Advertisement

April 22, 2014

The Impact of Cloud Computing on Food and Drug Administration (FDA's) Regulation of Medical Products

Cloud computing involves the delivery of computing as a service rather than a product. In a cloud computing solution, shared resources, software, and information are provided much like a utility, over a network to computers and other devices. Cloud computing has been embraced by the medical industry, and is used as a vital technology in electronic medical record systems and telemedicine solutions, among other products. 

The U.S. Food and Drug Administration (“FDA”), which regulates the vast majority of medical products sold in the U.S., generally applies its existing regulatory scheme when facing new technologies like cloud computing. This is typified by FDA’s approach to nanotechnology that was developed in the last decade.

Cloud computing presents several challenges to FDA’s application of its existing regulatory scheme. For one, FDA, as a regulatory agency, has responsibility over medical products shipped in interstate commerce (specifically drugs, medical devices, and biologics), but lacks authority over the services provided by healthcare practitioners (i.e. “the practice of medicine”). Cloud computing involves the delivery of computing as a service rather than as a product, which complicates the analysis of how a cloud computing solution would be regulated by FDA.

The second challenge for FDA is the increased complexity of cloud computing software solutions. Medical device software has traditionally been very conservative in that it is generally installed on only one platform, with the hardware and operating system parameters “locked down” to limit compatibility issues. Further, communication is generally limited to interactions between a device and the computer system. In a cloud computing system, one or more cloud client software programs communicate with the cloud server software, and all of these software programs may be deployed on various hardware and operating systems. In fact, the strength of the cloud model is this ability to interact with the cloud server through a broad array of hardware and operating system platforms.

The third challenge to FDA’s existing regulatory scheme is in security. Medical information is scrupulously protected by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), numerous state laws, and physician ethical standards. As with financial information, medical information has great value. In a cloud computing software solution, this highly valuable and private medical information is often transmitted wirelessly and through the Internet, exposing it to potential theft. Further, the diffuse nature of cloud computing solutions and the ability to consolidate medical information from thousands of individuals in a single location poses significant liability risk from the loss of a single laptop or USB drive.

FDA does not currently have any specific regulations applicable to cloud computing. Further, FDA’s regulations applicable to computerized systems (21 C.F.R. Part 11) is currently being enforced only in a very limited manner. Despite this, FDA’s existing regulatory scheme has been applied to products and regulated processes that incorporate cloud computing services. Recent guidance has addressed gaps in the existing regulatory scheme, including FDA’s draft guidance on mobile medical applications.

Given the complexity with using cloud computing services in FDA regulated medical products, it is critical to carefully consider the regulatory impact of incorporating such services. Sheppard Mullin has expertise in the legal and regulatory issues surrounding cloud based services, including when using cloud computing in FDA regulated products and activities. Sheppard Mullin’s FDA practice has experience providing companies with advice on cloud computing issues, including counseling medical device software manufacturers. 

This article is drawn from the upcoming book Cloud Computing Deskbook, which is set to be released by Thomson Reuters West next summer. Cloud Computing Deskbook covers the legal and regulatory aspects of cloud computing, including those related to regulation by U.S. Food and Drug Administration. Please contact the author with any questions related to FDA regulation of cloud computing and software in general.

Copyright © 2014, Sheppard Mullin Richter & Hampton LLP.

About the Author

Sheppard Mullin has a full service FDA team as part of its Life Sciences practice group.  Our attorneys represent manufacturers and distributors of prescription and OTC drugs, biologics, medical devices, cosmetics, dietary supplements and food, as well as other entities whose activities are regulated by the U.S. Food and Drug Administration (FDA), including advertising agencies, clinical investigators, and research organizations.

202-772-5333

Boost: AJAX core statistics

Legal Disclaimer

You are responsible for reading, understanding and agreeing to the National Law Review's (NLR’s) and the National Law Forum LLC's  Terms of Use and Privacy Policy before using the National Law Review website. The National Law Review is a free to use, no-log in database of legal and business articles. The content and links on www.NatLawReview.com are intended for general information purposes only. Any legal analysis, legislative updates or other content and links should not be construed as legal or professional advice or a substitute for such advice. No attorney-client or confidential relationship is formed by the transmission of information between you and the National Law Review website or any of the law firms, attorneys or other professionals or organizations who include content on the National Law Review website. If you require legal or professional advice, kindly contact an attorney or other suitable professional advisor.  

Some states have laws and ethical rules regarding solicitation and advertisement practices by attorneys and/or other professionals. The National Law Review is not a law firm nor is www.NatLawReview.com  intended to be  a referral service for attorneys and/or other professionals. The NLR does not wish, nor does it intend, to solicit the business of anyone or to refer anyone to an attorney or other professional.  NLR does not answer legal questions nor will we refer you to an attorney or other professional if you request such information from us. 

Under certain state laws the following statements may be required on this website and we have included them in order to be in full compliance with these rules. The choice of a lawyer or other professional is an important decision and should not be based solely upon advertisements. Attorney Advertising Notice: Prior results do not guarantee a similar outcome. Statement in compliance with Texas Rules of Professional Conduct. Unless otherwise noted, attorneys are not certified by the Texas Board of Legal Specialization, nor can NLR attest to the accuracy of any notation of Legal Specialization or other Professional Credentials.

The National Law Review - National Law Forum LLC 4700 Gilbert Ave. Suite 47 #230 Western Springs, IL 60558  Telephone  (708) 357-3317 If you would ike to contact us via email please click here.