A question that investors frequently ask of emerging growth life sciences companies is whether they have considered how to monetize the data they will inevitably collect in the development, marketing and sale of their service or product. Data merely existing in a compilation can have value; analytics can increase that value by orders of magnitude. Beyond compilation and analytics is the use of data to provide direct treatment or services. Using artificial intelligence (AI) (smart machines that are developed to do work normally done by humans) and machine learning (ML) (machines that are designed to teach themselves), data can be used to produce products and services of great value, such as customized genomic cancer treatments. These tools, products and services are a rapidly emerging growth area in the life sciences, and the Food and Drug Administration has taken note.
On April 2, 2019, the FDA released a discussion paper entitled “Proposed Regulatory Framework for Modifications to Artificial Intelligence/Machine Learning (AI/ML) – Based Software as a Medical Device (SaMD).” The International Medical Device Regulators Forum defines SaMD is ‘software intended to be used for . . . medical purposes . . . without being part of a hardware medical device.’ Thus, the software can perform its medical purpose without being tied to a specific piece of hardware. The discussion paper recognizes the challenges in regulating AI/ML SaMD which ‘learns’ and adapts over time. Essentially, the FDA is examining how to regulate SaMD that is designed to, over time, evolve into a product different from the one that was originally found to be safe and effective by the FDA’s regulatory process and cleared for market.
In a statement released with the discussion paper, the former FDA Commissioner, Scott Gottlieb, M.D., stated that the AI technologies that have been granted marketing authorization and cleared by the FDA are ‘locked’ algorithms that do not ‘continually adapt or learn every time the algorithm is used.’ Dr. Gottlieb further stated that the FDA is exploring a framework that would help developers bring AI devices to market; the discussion paper is the initial step in that process, as well as future draft guidance.
Currently, SaMD reaches the market after a 510(k) process; the FDA’s Center for Devices and Radiological Health (CDRH) has published guidance on when changes to software require a new 510(k) submission. A new 510(k) is required when a change to the software introduces a new risk or modifies an existing risk that could result in significant harm (without mitigation in the most recently cleared device), necessitates or new or modified risk control measure for a risk that could result in significant harm, or ‘significantly affects clinical functionality or performance specifications.’ “Deciding When to Submit a 510(k) for a Software Change to an Existing Device;” Guidance for Industry and FDA Staff, October, 2017. The FDA has recognized that these standards could result in a significant number of new 510(k) submissions for existing SaMD; this number would only increase as the numbers of SaMD increase in the marketplace. The FDA is considering whether an approach that ‘enables the evaluation and monitoring’ of SaMD from premarket development to post-market performance would be able to provide ‘reasonable assurance’ that iterative SaMD could meet FDA safety and effectiveness standards. It is clear that the FDA envisions that the industry will collaborate and self-regulate in part by establishing a quality control system that is active through the lifecycle of an SaMD product.
The FDA’s discussion paper is a review of the issues surrounding regulation of SaMD, and poses a large number of questions and solicits feedback from the industry. In particular, the discussion paper envisions a ‘Total Product Lifecycle’ (“TPLC”) approach to regulatory oversight of SaMD as necessary to assure safety and efficacy due to SaMD’s evolution over time. The TPLC approach would:
- Establish clear expectations on quality systems and good ML practices;
- Conduct premarket review for SaMD to demonstrate reasonable assurance of safety and efficacy, and establish clear expectations for manufacturers to continually manage patient risk through the product’s lifecycle;
- Expect manufacturers to monitor SaMD an incorporate a risk management approach to development and execution of SaMD evolution; and
- Enable increased transparency to users and the FDA using postmarket real-world reporting to maintain safety and efficacy.
If manufacturers must perpetually monitor SaMD throughout its lifecycle, it is clear that (a) an enormous amount of valuable data will be captured by the manufacturers, and (b) the privacy, research and commercialization issues arising out of this captured data are not yet addressed by the FDA. Various federal and state laws, including the recent far reaching California Consumer Privacy Act (CCPA) and the Health Insurance Portability and Accountability Act of 1996 (HIPAA) will have a significant impact on manufacturer operations and compliance in this sphere, and will have to be carefully considered. Given the global nature of the medical device and pharmaceutical industries, as well as a potential reduction in logistical issues for SaMD distribution over the internet, the European Union’s General Data Protection Regulation (GDPR) is also likely to have an impact. The FDA considers ‘[t]ransparency about the function and modifications of medical devices’ as a ‘key aspect of their safety.’ Whether the FDA will consider transparency with regard to the collateral collection, use and commercialization of SaMD data in the developing regulatory scheme remains to be seen, but manufacturers would be wise to plan ahead on this issue.
Reprinted with permission from the 4/11/2019 issue of The Legal Intelligencer. © 2019 ALM Media Properties, LLC. Further duplication without permission is prohibited. All rights reserved.