In recent years, the US Food and Drug Administration (FDA) has faced criticism regarding its review process, the need to keep up with the science today, and updating the regulatory framework accordingly. In response, the year 2023 has been the year that brings significant changes to the FDA regulatory framework, and several initiatives are waiting on the horizon.
As a result, development and manufacturing in the medical industry are impacted deeply in ways that remain to be seen. At the same time, the FDA is taking more authority and emphasizing innovation-enabling tools and programs.
Here is a summary of the most intriguing regulatory changes ongoing and upcoming as the last quarter of 2023 is approaching.
Drug Supply Chain Security Act (DSCSA)
The Drug Supply Chain Security Act (DSCSA)1 was enacted in 2013 as title II of the Drug Quality and Security Act (DGSA)2 by the United States Congress to create a traceability framework for prescription medicines intended for human consumption. The aim is to address patient safety concerns arising from lack of traceability by setting requirements for, i.e., manufacturing, packaging, and distribution of pharmaceutical products. The electronic system is interoperable and built to trace pharmaceutical products at the unit level throughout the supply chain in the United States.
The ten-year timeline to implement3 the DSCSA ends in November 2023, after which every stakeholder that comes in touch with pharmaceutical products must comply with the regulations. The transactions within the supply chain must be traceable at the unit level, which is ensured with product serialization and verification of product identifiers (PIs) and with the registration of authorized trading partners.
FDA 21 CFR Part 820 and ISO 13485 Harmonization
In December 2018, the FDA came forward with its intent4 to harmonize and modernize the Quality System regulation (QRS, Title 21, part 820)5 by transitioning to the international standard ISO 13485:20166, which specifies quality management system requirements for medical devices.
FDA’s interest in ISO 13485:2016 is due to more robust risk management requirements for medical devices according to ISO 14971. FDA has recognized that these two Quality Management Systems are substantially similar7, whereas adopting ISO 13485:2016 requirements will benefit the medical industry by streamlining the QMS process and enhancing the patient safety of medical devices.
In February 2022, the FDA published a proposed rule8 for quality system regulation with a suggested one-year implementation time. Understandably, the medical industry responded by requesting more implementation time for the transition. As of now, the final rule is projected to be published in December 2023.
Consolidated Appropriations Act, 2023
In December 2022, the United States Congress passed the Consolidated Appropriations Act of 2023 (CAA)9, which allocates US$ 1.7 trillion in government spending for the fiscal year 2023. The CAA contains 1653 pages of legislation – in its pdf form – from infant formula to defense spending.
Not surprisingly, it also contains provisions with profound implications for the medical industry, which must be considered when developing innovations and pursuing market access.
Some of these provisions concern FDA legislative changes, modernization of clinical trials, substantive changes to medical device authorization, animal testing, and drug and biologics, to highlight a few.
Interestingly, some key healthcare provisions are directed at improving healthcare coverage of mental health, integrated behavioral health, and substance abuse10 (a significant factor in both mental and integrated behavioral health).
FDA Modernization Act 2.0
The CAA of 2023 approved the FDA Modernization Act 2.011,12, which relates to Clinical Trial Diversity and Modernization13. Before bringing pharmaceuticals and biological products to clinical studies, animal testing has been the prerequisite for preclinical studies. However, the FDA Modernization Act 2.0 covers alternative in vitro, in silico, and in chemico methods to use for evaluation in preclinical studies.
In short, in the future, the FDA is required to consider the following “nonclinical test” for the safety assessment of new drugs and biological products as they progress to clinical studies as defined in CAA section 3209 Animal Testing Alternatives:
1. Cell-based assays.
2. Organ chips and microphysiological systems.
3. Computer modeling.
4. Other nonhuman or human biology-based test methods, such as bioprinting.
5. Animal tests.
Food and Drug Omnibus Reform Act of 2022 (FDORA)
The most significant changes to the regulatory framework are brought by the Food and Drug Omnibus Reform Act of 2022 (FDORA), also enacted as part of the CAA of 20239. The FDORA amends the FDA’s statutory authority to reform the FDA’s regulatory framework and to reauthorize specific FDA programs. Some of the critical provisions changing the regulatory framework for the medical industry include reforms such as:
- SEC. 3601-3607 Clinical Trial Diversity and Modernization
- SEC. 3612 Bioresearch Monitoring Inspections
- SEC. 3629 Facilitating the Use of Real World Evidence
Medical device-specific reforms such as:
- SEC. 2513 Combating Counterfeit Medical Devices
- SEC. 3305 Medical Device Cybersecurity
- SEC. 3306 Bans of Devices for One or More Intended Uses
- SEC. 3307 Third Party Data Transparency
- SEC. 3308 Predetermined Change Control Plans
- Other Device-Specific Reforms
Drug and Biologic-specific reforms such as:
- SEC. 3210 Modernizing Accelerated Approval
- SEC. 3212 Advanced Manufacturing Technologies Designation Program
- SEC. 3621 Regulation of Certain Products as Drugs
- Other Drug and Biologic-specific Reforms
Medical Device Cybersecurity Reform
Section 3305 of CAA of 2023 concerns the “Ensuring Cybersecurity of Medical Devices” and gives the FDA explicit statutory authority to regulate the cybersecurity of medical devices. Section 330514 amended the Federal Food, Drug, and Cosmetic Act (FD&C Act) by adding Section 524B15, “Ensuring the cybersecurity of devices,” which took effect on March 29, 2023.
In general, the cybersecurity requirements concern devices that meet the definition of “cyber device” and are submitted under sections 510(k), 513, 515(c), 515(f), or 520(m). A cyber device is defined as a device that:
1. includes software validated, installed, or authorized by the sponsor as a device or in a device;
2. has the ability to connect to the internet and
3. contains any such technological characteristics validated, installed, or authorized by the sponsor that could be vulnerable to cybersecurity threats.
Manufacturers must ensure compliance by demonstrating reasonable assurance that the device and related systems are cyber-secure and can be updated and patched to address unacceptable or critical vulnerabilities on a reasonably justified regular cycle.
Clinical Trial Diversity and Modernization
The clinical trial diversity and modernization are addressed in sections 3601 to 3607 of the CAA of 2023 as a culmination of work run by the FDA for decades. In particular, the lack of clinical trial diversity has been a concern for public health since vulnerable groups such as children, older adults, women, and minorities have been underrepresented in clinical research.
The underrepresentation of demographic subgroups in clinical research leads to a gap in understanding how specific pharmaceutical or medical products’ therapeutic effectiveness, safety, and long-term side effects are for these subgroups, as well as the overall evaluation.
Hence, the requirements for clinical trial diversity are described in the following sections:
- SEC. 3601 Diversity Action Plans for Clinical Studies
- SEC. 3602 Guidance on Diversity Actions Plans for Clinical Studies
- SEC. 3603 Public Workshops to Enhance Clinical Study Diversity
- SEC. 3604 Annual Summary Report on Progress to Increase Diversity in Clinical Studies
Clinical Trial Modernization has been under similar debate as clinical trial diversity from the point of view of how to develop novel clinical trial design methods to create substantial evidence as required by the FD&C Act section 505(d) and whether the FDA regulatory framework must be modified accordingly.
Innovative models were further explored once the COVID-19 Pandemic threatened to stop clinical evaluations altogether. In order to mitigate disruptions to clinical research, the FDA exercised flexibility under:
- FDA Guidance on Conduct of Clinical Trials of Medical Products during the COVID-19 Public Health Emergency.16
By November 7, 2023, the FDA must hold a public meeting to discuss the influence of exercised flexibilities on clinical trial diversity and give recommendations from learned lessons to modernize clinical trials:
- SEC. 3605 Public Meeting on Clinical Study Flexibilites Initiated in Response to COVID-19 Pandemic
The FDA was given a one-year deadline until December 29, 2023, to draft guidance for both decentralized and modernizing clinical trials. As early on as May 3, 2023, the FDA released a level one draft guidance – not for implementation – for decentralized clinical studies17 for stakeholders to comment on. The FDA has yet to announce the draft guidance for modernizing clinical studies.
These guidelines must take into account the use of novel design, digital technologies, and diversity from diverse perspectives, and provide recommendations accordingly under the following sections:
- SEC. 3606 Decentralized Clinical Studies
- SEC. 3607 Modernizing Clinical Studies
- FDORA contains an abundance of changes to the FDA’s governing statute.
- Focus on integrated behavioural health, mental health, and substance abuse.
- Focus on the scientific importance of clinical research diversity.
- Recognition of novel design, real world evidence, and digital technologies for clinical and preclinical research.
- The importance of data transparency and cybersecurity for the medical industry has been recognized.