FDA Relaxes Modification Restrictions for Non-Invasive Remote Monitoring Devices During COVID-19 Public Health Emergency

On March 20, 2020, the Food and Drug Administration (FDA) Center for Devices and Radiological Health (CDRH) issued a new guidance document for industry and FDA staff, attempting to “help expand the availability and capability of non-invasive remote monitoring devices to facilitate patient monitoring while reducing patient and healthcare provider (HCP) contact and exposure to COVID-19 during the pandemic” and to reduce burdens on hospitals and risk of potential patient and care-giver exposures to the virus. The Enforcement Policy for Non-Invasive Remote Monitoring Devices Used to Support Patient Monitoring During the Coronavirus Disease 2019 (COVID-19) Public Health Emergency is implemented without prior public comment, as per a new FDA policy for COVID-19 guidance, and will remain effective during the announced COVID-19 public health emergency.

This guidance is intended to benefit patients needing treatment and diagnosis of COVID-19 as well as any co-existing conditions. FDA provides a specific list of those “non-invasive remote monitoring devices” covered, including clinical electronic thermometers, respiratory rate monitors and electrocardiographs. These may be wearables or hand-held, could convey patient information to health care providers through wireless means, and may also assist in diagnoses.

First, FDA “does not intend to object to modifications to the FDA-cleared indications, claims, or functionality of [such] devices without prior submission of a premarket notification” when the change does not create “undue risk.” To meet this criterion, the device must be intended to display, print or analyze the measured parameters and to support or provide recommendations regarding prevention, diagnosis or treatment of COVID-19 and co-existing conditions. The basis of such diagnostic or treatment recommendations should be able to be reviewed independently by the health care provider and/or patients. These new changes as well as associated use instructions, risks and warnings must be clearly described in the device labeling information.

Excluded from this guidance are changes that would pose undue risk, such as devices intended to determine the need for immediate clinical intervention or devices intended to be solely or primarily relied upon when making a clinical diagnosis or treatment decision pertaining to COVID-19 or co-existing conditions, or changes that add the ability to acquire, process or analyze information from a system that was not included in the FDA-cleared device.

Second, FDA “does not intend to object to hardware or software architecture modifications to [such] devices that allow for increased remote monitoring capability to support additional claims or indications without prior submission of a premarket notification” when the modification does not create “undue risk” and “where modifications do not directly affect physiological parameter measurement algorithms.” Qualified changes to hardware, such as additional wireless or Bluetooth capability, will generally be approved as long as they are “designed, evaluated, and validated in accordance with” other FDA-recognized basic safety, essential performance, risk management and evaluation standards.

Third, this guidance clarifies which software and mobile apps that are used to support clinical decision-making and to monitor patients with COVID-19 or co-existing conditions may be exempted from certain Food, Drug and Cosmetic (FD&C) Act requirements applicable to “devices.” Specifically, the FDA interprets that the FD&C Act’s definition of a “device” excludes software and mobile apps that analyze patient’s signs, symptoms or diagnosis against guidelines for COVID-19 or co-existing conditions, or that recommend associated diagnostic tests, investigations, therapy, triaging patient care, treatment or monitoring.

Notably, the FDA expects that manufacturers implement appropriate cybersecurity controls to help ensure security, functionality and safety. Thus, manufacturers should be aware of their obligations under FDA cybersecurity guidance, digital health policies, and any applicable state-level privacy and data security laws.

This guidance is another demonstration of FDA seeking to expand its flexibility and risk-based priority-setting in relation to the pandemic. However, given that situations where modifications may pose undue risk are open to FDA interpretation, manufacturers should understand and document risks within the context of device intent, design verification and validation, to support modifications and labelling, as this will provide further assurance and justification to FDA.

Faegre Drinker’s Coronavirus Resource Center provides information to help you understand and assess the legal, regulatory and commercial implications of COVID-19.