Fast-Forward to the Frightening Future
Fast-Forward to the Frightening Future: How the 21st Century Cures Act Accelerates Technological Innovation…at Unknown Risk to Us All
Anthony W. Orlando, Arnold J. Rosoff
First Published August 14, 2018 Research Article
Regulating technology in a field being fundamentally transformed by rapid advances is an exercise in planning for the unknowable. The 21st Century Cures Act (“Cures Act”) presents a future of bold and exciting innovations in health care, but how well does it prepare us for the potential misuse of these innovations? In this paper we explore the high-stakes race between desirable technological innovation and regulatory measures needed to keep us safe in this largely unknowable future. The Cures Act lays the foundation for, and affects the dynamics of, that race.
Our paper examines the authority of the federal Food and Drug Administration (“FDA”), an agency within the Department of Health and Human Services (“HHS”), to regulate “medical devices” and attempts to predict and influence how the FDA will exercise its authority over the imminent avalanche of electronic innovations designed to encourage and empower individuals to take greater personal responsibility for their own health. These “devices” include such things as wearable monitoring and recording devices, smartphone apps, medical and personal health websites, electronic health records (“EHRs”), and other emerging technologies, many of which do not fit neatly into traditional FDA categories of medical device definition and regulation. In addition to older laws defining the FDA’s purposes and powers, this new terrain is defined in part by the Cures Act, now less than two years old. This Act reflects a policy leaning to facilitate progress by limiting regulatory requirements that would overburden and slow development and adoption of new health care technologies. Our analysis will attempt to chart a safe passage between the Scylla of excessive regulation and the Charybdis of inadequate oversight and protection of patients and other end-users in this new, uncharted, and rapidly changing sea of technology.
In this brave new world, the FDA must serve not only its traditional missions of protecting the public’s health from unsafe and ineffective drugs and devices and their pocketbooks from unsupported claims and “snake oil” sales pitches. It must also protect people from invasions and abuses of the privacy of their personal health information (“PHI”) in ways that may threaten their personal safety, security, and civil rights.1 Our mission in this paper is to raise consciousness about the coming changes and challenges—especially those involving PHI privacy and security—and to enlist our colleagues’ aid in seeking solutions and charting the right course forward. While we lack full answers to the questions we raise here, we do propose some initial steps, key among them revisiting the definition of a “medical device” in the Food, Drug and Cosmetic Act (“FDCA”) and the Cures Act. We hope our analysis will help bring about a new paradigm that not only better reflects the changing nature of digital technology in the health care sphere and the way it will be used going forward, but also helps chart a better course between technological innovation and public safety.
We begin our analysis with the definition of a “medical device” subject to regulation by the FDA. We show how this definition and decisions about how different types of devices should and will be regulated are becoming more complicated and controversial than ever before. A wide new variety of “devices” will reach into our daily lives in a myriad of ways that will not only affect our physical health, but will also pose significant and largely unforeseen risks to our privacy, safety, security, and civil rights. In previous work, we have considered the benefits and risks of new electronic technologies designed to encourage and support greater personal responsibility in health, including software apps, wearable devices, and other health-related products in the rapidly developing “Internet of Things.”2 In this paper, we explore how the FDA and HHS may or may not interpret the Cures Act in a way that addresses these risks adequately.
Our inquiry into the scope and nature of medical device regulation comes at a pivotal time. The Cures Act was passed with bipartisan support in the final days of the Obama Administration, but it is now being implemented by the Trump Administration, which is aggressively anti-regulatory.3 In this new environment, there is reason to fear that the pendulum may swing too far in the direction of laissez-faire development of new technologies, exposing the public to an excessive and dimly-understood level of risk. We see this approach as part of a potentially dangerous policy in which technology is viewed as a savior and regulation of that technology is seen as a boulder blocking the road to a brighter and healthier future. None of the digital technology innovations we address herein are risk-free or costless to society. We argue that the Cures Act, and the FDA’s implementation of it, must do a better job of navigating the complex and rapidly-changing middle ground between encouraging beneficial innovation and protecting patients and consumers from insufficiently appreciated harms.
*This journal may require subscription to view the full article, if you do not subscribe please check your local library.