Five regulatory myths keeping bio/pharma out of digital health

About the Authors: Bradley Merrill Thompson is a member of the firm at Epstein Becker & Green, P.C. There, he counsels medical device, drug, and combination product companies on a wide range of FDA regulatory issues. 

Chris Bergstrom is a digital health leader, for The Boston Consulting Group (BCG). At BCG, he directs digital health initiatives across large payer, provider, med tech, and bio/pharma companies. In doing so, he leverages the best of BCG Consulting, BCG Digital Ventures, BCG Gamma Data-Science, and B.Capital to help clients formulate a strategy, build a solution, and jointly invest in greenfield ventures or new business units. 

Digital tools offer an opportunity to revolutionize bio/pharma care, so why isn’t more being done faster?

Bio/pharma is desperate to offer new value to patients, providers and payers, and digital can unlock both clinical and economic outcomes.

That’s why we are heartbroken when these companies barely dip their toe in the digital waters. They want to move faster, but fear of regulatory consequences is creating significant friction and even paralysis.

No doubt there are valid issues to manage and unknowns to navigate. At the same time, at least some regulatory fears are rooted in myths rather than facts. By busting these myths, bio/pharma can more confidently enter the digital health market.

TOP 5 MYTHS

 

5. FDA wants to tightly regulate bio/pharma software.
4. Companion digital health developers always create regulatory risk for bio/pharma.
3. Any clinical trial software will be regulated as a medical device.
2. Any bio/pharma software must be approved via a supplemental NDA.
1. Bio/pharma companies must report adverse events in any databases they touch.

 
Why, in the information age, do we have these myths?

The root of the problem is a lack of regulatory clarity. Without this, risk averse organizations sit on the sidelines and watch entrepreneurs (painfully) navigate the way.

Establishing new regulatory guidance in the fast- and ever-changing digital landscape is understandably challenging for FDA. Over the last several years, at the request of industry groups, the FDA has published several new guidance documents addressing such topics as mobile medical apps, products used for wellness and technologies that serve as digital accessories to medical devices. For some, these documents have been tremendously helpful. However, further clarity is needed, especially in areas related to bio/pharma.

For example, the bio/pharma industry wants to help doctors get the right patient to the right medicine at the right time. Yet, although the FDA announced its intentions to publish a guidance document for clinical decision support software back in 2011, it’s not out yet. As of last July, FDA was predicting it will be out in 2018, seven years after they started. The pace of technology is simply outrunning the agency’s processes and resources.

Fortunately, new FDA Commissioner Scott Gottlieb recognizes the problem. Over the summer, in a blog post the commissioner observed that FDA still owes industry guidance on several important topics. He emphasized the guidance will take the breaks off investment and innovation.

While we wait for more clarity, we have no choice but to rely on an oral system of “folklore.” Each conversation is based on that individual’s perspectives, whether that person is a regulatory executive or an FDA representative. As the information is passed on through an organization, it tends to get simplified and the nuances of policy get stripped away. And sometimes, encounters with FDA on a specific fact pattern end up getting overgeneralized to other technologies to which they were never intended to apply.  At the end of the day, the “rules” frequently get misunderstood.

Once started, these myths frequently become distinguished with age. Once repeated often enough they go unchallenged, and are accepted as fact.

Another root cause is “incumbent conservativeness,” the mentality of organizations with deep pockets that take the view that the risks aren’t worth it. Of course, pharma companies take huge risks in R&D, but they haven’t honed their criteria for taking calculated risk in an area of non-compound R&D.

Taking down the regulatory myths

In David Letterman style, our countdown, in reverse order of importance.

5.  FDA wants to tightly regulate bio/pharma software.

To be sure, there are individuals at FDA’s Center for Drug Evaluation and Research (CDER) who would like to regulate software more than companies would like, and in fact more than their colleagues in the Center for Devices and Radiological Health (CDRH). But on the whole, FDA seems to want to take a light touch, and that view is picking-up steam under Commissioner Gottlieb. The Commissioner has been adamant that software should be overseen with a light touch.

Further, over the last few years FDA has already down-classified medical device data systems and several other forms of software. The agency is also granting so-called de novo requests to down-classify software in other cases, for example computerized behavioral therapy devices for psychiatric disorders. And manufacturers of high risk medical devices are finding that digital accessories are no longer automatically subjected to the highest degree of regulatory control.

Why the favorable regulatory environment for digital health? Quite honestly because many people at FDA see great public health benefits to these technologies. This is frankly the most excited we’ve ever seen the FDA. They truly want to foster safe innovation that leads to better clinical and patient reported outcomes.

The fly in this ointment is the fact that the drug regulators at CDER and device regulators at CDRH operate fairly independently, making it difficult to ensure alignment. This creates undo confusion and risk. Fortunately, industry leaders are reaching out to FDA to begin a dialogue on how we can achieve better alignment between the two centers.
 
4.  Companion digital health developers always create regulatory risk for bio/pharma

The default mode for bio/pharma is to treat every collaborator as a supplier, and then subject those companies to the supplier controls under Good Manufacturing Practices. But that instinct is unlikely to be a suitable approach when collaborating with digital health companies.

Due diligence is important, but that doesn’t mean we are our brother’s keeper. There are plenty of instances in the law where we are not responsible for what others do. 

There are ways to preserve enough distance to limit a bio/pharma company’s responsibility, and at the same time not saddle a software company with the burdens that apply to the drug manufacturer. For example, in many cases a bio/pharma company can take a minority equity position in an innovative startup company, and allow that startup company to grow and blossom without saddling it with the bio/pharma company’s quality system, advertising and promotion restrictions or adverse event reporting requirements. This may allow the software company to focus on agile and quick iterations that struggle under traditional regulation. The pharmaceutical company can then acquire more of the digital health company later on when much progress has been made and the strategic value becomes clear.

We are not advocating sleight-of-hand. There are ways to do this honestly and legally. The key is to keep enough distance between the two parties that the digital health company is allowed to have adequate freedom. This will require new ways of thinking about partnerships and business models.
 
3.  Any clinical trial software will be regulated as a medical device.

This depends on whether the software is being evaluated for its safety and effectiveness. If (1) the software is not being evaluated, (2) the safety and effectiveness of the drug doesn’t depend on the software, and (3) the software is simply used in the data collection or management of the clinical trial, the software is not a medical device.

To be clear, in those instances the software typically will require some sort of validation under the bio/pharma quality system, and may need to comply with things like electronic signature requirements, but it won’t be FDA-regulated as a medical device.
 
2.  Any bio/pharma software must be approved via a supplemental NDA.

There are a variety of pathways through the FDA for software. And it is a basic principle of FDA that those pathways are available depending on the intended use of the software, as opposed to who the applicant is. A drug company submission will not be treated differently just because the submitter is a drug company.  We are watching plenty of bio/pharma companies get software cleared through means other than a supplemental NDA, for example a 510(k). Consider, for example, Lilly’s Go Dose software and Sanofi’s My Dose Coach. For medical device software, the key is for the bio/pharma company to develop software that has a generalized intended use, not focused on only its own drug products.

1.  Bio/pharma companies must report adverse events in any databases they touch.

From our work with bio/pharma executives, this is the number one digital health project killer. Bio/pharma companies seem scared to death that they will be held responsible for reporting any adverse event (AE) that could be gleaned even conceptually from any database the company touches.

But that’s simply not true. It’s an overgeneralization – a simplification of a rule that is much more complex and nuanced.

Fortunately, bio/pharma companies are not responsible for knowing everything that can be known. In a sense, huge amounts of data around the world accessible through the Internet are available to a bio/pharma company; however, FDA has not chosen to make bio/pharma companies responsible for all they might be able to find. Instead, FDA limits companies’ responsibility to information (1) known to bio/pharma company representatives or (2) contained on bio/pharma company sponsored websites.

Specifically, FDA advises: “…applicants should review any Internet sites sponsored by them for adverse experience information, but are not responsible for reviewing any Internet sites that are not sponsored by them. However, if an applicant becomes aware of an adverse experience on an Internet site that it does not sponsor, the applicant should review the adverse experience and determine if it should be reported to the FDA...”

There are a variety of strategies to manage AE reporting responsibilities and at the same time pursue aggressive digital health strategies.  For example, using structured data collection, such as menu choices instead of free text boxes, can avoid accidental AE collection, provided there is a medical opinion that the structured data cannot constitute an AE.

On the other hand, understanding real-world evidence and patient preferences and concerns can be a powerful knowledge base for commercial and research purposes. If a company chooses to embrace this data, there are ways to efficiently and effectively manage reporting obligations. To be sure, to avoid a misunderstanding, the company should communicate to the FDA their more aggressive data collection strategy. The FDA is sophisticated enough to put that information in context and not overreact.
 
Myth Busting

Let’s say your company comes up with a creative, out-of-the-box digital health strategy that promises to greatly improve care for patients, but someone in the company raises a regulatory concern based on what they’ve heard. Does the project need to die?
Here’s a pathway that we’ve seen succeed in overcoming regulatory myths:

  1. CHALLENGE: First, someone must respectfully challenge the doctrine. This can take courage, and often a trusted third party, such as a consultant, can effectively initiate this challenge. 
     
  2. RESEARCH: Get someone to research it. All law is written. Anything that isn’t written isn’t law. It’s opinion. If it turns out that the doctrine is unwritten opinion, try to find where the opinion originated. Some sources are more credible than others, and above all, continue to probe deeper if you hear “because we’ve never done that” or “that’s how we’ve always done it”.
     
  3. GET CREATIVE: Once you understand what is written, analyze whether there are nuances of the law that can be used to achieve the objective of the digital health strategy. Get creative in compliance. Complex rules mean there are often a variety of approaches that can achieve compliance. And keep in mind, “we can’t” often can be overcome by implementing new processes or procedures.
     
  4. BENCHMARK: If the law is too general and doesn’t answer your specific question, and you fear the FDA will take a contrary view, compare notes with your peer companies at trade associations or coalitions. Oftentimes one company’s experience is quite different from another’s, and rather than base your strategy on only your company’s interactions with the FDA, see if you can base your strategy on the collective industry’s experience with the agency.
     
  5. CONSIDER APPROACHING FDA: At this point, the company should evaluate the merits of seeking the agency’s viewpoint, or proceeding based on the company’s existing information. Be mindful that once you ask the question, an individual FDA employee’s answer will be difficult to ignore even if it may not align to the consensus FDA point-of-view.
     
  6. APPROACH: If you determine FDA input is necessary, approach the agency in the right way. Start with an exploratory contact to assess the agency’s true views on a given matter. For example, a coalition might probe the FDA by saying “we think the agency’s position is X”. It is not unusual to then find that the coalition did not understand the agency’s position at all. The moral being, even an industry’s collective wisdom can be wrong. 
     
  7. DON’T BE VAGUE: Avoid overly abstract discussions. Put a fact pattern in front of the FDA to get a concrete answer. You’d be surprised how often the answer is one you didn’t expect.
     
  8. ADVOCATE: Once you have figured out the agency’s true, current position, you can proceed or advocate for change if you disagree, but that is a topic for another day…

Bottom line, there is a systematic way to debunk a myth. Sometimes it’s easy. Sometimes it’s hard and takes time. But if you have a digital health strategy worth pursuing, and the only thing holding you back is an FDA uncertainty, it often makes sense to challenge historical understanding of regulatory policy. Patients’ lives are counting on digital health innovation, and you may just be surprised how passionately FDA agrees with that.