21st Century Cures Act – SCPR SW Impact Analysis

What the 21st Century Cures Act Means for Software Manufacturers

The 21st Century Cures Act (“Cures Act”), was signed into law by the President on December 13, 2016 (Public Law No. 114-255). This article focuses on section 3060 of the new law; namely “Clarifying Medical Software Regulation.” Other sections of the act address medical devices and pharmaceuticals in general.

Section 3060 of the Cures Act

Section 3060 provides for the exclusion of some types of software from the definition of a medical device. The Food and Drug Cosmetic Act has been amended to not include the following as devices:

(A) for administrative support of a health care facility, including processing and maintenance of financial records, claims or billing information, appointment schedules, business analytics, information about patient populations, admissions practice and inventory management, analysis of historical claims data to predict future utilization or cost-effectiveness, determination of health benefit eligibility, population health management, and laboratory workflow.

(B) for maintaining or encouraging a healthy lifestyle and is unrelated to the diagnosis, cure, mitigation, prevention, or treatment of a disease or condition;” and

(C) to serve as electronic patient records, including patient-provided information, to the extent that such records are intended to transfer, store, convert formats, or display the equivalent of a paper medical chart, so long as” such records “were created, stored, transferred, or reviewed by health care professionals, or by individuals working under supervision of such professionals” and the software “is not intended to interpret or analyze patient records, including medical image data, for the purpose of the diagnosis, cure, mitigation, prevention, or treatment of a disease or condition.

(D) for transferring, storing, converting formats, or displaying clinical laboratory test or other device data and results, findings by a health care professional with respect to such data and results, general information about such findings, and general background information about such laboratory test or other device,” unless the software “is intended to interpret or analyze clinical laboratory test or other device data, results, and findings.

(E) unless the function is intended to acquire, process, or analyze a medical image or a signal from an in vitro diagnostic device or a pattern or signal from a signal acquisition system, for the purpose of –

  1. displaying, analyzing, or printing medical information about a patient or other medical information (such as peer-reviewed clinical studies and clinical practice guidelines)
  2. supporting or providing recommendations to a health care professional about prevention, diagnosis, or treatment of a disease or condition; and
  3. enabling such health care professional to independently review the basis for such recommendations that such software presents so that it is not the intent that such health care professional rely primarily on any of such recommendations to make a clinical diagnosis or treatment decision regarding an individual patient.

 

SW Impact Analysis

While FDA has not typically regulated those products applicable to group A and C above, FDA has previously stated that those items in Group B are likely under enforcement discretion. The Cures Act has essentially removed that enforcement discretion so that group B products can no longer be considered devices and as such, they are no longer under enforcement discretion.

Those products in group D appear to include products meeting the definition of a Medical Device Data System (MDDS) which FDA has previously stated it does not intend to regulate. Additionally, this group appears to include LIS systems. LIS systems have been regulated by FDA as a class I device which is 510(k) exempt. It is important to note that LIS systems that simply import, store and allow for the retrieval of laboratory data are now exempt from FDA quality system regulations, if the LIS provides for the interpretation of results, it is still under FDA’s purview. For example, if the LIS obtains results from an IVD and contains an algorithm for interpretation when multiple results are required (reactive + reactive = positive), it is still regulated by FDA.

Those products in group E are commonly referred to as “Clinical Decision Support” software which are now exempt. However, the main exclusion still allows FDA to regulate devices that analyze data from x- rays, MRIs, Cat scans, etc. as well as IVD devices.

While there is still a level of ambiguity on what FDA considers Clinical Decision Support software, that ambiguity may be clarified in the future. In fact, the Cures Act allows FDA to determine software that can be excluded by the above definitions, and therefore regulate them. For FDA to determine that software be excluded from the device definition, FDA must publish a notification and proposed order in the Federal Register, and must include its rationale and evidence on which it is relying for the conclusion that such software should be regulated. The notice must allow for at least 30 days of public comment before issuing a final order or withdrawing the proposed order.

The Cures Act additionally requires the Secretary of Health and Human Services to publish a report, within two years of enactment of the Cures Act and every two years thereafter, that includes input from industry, consumers, patients, health plans, and other “stakeholders with relevant expertise.” The report must include information about any risks and benefits associated with the software functions provided in the Cures Act, and “summarizes findings regarding the impact of such software functions on patient safety, including best practices to promote safety, education, and competency related to such function.”

While the Cures Act has further clarified the regulatory nature of some software products/devices, others, such as Clinical Decision Support software may need further clarification in the future.

Note: This analysis represents the current opinion of SoftwareCPR regarding interpretation of this Act. We are not a law firm and are not providing a legal opinion, nor can we be sure how FDA and the courts will interpret the various provisions of this Act in the future.

See our other posts about the Cures Act: Medical Device Section 21st Century Cures Act21st Century Cures Act – Medical Device SummaryFDA Calls for Comment on Non-Device Software Functions.

Remote Webmeeting Assessments

SoftwareCPR can provide remote offsite assessments to support virtual offices.  Our consultants can utilize webmeeting tools to walk your teams through assessments such as:

  • 62304 compliance
  • Regulatory submission pre-review
  • Software risk analysis
  • Cybersecurity process and validation
  • Overall ISO 14971 risk management
  • Overview of software regulation with John Murray

Email office@softwarecpr.com
for more info!

Corporate Office

15148 Springview St
Tampa, FL 33624
USA
+1-781-721-2921
Partners located in the US (CA, FL, MA, MN) and Italy.