FDA Issues Draft Guidance on Dissemination of Patient-Specific Information from Devices

| Printer friendly version

On June 10, 2016, the U.S. Food and Drug Administration (FDA) issued draft guidance advising manufacturers on appropriate and responsible dissemination of patient-specific information from medical devices.

The draft guidance defines patient-specific information as “any information unique to an individual patient or unique to that patient’s treatment or diagnosis that, consistent with the intended use of a medical device, may be recorded, stored, processed, retrieved, and/or derived from that medical device.”  According to the guideline, patient-specific information include recorded patient data, device usage/output statistics (e.g., pulse oximetry data, heart electrical activity, and rhythms as monitored by a pacemaker), healthcare provider inputs, incidence of alarms, and/or records of device malfunctions or failures.  Patients may contact their healthcare providers or manufacturers to obtain access to patient-specific information.

According to the draft guideline, manufacturers may share patient-specific information with a patient at the patient’s request without obtaining additional premarket review.  The Health Insurance Portability and Accountability Act (HIPAA) and the associated HIPAA Privacy Rule intend to prevent manufacturers from sharing individually identifiable health information with covered entities (e.g., health plans, healthcare clearinghouses, and healthcare providers that electronically transmit health information) without the patient’s consent.  However, the draft guideline opines that HIPAA and the HIPAA Privacy Rule are not intended to prevent a medical device manufacturer from sharing patient-specific information with the affected patient.


1. Considerations When Sharing Patient-Specific Information

In the draft guideline, FDA recommends that device manufacturers should take certain considerations into account when sharing patient-specific information.  These considerations relate to the content of information provided, the context in which patient information from medical devices should be understood, and the need for access to additional, follow-up information from the manufacturer or a healthcare provider.

  • Content

FDA recommends that a manufacturer take appropriate measures 1) to ensure that the information provided is interpretable and useful to the patient and 2) to prevent the disclosure of confusing or unclear information that could be misinterpreted.  For example, the manufacturer may provide supplementary instructions, materials, or references to aid patient understanding.  Patient-specific information provided to patients should be comprehensive and contemporary.

  • Context

When providing patient-specific information to the affected patient, it may be appropriate for the device manufacturer to include relevant context in order to avoid circumstances where this information may be misinterpreted, thus leading to incorrect or invalid conclusions.  Informing patients about how parameters were measured and recorded by the medical device is a good example of providing relevant context.

  • Access to follow-up information

Manufacturers should consider what, if any, information they should include about whom to contact for follow-up information.  The FDA recommends, at a minimum, that such manufacturers advise patients to contact their healthcare providers if the patients have any questions about their patient-specific information.  Moreover, FDA suggests that manufacturers provide their contact information to answer questions from patients about the device at issue.

Comments and suggestions for the draft guideline are open for 60 days from its publication.

2. Implications on the Medical Device Industry

FDA opined in its draft guidance that device manufacturers’ disclosure of patient-specific information with the affected patient would be subject neither to additional premarket review by FDA nor to the HIPPA and the associated Privacy Rule. This guidance may give medical device manufacturers some relief when they share patient-specific information with patients.

Medical device manufacturers have been cautious about sharing patient data to other entities or even patients because of potential obligations under the HIPAA. Under the statute, a medical device manufacturer may be imposed with various obligations (e.g., duty to appropriately safeguard protected health information) if the manufacturer creates, receives, maintains, or transmits protected health information for a regulated activity on behalf of a covered entity. Even though individuals generally have rights to access their health information under the HIPAA, there are exceptions, and the individuals are not given rights to access any protected health information related to them. Due to complexity of the statute, device manufacturers generally need to obtain legal assistance to ensure proper compliance. In this context, FDA’s draft guidance serves to clarify a small area of patient information sharing activities by device manufacturers.

3. Potential Issues with Respect to Sharing Patient-Specific Information

The guideline brought up the issue of potential misinterpretation of patient-specific information by patients. With the rise of wearable device, genetic testing, and health IT industries, patients are gaining control over an increasing amount of health data about themselves. However, without proper guidance from healthcare professionals regarding how to interpret the data, patients may misinterpret the data. For example, genetic test results can provide sensitive information about one’s propensity toward certain diseases. Without sufficient professional advice on how to understand such information, the risk and consequence of misinterpretation may be serious.

Thus, when sharing patient-specific information with patients, device manufacturers must make sure that they provide enough context and background information along with the data to minimize misunderstanding of the data by patients. The risk of misinterpretation is higher for raw data that is collected by medical devices. Device manufacturers should either give sufficient explanation of data provided by their device or recommend device users to consult with their doctors for the meaning of the data.

Leave a Reply

By using this blog, you agree and understand that no information is being provided in the context of any attorney-client relationship. You further agree and understand that nothing herein is intended to be legal advice. This blog is solely informational in nature, and is not intended as, and should not be used as, a substitute for competent legal advice from a retained and licensed attorney in your state. Knobbe Martens LLP makes no representations or warranties as to the accuracy, completeness, timeliness or availability of the information in this blog. Knobbe Martens LLP will not be liable for any injury or damages relating to your use of, or access to, any such information. Knobbe Martens LLP undertakes no obligation to correct or update information on this blog, which may be incorrect or become incorrect or out of date over time. Knobbe Martens LLP reserves the right to alter or delete content or information on the blog at any time. This blog contains links and references to other websites and publications that you may find of interest. Knobbe Martens LLP does not control, promote, endorse or otherwise have any affiliation with any other websites or publications unless those websites or publications expressly state such an affiliation. Knobbe Martens LLP further has no responsibility for, and makes no representations regarding, the content, accuracy or any other aspect of the information in such websites or publications.