In its new draft guidance document on clinical decision support (CDS) software, the US Food and Drug Administration revamps its proposed interpretation of the 21st Century Cures Act and proposes new policies of enforcement discretion for certain categories of CDS software.
The US Food and Drug Administration (FDA) on September 27 issued a new draft guidance document on clinical decision support (CDS) software and FDA’s interpretation of the exemption for CDS software under the 21st Century Cures Act (the CDS Draft Guidance). This is the agency’s second attempt at CDS software guidance, having issued a prior draft guidance on this topic in December 2017, which drew significant scrutiny. While the new CDS Draft Guidance takes a less stringent approach in interpreting the scope of the statutory CDS software exemption under the 21st Century Cures Act, FDA tightens the reigns on its proposed policy of enforcement discretion for CDS software intended for patient use. Additionally, the new CDS Draft Guidance is significantly more complex than the 2017 draft.
The CDS Draft Guidance is available for public comment until December 26, 2019. We discuss further below key takeaways from the revised guidance.
The 21st Century Cures Act was enacted in December 2016, and modified the Federal Food, Drug, and Cosmetic Act (FFDCA) to exempt from FDA oversight certain types of software, including CDS software that meets the following criteria (set forth at 21 USC § 360j(o)(1)(E)):
To meet the scope of this statutory CDS exemption, the software must be intended for use by a healthcare professional (HCP)—software intended for patient or consumer use is outside the scope of the exemption. In July 2017, FDA announced a Digital Health Innovation Action Plan to implement the 21st Century Cures Act, which included plans to issue a draft guidance on the new CDS software exemption. FDA issued its first draft CDS software guidance in December 2017.
The December 2017 draft guidance, however, proposed a very stringent interpretation of the criteria above, which would significantly restrict the scope of the CDS exemption. FDA received numerous comments on the 2017 draft guidance, several of which criticized FDA’s proposed approach in interpreting the statutory exemption. After considering these comments, FDA has significantly revised and reissued the CDS Draft Guidance; key takeaways follow.
Substantially Increased Complexity
The prior draft guidance focused primarily on interpreting the CDS exemption under the 21st Century Cures Act and creating a corresponding policy of enforcement discretion for patient decision support software. The new CDS Draft Guidance, however, proposes three primary categories of CDS:
The latter two categories of Device CDS include CDS that do not meet the statutory exemption. However, the CDS Draft Guidance proposes policies of enforcement discretion for certain types of Device CDS in each of these two categories, using the risk categorization framework from a guidance document issued by the International Medical Device Regulators Forum (IMDRF), which is discussed further below. These changes add significant complexity to the CDS Draft Guidance. It is unclear whether this new proposed approach will be workable, or if the guidance will be too confusing for affected stakeholders.
Use of IMDRF Risk Categorization
As noted above, the CDS Draft Guidance utilizes the risk categorization framework from the IMDRF guidance document, Software as a Medical Device: Possible Framework for Risk Categorization and Corresponding Considerations, to determine when Device CDS intended for HCPs and Device CDS intended for patients would be subject to enforcement discretion (i.e., would not be actively regulated by FDA). However, this IMDRF guidance has not been formally issued as an FDA guidance document, consistent with FDA’s good guidance practices regulations, which include requirements for publication in the Federal Register and providing an opportunity for public comment. Further, the IMDRF risk categorization framework differs from the risk framework established under the FFDCA for medical devices.
More Lenient Interpretation of the CDS Transparency Requirement
One of the key criteria for the statutory CDS exemption under the 21st Century Cures Act is the transparency requirement, which states that CDS software must enable the HCP “to independently review the basis” for the CDS recommendations so that it is not the intent for the HCP “to rely primarily on any of such recommendations to make a clinical diagnosis or treatment decision regarding an individual patient.” In the 2017 draft guidance, FDA was criticized for proposing very stringent transparency requirements, including requirements that the HCP “be able to reach the same recommendation on his or her own” and that the CDS software recommendations be based only on publicly available information. These requirements are no longer included in the CDS Draft Guidance. Rather, the CDS Draft Guidance recommends that the software developer “describe the underlying data used to develop the algorithm and  include plain language descriptions of the logic or rationale used by an algorithm to render a recommendation,” and also disclose the “sources supporting the recommendation or underlying the basis for the recommendation.” Such sources also must be understandable to the user.
Unlike the prior draft guidance, the updated the CDS Draft Guidance now acknowledges that machine learning software may qualify for the CDS software exemption under the 21st Century Cures Act. FDA states, for example, that machine learning software may qualify as Non-Device CDS if “the HCP could evaluate the basis for the software’s recommendations, because the logic and inputs for the machine-learning algorithm and data inputs used for the algorithm were explained and available to the HCP.”
More Stringent Approach for Patient CDS
In the 2017 draft guidance, FDA’s proposed policy of enforcement discretion for patient CDS was very similar to the statutory requirements under the 21st Century Cures Act. In the new CDS Draft Guidance, FDA further restricts its proposed policy of enforcement discretion for CDS intended for patient use by requiring that such CDS be intended “to inform clinical management” for a “non-serious situation or condition,” as those terms are defined by the IMDRF guidance on risk categorization. As with the 2017 draft guidance, the new CDS Draft Guidance requires the software to allow a patient to “independently evaluate the basis for the software’s recommendations.”
Comments on the new CDS Draft Guidance are due by December 26, 2019.
If you have any questions on the issues discussed in this LawFlash or would like assistance in preparing comments to FDA, please contact the author, Michele Buenafe.