[U.S. Food and Drug Administration]

STATEMENT BY

JOHN CALLAHAN, PH.D.

ASSISTANT SECRETARY FOR MANAGEMENT AND BUDGET

DEPARTMENT OF HEALTH AND HUMAN SERVICES



BEFORE THE

SUBCOMMITTEE ON OVERSIGHT AND INVESTIGATIONS

COMMITTEE ON VETERANS' AFFAIRS

U.S. HOUSE OF REPRESENTATIVES

SEPTEMBER 24, 1998



I INTRODUCTION

Good morning, my name is John Callahan, Ph.D., Assistant Secretary for Management and Budget, and Chief Information Officer (CIO) for the Department of Health and Human Services (DHHS). I am pleased to be here today to provide information on the Year 2000 date issue as it relates to medical devices. The Food and Drug Administration (FDA) has taken a number of constructive actions to work with manufacturers and provide information to users about medical device Year 2000 compliance.

II. WHAT IS A MEDICAL DEVICE?

According to the definition in the Federal Food, Drug, and Cosmetic (FD&C) Act, a "device" is:

an instrument, apparatus, implement, machine, contrivance, implant, in vitro reagent, or other similar or related article, including any component, part or accessory, which is intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease, in man or other animals, or intended to affect the structure or any function of the body and which does not achieve its primary intended purposes through chemical action and which is not dependent upon being metabolized for the achievement of its primary intended purposes.

As this definition suggests, many different types of products are properly regulated as medical devices. Medical devices include over 100,000 products in more than 1,700 categories. The products regulated by FDA as medical devices range from simple everyday articles, such as thermometers, tongue depressors, and heating pads, to the more complex devices, such as pacemakers, intrauterine devices, diagnostic imaging devices, and kidney dialysis machines.

Any computer software which meets the legal definition of a medical device is within the scope of the law and must comply with applicable FDA regulations. Medical devices which use computers or software can take several forms including: embedded microchips which are part, or components, of devices; non-embedded software used with, or to control, devices or record data from devices; or individual software programs which use or process patient data to reach a diagnosis, aid in therapy, or track donors and products.

FDA is responsible for promoting and protecting public health by helping to ensure that medical devices are safe and effective. FDA carries out its mission by evaluating new products before they are marketed; assuring quality control in manufacture through inspection and compliance activities; monitoring adverse events in already marketed products; and, taking action, when necessary, to prevent injury or death. A device manufacturer must comply with all applicable requirements of the FD&C Act, including, but not limited to, establishment registration and device listing, premarket review, use of good manufacturing practices, and reporting adverse events. The FDA Center for Devices and Radiological Health (CDRH) has responsibility for regulating medical devices.

As diverse as medical devices are, so are the range and complexity of problems which can arise from their use. These problems include mechanical failure, faulty design, poor manufacturing quality, adverse effects of materials implanted in the body, improper maintenance/specifications, user error, compromised sterility/shelf life, and electromagnetic interference among devices.

A. Embedded Computer Software

Computer software frequently is embedded as a "component" of devices, i.e., software contained on a microchip to control device operation. Examples of such common, important devices are pacemakers, infusion pumps and ventilators. Based on FDA's discussions with the manufacturers, the majority of these products will not be impacted by the Year 2000 problem since almost none of them require knowledge of the current date to operate safely and effectively. For example, pacemakers do not use the current date in their operation.

B. Non-embedded Computer Software

Non-embedded software is intended to be operated on a separate computer, often a personal computer or work station. Such software devices may be used to enhance the operation of another device or devices and, further, may use the two-digit year format. It is possible that non-embedded software devices may rely on the current date for proper operation and might be affected by the Year 2000 date change.

An example of non-embedded software is a computer program used to plan radiation therapy treatments delivered using radioactive isotopes as the radiation source (teletherapy or brachytherapy). These treatments possibly could be affected if the computer program that calculates the radiation dose parameters uses only a two-digit year representation. The calculation of the length of time since the source was last calibrated could be in error and thus lead to an incorrect treatment prescription.

Other examples of non-embedded software devices include: conversion of pacemaker telemetry data; conversion, transmission, or storage of medical images; off-line analysis of ECG data; automated analysis and interpretation of ECG data; calculation of rate response for a cardiac pacemaker; perfusion calculations for cardiopulmonary bypass; and calculation of bone fracture risk from bone densitometry data. Since there is a chance that the two-digit format may affect the performance of these software devices, FDA believes that the Year 2000 risk needs to be mitigated through proactively working with manufacturers.

III. DHHS and FDA efforts to address Year 2000 issue

A. June 25, 1997 notification to manufacturers

The impact of the Year 2000 problem on some medical devices containing embedded microchips and software applications clearly warrants the attention of FDA. Manufacturers of such products are the only reliable source of information as to the details of the methods used in the programming.

In light of the review of the impact of the Year 2000 on some medical device computer systems and software applications, FDA has been proactive in alerting the medical device industry through a series of letters to medical device manufacturers. The first alert letter was sent over a year ago on June 25, 1997, to 13,407 medical device manufacturers (8,322 domestic and 5,085 foreign) indicating that manufacturers needed to address this issue and review both embedded and non-embedded software products. FDA reminded manufacturers that, in addition to potentially affecting the functioning of some devices, the two-digit year format also could affect computer-controlled design, production, or quality control processes. FDA requested that manufacturers review the software used in medical devices to determine if there is any risk.

FDA recommended specific actions to ensure the continued safety and effectiveness of these devices. For currently and previously produced manufactured medical devices, manufacturers should conduct hazard and safety analyses to determine whether device performance could be affected by the Year 2000 date change. If these analyses show that device safety or effectiveness could be affected, then appropriate steps should be taken to correct current production and to assist customers who have purchased such devices. For computer-controlled design, production, and quality control processes, manufacturers should assure that two-digit date formats or computations do not cause problems.

In the June 1997 letter to industry, FDA reminded manufacturers that under the Good Manufacturing Practices Regulation and the current Quality System Regulation (which describe the design and manufacturing processes that must be used to assure design and production of a safe, effective finished product), they must investigate and correct problems with medical devices. This includes devices which fail to operate according to their specifications because of inaccurate date recording and/or calculations.

FDA expects manufacturers who identify products that have a date-related problem to take the necessary action to remedy the problem. This might include notification to device purchasers so that their device can be appropriately modified before the year 2000. Provided appropriate corrections are made, FDA does not anticipate any significant problems to the patients with individual medical devices containing embedded microchips since these devices generally do not use the current date in their operation. At the same time, FDA wants to ensure the continued safety and effectiveness of these devices.

For future medical device premarket submissions, sponsors of devices whose safe operation could be affected by the Year 2000 date change will be required to verify that the products can perform date recording and computations properly (i.e., are Year 2000 compliant), or clearly label products, which are introduced and are not Year 2000 compliant as not to be used after December 31, 1999.

B. January 21, 1998 Request for Information

In the year since the first letter, there have been continuing efforts by DHHS and FDA to obtain and provide information on the Year 2000 status of medical devices. In a letter dated January 21, 1998, DHHS Deputy Secretary Kevin Thurm asked approximately 16,000 medical device and biomedical equipment manufacturers to voluntarily provide information on the Year 2000 compliance status of their products. Under its current regulations, FDA does not have the authority to require all device manufacturers to submit reports on whether their devices are Year 2000 compliant. Included in the mailing were all FDA registered manufacturers without respect to the specific kind of device produced, even though FDA estimates fewer than 2,000 manufacturers make products listed in the categories which include computerized products potentially sensitive to Year 2000 problems. Approximately 3,000 of the manufacturers included in the mailing are not regulated by FDA; for example, scientific instrument manufacturers. The letter detailed instructions on ways to submit the data requested and explained that to be Year 2000 compliant products must function as intended regardless of the date. Manufacturers also were given the opportunity to certify that their products are not affected, if that is the case, or certify that none of their products use computers or date information.

C. Year 2000 Database

The Year 2000 product database was established in March 1998 and is being maintained by FDA on its World Wide Web site at the request of the Interagency Biomedical Equipment Working Group. This Working Group was organized under the Chief Information Officer's Councils' Subcommittee on the Year 2000. The web site is intended to give the general public, government agencies, and the healthcare and research communities one comprehensive source of information about this issue. The web site is found at: http://www.fda.gov/cdrh/yr2000/year2000.html. Manufacturers also may submit a World Wide Web link to their own web site where the requested information is provided to the public, if they so choose. FDA does provide a link to the site where the manufacturer presents complete product information.

The web site includes information at the individual model level only for non-compliant products, since this is the most useful information to a user of the web site. The decision to include only this information was based on the belief that if a manufacturer's entire product line is certified to be compliant, users would receive no additional benefit from posting of the specific model level information of compliant products.

In addition, the DHHS and the Department of Veterans Affairs (DVA) are working as a Federal partnership to develop a single data clearinghouse. DVA, as a purchaser of medical devices, has been collecting information from its vendors as to the compliance status of the medical devices used in its facilities. DVA is taking the steps necessary to make the product status information it gathers available to the public. FDA is working with DVA to merge this data with the FDA database and provide a single comprehensive source of information for the public. We have signed a collaborative agreement to accomplish this goal. To date, FDA alone has borne the cost of the web site database effort. Both HHS and DVA are working with private sector associates, mostly professional associations such as the American Medical Association, the American Hospital Association, the Joint Commission on Health Care Accreditation, and the Health Industry Manufacturers Association (HIMA), who will provide advice and assistance as requested.

D. Targeted Follow-up with Manufacturers of Computerized Devices

On June 29, 1998, FDA issued a targeted, follow up letter to 1,935 specific manufacturers of computerized devices urging them to respond to our January 21 request to submit product data. This list was derived from the names of those firms which have registered as manufacturers of devices in the categories where Year 2000 vulnerability is likely. This letter is our second comprehensive request for voluntary submission of data.

On August 14, 1998, Dr. Bruce Burlington, Director, CDRH, and again on September 2, 1998, Dr. Friedman, Acting Commissioner of the Food and Drug Administration, issued letters to HIMA requesting that HIMA take aggressive and immediate actions to encourage and assist medical device equipment manufacturers in providing information to FDA about the Year 2000 compliance status of their products.

Then on September 2, 1998, FDA issued a follow-up to the June 29, 1998 letter, directed to the approximately 1,400 manufacturers of computerized devices who had not responded to the previous requests for information on the Year 2000 status of their devices. In the letter, FDA requested that the manufacturers respond to FDA within two weeks with the Year 2000 compliance status of their devices, or at least indicate that a complete response was being developed. FDA will continue to work with manufacturers to obtain this data and report to Congress on the status of these Year 2000 requests.

In the past few weeks FDA has decided that it would be useful to provide an indication of whether a particular manufacturer of computerized devices that are susceptible to Year 2000 concerns has or has not provided information on Year 2000 compliance. To that end, FDA intends to post on the web site the identity of manufacturers of those selected product categories which are likely to include vulnerable products and have not provided a response to FDA's inquiries.

E. Additional Outreach and Guidance

In addition to the web site and the letter, CDRH has been conducting outreach to the device industry on this issue. CDRH's Division of Small Manufacturers Assistance provided an article entitled "Biomedical Equipment Manufacturers Urged to Share Year 2000 Information" to 12 Medical Device Trade Press contacts and to 65 U.S. and 35 foreign medical device trade associations in order to facilitate the dissemination of information to their members regarding the web site database and to encourage the posting of data by manufacturers. The web site and database are mentioned in the FDA Column of the June 3, 1998, Journal of the American Medical Association and in an article in FDA's Medical Bulletin that was sent to approximately 700,000 health care practitioners this past summer.

Although most devices are regulated by CDRH, FDA's Center for Biologics Evaluation and Research (CBER) regulates blood bank software, which is of particular concern for potential Year 2000 problems. In January 1998, CBER posted guidance for industry entitled "Year 2000 Date Change for Computer Systems and Software Applications Used in the Manufacture of Blood Products" on the FDA web site. The guidance provided specific recommendations to assist industry in its evaluation of computer and software systems used in the manufacture of blood products and to assist in evaluating the impact of potential Year 2000 problems. In the Spring of 1998, CDRH developed a Guidance Document on FDA's expectations of medical device manufacturers concerning the Year 2000 date problem. The guidance is available on the FDA web site. The guidance was published in the Federal Register on June 24 for greater dissemination. The guidance re-emphasizes the provisions in existing regulations that require manufacturers to address any date problems which may present a significant risk to public health.

FDA staff organized, with the staff of the ECRI, a medical device consulting and testing organization, a half-day session on the Year 2000 date problem at the June 2, 1998 annual meeting of the Association for the Advancement of Medical Instrumentation. This meeting was attended by hospital clinical engineers, representing the device purchasers and users, medical device researchers and developers, and device manufacturers. The session permitted an exchange of information on all aspects of the Year 2000 problem as it relates to medical devices and the actions healthcare facilities should be taking to address this issue. In addition, a satellite video conference to discuss product compliance and manufacturers' Good Manufacturing Practices issues, including the Year 2000 issue, was held September 9, 1998 with medical device companies.

To reinforce its efforts, FDA intends to send additional follow-up letters to manufacturers informing them of Good Manufacturing Practices obligations with respect to Year 2000 compliance. FDA will continue periodically to send additional follow-up letters to manufacturers reminding them of the need to provide the Year 2000 status of their devices for posting on the web site.

Companies need to post the Year 2000 status of their devices quickly if the web site is to meet its objective -- to provide an information clearinghouse which will be valuable to the users, such as doctors' offices and hospitals. Users of medical devices will need time to plan and budget for corrective action. This means that Year 2000 status information is needed as soon as possible. This urgency is reflected in FDA's and DHHS's repeated communications with medical device manufacturers.

F. WHAT IS THE DATA TELLING US THUS FAR?

So far, the overall response from manufacturers has been disappointing and incomplete. As indicated above, FDA believes that approximately 2,000 manufacturers may produce equipment that may be impacted by the Year 2000 problem. Approximately 962 or approximately 50 per cent of the 1,935 manufacturers had responded to FDA by September 21, 1998. FDA knows, however, that there are companies still in the process of assessing their devices. FDA had requested that complete information be submitted. While manufacturers may report that specific products have not been assessed, FDA expects that some companies prefer to complete assessment before reporting. FDA hopes that its recent, targeted mailings to the remainder of the 1,935 manufacturers who have not answered will produce additional responses. The letter included a request that companies still assessing products tell FDA when they expect to post information.

As of September 21, 1998, FDA has entered a total of 2,404 responses from the 16,000 manufacturers contacted. The data from all of these manufacturers who have responded have been entered into the database on the FDA web site. These numbers change daily as data are entered, corrected or even removed at the request of manufacturers. Of the 2,404 manufacturers who have responded, 2,104 have reported that their products do not use date-related data or are compliant. One hundred sixty-four manufacturers have reported one or more products with date-related problems. One hundred and twenty-six manufacturers have provided World Wide Web links (URLs) to data provided on their own manufacturer-operated web sites. There are a few submissions in which the data were incomplete or unclear in some manner. FDA is communicating with these manufacturers to obtain clarification before entering the information into the database.

With regard to the data submitted, the great majority of the date-related problems described present minor concerns, typically involving incorrect display or printing of a date. There are, however, a few reported instances where the device will not function or operate at all unless the date problem is corrected. There are also a number of reports which indicate that the device will function correctly, provided the personal computer (PC) with which it is used is compliant. For many of these PCs, the correction required to correct the date is a straightforward operation. In general, manufacturers are indicating that currently or recently produced products will be corrected at no cost. For old and discontinued devices, the response is quite varied, i.e., from free upgrades, upgrades at a cost, or no upgrade or solution being offered, to a declaration of obsolescence of the device.

In reviewing the data received from the manufacturers so far, FDA sees no indication of widespread problems which will place patients at risk, if and only if the solutions being developed and offered by manufacturers are implemented. Of course, we can not make assurances about manufacturers who have not reported product status to us. FDA believes that the information received to date confirms our original expectation that the Year 2000 problems with medical devices are not significant or widespread. Although there will be specific problems which need correction, the current assessment is that they are much more likely to disrupt patient care rather than be of direct danger to patients. Nonetheless, this disruption could be serious and the potential for it to happen certainly merits rigorous attention to the problem.

FDA will continue to emphasize to manufacturers the importance of reporting and take additional steps to boost the response rate. Healthcare facilities need information from all manufacturers to properly prepare and plan for any actions they need to take to assure their devices needing corrections or updates receive these well before the Year 2000.

IV. CONCLUSION

Thank you for the opportunity to update you about the issue of the Year 2000 and medical devices. Let me assure you that DHHS takes this issue very seriously, as we do with all problems which could affect the public health. We are committed to a scientifically sound regulatory environment which will provide Americans with the best medical care. In the public interest, DHHS's commitment must be coupled with a reciprocal industry commitment: that medical device firms will meet high standards in the design, manufacture, and evaluation of their products. DHHS and FDA recognize that this can only be attained through a collaborative effort -- between government and industry -- grounded in mutual respect and responsibility. The protections afforded the American consumer, and the benefits provided the medical device industry, cannot be underestimated.

The role of DHHS and FDA is to assure that medical devices are safe and effective and manufactured in accordance with their specifications. DHHS, of course, will provide any assistance it can to address specific problems that any other agency, such as the DVA, identifies. FDA also is working with other agencies, patient groups, medical associations and industry to optimize data collection and information sharing. FDA will continue urging manufacturers to ensure the continued safety and effectiveness of their medical devices by ensuring that their devices can perform date recording and computations that will be unaffected by the Year 2000 date change.

Thank you for the opportunity to testify.

Link to FDA HOME PAGE picture of a pointing handRecent Testimonies

(Hypertext updated by jch 1999-JUL-16)