Contains Nonbinding Recommendations Enforcement Policy for Non-Invasive Remote Monitoring Devices Used to Support Patient Monitoring Guidance for Industry and Food and Drug Administration Staff Document issued on October 19, 2023. This document supersedes "Enforcement Policy for Non-Invasive Remote Monitoring Devices Used to Support Patient Monitoring During the Coronavirus Disease 2019 (COVID-19) Public Health Emergency" issued in March 2020 and updated in June 2020, October 2020, and March 2023. For questions about this document, contact the Office of Product Evaluation and Quality (OPEQ) Regulation, Policy, and Guidance staff at RPG@fda.hhs.gov. U.S. Department of Health and Human Services Food and Drug Administration Center for Devices and Radiological Health Contains Nonbinding Recommendations Preface Public Comment You may submit electronic comments and suggestions at any time for Agency consideration to https://www.regulations.gov. Submit written comments to the Dockets Management Staff, Food and Drug Administration, 5630 Fishers Lane, Room 1061, (HFA-305), Rockville, MD 20852- 1740. Identify all comments with the docket number FDA-2023-D-4356. Comments may not be acted upon by the Agency until the document is next revised or updated. Additional Copies Additional copies are available from the Internet. You may also send an email request to CDRH- Guidance@fda.hhs.gov to receive a copy of the guidance. Please include the document number GUI00020014 and complete title of the guidance in the request. Contains Nonbinding Recommendations Table of Contents I. Introduction ......................................................................................................................... 1 II. Scope ................................................................................................................................... 3 III. Policy .................................................................................................................................. 5 A. Modifications to Indications or Functionality..................................................................... 6 B. Modifications to Hardware or Software Intended to Increase Remote Monitoring Availability or Capability ................................................................................................... 7 Contains Nonbinding Recommendations Enforcement Policy for Non-Invasive Remote Monitoring Devices Used to Support Patient Monitoring Guidance for Industry and Food and Drug Administration Staff This guidance represents the current thinking of the Food and Drug Administration (FDA or Agency) on this topic. It does not establish any rights for any person and is not binding on FDA or the public. You can use an alternative approach if it satisfies the requirements of the applicable statutes and regulations. To discuss an alternative approach, contact the FDA staff or Office responsible for this guidance as listed on the title page. I. Introduction The Food and Drug Administration (FDA or the Agency) plays a critical role in protecting the United States from threats such as emerging infectious diseases, including the Coronavirus Disease 2019 (COVID-19) pandemic and public health emergencies (PHEs). Following the emergence of COVID-19, FDA first issued this guidance in March 2020 to provide a policy to help expand the availability and capability of non-invasive remote monitoring devices to address the PHE. At the time, FDA stated that the policy described in this guidance was intended to remain in effect only for the duration of the public health emergency related to COVID-19 declared by the Secretary of Health and Human Services (HHS) in accordance with section 319 of the Public Health Service Act (PHS Act). On March 13, 2023, FDA announced in the Federal Register notice "Guidance Documents Related to Coronavirus Disease 2019 (COVID-19),"1 that this guidance document was being revised to continue in effect for 180 days after the COVID-19 PHE declaration expires, and that, during that time, FDA intends to further revise the guidance. Non-invasive remote monitoring devices are used to acquire patient physiological data without the need for in-clinic visits and facilitate patient management by healthcare providers while reducing the need for in-office or in-hospital services. The policy set forth in this guidance was initially intended to facilitate patient monitoring while reducing patient and healthcare provider 1 Guidance Documents Related to Coronavirus Disease 2019 (COVID-19) (88 FR 15417), available at https://www.federalregister.gov/documents/2023/03/13/2023-05094/guidance-documents-related-to-coronavirus- disease-2019-covid-19. 1 Contains Nonbinding Recommendations contact and exposure to COVID-19 by helping to expand the availability and capability of non- invasive remote monitoring devices during the COVID-19 PHE. Since first issuing the Enforcement Policy for Non-Invasive Remote Monitoring Devices Used to Support Patient Monitoring During the Coronavirus Disease 2019 (COVID-19) Public Health Emergency guidance in March 2020, FDA's experience has demonstrated that the public health equities weigh in favor of exercising certain enforcement policies for these devices beyond the expiration of the COVID-19 PHE (which expired on May 11, 2023) and the 180-day period announced in the March 13, 2023 Federal Register notice. More specifically, FDA has evaluated the benefits and risks to patients and healthcare providers of exercising certain enforcement policies, including identifying certain device types for which enforcement policies might be appropriate, and assessing other lessons learned from implementation of COVID-19-related enforcement policies for certain device types. Although this guidance has been revised to remove any expiration date for the enforcement policy, among other things, FDA intends to continue to monitor the situation and may make further revisions to the guidance, withdraw the guidance, or pursue other regulatory actions, as appropriate. For the current edition of the FDA-recognized consensus standards referenced in this document, see the FDA Recognized Consensus Standards Database.2 If submitting a Declaration of Conformity to a recognized standard, we recommend you include the appropriate supporting documentation. For more information regarding use of consensus standards in regulatory submissions, refer to the FDA guidance titled Appropriate Use of Voluntary Consensus Standards in Premarket Submissions for Medical Devices.3 This guidance is being implemented without prior public comment because FDA has determined that prior public participation for this guidance is not feasible or appropriate (see section 701(h)(1)(C) of the Federal Food, Drug, and Cosmetic Act (FD&C Act) and 21 CFR 10.115(g)(2)). FDA has determined that this guidance document presents a less burdensome policy that is consistent with public health. This guidance document is being implemented immediately, but it remains subject to comment in accordance with the Agency's good guidance practices. In general, FDA's guidance documents do not establish legally enforceable responsibilities. Instead, guidances describe the Agency's current thinking on a topic and should be viewed only as recommendations, unless specific regulatory or statutory requirements are cited. The use of the word should in Agency guidances means that something is suggested or recommended, but not required. 2 Available at https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfStandards/search.cfm. 3 Available at https://www.fda.gov/regulatory-information/search-fda-guidance-documents/appropriate-use- voluntary-consensus-standards-premarket-submissions-medical-devices. 2 Contains Nonbinding Recommendations II. Scope The enforcement policy described in this guidance applies to modified devices where the original device was a legally marketed, non-invasive remote monitoring device4 listed in Table 1 that measures or detects common physiological parameters and that is used to support patient monitoring: Table 1 Device Type Classification Product Code5 Class6 Regulation Gaseous-phase carbon- 21 CFR 868.1400 CCK II dioxide gas analyzer Diagnostic spirometer 21 CFR 868.1840 BZG, PNV II Monitoring spirometer 21 CFR 868.1850 BZK II Peak-flow meter for 21 CFR 868.1860 BZH II spirometry Breathing frequency 21 CFR 868.2375 BZQ II monitor Apnea monitor 21 CFR 868.23777 FLS, NPF II Noninvasive blood 21 CFR 870.1130 DXN II pressure measurement system Electronic stethoscope 21 CFR 870.18758 DQD II Cardiac monitor 21 CFR 870.2300 DRT, MWI, MSX, II (including PLB cardiotachometer and rate alarm) Electrocardiograph 21 CFR 870.2340 DPS II Electrocardiograph 21 CFR 870.23459 QDA II software for over-the- counter use 4 Examples may include wearable, hand-held, stationary in-home monitoring, and digital interfaces. 5 For more information, see the Product Classification Database, available at https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfPCD/classification.cfm. 6 Some devices with the product codes listed in Table 1 are exempt from premarket notification requirements in section 510(k) of the FD&C Act (see 21 CFR 807.81), subject to the limitations in 21 CFR 874.9 and 882.9. However, FDA believes that some modifications to these devices to facilitate remote patient monitoring would trigger the requirement that a manufacturer submit a premarket notification because such modifications would exceed the limitations of the exemption as identified in 21 CFR 874.9 and 882.9. 7 Devices in this classification regulation are subject to special controls, including general performance testing/validation requirements. See 21 CFR 868.2377. 8 This classification regulation pertains to both manual and electronic stethoscopes. Manual stethoscopes are class I devices and are outside the scope of this guidance. 9 Devices in this classification regulation are subject to special controls, including general performance testing/validation requirements. See 21 CFR 870.2345. 3 Contains Nonbinding Recommendations Radiofrequency 21 CFR 870.2910 DRG II physiological signal transmitter and receiver Telephone 21 CFR 870.2920 DXH II electrocardiograph transmitter and receiver Audiometer 21 CFR 874.1050 EWO, LYN II (510(k) exempt)10 Otoscope 21 CFR 874.4770 ERA I (510(k) exempt)11 Electroencephalograph 21 CFR 882.1400 GWQ, OMA, OMB, II OMC, OLT, OLU, OLV, OLX, OLZ, ORT Computerized 21 CFR 882.147012 PKQ II cognitive assessment PTY II (510(k) exempt)13 aid Non- 21 CFR 882.158014 POS II electroencephalogram (EEG) physiological signal based seizure monitoring system Biofeedback device, 21 CFR 882.5050 LEL II sleep assessment device Vestibular analysis Unclassified LXV Unclassified15 apparatus 10 While audiometers, if in compliance with American National Standard Institute S3.6-1996, "Specification for Audiometers," are generally exempt from premarket notification requirements in section 510(k) of the FD&C Act (see 21 CFR 807.81), subject to the limitations in 21 CFR 874.9, otoacoustic emission devices are not so exempt. 21 CFR 874.1050(b). Both the 510(k)-exempt and non-exempt devices described in 21 CFR 874.1050 are within the scope of this guidance. 11 Although devices with this product code are class I and generally 510(k) exempt, many otoscopes have been cleared through the premarket notification process because they have exceeded the limitations of exemption identified in 874.9. FDA believes that modifications to existing otoscopes to allow for increased remote monitoring capability may similarly trigger the requirement that a manufacturer submit a premarket notification; therefore, this product code has been included within the scope of this guidance. 12 Devices in this classification regulation are subject to special controls. See 21 CFR 882.1470. 13 Except when the computerized cognitive assessment aid is intended for diagnostic assessment of specific diseases or conditions and relies on inputs from visual cues, auditory cues, and/or functional use of the hand, a computerized cognitive assessment aid is exempt from premarket notification requirements in section 510(k) of the FD&C Act (see 21 CFR 807.81) subject to the limitations in 21 CFR 882.9. See 21 CFR 882.1470(b). 14 Devices in this classification regulation are subject to special controls. See 21 CFR 882.1580. 15 Unclassified devices are preamendments devices for which FDA has not yet promulgated a classification regulation. Until the unclassified device type has been classified through regulation, marketing of new devices within this device type requires submission of a premarket notification under section 510(k) of the FD&C Act. 4 Contains Nonbinding Recommendations These non-invasive monitoring devices have the potential to be connected to a wireless network through Bluetooth, Wi-Fi, or cellular connection to transmit a patient's measurements directly to their healthcare provider or other monitoring entity. The Oximeter (21 CFR 870.2700) and Clinical electronic thermometer (21 CFR 880.2910) device types have been removed from Table 1 compared to the prior versions of FDA's guidance "Enforcement Policy for Non-Invasive Remote Monitoring Devices Used to Support Patient Monitoring During the Coronavirus Disease 2019 (COVID-19) Public Health Emergency." III. Policy Manufacturers of the non-invasive remote monitoring devices listed in Table 1 are required to submit a premarket notification under section 510(k) of the FD&C Act to FDA and receive FDA clearance prior to marketing these devices in the United States, to the extent the devices are not 510(k) exempt, as well as comply with post-marketing requirements. At this time, based on our current understanding of the risks of these devices, FDA does not intend to object to limited modifications to the indications, functionality, or hardware or software of certain non-invasive remote monitoring devices that are used to support patient monitoring (hereinafter referred to as "subject devices") without prior submission of a premarket notification ("510(k)") under section 510(k) of the FD&C Act (see 21 CFR 807.81) where such submission would be required16,17 when the modification does not create undue risk and does not directly affect the physiological parameter measurement algorithm. Examples of such modifications include: · For subject devices previously marketed only for use in hospitals or other healthcare facilities, a change to the indications regarding use in the home setting; and · Hardware or software changes to allow for increased remote monitoring capability. In developing this policy, FDA's intent is to foster the availability of certain non-invasive remote monitoring devices that can help eliminate unnecessary patient contact and ease burdens on hospitals, other health care facilities, and health care professionals, which are experiencing high demands. Additionally, this policy is consistent with CDRH's 2022-2025 strategic priorities18 focusing on advancing health equity, which includes increasing access to digital health technologies that can advance better care, quality of life, and wellness of diverse populations. 16 For further guidance on modifications that trigger the requirement that a manufacturer submit a new 510(k) to FDA, refer to the FDA guidances Deciding When to Submit a 510(k) for a Change to an Existing Device, available at https://www.fda.gov/regulatory-information/search-fda-guidance-documents/deciding-when-submit-510k-change- existing-device, and Deciding When to Submit a 510(k) for a Software Change to an Existing Device, available at https://www.fda.gov/regulatory-information/search-fda-guidance-documents/deciding-when-submit-510k-software- change-existing-device. 17 Certain modifications to the indications, functionality, or hardware or software of 510(k)-exempt devices in Table 1 may require premarket notification if they exceed the limitations of the exemption under 21 CFR 874.9 and 21 CFR 882.9, respectively. 18 For details, see the webpage CDRH Strategic Priorities and Updates available at https://www.fda.gov/about- fda/center-devices-and-radiological-health/cdrh-strategic-priorities-and-updates. 5 Contains Nonbinding Recommendations This policy supports this strategic priority and is intended to lessen the burden on both manufacturers and FDA by reducing the number of 510(k) submissions caused by certain modifications to allow for remote monitoring. As always, FDA may make case-by-case decisions regarding the enforcement of legal requirements in response to particular circumstances and questions that arise regarding a specific device or device type. FDA notes that the enforcement policy in this guidance does not address any legal requirements other than premarket notification. A. Modifications to Indications or Functionality At this time, FDA does not intend to object to limited modifications to the indications or functionality of the subject devices that allow for increased remote monitoring capability without prior submission of a 510(k) where the modification does not create undue risk and does not directly affect the physiological parameter measurement algorithm. FDA generally believes such a modification to the indications to allow for use in the home setting does not create such undue risk and does not affect the physiological parameter measurement algorithm. In contrast, modifications to the indications or functionality that could create such undue risk or that could affect the physiological parameter measurement algorithm would not be within the scope of this policy and would generally require submission of a 510(k).19 For example, modifications to add new indications or device software functions20 to allow for remote programming of the device, remote control of the device, generation of new alarms, measurement of new physiological parameters, or a change from prescription to over-the-counter use would not be within the scope of this policy. FDA is also providing recommendations regarding labeling21 relevant to the enforcement policy set forth above. FDA recommends that the subject devices use labeling that helps users better understand the device. FDA recommends that the labeling include the following elements: 1) A clear description of the available data on the device's new indications or functions, including: a. Device performance; and b. Potential risks. 19 21 CFR 807.81(a)(3). 20 For purposes of this guidance, for any given product, the term "function" is a distinct purpose of the product, which could be the intended use or a subset of the intended use of the product. For purposes of this guidance, a "device software function" is a software function that meets the definition of a device under section 201(h) of the FD&C Act. For details, see FDA's guidance Multiple Function Device Products: Policy and Considerations, available at https://www.fda.gov/regulatory-information/search-fda-guidance-documents/multiple-function-device- products-policy-and-considerations. 21 Unless exempt from the requirement of section 502(f)(1) of the FD&C Act (see 21 CFR Part 801, subpart D), a device whose labeling does not bear adequate directions for use is misbranded. FD&C Act sec. 502(f)(1). 21 CFR 801.5 describes a number of reasons why directions for use may be inadequate. Prescription devices are exempt from the requirement of section 502(f)(1) if all of the conditions identified in 21 CFR 801.109(a)-(e)-which govern the device's labeling, among other things-are met. See 21 CFR 801.109. Devices within the scope of this guidance must follow applicable labeling requirements. 6 Contains Nonbinding Recommendations 2) Information on use conditions, in particular, whether the device is intended for spot- checking, trend monitoring, or continuous monitoring. 3) For devices previously marketed for use only in a hospital or other healthcare facility and for which the environment of use has been expanded to include in-home use, adequate instructions for use in the home setting with appropriate lay terminology. B. Modifications to Hardware or Software Intended to Increase Remote Monitoring Availability or Capability As described above, at this time, FDA does not intend to object to limited hardware or software architecture modifications to subject devices that allow for increased remote monitoring capability without prior submission of a 510(k) when the modification does not create undue risk and where the modifications do not directly affect the physiological parameter measurement algorithm. The manufacturer should also consider the recommendations in Section III.A, as such hardware or software architecture modifications made to support patient monitoring may also affect the device's indications and functionality. FDA expects that these types of modifications generally include device connectivity modifications (e.g., the addition of wireless and/or Bluetooth capability), which may warrant accompanying non-device22 and device hardware or software architecture modifications. Such modifications generally do not create undue risk when the applicable FDA-recognized standards and guidances are followed, and generally do not affect the physiological parameter measurement algorithm; therefore, such a change would generally be within the scope of this policy. To address any unique considerations or modifications beyond those described above, manufacturers may wish to initiate discussions with FDA by contacting RPG@fda.hhs.gov or through the Q-Submission Program.23 FDA recommends any such changes be designed, evaluated, and validated in accordance with current FDA-recognized standards, including (as applicable): · ANSI/AAMI ES60601-1 Medical Electrical Equipment – Part 1: General Requirements for Basic Safety and Essential Performance · IEC 60601-1-2 Medical Electrical Equipment Part 1-2: General Requirements for Basic Safety and Essential Performance – Collateral Standard: Electromagnetic Disturbances – Requirements and Tests 22 Software functions that are solely intended to transfer, store, convert formats, or display medical device data or medical imaging data, unless the software function is intended to interpret or analyze clinical laboratory test or other device data, results, and findings, are not devices. See FDA's guidance Medical Device Data Systems, Medical Image Storage Devices, and Medical Image Communications Devices, available at https://www.fda.gov/regulatory- information/search-fda-guidance-documents/medical-device-data-systems-medical-image-storage-devices-and- medical-image-communications-devices. 23 See FDA's guidance Requests for Feedback and Meetings for Medical Device Submissions: The Q-Submission Program, available at https://www.fda.gov/regulatory-information/search-fda-guidance-documents/requests- feedback-and-meetings-medical-device-submissions-q-submission-program. 7 Contains Nonbinding Recommendations · IEC 60601-1-11 Medical Electrical Equipment Part 1-11: General Requirements for Basic Safety and Essential Performance – Collateral Standard: Requirements for Medical Electrical Equipment and Medical Electrical Systems Used in the Home Healthcare Environment · Any other applicable collateral/particular standards in the 60601-1 family · AAMI TIR69 Technical Information Report Risk Management of Radio-Frequency Wireless Coexistence for Medical Devices and Systems · ANSI/IEEE C63.27 American National Standard for Evaluation of Wireless Coexistence · IEC 62304 Medical Device Software – Software Life Cycle Processes · AIM 7351731 Medical Electrical Equipment and System Electromagnetic Immunity Test for Exposure to Radio Frequency Identification Readers · ANSI/UL 2900-2-1 First Edition 2017 – Standard for Safety, Software Cybersecurity for Network-Connectable Products, Part 2-1: Particular Requirements for Network Connectable Components of Healthcare and Wellness Systems · IEC 81001-5-1 Health software and health IT systems safety, effectiveness and security - Part 5-1: Security - Activities in the product life cycle The manufacturer must document the change and analysis in accordance with the manufacturer's quality system.24 In addition, modifications to hardware or software intended to increase remote monitoring capability may impact cybersecurity risks. Effective cybersecurity is necessary to ensure the safety and functionality of such devices. Manufacturers must follow cybersecurity requirements and should follow cybersecurity policies applicable to their devices. The following online resources may be helpful in developing and maintaining these cybersecurity controls: · Content of Premarket Submissions for Management of Cybersecurity in Medical Devices;25 24 Under the quality system (QS) regulation, "[e]ach manufacturer shall establish and maintain procedures for the identification, documentation, validation or where appropriate verification, review, and approval of design changes before their implementation." 21 CFR 820.30(i). On February 23, 2022, FDA proposed to amend the device current good manufacturing practice (CGMP) requirements of the QS regulation, 21 CFR part 820, to align more closely with the international consensus standard for devices by converging with the quality management system (QMS) requirements used by other regulatory authorities from other jurisdictions (i.e., other countries) (87 FR 10119; available at https://www.federalregister.gov/documents/2022/02/23/2022-03227/medical-devices-quality-system- regulation-amendments). Specifically, FDA proposed to amend the current part 820 by withdrawing the majority of the requirements for establishing and maintaining a QS and instead incorporate by reference the 2016 edition of the International Organization for Standardization (ISO) 13485, Medical devices-Quality management systems- Requirements for regulatory purposes, in part 820. As stated in that proposed rule, the requirements in ISO 13485 are, when taken in totality, substantially similar to the requirements of the current part 820, providing a similar level of assurance in a firm's quality management system and ability to consistently manufacture devices that are safe and effective and otherwise in compliance with the FD&C Act. FDA will update references to provisions in 21 CFR part 820 in guidance documents as appropriate for consistency with revised regulations. 25 Available at https://www.fda.gov/regulatory-information/search-fda-guidance-documents/content-premarket- submissions-management-cybersecurity-medical-devices-0. 8 Contains Nonbinding Recommendations · Postmarket Management of Cybersecurity in Medical Devices;26 and · FDA Fact Sheet: The FDA's Role in Medical Device Cybersecurity - Dispelling Myths and Understanding Facts.27 26 Available at https://www.fda.gov/regulatory-information/search-fda-guidance-documents/postmarket- management-cybersecurity-medical-devices. 27 Available at https://www.fda.gov/media/123052/download. 9