Strategies for mHealth Companies Wishing to Avoid FDA Regulation
(I would like to thank Leah Kendall of EpsteinBeckerGreen and Dane Stout of the Anson Group for their comments on a draft. The views expressed, right or wrong, are only the author’s and should not be attributed to anyone else.)
Most people know the difference between tax avoidance and tax evasion. Tax avoidance is the lawful planning of such things as charitable contributions to minimize taxes, while tax evasion is the unlawful and usually deceitful actions taken to hide income. In this article, I will share some tips for the avoidance of FDA regulation, not the evasion of FDA regulation.
This article is the fifth in a series of seven planned articles. The first three articles dealt with understanding the scope and nature of FDA regulation for mHealth, and the fourth article advanced the notion that IT companies wanting to make money in health ought to consider entering the FDA-regulated zone. Nonetheless, subjecting your company to FDA regulation is not for everyone, so this article is designed to help those who have decided to stay out of the production of FDA-regulated finished medical devices. In particular, I explain four ways to connect to health markets, and the pluses and minuses of each such approach.
The Binary Misunderstanding
Some IT companies new to the health field seem to misunderstand the nature of FDA regulation, and think of it as all or nothing. In other words, a company is either a manufacturer of medical devices and subject to the full panoply of FDA requirements, or they're not and likewise are not subject to any FDA restrictions. But that's not an accurate depiction.
Instead, companies should think of FDA regulation as a continuum. Diagram 1 below illustrates the two extremes and a few of the cases in between.
On the far right side, the diagram depicts the traditional manufacturer of finished medical devices that is indeed subject to all of the FDA requirements for medical devices. Even here, though, there are different levels of FDA requirements depending on the novelty and risk associated with a particular device. As outlined in the second article, devices are classified into three different classifications, and the types and burdens of FDA regulations vary considerably. Class III medical devices include such things as pacemakers, embody the greatest risk and thus must meet the most demanding requirements. Class I devices include such things as tongue depressors and have very minimal FDA requirements. Indeed, most class I devices do not even need to be approved by FDA, and the quality system requirements might be very basic. Many mHealth devices might fall into class I or class II. All of this was covered in much greater detail in the second article in this series.
On the far left side, the diagram includes unregulated articles such as personal computers that contain no medical references at all and over which FDA has no regulatory authority. It's the stuff in the middle that is interesting for mHealth purposes.
The cases in the middle include, for example, companies that merely make components for others to use in manufacturing medical devices, distributors of finished product that have no control over the promotional claims or the design specifications of the device, and contract manufacturers that make finished medical devices at the direction of another company. These different functional responsibilities all have narrower sets of FDA requirements that apply to them, directly or indirectly. It's important to understand the range of possible relationships before talking about ways to reduce or avoid FDA requirements, and exactly what that means.
Four Ways to Connect to The Health Market While Reducing or Avoiding FDA Requirements
Before I go through the four strategies, it probably goes without saying that each one is predicated on the company fully implementing the strategy in good faith. Anything less potentially becomes FDA law evasion, rather than avoidance. Okay, so here they are:
Strategy 1: avoid medical devices and their accessories. About now you're wondering whether this article is worth reading, but stick with me for a second, there's a more subtle and profound observation to be made. In your mind, go back to the very first article on the scope of FDA regulation. I went through an example of a stick, and how it could be either a popsicle stick or a pediatric tongue depressor, depending on what claims the company chooses to make. My point is that in many cases, the design of the product does not determine its regulatory status, but rather the promotional claims determine its status. So if your company can reach its commercial objectives without medical claims, and if the product has legitimate and material nonmedical uses, you might be able to avoid FDA regulation by avoiding medical claims.
A simple cell phone provides another example. A cell phone can be promoted merely as a cell phone, and no FDA compliance issues will arise. But if the manufacturer of the cell phone starts to make claims that the phone is suitable specifically for healthcare applications, the cell phone manufacturer runs the very real risk of turning its simple phone into a regulated medical device.
Remember from the first article that the manufacturer might get into trouble making claims that its product is specifically intended to accompany a medical device. That may very well make the product an accessory to the medical device, which makes it a regulated device. Again, claims are pivotal in determining whether something is an accessory or not.
In the last couple years as I've been watching what's coming out of Silicon Valley, I'm seeing a tremendous number of hardware and software products that probably could be sold as unregulated articles, but where the manufacturer, possibly quite inadvertently, is making claims that would cause FDA to regulate them. FDA is stretched pretty thin these days, so they aren't watching everything coming out of the IT industry, but someday I suspect FDA will get more active in this space.
There are limits to this strategy. I can't make a pacemaker, for example, and try to pass it off as a simple, generic piece of electrical equipment. In designing the pacemaker, I've done too much to make the design specific to a medical use to later disclaim that use. Remember intended use is judged by words, actions, and in some cases, inaction. If you're interested in this strategy, you ought to review the first article in this series.
A number of startups in mHealth have come up with very innovative business plans that put them squarely in the gray area between medical and nonmedical intended uses. For example, there are companies developing strategies for remote monitoring of people, rather than their disease or condition. There are gray areas between wellness programs and disease programs where FDA needs to give industry clearer guidance. Obesity, as a disease, is often difficult to distinguish from general physical conditioning. Unfortunately, I suspect we will all need to feel our way along in the dark for the time being.
Finally, to employ this strategy, the maker of the equipment must be duly diligent in avoiding making medical claims. That means it needs to have some level of compliance and training systems in place to ensure, for example, that sales representatives do not go rogue. Even unauthorized sales activity can come back to haunt the company if the government decides that the company wasn't careful enough in managing its people.
Strategy 2: avoid controlling the product specifications or the claims made. Most FDA requirements, including the need to obtain FDA clearance or approval, and the responsibility for reporting adverse experiences fall on the company that owns and controls the product specifications and the claims made. Because most of the risk of a medical device stems from its design and the claims made about it, whoever controls those two features has most of the FDA compliance responsibilities. So, if you don't want those responsibilities, don't own or control those two features of the device.
Some examples probably would help. In most cases, a contract manufacturer does not control the product specifications or the claims made about the product. That's true even if the contract manufacturer produces finished product and drop ships it to the ultimate purchaser on behalf of the specification owner. In that case, FDA looks to the specification owner for compliance with most of the agency's requirements, even if the specification owner never even touches the device.
Indeed, ownership of the product and the control of the specifications and labeling determine regulatory responsibility instead of who in fact engaged in the design process or wrote the label. Companies often ask a contract manufacturer to help with the design process, or enlist the services of an engineering firm. None of that matters. The only thing that matters is who, at the end of the day, owns the product and controls the specifications and the label for the product.
This control rule is also the basis for organizations such as distributors and retailers to pass regulatory responsibility up the chain of distribution to whichever entity controls the specifications and the labeling. Although distributors and retailers have limited FDA responsibilities, the responsibilities for seeking FDA clearance and ensuring the quality of the product remain with whoever controls the specifications and labeling.
Components suppliers similarly avoid much of the onerous elements of FDA regulation. If a company makes an article that is incorporated into a finished medical device, the maker of that component is not directly subject to FDA regulatory requirements for premarket clearance or even the quality system requirements. Instead, the finished device manufacturer is obliged to have in place supplier controls sufficient to ensure the quality of the components it uses. These controls might include, for example, periodic inspections of suppliers.
Another strategy is to supply finished medical devices to a firm that will co-package its own device with yours. From a regulatory standpoint, this is essentially the same as the component supplier scenario just discussed. Even though the article is a finished one, if it is bundled together with another product before it is sold to the end user, the company that does the bundling has responsibility for ensuring that each product in the bundle has the requisite regulatory compliance. Sometimes the supplier for the article to be bundled will undertake compliance with the FDA requirements itself, and sometimes the bundler takes that job. But because the bundler is considered to own the specifications of the bundle and whatever claims are made for the bundle, it generally has the ultimate regulatory responsibility.
Let’s take, for example, a common cell phone, hypothetically call it a mePhone. If the cell phone manufacturer makes no medical claims about it, the cell phone manufacturer will have no direct FDA responsibilities. But let’s say a blood glucose meter manufacturer claims, in promotional materials, “our meter will pair with the mePhone to down load data for analysis on our special app.” Arguably the blood glucose meter manufacturer has made the mePhone and the app into components of its medical device system. So the blood glucose meter manufacturer may, for example, either need to prove through a risk assessment that mePhones available in the market place will remain suitable for that intended use, or need to enter into an agreement with the mePhone maker such that the two companies, through cooperation and control, will ensure the future compatibility of the two devices. I’ve kept this simple but in real life these facts are usually much more complex.
I want to underscore something I said earlier: almost none of the organizations in this section are completely outside of FDA's jurisdiction. They all have some, albeit perhaps minor, FDA responsibilities. Even distributors and retailers have to ensure their promotion remains consistent with the approved labeling, and their facilities appropriately safeguard the integrity of the products. Components suppliers, while technically exempt from the quality system regulations, often must nonetheless ensure that they are not selling adulterated components for use in medical equipment.
Over the last several years, I have read a dizzying array of corporate agreements that provide for various kinds of collaborations like these between companies. Some of them are fashioned as supply agreements, while others look like contract manufacturing agreements, and yet others look like intellectual property license agreements.
As a regulatory lawyer, when I read these agreements, often I'm asked to make a judgment as to who has the FDA regulatory responsibilities. And sometimes, honestly, it just isn't clear. I've read agreements where all the specifications and promotional claims have to be mutually agreed upon between two parties. In other cases, one party maintains a general level of control over the specifications and claims, while the other party is able to exercise wide latitude within certain limits. In those cases, where it is genuinely unclear which party has the FDA responsibilities under the regulations, I believe FDA permits the parties to specify in the agreement who has those responsibilities, so long as that division is reasonable to resolve the gray area. So my advice: have your regulatory lawyer work closely with your corporate lawyer to make sure that your various collaboration agreements specify a reasonable – and your intended -- division of labor on the regulatory compliance side.
Strategy 3: contract out the hard stuff. Even if your company markets what is admittedly a medical device and controls the specifications and the promotional claims so that your company is clearly regulated by FDA, that doesn't mean your company itself must do the hard stuff. The regulatory work can generally be contracted out, even if the regulatory responsibility has to remain with the specification owner.
It probably won't surprise anyone to know that there are whole industries designed to conduct various responsibilities of medical device specification owners in compliance with FDA requirements. For example, there are clinical research organizations that can do all of the clinical research, soup to nuts, and one of their main selling points invariably is that they take responsibility for the FDA compliance for that function. There are regulatory consultants who can quite ably prepare premarket submissions. There are contract manufacturers who specialize in producing product under FDA quality system requirements, and there are other consultants who can help bring the specification owners’ facilities up to code, so to speak. There are design organizations well-versed in conducting the design process in compliance with FDA design controls. Bottom line: if there's some feature of FDA regulatory compliance that makes you nervous, there's probably a whole industry out there quite willing to help you do it.
That said, it bears repeating that you can contract out the work but not the responsibility. If your organization is the one that controls the specifications and the labeling, your organization will bear ultimate responsibility for FDA compliance. As a practical matter, if you choose to contract out any of that work, it means you have the obligation to be duly diligent in selecting the right qualified firm to help you do the work, and providing reasonable oversight for the function. So the handoff isn't complete.
Strategy 4: sell a service or be a user, not a product producer. This strategy is sometimes risky, but sometimes it can work. FDA's jurisdiction is very clear: the agency regulates products. In the very first article, I discussed the need for a physical product that is the subject of FDA regulation. FDA does not regulate services, nor do they regulate the practice of medicine.
That circumstance has led some professions to be able to do things that product manufacturers and sellers cannot. For example, clinical laboratories routinely develop their own clinical tests that they use with their own customers. For decades, FDA has taken a nearly hands-off approach to that practice, saying that clinical labs are sufficiently regulated under a different piece of legislation, the Clinical Laboratory Improvement Amendments of 1988. Likewise, pharmacists who are regulated under state pharmacy laws have a certain latitude to compound drugs. In these cases, FDA has decided that these are professional service businesses rather (already regulated by others) than the sellers of devices or drugs.
Conceptually, it may be possible to position certain healthcare services as services, rather than the sale of products. But be mindful that this is not simply converting outright sales to rentals. That makes no difference to FDA. Further, as you might guess, if a particular operation starts to look too much like manufacturing, FDA will regulate it. My only point is that healthcare professionals have a certain latitude to provide services to their patients without FDA intrusion. The sixth article in this series will discuss this latitude specifically.
The Trade Offs
As Milton Freidman observed, there ain't no such thing as a free lunch. Each of these strategies involves trade-offs, and I've tried to depict those at a high-level in Diagram 2.
As with some of my other diagrams, this one reflects subjective judgments concerning the magnitude of the benefits and burdens associated with a few of the strategies. I've used blue stars to depict features where more is better, and I've used black stars to indicate attributes where less is better.
So, if we look in the column for FDA regulated articles (#8 for class III), we see my assessment that the potential profit margins are the greatest and the product life cycle length is the longest and barriers to entry are the greatest, but on the negative side internal overhead costs are the greatest. I chose to characterize product lifecycle length as good simply because it means the company has a longer time in which to recoup its investment. I realize some IT companies like the short product lifecycles because they consider speedy new product innovation to be a competitive advantage for the firm.
On the other end of the spectrum, I indicate that unregulated articles normally have much lower profit margins and shorter product lifecycles and fewer barriers to entry, but lower overhead costs. However, I'm sure everyone can think of examples where that's not true. In some cases companies are able to develop patent protection around truly novel technologies and earn tremendous profit margins over the full length of the patent life. Further, the development of those innovative products might be a tremendously high cost. But I'm treating those as the exception, not the rule. Perhaps I'm wrong, but in the consumer electronics area, it seems as though competition is fierce and technologies quickly become commoditized despite whatever patent protections might be available.
In the middle you find compromises between those two extremes. In scenario 5 where the company simply contracts out certain difficult tasks, the profit margins go down correspondingly as the costs of contracting go up, but the company still benefits from some barriers to entry and earns a comparatively better profit margin than the far right side of that table. Likewise, component suppliers often enjoy fewer barriers to entry and have comparably lower profit margins to the finished medical device manufacturers, but they also face a lower cost structure.
There is a quantitative basis for this judgment that bears noting. According to Thomson Reuters, medical equipment manufacturers enjoy an average five-year gross margin of 59%, compared with 45.8% for the S&P500. Recent research coming from the Deloitte Center for the Edge, which has studied the business climate for US industries over the past forty years, calculates the average return on assets (ROA) for the entire U.S. economy had fallen to almost one-quarter of its 1965 levels by 2008, while performance in the Health Care industry has run contrary to the trend. That occurred while the ROA in healthcare rose from 1.7 percent in the early 1970s to 3.8 percent in the same period, nearly doubling.
Choosing a strategy is a very complicated exercise that involves looking at these issues, plus most of the competitive issues discussed in article 4 of the series. The dynamics of the marketplace and the competitive strengths of the firm itself will play major roles in any assessment of the optimal strategy. My only point here is that each strategy has its own rewards and risks.
Conclusion
This article is meant to give you a high-level understanding of some broad strategies for avoiding or at least reducing your company's FDA compliance obligations. Within each of these broad strategies are multiple variations that raise complexities well beyond the scope of this article. The last strategy, selling services or being a user of products, is complicated enough that it deserves its own article. So the next article, number six in the series, will focus on hospitals and other providers of care that might employ their own tailored technology to diagnosing, monitoring or treating patients, and the corresponding FDA obligations that may apply.
