A general counsel for the Clinical Decision Support Coalition said his group strongly supports FDA developing a medical software precertification program, but worries the initiative is outside the agency’s statutory authority. If FDA moves forward, he added, it needs to address how low-risk products and software used with drugs fit in, and will have to find business-minded staff who can evaluate software developers based on organizational excellence instead of the traditional safety and efficacy measures.
“We like the precert program. We think it’s extraordinarily innovative. In fact we’d like to see it expanded to consider software used with pharmaceutical products,” wrote Brad Thompson, general counsel for the CDS Coalition, in a July 17 letter to Bakul Patel, associate director for digital health at FDA’s Center for Devices and Radiological Health (CDRH). But he warned that absent congressional approval the effort could eventually be challenged and fall apart.
Thompson was responding to an agency call for comments on a second draft of a working model for FDA’s software precertification program. The program would allow developers to qualify for a streamlined premarket review process if they meet criteria for organizational excellence.
FDA lacks authority. In Thompson’s view, the precertification program blows past FDA’s statutory authority regarding the classification process, the 510(k) notification process, the process for requiring postmarket surveillance, and the agency’s enforcement powers. While FDA could claim the precertification program is a new form of 510(k), or claim that it has authority to make the 510(k) process optional, Thompson said neither of those claims have legal merit.
“[E]ven at this early stage, it seems patently obvious that where FDA seems to be going will require new statutory authority,” he wrote.
Such authority would be needed to resolve future legal conflicts that might arise between the agency and companies regarding the program, he said. “Like a contract, statutes and regulations exist for when things go sideways,” Thompson wrote to FDA.
“Under section 704 of the [Federal Food, Drug and Cosmetic Act], FDA has legal authority to conduct mandatory inspections of facilities to assess compliance with the statute,” Thompson wrote. “However, it does not mean that FDA can meander throughout other parts of the company and look at records such as financial data, pricing data, personnel data, research data or sales data (other than shipment data regarding sales).”
“As much as we like the program, we think it’s unavoidable that it will require new legal authority,” he concluded. “It’s so innovative it simply doesn’t fit the existing legal framework. That’s not a criticism, in fact that’s a compliment. But it’s also a fact, and something that will soon need to be dealt with.”