Clinical decision support (CDS) software can help doctors more effectively wade through mountains of data to find the best treatment options for each patient. Despite the fact that CDS only produces recommendations to clinicians, bad information can produce bad outcomes.
While defective CDS software can be harmful, this does not mean that that U.S. Food and Drug Administration should regulate all CDS software. Low-risk CDS should be left alone, and the CDS Coalition recently released industry guidelines for medium-risk CDS that aim to protect patients.
Why Guidelines Work for Low- and Medium-Risk CDS
Why doesn’t low-risk CDS merit FDA regulation? The software may only provide limited information that a clinician considers together with other important information, or it may provide information that addresses relatively benign diseases or conditions. For example, it could help a physician add the five components of an Apgar score but not recommend a specific treatment, or it could calculate a body-mass index score to help guide diet and exercise. Neither merit the burdens of FDA regulation.
Nor is regulation necessary for medium-risk CDS, although the analysis here is a bit more nuanced. Since medium-risk CDS cannot be dismissed on the basis that, statistically speaking, the software is unlikely to ever hurt anyone, we need to consider the specific dangers that exist and whether regulation is the appropriate response to manage that risk.
We don’t regulate all risks. There are plenty of consumer products that could hurt people. We do not, for example, require premarket governmental approval of new power tools even though, according to the National Electronic Injury Surveillance System, such tools cause approximately 125,000 injuries per year. Indeed there are dozens of items in most homes that could cause injury but we do not require them to be preapproved by the government.
Instead, we reserve governmental preapproval for products that meet two criteria:
- The risk of harm is material and the consequences of the harm are significant, including death, and cannot be completely remedied afterward (money can’t compensate for everything); and
- Users cannot understand or protect themselves from the risk of harm using ordinary diligence. For example, to assess whether a new drug is safe and effective, the user may have to review thousands of pages of highly technical test data.
The word “and” between these two points is important. We do not require government preapproval where the user can adequately assess the risk or where there is no material risk of significant harm. Both conditions must be present.
FDA regulation of medium-risk CDS is unnecessary because of the second point: clinical users can understand and protect their patients from risk using ordinary diligence. But to ensure that is true, developers of medium-risk CDS need to take steps to enable users to understand the basis for the recommendations. In September, the CDS Coalition published guidelines to help developers achieve that goal.
CDS Guidelines Keep the Doctor in Control
In a nutshell, these guidelines explain that if the software is (1) designed to be transparent, (2) intended for use by a clinical user with the requisite skill and (3) intended for circumstances where there is sufficient time to carefully think through the diagnostic or therapeutic decision, then the user can independently assess the result and validate any recommendation that is suspicious.
In this context, transparent means that the user has access to the clinical logic that the software is applying and the underlying patient data in order to verify the accuracy of the recommendation.
Government regulation, and in particular premarket review, need to be used sparingly because they add greatly to the cost of healthcare, in both business and governmental expenditures, but more importantly, they delay the availability of important new and rapidly evolving technology. Where feasible, industry guidelines offer a more efficient method of oversight.
In this particular case, Congress created an incentive for industry to follow these guidelines. According to the 21st Century Cures Act signed into law in December 2016, the FDA will not regulate CDS so long as healthcare professional users are able to independently review the basis for the recommendations the software produces, so they will not need to rely primarily on the recommendations. Following the industry guidelines will help demonstrate that the software falls outside of FDA regulation.
The guidelines do not simply track the new statute, though. In developing them, the coalition also considered liability issues and best practices in the design and marketing of CDS software.
In the end, for medium-risk CDS, these guidelines identify approaches that will help ensure the ability of the clinician to stay in control of the decision-making, instead of asking the clinician to rely on a black box.