On June 10, 2016, the U.S. Food and Drug Administration (FDA) issued a draft guidance advising manufacturers on appropriate and responsible dissemination of patient-specific information from medical devices.
The draft guidance defines patient-specific information as “any information unique to an individual patient or unique to that patient’s treatment or diagnosis that, consistent with the intended use of a medical device, may be recorded, stored, processed, retrieved, and/or derived from that medical device.” According to the guideline, patient-specific information include recorded patient data, device usage/output statistics (e.g., pulse oximetry data, heart electrical activity, and rhythms as monitored by a pacemaker), healthcare provider inputs, incidence of alarms, and/or records of device malfunctions or failures. Patients may contact their healthcare providers or manufacturers to obtain access to patient-specific information.
According to the draft guideline, manufacturers may share patient-specific information with a patient at the patient’s request without obtaining additional premarket review. The Health Insurance Portability and Accountability Act (HIPAA) and the associated HIPAA Privacy Rule intend to prevent manufacturers from sharing individually identifiable health information with covered entities (e.g., health plans, healthcare clearinghouses, and healthcare providers that electronically transmit health information) without the patient’s consent. However, the draft guideline opines that HIPAA and the HIPAA Privacy Rule are not intended to prevent a medical device manufacturer from sharing patient-specific information with the affected patient.
1. Considerations When Sharing Patient-Specific Information
In the draft guideline, FDA recommends that device manufacturers should take certain considerations into account when sharing patient-specific information. These considerations relate to the content of information provided, the context in which patient information from medical devices should be understood, and the need for access to additional, follow-up information from the manufacturer or a healthcare provider.
- Content
FDA recommends that a manufacturer take appropriate measures 1) to ensure that the information provided is interpretable and useful to the patient and 2) to prevent the disclosure of confusing or unclear information that could be misinterpreted. For example, the manufacturer may provide supplementary instructions, materials, or references to aid patient understanding. Patient-specific information provided to patients should be comprehensive and contemporary.
- Context
When providing patient-specific information to the affected patient, it may be appropriate for the device manufacturer to include relevant context in order to avoid circumstances where this information may be misinterpreted, thus leading to incorrect or invalid conclusions. Informing patients about how parameters were measured and recorded by the medical device is a good example of providing relevant context.
- Access to follow-up information
Manufacturers should consider what, if any, information they should include about whom to contact for follow-up information. The FDA recommends, at a minimum, that such manufacturers advise patients to contact their healthcare providers if the patients have any questions about their patient-specific information. Moreover, FDA suggests that manufacturers provide their contact information to answer questions from patients about the device at issue.
Comments and suggestions for the draft guideline are open for 60 days from its publication.
2. Implications on the Medical Device Industry
FDA opined in its draft guidance that device manufacturers’ disclosure of patient-specific information with the affected patient would be subject neither to additional premarket review by FDA nor to the HIPPA and the associated Privacy Rule. This guidance may give medical device manufacturers some relief when they share patient-specific information with patients.
Medical device manufacturers have been cautious about sharing patient data to other entities or even patients because of potential obligations under the HIPAA. Under the statute, a medical device manufacturer may be imposed with various obligations (e.g., duty to appropriately safeguard protected health information) if the manufacturer creates, receives, maintains, or transmits protected health information for a regulated activity on behalf of a covered entity. Even though individuals generally have rights to access their health information under the HIPAA, there are exceptions, and the individuals are not given rights to access any protected health information related to them. Due to complexity of the statute, device manufacturers generally need to obtain legal assistance to ensure proper compliance. In this context, FDA’s draft guidance serves to clarify a small area of patient information sharing activities by device manufacturers.
3. Potential Issues with Respect to Sharing Patient-Specific Information
The guideline brought up the issue of potential misinterpretation of patient-specific information by patients. With the rise of wearable device, genetic testing, and health IT industries, patients are gaining control over an increasing amount of health data about themselves. However, without proper guidance from healthcare professionals regarding how to interpret the data, patients may misinterpret the data. For example, genetic test results can provide sensitive information about one’s propensity toward certain diseases. Without sufficient professional advice on how to understand such information, the risk and consequence of misinterpretation may be serious.
Thus, when sharing patient-specific information with patients, device manufacturers must make sure that they provide enough context and background information along with the data to minimize misunderstanding of the data by patients. The risk of misinterpretation is higher for raw data that is collected by medical devices. Device manufacturers should either give sufficient explanation of data provided by their device or recommend device users to consult with their doctors for the meaning of the data.
Share