The 3 compliance aspects for passive predictive monitoring device success
The healthcare and life science industry has been undergoing a digital transformation, and the global COVID-19 public health emergency has accelerated the development of at-home monitoring products. With this shift, at-home monitoring devices are focusing on a passive approach collecting data in the background. Understanding the regulatory compliance landscape is critical for getting these products on the market and in patients’ hands quickly. In this article, we define “passive at-home monitoring products” as non-invasive products that continuously monitor elements of health and collect the user’s data without the direct supervision of a healthcare professional. Organizations must take the following three key compliance aspects into consideration to ensure success.
1. Determine If Your Device Is FDA-Regulated
Currently, many wearables and consumer-focused products are not regulated by the FDA as medical devices. The FDA has determined that devices used for “general wellness” do not require approval before marketing. However, the scope of these products is narrow, and this pathway can only be used for products that “encourage a general state of health.” As wearables and consumer-facing products begin to collect more meaningful insights, manufacturers will need to seek approval from regulators to provide patients with high-quality data. This may not be easy for organizations that do not have prior experience with the FDA, but it is likely to become the status quo in the future. It will be critical to understand the most effective approval pathways, which may include testing for multiple indications and using analytics to analyze patient data.
While it is obvious that the hardware will need regulatory approval, the product will also need to gain approvals for the software. Programs such as the FDA Digital Health Software Precertification Program, which allows updates to be made to software-based medical devices without requiring a resubmission, illustrates the interest for these products to move quickly through approvals and to drive innovation.
As at-home monitoring products continue to evolve in functionality, we can expect that they will need regulatory approval. Your organization will need to stay up to date with regulatory changes in order to find pathways to bring your devices to market.
2. Address All Relevant Privacy Requirements
Data privacy is top of mind for many consumers. Highly sensitive data such as health information needs to be handled with the utmost care. Since at-home monitoring products and technology collect sensitive health-related data, proper privacy protections are vital to ensure a user’s autonomy is respected and to build trust with the manufacturer. Given the complex and rapidly evolving data regulations, it may be challenging to understand what current and future regulations apply, which may impact the data collected.
For example, consumer-focused organizations that are now collecting health data will need to ensure Health Insurance Portability and Accountability Act (HIPAA) compliance in the U.S. However, a health organization may be collecting data that falls outside the scope of HIPAA and will need to be adherent to the California Consumer Privacy Act (CCPA) or the General Data Protection Regulation (GDPR). The important lesson for your organization is that, regardless of the applicable regulations, you should hold yourselves to a high standard and implement policies to ensure data protection. This includes three key considerations:
- Leveraging anonymized data whenever possible: Data anonymization, or de-identification, protects the user’s sensitive information by erasing and/or encrypting identifiers that connect an individual to the data. This preserves user privacy and builds trust between the user and your at-home product (and, by extension, your organization).
- Ensuring user consent is clear: Most privacy laws are consent-based. If patients or users give their consent, their data can be used for purposes that they authorize. That said, consent is especially important for health data that cannot be collected or processed without user consent under GDPR rules.
- Keeping an accurate inventory to track data flow: Increased adoption of at-home monitoring products poses a new challenge for IT; the constant flow of real-time data and analysis requires the constant management of a data inventory. From an IT perspective, connected products require improved traceability to manage the product, an update to standard operating procedures, and the use of a centralized device monitoring and management platform to track data flow.
3. Ensure The Safety And Accuracy Of Your Device
Ensuring the safety and accuracy of these devices will also tie into regulatory requirements. Cost effectiveness and patient usability goals should not sacrifice the safety or accuracy of these consumer products that are regulated as medical devices by the FDA. Your organization may have to conduct clinical trials to support one of the three main FDA regulatory pathway submissions:
- The 510(k) process is a pre-market notification that provides the FDA with documented evidence that the medical device is as safe and effective as an already legally marketed device in the U.S. This process does not typically require clinical trials.
- The De Novo classification can be used for new and innovative Class II devices that do demonstrate substantial equivalence to predicate devices, a requirement for 510(k) submissions.
- A Premarket Approval (PMA), which is for Class III medical devices. All PMAs require clinical trials.
Another aspect of safety is the patient’s ability to access a qualified healthcare provider (HCP) in order to understand the data generated by the device. Your organization must be aware of the data your product is generating and must assess what data can be safely interpreted by the patient as opposed to data that may need to be interpreted by an HCP. For example, consider a patient that has a heart monitor that detects irregular rhythms, which typically indicates a risk of a severe cardiac event. Interpreting this type of data will certainly require HCP intervention. Currently, some device manufacturers may not be able to provide this type of service; however, with the rise of telehealth, expect to see increased collaboration with telehealth providers. Your organization will need to develop relationships with HCPs to supplement feedback of health data to patients to ensure you can create clear action plans to address health concerns.
Throughout the journey of developing an at-home monitoring device, there are many challenges that manufacturers will have to overcome in order for their product to reach the patient. Regulatory, data privacy, and safety aspects can easily be overlooked during development, but they are key to a successful product launch and subsequent user adoption.
Anna (Ronning) Cohen is a life sciences expert at PA Consulting. Hilde Viroux is a medtech expert at PA Consulting.
Telehealth – evolving the way we receive care