Last month, the FDA released a draft guidance document on the sharing of patient-specific data associated with medical devices, including information recorded, stored, processed, retrieved, and/or derived from the device. FDA noted that patients increasingly seek to play an active role in their own health care and that providing patients access to information regarding medical products will empower patients to be more engaged with their healthcare providers in making medical decisions.
Defining patient-specific information
The guidance applies to “patient-specific information,” which the FDA defines as any information unique to an individual patient or unique to that patient’s treatment or diagnosis that, consistent with the intended use of a medical device, may be recorded, stored, processed, retrieved, and/or derived from that medical device. The FDA believes that such data will fall into two categories:
(1) data a health care provider inputs to record the status of ongoing treatment of an individual patient; and
(2) information stored by the device to record usage, alarms or outputs (e.g., pulse oximetry data, heart electrical activity, and rhythms as monitored by a pacemaker).
Further, the FDA notes that patient-specific information includes logs entered into a medical device by a health care provider.
Dissemination of Patient-Specific Information
The FDA notes that manufacturers are free to share patient-specific information from a legally marketed device with patients, at the patient’s request, without obtaining additional premarket review (though any labeling provided to the patient is subject to applicable statutory and regulatory requirements).
While the FDA permits manufactures to share patient-specific information from devices with patients, it seems to limit the ability of manufacturers to share this information with health care providers. The FDA takes the position that HIPAA “is intended to prevent” manufacturers from sharing protected health information (“PHI”) with covered entities without patient’s consent. However, HIPAA applies only to covered entities and their business associates, and device manufacturers typically do not function as either. Thus, it is surprising that FDA believes that HIPAA may preclude manufacturers from sharing patient data with covered entities.
Content of Information
The FDA explains that a manufacturer may share “any information from the device that is pertinent to the specific patient.” However, the FDA recommends that manufactures take appropriate measures to ensure that the information is interpretable and useful to the patient, as well as take into account the characteristics of the intended audience. The FDA encourages the use of supplementary instructions, materials, or references if necessary to aid patient understanding, though supplemental material that meets the definition of labeling would be subject to FDA regulation and the applicable requirements, including the potential need for premarket review of certain labeling changes. The FDA also encourages that information be “comprehensive and contemporary,” meaning it includes the most recent and relevant data.
Context of Information
The FDA also encourages manufacturers to consider including relevant context to avoid confusion or circumstances where data may be misinterpreted, leading to incorrect or invalid conclusions (e.g., how a parameter was measured and recorded by the device). For example, the FDA notes that, in the case of a pacemaker, the manufacturer may wish to consider including information regarding the circumstances under which the electrical impulse is delivered.
Finally, the FDA encourages manufactures to consider including contact information for follow-up should patients have questions. The FDA encourages manufactures–at a minimum–to advise patients to contact their health care providers, but also encourages that manufactures include their own contact information so that patients can ask questions about the device at issue.