oversight of Medical Devices?” They provide a historical examination of the “Drug Efficacy Study Implementation” (DESI) program from the mid-twentieth century. The DESI program resulted in the reevaluation of more than 3,000 drugs for efficacy, using real-world evidence. Herder and Cortez argue that the time is ripe for a DESI 2.0 to focus on medical devices. This chapter introduces the reader to a theme found throughout the book: the challenge of understanding the performance of postapproval medical devices and appropriately monitoring their availability to consumers.
Part III closes with a consideration of the intersection of public health emergency regulations and medical device regulations in Sara Gerke’s chapter, “Digital Home Health During the COVID-19 Pandemic: Challenges to Safety, Liability, and Informed Consent, and the Way to Move Forward.” Gerke uses the COVID-19 pandemic to explore the application of Emergency Use Authorization (EUA) regulations governed by the PREP Act to medical devices, specifically digital home health products. As further explored in Part III of this volume, our regulatory system struggles to delineate when digital health products should be regulated as medical devices. Some digital home health products do not require FDA review as medical devices, meaning that they also do not require EUA approval. While this may be a benefit to the manufacturer, who can bring these products to market quicker, it can also be problematic in that the manufacturer does not qualify for the immunity protections offered under the PREP Act through EUA status. Unfortunately, this means that the liability outcomes for these products is unclear, which can ultimately leave users unprotected. Gerke’s chapter is similar to Aboy and Sherkow’s, in that she again illustrates to the reader that disparate regulatory frameworks can have a significant impact on the development, marketing, and access to medical devices for consumers.
Part IV, The Impact of Medical Device Regulation on Patients and Markets, introduced by Christopher Robertson, marks the shift of the volume’s focus to the effects, both intended and inadvertent, that postapproval medical devices have on their users and other stakeholders. The chapters in Part IV are concerned with the challenge of demonstrating safety and efficacy once a product has gone through the relatively controlled regulatory approval process and are released onto the market. Here the tension becomes evident between innovation – we want to encourage the release of cutting-edge devices and novel uses that will hopefully improve lives – and protection – we struggle to monitor devices once they are released to a broad audience. Much of Part IV is devoted to instances in which the FDA has failed to act sufficiently to protect consumer interests. What regulatory changes would we need to implement to better advocate for the ultimate users of medical devices, the patients? Are these changes feasible in our current system?
Jody Lyneé Madeira, Barbara Andraka-Christou, Lori Ann Eldridge, and Ross Silverman open Part IV with “Clouded Judgement: Preventing Conflicts of Interest in Problem-Solving Courts,” a chapter that explores the relationship between the FDA, drug and device manufacturers, and drug courts. The authors focus on a neurostimulation device, “the Bridge,” that was originally intended for chronic and acute pain management but was then also approved for managing opioid withdrawal symptoms. The safety and efficacy of the Bridge for opioid withdrawal symptoms is still in doubt, despite the FDA’s approval. The authors document the strategy of the Bridge’s manufacturers to groom judges and other key drug court personnel in order to promote its use in these programs. The reader should consider the case study of the Bridge as illustrative of the limited ability of the FDA, and other regulatory authorities, to protect patient interests in the face of sophisticated marketing. How can our regulatory systems be improved to require stronger evidence and avoid ethically dubious marketing strategies once products are approved?
We then turn to Wendy Netter Epstein’s chapter, “Disrupting the Market for Ineffective Medical Devices.” Epstein’s contribution is a thoughtful exploration of the value and importance of innovation when it comes to medical devices. Not all innovation is worth the tradeoffs it may pose. Epstein focuses on the incentives in our current system to ensure that innovative products are effective and argues that the FDA and tort system do not promote efficacy successfully. Instead, she argues that payors are uniquely well positioned to incentivize the development of efficacy because they have access to performance data and can refuse reimbursement for ineffective medical devices. Epstein’s chapter contrasts with the other chapters in Part IV, which have focused on how the FDA has arguably failed to protect the interests of consumers when faced with unique challenges in addressing substance use, reproduction, and infection control. Epstein instead reminds the reader that there are other stakeholders who can act to promote the key goals of safety and efficacy.
Preeti Mehrotra, David Weber, and Ameet Sarpatwari then direct our attention to the challenge of dirty devices in their chapter, “Preventing Medical Device-Borne Outbreaks: The Case of High-Level Disinfection Policy for Duodenoscopes.” Duodenoscopes are tubes that are snaked through the digestive system to the top of the small intestine to diagnose and treat problems in the pancreas and bile ducts. Because they are very complex with many small working parts, they can be very difficult to thoroughly clean and disinfect. To better understand the connection between multi-drug resistant bacterial infections and duodenoscope use, the FDA required several manufacturers to conduct postmarket surveillance studies. Using the duodenoscope example, the authors argue that our medical device regulatory approval process is too “binary.” Devices can be safe and effective, they argue, but also pose some serious risks to patients because of downstream use. Unfortunately, the interaction between devices and downstream use is governed by a fragmented and uncoordinated rainbow of entities, including hospital policymakers, medical associations, and other stakeholders. The authors argue that we need to restructure our approval system to better reflect that devices will not always be used perfectly, and that there may be a gap between the safety and efficacy profile of a device as initially presented to regulators and how it is used “in the real world.”
We close Part IV by turning to assisted reproductive technology (ART) devices with Katherine Kraschel’s chapter, “Regulating Devices that Create Life.” The FDA has struggled to define the boundaries of its jurisdiction when it comes to ART, because while it has the power to regulate products “used in” or “intended to affect … man or other animals,” pre-embryos, embryos, and fetuses do not fall under that definition. At the same time, these organisms are not generally considered people or animals under US law, creating a regulatory gap. The FDA’s silence when it comes to ART means that ART patients are often left unprotected. For example, without FDA requirements for manufacturers to demonstrate proof of safety and efficacy, very little reliable evidence of either is generated. If the Bridge is a story about the FDA not going far enough to protect consumers’ interests, then the story that Kraschel tells is about what happens when the FDA never chooses to be involved. This chapter justifies for the reader the value of our regulatory agencies, even with their limitations.
Part V, Medical and Legal Oversight of Medical Devices, introduced by Carmel Shachar, builds on Part IV to continue our exploration of the ethical, regulatory, and legal complexities of governing postapproval medical devices. If Part IV concerned itself with how to balance innovation and protection in the postapproval context, Part V focuses on the who, what, and how. Who should ensure safety and efficacy of postapproval products? What are the tools available to oversee postapproval medical devices? How should we incorporate these products, and their postapproval regulatory oversight, into the medical system? Part V asks the reader to envision alternative postapproval realities, in which different regulatory or legal choices are made to better achieve various goals, be they patient safety, establishment of efficacy, or innovation.
Sanket Dhruva, Jonathon Darrow, Aaron Kesselheim, and Rita Redberg open Part V with their contribution, “Ensuring Patient Safety and Benefit in Use of Medical Devices Granted Expedited Approval.” The authors focus on the pathways designed to accelerate patient access to novel medical devices, flagging that the products approved through these pathways may not always meet the statutory standards for safety and efficacy. They then suggest that conditional approval can be an effective regulatory tool for ensuring that these breakthrough products meet these important goals. Tying conditional approval to postmarket studies and data demonstrating that the threshold of reasonable assurance of safety and effectiveness has been met can incentivize manufacturers to generate important postapproval data. Dhruva et al. note that conditional approval is rarely used but does have precedent in the approach that the FDA has taken to pharmaceuticals.
Efthimios Parasidis and Daniel Kramer consider a different postapproval regulatory tool in their chapter, “Compulsory Medical Device Registries: Legal and Regulatory Issues.” Parasidis and Kramer argue that postmarket registries can be a useful regulatory tool for monitoring high-risk medical devices. Agencies such as the FDA and CDC can encourage the development of registries by tying approval or reimbursement to their establishment. Unfortunately, these registries have been underdeveloped from an ethical and regulatory perspective, with significant questions regarding health privacy laws and ethical standards for human subjects research. This chapter, continuing a theme of the book, emphasizes that there are a host of regulatory approaches to achieving the ultimate goal of patient access to safe and effective devices. Some of the tools in the regulatory toolbox appear to be underdeveloped and require further thought to achieve maximum impact.
Anthony Weiss and Barak Richman turn the focus of Part V from humans regulating medical devices to medical devices regulating humans in their chapter, “Professional Self-Regulation in Medicine: Will the Rise of Intelligent Tools Mean the End of Peer Review?” Physicians have largely kept oversight of their profession within their own ranks, arguing that only other physicians have the necessary expertise to evaluate medical decision making. With the rise of medical decision-making algorithms, that argument is increasingly being undercut. In some ways, this chapter is the logical outgrowth of the concepts discussed in Part I, AI and Data as Medical Devices. Once these “software as devices” products are released into broader use, what are the best ways to incorporate them into our current medical system? Weiss and Richman consider the benefits of incorporating artificial intelligence into physician review, as well as the challenges of interfacing humans and machines. While we should not ignore potentially useful tools, they argue, we also need to preserve space for a human approach to medical practice.
The next chapter, “Regulating Posttrial Access to In-Dwelling Class III Neural Devices,” by Megan Wright and Joseph Fins, considers devices that fail to go to market, specifically those implanted in the brain. Since these devices may remain implanted in research subjects, what duties are owed to these individuals? What are the posttrial obligations of study sponsors and investigators to maintain or even replace these devices for their former research subjects? Wright and Fins note that transparency about posttrial access is, at minimum, necessary as part of the informed consent process. This chapter illustrates to the reader that not all devices developed and evaluated by the regulatory system will come to market. How should that be reflected in the approval process?
The closing chapter of Part V, “Strengthening the Power of Health Care Insurers to Regulate Medical Device Risks,” by David Rosenberg and Adeyemi Adediran, reemphasizes that regulatory agencies are not the only actors that can provide and enforce postapproval consumer protections. Rosenberg and Adediran draw the reader’s attention to the interplay between FDA action and state negligence actions as two alternative approaches to ensuring optimal levels of safety for consumers using medical devices. They propose a system of strict liability, in which first-party insurers would be required to investigate and report to the FDA any potential causal connections between patient injury and a particular medical device. The FDA would work to verify such a connection and then work with the Department of Justice Civil Division for a federal strict liability action against the device’s manufacturer. Rosenberg and Adediran suggest that the manufacturer should bear liability in full, with no reduction for the risk contributed by the patient and pay the damages to the federal government. This chapter asks the reader to consider the importance of patient safety and how best to prioritize it. Rosenberg and Adediran have presented a system that could optimize for patient safety, but how should it be balanced with the interest of encouraging the development of innovative new products?
Compared to drugs, the regulation of medical devices has received relatively little attention. Medical devices, nevertheless, can have significant positive and negative impacts on patients that use them. Navigating between the needs to provide patient access to innovative medical devices, to ensure that these devices are effective, and ultimately to preserve patient safety as much as possible is challenging. One of the major themes highlighted in this volume is that there is significant ferment at this moment when it comes to medical device regulation. Regulators in the European Union are working to implement significant changes to their medical device regulations in the midst of a global pandemic. Furthermore, with the explosion of digital health, including software as a medical device, there is a strong need to revisit the regulatory framework that governs medical devices. Our authors explore these changes and developments with an eye to articulating what a twenty-first century medical device regulation system should look like. Another significant theme is complex interplay between regulators, device designers, manufacturers, physicians, and patients. Different authors throughout the volume explore the roles of key stakeholders, highlight underutilized regulatory tools, or flag how different mechanisms could be used to promote innovation and/or protection. The regulation of medical devices is as complex as the products it governs.