FDA recently released guidance (“Manufacturers Sharing Patient-Specific Information from Medical Devices with Patients Upon Request”) finalizing its policy on medical device manufacturers sharing patient-specific information from devices with patients at the patients’ request.
In response to the more active roles patients are playing in their health care, and increased frequency with which patients are seeking information that has been recorded, processed or stored on medical devices from the device manufacturers, FDA initially sought to provide clarification on manufacturers’ responsibility with respect to such requests in a draft guidance issued June 10, 2016. In the draft guidance and the recently finalized version, FDA clarifies that a device manufacturer may provide patient-specific information to patients who request it, but that the manufacturer is not obligated to do so under the Food, Drug, and Cosmetic Act (the “Act”). Importantly however, FDA states that the device manufacturer’s responsibility to provide patient-specific information under the Act is distinct and separate from its obligation to provide patients with protected health information (“PHI”) under the Health Insurance Portability and Accountability Act (“HIPAA”), and the HIPAA Privacy Rule. Continue Reading