NCHR Comments on Prescription Drug-Use-Related Software

National Center for Health Research; January 10, 2019

National Center for Health Research’s Comments on
Prescription Drug-Use-Related Software;
Establishment of a Public Docket; Request for Comments

Thank you for the opportunity to provide our views proposed framework for regulating prescription drug-use-related software.

The National Center for Health Research is a nonprofit think tank that conducts, analyzes, and scrutinizes research, policies, and programs on a range of issues related to health and safety.  We do not accept funding from companies that make products that are the subject of our work.

Digital Health is a new area of healthcare covering a broad set of technologies with diverse applications in healthcare.  The proposed risk-based framework provides an important foundation for prescription drug-use-related software, but several important issues remain:

  • Software flaws and defects are capable of amplifying the dangers of digital health technologies, even those perceived as “low” or “moderate” risk. Unlike traditional drug labeling, digital technologies are more dynamic in nature and capable of generating content “on the fly.”  Software-related flaws or bugs could unexpectedly alter the output generated and displayed to users, leading to miscommunication with serious safety consequences.  For example, prior studies of FDA databases have reported digital health software flaws that displayed information to users about the wrong patient, while other flaws in low/moderate risk devices have led to high-risk safety recalls.1  We recommend clearly acknowledging the serious risks of software malfunctions to drug-use-related software output and the need to robustly document and monitor these issues.
  • There is a strong link between software’s reliability and the output it generates, and this must be addressed in any practical risk-based framework for prescription drug-use-related software. The proposed framework currently assumes that “prescription drug-use-related software output submitted by a drug sponsor…would be reliably produced by the software”.  However, assuming by default that the software is “reliable” underestimates the risks of technology with broad and unpredictable vulnerabilities that require frequent software updates, security patches, and constant surveillance.  We recommend revising the current framework to recognize and address the non-trivial link between software vulnerabilities and the output generated.
  • Patient safety must be made a priority for prescription drug-use-related software. Prior research has shown the serious consequences when regulatory policies for new technologies do not prioritize patient safety.2  The current risk-based framework needs to more clearly describe how patient safety issues will be addressed in the context of these new technologies:  How will prescription drug-use-related software (and output) fit within the broader approaches being developed by the FDA to regulate digital health?  For example, the FDA should describe if, where, and how these technologies would fit within FDA initiatives like the Digital Health Software Precertification Program.

 In conclusion, the above recommendations are crucial if the FDA is to achieve its mission of safeguarding patient health as the agency regulates prescription-drug-use-related software.



  1. Ronquillo JG, Zuckerman DM. Software-Related Recalls of Health Information Technology and Other Medical Devices: Implications for FDA Regulation of Digital Health. Milbank Quarterly 2017;95:535–53.
  2. Zuckerman DM, Brown P, Nissen SE. Medical Device Recalls and the FDA Approval Process. Archives of Internal Medicine. 2011;171:1006–11.