The U.S. Food and Drug Administration (FDA) gave an update of the guidelines that medical device manufacturers should follow when it comes to sharing information requested by patients. The medical devices that patients use can collect, process, store and transmit medical information. Sometimes patients ask for copies of the patient-specific recorded information, which manufacturers can freely share with the requesting patient.
The FDA is encouraging information sharing because it helps patients get better engagement with healthcare providers. The provided data from medical devices aid healthcare professionals in making good medical advice. The Federal Food, Drug and Cosmetic Act (FD&C Act) does not require medical device manufacturers to share information. But the FDA took the initiative to recommend guidelines as to how manufacturers can share patient information responsibly and appropriately.
The information recorded, processed and stored by the medical devices is unique to each patient’s personal data, diagnosis and treatment. Patients can obtain the information recorded by the medical devices directly from their healthcare providers. But there are times when the patients directly request a copy of the patient-specific information from the device manufacturers. The information may include patient data, device usage, data input by the healthcare provider, incidence of alarm, device malfunctions and more. Labelling is not included in patient-specific information but it is covered by the FD&C Act. Labelling includes information such as description of intended use, benefits, risks and user instructions.
Even if not required by the FD&C Act, device manufacturers should share patient information when requested without needing advance premarket review. In cases when the recorded information is in a closed system or it is not accessible in a shareable format, it is simply impossible to share the data with patients. The FDA is aware of such cases. In cases when patient data is available, it should be provided promptly. The information from the device must be comprehensive and contemporary, which means that the data is current up to the time the patient made the request.
This guideline recommended by the FDA is not legally enforceable and does not go against any federal or state laws, such as the HIPAA. In the event that the device manufacturer is considered as a HIPAA-covered entity, the company must comply with the HIPAA Privacy Rule.