HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

FDA Publishes Final Guidance for Medical Device Manufacturers Sharing Information with Patients

The U.S. Food and Drug Administration (FDA) has released final guidance for medical device manufacturers sharing information with patients at their request.

Legally marketed medical devices collect, store, process, and transmit medical information. When patients request copies of the information recorded by or stored on the devices, manufacturers may share patient-specific information with the patient that makes the request.

The FDA encourages information sharing as it can help patients be more engaged with their healthcare providers. When patients give their healthcare providers data collected by medical devices, it can help them make sound medical decisions.

While information sharing is not a requirement of the Federal Food, Drug, and Cosmetic Act (FD&C Act), the FDA felt it necessary to provide medical device manufacturers with recommendations about sharing patient-specific information with patients. The guidelines are intended to help manufacturers share information appropriately and responsibly.

Please see the HIPAA Journal Privacy Policy

The FDA explains that in many cases, patient-specific information recorded by medical devices is shared with the patient’s healthcare providers, and oftentimes the patient is able to obtain copies of that information from their healthcare providers. However, sometimes patients may submit a request to the device manufacturer for a copy of the patient-specific information recorded by the device.

The FDA explains that patient-specific information is information that is unique to a particular patient – or unique to the patient’s diagnosis and treatment – that has been recorded, stored, processed, or derived from a legally marketed medical device. “This information may include, but is not limited to, recorded patient data, device usage/output statistics, healthcare provider inputs, incidence of alarms, and/or records of device malfunctions or failures.”

The FDA notes that patient-specific information does not include labelling, which is covered by the FD&C Act. Labelling covers information such as descriptions of intended use, benefit and risk information, and instructions for use and the sharing of such information is subject to applicable requirements of the FD&C Act.

The FDA encourages device manufacturers to share information with patients when copies are requested, even though data sharing is not a requirement FD&C Act. The FDA also explains that data can be shared with patients at the patient’s request, without the need to undergo an additional premarket review in advance.

Some medical devices record, store, and transmit information in a format that makes it difficult to share the information with patients, or in some cases, information is recorded in a closed system that cannot be accessed by the device manufacturer. The FDA is aware that in such cases it may not be feasible to share data with patients.

When information sharing is possible, device manufacturers should respond to requests promptly and information should be “comprehensive and contemporary.” Data should include all information that is available, up until the point that the request is made.

The FDA points out that its guidance does not establish any legally enforceable responsibilities, and neither does it affect any federal, state or local laws. That includes HIPAA, and specifically the HIPAA Privacy Rule, which will apply if the device manufacturer is a business associate of a HIPAA-covered entity.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.