MD+DI Online is part of the Informa Markets Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

FDA Does About-Face With Maker of Scope Washers

FDA rescinds recall of Custom Ultrasonics endoscope washers amid controversy over duodenoscope disinfection procedures

Varun Saxena

FDA backed off from a stern letter previously sent to Custom Ultrasonics, which demanded the firm remove and recall all of its machines to disinfect endoscopes in the wake of several patient deaths and injuries from contaminated duodenoscopes.

The Ivyland, PA-based company announced that the FDA has changed course, and is permitting the firm's automated endoscope reprocessors to remain on the market and clean all types of endoscopes other than duodenoscopes.

"The root cause analysis performed by outside third parties has implicated the 'elevator or lifter' mechanism of these duodenoscopes, which were marketed without FDA clearance. No AERs, including those of CUI (Custom Ultrasonics), have been shown to cause these serious infections," the company said in a statement.

The FDA's rescinded recall is raising questions. For until last year's well-publicized outbreak of the deadly bacteria CRE in Los Angeles, the agency largely ignored poor duodenoscope design and disinfection despite revelations that it was aware of 142 instances of contamination since 2010.

"It is certainly troubling for the FDA to order the removal of a medical device it has linked to patient injuries and deaths and then to abruptly reverse course with no clear explanation," Custom Ultrasonic's former director of infection control, Lawrence Muscarella, told the Los Angeles Times, adding, "This may be unprecedented in the history of medical device regulation."

The newspaper cites a Senate investigation, which discovered that nine of the 16 hospitals that suffered from duodenoscope-related infections used Custom Ultrasonics reprocessers, even though the company's market share is less than 20%.

Custom Ultrasonics and the FDA don't have a very friendly history. The agency ordered a recall of the firm's reprocessers in 2012, but rescinded the demand after modifications were made to the disinfection device.

After the company failed to comply with the now-rescinded recall issued in November 2015, the agency posted a plea on its website in February, requesting hospitals to "transition to alternative methods to reprocess flexible endoscopes as soon as possible." 

Custom Ultrasonics' repressors are still uncleared to clean duodenoscopes. In the wake of the safety scare, the FDA has certified reprocessors from ASP, Medivators, and Steris to clean duodenoscopes following liquid chemical sterilization validation testing. 

The FDA has also cleared the redesigned duodenoscope of market leader Olympus.

The agency said it did not clear the prior version of the device, adding to mounting public anger over the hundreds of sick and the score of dead patients. Olympus has claimed the old version of its duodenoscope was given the OK under the clearance of a similar endoscopic device.    

Learn more about cutting-edge medical devices at MD&M East, June 14-15, 2016 in New York City.

Varun Saxena is a contributor to Qmed.

Like what you're reading? Subscribe to our daily e-newsletter.

Why Medtech's Cybersecurity Problem Is Really Bad

A new report gives healthcare systems a failing grade on medical device cybersecurity, warns of consequences to patients and industry. 

Varun Saxena


Hospitals are "hyper-focused" on protecting patient data from hackers, but are inadequately protecting patient health from cyberattacks on medical devices, says a report from Baltimore-based security firm Independent Security Evaluators.

The incidence of crippling ransomware attacks in Los Angeles and across the country demonstrates the need for devicemakers and providers to put patient safety ahead of patient privacy. Independent Security Evaluators evaluated 12 healthcare facilities and two active medical devices from one manufacturer over two years.

"The findings show an industry in turmoil: lack of executive support, insufficient talent, improper implementations of technology, outdated understanding of adversaries, lack of leadership, and a misguided reliance upon compliance. These findings illustrate our greatest fear: patient health remains extremely vulnerable," the firm concluded.

Attend roundtable discussions about cybersecurity, compliance and patient privacy at the MD&M Minneapolis conference and expo, September 21-22, 2016.

For instance, the firm used an "authenticated bypass" attack to gain access to a patient monitor. The security evaluators were able to instruct it to perform a variety of disruptive tasks, such as sounding false alarms and displaying incorrect vital signs. They were also able to disable the alarm altogether.

The attack scenario is "harrowing," the report says: "Diligently executed, many human lives could be at stake, and extrapolating this problem to other hospitals is even more worrisome."

The report also documents instances in which the security evaluators had uninterrupted private physical access to devices for more than an hour, such as Philips' IntelliVue patient monitor. The scenario demonstrates the need for devicemakers to secure their devices from non-remote intrudes, as well as those who operate from afar.

Even automated supply cabinets made by CareFusion are vulnerable, other researchers have found.

As for patient privacy, well, despite all the energy spent, it isn't well-protected either. HIPAA has "created a system of confusion, fear, and busy work that has cost the industry billions of dollars," according to the firm. Moreover, the security evaluators note that comprised electronic health records can be leveraged to create a situation that could harm or kill a patient.

In case the threat of dead patients is not enough, the feds have become more vigilant on the cybersecurity front. Last year, the FDA for the first time instructed hospitals to stop using a device due to poor cybersecurity.

Hospira's Symbiq Infusion Systemis remotely accessible by nefarious actors who could "change the dosage the pump delivers, which could lead to over- or under-infusion of critical patient therapies," the agency said.

The report says that hospitals are especially unprepared for a targeted attack against an individual. Given the repeated demonstrations that the endeavor is possible, medical device cybersecurity experts like the University of Michigan's Kevin Fu believe that a malicious cyberattack against a pre-selected individual is inevitable. 

Such an attack would certainly generate a lot of negative attention, and could lead to mistrust and fear of medical devices (and hospitalization) among patients. Pointing to the sudden drop in childhood immunization rates, the report notes that the phenomenon has already occurred in healthcare.

Independent Security Evaluators writes that "if similar widespread loss of confidence were to afflict the healthcare industry, such as the community refusing to seek treatment due to fear of harm (justified or not), it would be extremely detrimental to our health, safety, and economy."

Attend roundtable discussions about cybersecurity, compliance, and patient privacy at the MD&M Minneapolis conference and expo, September 21-22, 2016.

Varun Saxena is a contributor to Qmed.

Like what you're reading? Subscribe to our daily e-newsletter.

FDA Unveils Its Approach to Infectious Disease Sequencing Diagnostics

FDA Unveils Its Approach to Infectious Disease Sequencing Diagnostics

FDA has published a draft guidance document explaining its perspective on diagnostics devices that use next-generation sequencing to identify infectious diseases. In the draft guidance, "Infectious Disease Next Generation Sequencing Based Diagnostic Devices: Microbial Identification and Detection of Antimicrobial Resistance and Virulence Markers," the agency describes its "systems approach" to regulating these diagnostic devices and proposes the use of the FDA-ARGOS database as an alternative comparator.

The technology is a crucial one and accuracy is key. Next-generation sequencing diagnostics for infectious disease "carry an absolute need for immediate and actionable results, sometimes within hours, as an incorrect initial diagnosis potentially leads to fatalities," FDA noted. 

The draft guidance developed out of discussions on the topic from an April 2014 FDA public workshop and an April 2015 colloquium held by the American Society for Microbiology. 

Next-generation sequencing can be used to identify one or several different organisms and combines the functions of what were previously many tests into one process, FDA explained. Yet there is a wide range of infectious diseases and many types of samples tested with each device, including spit, urine, blood, stool, cerebrospinal fluid. FDA suggests the "one system" approach similar to its method of oversight for other molecular-based diagnostics. "This approach will evaluate, in parallel, the system as a whole (including generation of clinically actionable data), and each individual step in the sequencing data pipeline as part of that system, from specimen collection to results report," according to the draft guidance document.

Get inspired to innovate in medtech at the MD&M East Conference, June 14-16, in New York City. 

Indeed, the draft guidance includes a figure showing the steps in the sequencing process that are covered by FDA oversight: specimen collection, specimen preparation for sequencing, sequencing/chemistry/data collection, data storage/data analysis, and the report. If creating the final report also includes databases, or genome assembly, annotation, and finishing, these steps may also be part of FDA's purview.

The agency has also proposed that sponsors use the FDA dAtabase for Regulatory Grade micrObial Sequences (FDA-ARGOS); BioProject 231221 as an alternative comparator for clinical evaluation of pathogens, antimicrobia resistance, and virulence markers, part of a "least burdensome regulatory approach," the document stated.

According to the FDA document, sponsors should include information on the device description and validation in a submission. Intended use, test methodology, ancillary reagents, controls, and details on interpreting tests results and reports should be included in the device description, while pre-analytical factors, device performance metrics, analytical performance, instrumentation and software, and clinical evaluation should be part of the device validation section.


Helpful Hacking: What Medical Device Companies Need to Know

Helpful Hacking: What Medical Device Companies Need to Know

As connected medical devices become more commonplace, device manufacturers should prepare for helpful hacking and consider how to address potential recalls that may arise.

Kevin Pollack

It's difficult to argue against the benefits of the Internet of Things (IoT) in the world of medical devices. Connected medical devices can improve patient care, better manage chronic diseases, and lower overall healthcare costs. The industry is growing so much it even has its own acronym: IoT MD.

However, as with any burgeoning industry, there are risks. Connected medical devices are vulnerable to the same sort of coding bugs that end up in other software. A hacker who makes his or her way into a pacemaker or insulin pump could potentially do a lot more damage than one who hacks into a smartphone or laptop.

Last year, students at the University of Alabama were able to hack into a robot that simulates human functions, disabling its pacemaker. This example clearly demonstrates the potentially deadly consequences of such vulnerabilities.

With this in mind, FDA wants medical device manufacturers to allow independent security researchers to hunt for potentially life-threatening vulnerabilities. FDA believes the lessons learned from these "helpful hackers" will improve the safety and efficacy of connected healthcare devices.

On the face of it, this seems like a good idea. Not long ago, traditional software and computer companies were reluctant to work with independent security researchers. They were concerned helpful hacking would open them up to security breaches. That has changed, and so might the feelings of medical device manufacturers.

Get inspired to innovate in medtech at the MD&M East Conference, June 14-16, in New York City. 

In the meantime, manufacturers must examine the security implications of new advancements and consider what they mean for their recall management capabilities. It only makes sense that the likelihood and complexity of recalls will rise. As products become more complex, the potential for recalls increases--simply because there are more features that can go wrong.

Once a recall occurs, executing the event and disposing of affected product is also more complicated, as technologically advanced products often include potentially hazardous materials that are subject to additional regulations. At the same time, new tools and regulations are being developed that will protect consumers and products from these sorts of threats. Safeguarding consumers--especially those who are the most vulnerable--should be at the forefront of manufacturers' agendas as their products become progressively more plugged-in.

With the spotlight now shining on medical devices manufacturers, here are just a few steps manufacturers should take to be prepared for the possibility of a recall:

1.Prepare a recall plan, equipped with a dedicated recall team--A solid recall plan helps manufacturers quickly locate the device and remove it from the marketplace. With every recall, there are four goals: protect the public, protect the brand, protect the environment, and close the recall as soon as possible. For the plan to be most effective, it must clearly define roles for all members of the company, especially for the management team. During a recall, this will ensure everyone knows their responsibilities and can act in a timely manner.

2.Test your plan--When a recall happens, things move fast. By conducting "mock recalls," manufacturers can see firsthand any gaps or flaws in the plan and make necessary changes. Conducting a mock recall could be the difference between a successful recall or one that lingers on, adding additional cost and unnecessary brand damage.

3.Know your partners, suppliers, and vendors--In today's global economy, it is critical manufacturers maintain comprehensive records of their entire supply chain. This practice will help expedite recall resolution should an issue occur. Furthermore, it's imperative all stakeholders are ready for a recall. Transparency is key. Manufacturers need to establish trust in their global supply chain.

4.Navigate global regulations--As the medical device market has gone global, managing a recall has become much more complex. Manufacturers should be familiar with the regulatory variances within all active markets. One option to deal with the many nuances during an international recall is to work with a third-party consultant. An expert consultant can help adapt a recall plan to each international market and streamline the process even before a crisis strikes.

5.Be open, honest, and fast--It is critical that all affected parties--patients, regulators, and distributors--are informed of the recall and updated as it evolves. Companies should also respond quickly and effectively to inquires from consumers and media. Questions can come from many avenues, including the web, call centers, and emails. It is important that all responses are consistent across each outlet.

As the IoT MD evolves, so will its associated challenges and risks. By preparing to tackle potential problems quickly and effectively, medical device manufacturers can ensure they are known for their innovations--and not for any issues that come with them.

Kevin Pollack is vice president at Stericycle ExpertSOLUTIONS. Reach him at


Connected Healthcare Systems Are a Cybersecurity Nightmare

Connected Healthcare Systems Are a Cybersecurity Nightmare

Could initiatives like DTSec, a new security standard for connected medical devices, change that?

David Kleidermacher

Throughout the digital world, consumer confidence in service providers' ability to protect our personal information, our health and well-being, and our critical infrastructure is disappointingly low. Ask 10 random people how they feel about digital security today. Cover your ears before the expletives fly.

Is the outlook improving? Are we winning the war, even if we continue to lose some battles? Hardly: In 2015, the U.S. healthcare industry suffered its five worst ever data breaches while FDA and the Department of Homeland Security issued warnings about serious vulnerabilities in networked medical equipment. And a spate of ransomware attacks against hospitals has marked 2016.

Hear experts from Siemens Healthcare and BD discuss how to assess cyber risk in your connected device at MD&M East on June 15, 2016.

Yet, we have no shortage of alleged panaceas from security pundits. If you ask security tech companies, they'll roll out a string of newfangled products: machine-learning-based anomaly detection, quadruple factor biometric authentication, and more bits of encryption than you can imagine. If you ask consultants, they'll roll out a string of risk management processes that will cost you a boatload to hear about and a shipload to implement. If you ask politicians, they'll roll out a string of regulations that implore product and service providers to do better but lack practical implementation details or enforcement teeth. How well have these helped so far? 

These initiatives are doomed to failure because we lack the fundamental ability to evaluate whether a technology, process, or policy can protect our digital systems against modern sophisticated attackers. With the exception of financial transaction technologies such as smart card integrated circuits (because we're talking about people's money here folks!), effective standards for security assurance--scientific approaches for independent stakeholders to gain high confidence in security--do not exist. The standards we do have, such as HIPAA and the Payment Card Industry Data Security Standard (PCI DSS), are expensive for the minimal amount of confidence they deliver. Does HIPAA prevent protected health information breaches?  Does PCI DSS prevent personally identifiable information breaches?  

Cybersecurity pundits are like politicians running for office, and voters are sick and tired of empty campaign promises. If you run for president of the digital security world, show the public how your approach delivers--measurably and objectively--on its claimed security benefits.

We need nonbureaucratic standards (not always an oxymoron!) that include a cost-efficient, risk-based determination of security requirements for a medical product or system. We need assurance programs for evaluating that product or system against those requirements. These programs must include, via expert vulnerability assessment, emulation of the sophisticated attackers we now know to be threatening our healthcare systems.

And in no industry is there more on the line than healthcare. Not only is the black market for electronic protected health information attracting sophisticated attackers, but the consequences of attacks include not only a loss of privacy but also impacts on the health and wellbeing of patients. This is the age of the Internet of Medical Things, where our medical systems are network connected. So far, evidence shows we are unprepared for the risk environment implied by this connectivity. For example, widely deployed hospital infusers were designed a decade ago with no firmware integrity verification, open network ports, and no user authentication. Once an attacker gains a foothold in one of these systems, it can be used as a launching point for attacks across the hospital network. Attackers look for the weakest link, and some medical devices represent the soft underbelly of healthcare networks.

DTSec is the first big step in the right direction. DTSec is a security standard for connected medical devices. The DTSec steering group includes the widest range of healthcare stakeholders ever assembled to tackle this problem, including numerous government regulators and agencies (including FDA, Health Canada, DHS, and NIST); caregivers (physicians, nurses, and professional caregiver organizations); academic researchers in medical devices; patient-advocacy organizations and ethical hackers; medical device manufacturers; liability attorneys; and independent technology and cybersecurity experts (BlackBerry, IBM, Intel). 

What makes DTSec different from other failed security standards is that it includes a methodology for specifying--via risk-based multi-stakeholder collaboration-- product-dependent security requirements as well as a program for efficient evaluation of those requirements against actual products to gain the high levels of assurance we need at reasonable cost and at the speed of digital innovation.  In fact, the ability to evaluate and assure security will enable new therapeutic and quality of life opportunities. For example, today we are limited in how we can leverage consumer electronics in healthcare settings. Smartphones and wearables are permitted for information recording and observation but may not directly control life-critical functions.  If we have high assurance standards in place, technology solutions will follow.

In the 1800s, we had a different kind of panacea. Unscrupulous salesmen sold snake oil as a cure-all to unsuspecting consumers. Today, snake oil could not succeed because we have a system in place for assuring safety claims of drugs, foods, and medical devices. It may not be perfect, but it works. And yes, it includes regulation (although poor regulation can be worse than no regulation). In contrast, organizations can (and do) make sweeping claims about the security of their wares, despite lacking independent assurance of these claims.

Indeed, security assurance for medical devices is inherently different than safety assurance, and as computer ethics author Deborah Johnson has explained, it is dangerous to think we can understand our security obligations by applying policies and arguments from older issues and technologies.[2] Using an insulin pump a billion times on millions of people provides assurance the pump will be clinically safe for the next user but provides no assurance it can protect the millions of people against determined and well-resourced hackers.

Regulation and public agencies can't solve the assurance crisis. Government bears a responsibility to assist, guide, and promote solutions, but an open, international multi-stakeholder community must bear the burden of implementation. This problem can be solved, and there's good news: It's not rocket science. But all stakeholders must rally around this effort to make it work.  Device manufacturers must show leadership in putting their products voluntarily through independent security evaluation to provide customers and patients with increased confidence.  Hospitals and other healthcare providers must exercise purchasing power in requiring suppliers to offer systems evaluated under rigorous assurance standards.  Payers must exert their financial power in providing rate preferences for the use of evaluated products. Caregivers must drive adoption of these standards by educating patients and healthcare institutions about the risks and mitigations associated with connected medical devices. Patients must demand that healthcare providers and their suppliers provide the objective multi-stakeholder evidence of security protection that can only be obtained with initiatives like DTSec.

David Kleidermacher, chief security officer for Blackberry Limited will speak at at MEDSec 2016, a conference all about security and privacy for the Internet of Medical Things held on May 23 and 24 in San Jose. 

[2]Johnson, D. G. (2001). Computer Ethics. Prentice Hall, 3rd edition.


ConforMIS' CEO Believes Robotics Is Not the Answer in Orthopedics

ConforMIS' CEO Believes Robotics Is Not the Answer in Orthopedics

Dr. Phillipp Lang, who will leave ConforMIS as CEO when a replacement is named, believes robotics in total knee replacements is a marketing gimmick.

Arundhati Parmar

ConforMIS iTotal PS Custom Knee Launched In March

Many believe that robot-assisted surgery will transform how surgery is done and it will be a boon for both patients and surgeons.

One person who begs to differ is Philipp Lang, CEO of orthopedics company ConforMIS. The Massachusetts public company makes customized knees for people who are looking to get their knees replaced. ConforMIS uses the patient's MRI or CT scans to create an implant that is for that patient alone fulfilling the company's "One Patient One Implant" tagline. 

That makes the company different from other orthopedic companies, large and small, that uses off-the-shelf implants of various sizes that surgeons can choose from when performing a total knee replacement. Even in robot-assisted surgery, where much of the variation is eliminated from standard total knee arthroplasty, the implants used are not custom.

Robotic surgery in orthopedics is a "marketing gimmick" charged Lang, in an interview with MD+DI in early March at the annual meeting of the American Academy of Orthopaedic Surgeons in Orlando where Stryker was showing off its Mako surgical robot. Lang added that the robot is merely an instrument that alters the surgical technique, but in terms of outcomes nothing can compare to the fit and function of a knee that is created based on an individual's anatomy. [Since the interview, Lang has announced that he will resign as CEO but stay on until a successor is named. He he will remain on ConforMIS' board.]

Stay on top of medtech trends and attend the MD&M East conference at the Jacob Javits Convention Center in New York, June 14-16.

Lang also believes that the iTotal family of knees from ConforMIS is especially suited for a bundled payment environent that many hospitals in the U.S. are subject to. In these hospitals, Medicare will pay a fixed amount for a knee replacement for a period extending 72 hours before surgery all the way to 90 days following the procedure. Experts believe that many hospitals will look to dramatically cut costs in how they care for patients in the post-acute care - or the period right after surgery.

"Patients with ConforMIS implants are 2.5 times less likely to have an adverse event within 90 days," he declared adding that these patients are also far less likely to be sent into a surgical nursing facility following the procedure compared with patients using off-the-shelf implants.

Studies have also shown that patients have report high satisfaction rates with their knee replacements when given custom knees. A surgeon, who is a paid consultant of ConforMIS, said he prefers the ConforMIS system because the company's procedure results in happier patients who complain less of pain and imbalance. Dr. Robert Tait, a Nevada surgeon, described himself as being a  "frustrated surgeon" unable to help patients dissatisfied with their knee replacements until he discovered the ConforMIS implant which has made him enjoy his practice again.

Also from an operational perspective, it has been a big help. Tait performs eight surgeries on the day he does surgeries and on traditional systems it takes two hours to re-sterilize all the instrument trays used. He didn't want to wait for trays to be sterilized so when Tait used Biomet knees in the past, he had the company bring four sets of instrument trays per surgery -- 24 trays in all -- in order for him to be able to get through all his patients needing surgeries.

"When I do ConforMIS they have two trays," per surgery, he said, nothing that everything else is disposable. 

ConforMIS has recently launched its iTotal PS (posterior stabilized) knee implant that executives hope will give the company a big boost since it triples the market that the company previously addressed from about 28% to 83%.

"We anticipate that iTotal PS will be the primary growth driver for full year 2016, with meaningful growth in the back half of the year," wrote Gregory Chodaczek, an analyst with Sterne Agee, in a research note following the product's launch in early March. 

That customized total knee replacement saw better-than-expected demand in the first quarter that beat the company's own forecast, Chodaczek wrote in a research note after the company reported its financial results last week.

Traditional players in the orthopedics space have responded to the increased demand for customization by developing patient specific instruments -- like Zimmer -- though they do not have custom knee implants. 

It will be interesting to see what happens in 2017 when Stryker will launch it off-the-shelf Triathlon implant on its Mako robotic surgical system. Currently only one other company -- OMNI -- has a total knee approved and available on a surgical robot. FDA approved Stryker's total knee on Mako, but the company's CEO has decided to delay its launch pending two observational studies. Stryker's CEO Kevin Lobo believes that when the knee launches on the Mako robot in 2017 it will be preferred by surgeons.

"If you look at a ConforMIS knee, once your implant is done, you're done. It's over," Lobo said in an interview in early March. "You cut with the jigs in place. Frankly jigs are going to seem archaic compared to a robot that you can manipulate. [With a robot] you can make changes on the fly."

Arundhati Parmar is senior editor at MD+DI. Reach her at  and on Twitter @aparmarbb

Could Rural Patients Lose Access to Durable Medical Equipment?

Could Rural Patients Lose Access to Durable Medical Equipment?

Legislators in the House of Representatives have banded together to introduce a bill that would delay Medicare reimbursement cuts, in order to give rural patients continued access to the wheelchairs, oxygen, and walkers that they need. The bill, "Patient Access to Durable Medical Equipment of 2016" (the PADME Act, H.R. 5210) follows the introduction of legislation of the same name introduced in the Senate in March.

The PADME Act addresses the competitive bidding program that began a six-month phase-in period across the country, including rural areas, on January 1, 2016. The program brings with it reimbursement cuts that will be fully implemented on July 1, 2016. The concern is that some of these cuts could have a bigger negative impact on Medicare patients in rural areas because DME suppliers in these regions might need to decrease equipment inventory, cut staff, and deliver and train to fewer patients in a smaller geographic area to offset the reimbursement cuts. 

"For many rural providers, these new rates will not even cover the cost of delivery for the item," a press release from bill co-sponsor Cathy McMorris Rodgers (R-WA) stated. 

The bill, sponsored by Representatives Tom Price, MD (R-GA) and Dave Loebsack (D-IA), would extend the phase-in period, delaying the rate cut to October 1, 2017. In addition, the bid ceiling would not be less than the fiscal year 2015 fee schedule rate and CMS would be required to put out monthly reports on the program's impacts on Medicare beneficiary access to DME and health outcomes. The act would also require CMS to consider certain factors when determining rates, like travel distance, delivery time, number of suppliers, and volume of items and services

Get inspired to innovate in medtech at the MD&M East Conference, June 14-16, in New York City. 

In March, a bill of the same name was introduced in the Senate by Senators John Thune (R-SD) and Heidi Heitkamp (D-ND) and co-sponsored by several others. The House legislation uses much of the same language as the Senate bill, S. 2736, which was referred to the Senate Finance Committee. 

In a statement regarding the House legislation, AdvaMed president and CEO Scott Whitaker explained, "For this expansion, CMS is using payment information based on bidding that did not take place in non-competitive bidding areas--many of which are rural in nature--where costs of providing products to Medicare beneficiaries may be very different and not representative of costs in existing competitively bid areas. These beneficiaries already face challenges to accessing DME, and with a potential cut in reimbursement for some medical technologies of more than 50 percent, there will be serious hardships for both Medicare patients and DME providers . . . AdvaMed has long maintained that CMS's competitive bidding program has advanced without rigorous evaluation or a clear understanding of its impact on beneficiaries' access to the products they require."

Senator Heitkamp said in a release"For seniors throughout the country, including in rural areas like North Dakota, access to critical medical equipment like hospital beds, walkers, and oxygen supplies shouldn't be a question. All seniors should be able to live with dignity and the support they need."


21st Century Cures Bill Brings Public Distrust

21st Century Cures Bill Brings Public Distrust

What is behind the public's wariness of the 21st Century Cures Act?

Jim Dickinson

As many in industry look forward hopefully to the enactment of the bipartisan 21st Century Cures Act with its promise of faster, easier FDA healthcare product approvals and clearances, a new public opinion poll from Harvard T.H. Chan School of Public Health and Stat finds a majority of Americans distrust it.

The legislation passed the House comfortably over a year ago, and the Senate's Health, Education, Labor and Pensions Committee passed five separate bills in April that constitute its version of 21st Century Cures. A Senate floor vote had not been scheduled as I write this.

The Harvard public opinion poll, which took place by telephone in April among 1,006 nationally representative adults, prepared respondents for questioning by explaining that the legislation would change government standards to make new medical devices available faster, even if this meant later recalling products for harmful side effects.

Fifty per cent opposed changing government standards, while 45% favored this. Men (54%) were more likely than women (36%) to want to speed up the process, as were Republicans (58%) over Democrats (38%).

Wider differences of opinion were recorded among half the total sample who were questioned about the 21st Century Cures Act's provisions for prescription drugs than among the other half who were asked about its device provisions.

During a raucous political campaign season characterized by an unusually strong anti-Washington sentiment among voters on both the left and the right, as well as independents, this Harvard poll should give proponents of the 21st Century Cures Act pause.

It comes at a time when public esteem for federal regulators at FDA who would carry out the bill's provisions is at an historic low, as shown in a 2014 JAMA study that found that 37% of 1,351 people surveyed on line agreed that the agency was "intentionally suppressing natural cures for cancer because of drug company pressure."

This is in line with a 2006 Wall Street Journal/Harris Interactive poll that found only 36% of Americans surveyed had a favorable opinion of FDA.

Contrast this with a 1990 Roper Poll that gave FDA a 74% favorable rating, placing it fourth in most-esteemed federal agencies, below the National Park Service, the FBI, and NASA.

The fall since then tracks declining public trust in the federal government as a whole, from a high of 73% who said in 1958 they could trust the government just about always or most of the time to do what is right, down to only 19% who said that in 2015, as reported by Pew Research Center.

So what happened at FDA, once the fourth most highly esteemed federal agency?

Public opinion is undeniably shaped, informed and often manipulated through the news media, and increasingly social media, both of which may be influenced by health product advertising and other forms of promotions such as public relations.

Media access to FDA has been sharply reduced since the 1990s, when two unrelated events impacted how and what the public knows about FDA--the gradual introduction of user fees, beginning with prescription drugs in 1993, and the Oklahoma City bombing in 1996 that led to the physical sealing of all federal buildings, which was greatly expanded in response to the September 11, 2001 attacks.

As user fees spread to all FDA-regulated healthcare products, public suspicion and distrust of the agency spread with them--just as FDA leaders of the time had feared. The fox (industry) was perceived to be guarding the chicken house (FDA).

And as physical, and then digital security, barriers to public access to FDA buildings and employees increasingly kept news media out of touch except for FDA management-approved occasions, public information about the agency's work became increasingly one-way, enabling FDA to have what it had never had before: control of its message and the information it held.

Increasingly, FDA made up the deficit in public information through postings on its creaky, government-speed Web site where it controlled what the public could know about its decisions and the way it arrived at them.

Increasingly, what the public knows about how FDA and other federal agencies work will be limited to what the agency itself admits and what courts and Congress force it to admit--and not what the First Amendment free press discovers through confidential sources.

When journalists do ask questions, lacking previous access to known experts inside FDA, they are forced instead to go through the agency's Office of Media Affairs, where their questions are vetted and carefully controlled answers are crafted to suit unnamed FDA managers.

This process has all but eliminated what journalists love most about their work--"the human touch" and the "exclusive." In their place comes the stiff, anonymous, minimally informative, and carefully worded FDA statement--if the questions are answered at all.

An inevitable consequence of this has been the rise of misinformation, especially in social media, and public distrust and even anger directed at FDA and the companies whose products it reviews and regulates.

Recent examples include the assault on CDRH director Jeff Shuren's email inbox by thousands of injured Essure patients and parallel protests by injured LASIK, dental amalgam, and power morcellator patients, previously reported here.

Public interest in FDA and its relationships with user-fee paying health product manufacturers has been stirred as never before, and can only increase, likely to be aggravated by congressional efforts to please industry in legislation like the sweetly named 21st Century Cures Act.

As Harvard's opinion poll suggests, public reaction might be a bit bumpy, especially in an unusually fevered anti-Washington election year.

Jim Dickinson is MD+DI's contributing editor.


Should Boston Scientific Zag While Others Zig?

Should Boston Scientific Zag While Others Zig?

A Frost and Sullivan analyst speculates on what Boston Scientific should do given that two of its main competitors have engaged in megamergers.  

Arundhati Parmar

Medtronic has bought Covidien, St. Jude Medical has given itself to Abbott Laboratories. So two of Boston Scientific's biggest competitors have chosen scale as an answer to answer the challenges of today's healthcare industry.

What should the Massachusetts company do, if anything to stay relevant in an evolving marketplace? MD+DI reached out to Venkat Rajan, industry manager for medical devices and global director of research, Visionary Healthcare at Frost & Sullivan for some answers.

MD+DI: Boston Scientific's CEO Michael Mahoney hasn't been too thrilled with megamergers in medtech. But even the latest Abbott-St. Jude Medical deal seems to be happening with the aim of cross selling in mind. What's your take?

I went to a MassDevices event in Boston in 2015 and Mike Mahoney was speaking and he did seem sort of leery of some of these large deals. Historically, the Guidant deal did not necessarily work out the way that Boston Scientific  expected. You wonder whether something like that in the back of his mind. He also openly wondered about the logistics of medical device manufacturers trying to take on larger roles in managing clinical environments as we have seen other developers explore.

MD+DI: What approach should it pursue when it comes to acquisitions?

This is highly speculative but I think the way Boston Scientific could go about M&A is that instead of a big fish, you might see a lot of small to mid-sized transactions that may in aggregate approach those large-deal dollar sizes. So when everybody is zigging it makes more sense to zag. Why place one big bet, when you can place some smaller bets with potentially a higher upside.

I would say from my perspective what is attractive from a Boston scientific standpoint is targeting opportunities in the new healthcare economy, the new market paradigms in medtech, whether its around analytics, chronic disease management, clinical grade wearable technologies and monitoring solutions. I am not talking about the fitbit type stuff but the dedicated tools for patient monitoring either pre-op or post surgery that can bridge the care continuum. Similarly, solutions that give Boston better tools for heart failure support or other types of chronic disease management.

From Boston Scientific's perspective there's not one company that does all that. They could pick up a telehealth solution, a wearable technology, AI developer - some of those solutions  - as opposed to doubling down on the surgical environment within a hospital. That can help them move the care environment to a more of a population management approach.  So I think -- and again this is purely from a third party analyst point of view -- those types of things might be the way to would go if I were advising Boston Scientific.

MD+DI: Could Boston Scientific itself become a target? Or is that too unimaginable?

I wouldn't say anything is unimaginable given the current market environment and some of the acquisitions we've seen. Hypothetically, if something like that were to happen, it could have parallels to the  Becton Dickinson and CareFusion deal where there are two organizations which have some synergies between them in terms of the conditions and care environments they serve.  We do live in a sort of a fast-follower mentality when it comes to some of these deals in medtech. Maybe there's something like that for Boston Scientific but it's hard to see exactly who that is given who is left standing after the most recent wave of transactions.

MD+DI: Everyone thought Stryker would have to do a deal and there were all those rumors about something with Smith & Nephew. Yet the company has hummed along doing tuck-in acquisitions in the last couple of years. Could Boston play like that?

I think that's the likely scenario. If you wanted to make one of these big deals, who would you acquire? What would make sense? And there's not a lot out there that makes sense.

My gut says that it's more mid-sized deals tied to the synergies of the new healthcare market paradigm.  I think they have taken a fairly measured if not tempered approach on the acquisitions front for the past couple years. We expect you might see that change as they become a little more proactive. Because they haven't gone down the path of one of the more recent megamergers, I believe Boston Scientific can be a little more agile in this fast evolving healthcare environments. Some of areas of opportunity we highlighted are now reaching to a point of time when they are closer to being ready for prime time, so I imagine some of the key emerging developers in those spaces could be prime targets.

Arundhati Parmar is senior editor at MD+DI. Reach her at  and on Twitter @aparmarbb

Stay on top of medtech trends and attend the MD&M East conference at the Jacob Javits Convention Center in New York, June 14-16.

FDA Has Important New Views on 3-D Printed Devices

The U.S. agency's new "leapfrog" draft covers device design, manufacturing, and design testing for standard and "patient-matched" devices. 

Nancy Crotti

FDA has released "leapfrog" draft guidance for the rapidly evolving world of 3-D printed medical devices.

The agency based the guidance on input from device manufacturers, 3-D printing companies, and academics who testified at a 2014 hearing. The document covers device design, manufacturing, and design testing. For the purposes of the draft, FDA identified four main types of 3-D printing--powder fusion, stereolithography, fused filament fabrication, and liquid-based extrusion. 

Manufacturers would have to clearly identify every step in the 3-D printing process, and might need to submit a "high-level summary of each critical manufacturing process step," the guidance says. They would also have to document each step's risk, and describe how they would mitigate those risks.

They should also expect to perform just as much testing as for a non-3-D device, and more. The type of testing data needed would depend upon whether the device is an implant, load-bearing, and available in standard sizes or custom-made for each patient, or as FDA put it "patient-matched."

Orthopedic manufacturers are already using 3-D printing to produce standard implants. Large orthopedic device manufacturers--such as Zimmer Biomet, Johnson & Johnson's DePuy Synthes, Smith & Nephew, and DJO Global--are using 3-D printing to make surgical guides for a range of orthopedic procedures, including total knee, total hip, or shoulder replacements. Beyond orthopedics, researchers are experimenting with3-D tracheal stents and custom medical implants out of resorbable plastics.

FDA acknowledges that the implications for 3-D printed devices are vast. The leapfrog draft guidance represents the agency's initial thoughts on the technical considerations surrounding the design, manufacture and testing of 3-D medical devices, which have few precedents.

"While this draft guidance includes manufacturing considerations, it is not intended to comprehensively address all considerations or regulatory requirements to establish a quality system for the manufacturing of your device," the agency said.

The agency excluded biological, cellular, and tissue-based 3-D products from this guidance because it said these may need more specific guidance or different regulatory pathways. Point-of-care devices would likely need more technical considerations, it added.

The final document will outline the content of premarket submissions for "emerging technologies and new clinical applications that are likely to be of public health importance very early in product development," the agency said in its Federal Register notice about the guidance.

The agency "strongly encourages" manufacturers to engage with CDRH and/or CBER through the pre-submission process for detailed feedback regarding their (3-D) device or process.

The draft guidance "provides a solid basis for medtech innovators to understand what is needed to prove safety, efficacy, and consistency to growing on-demand components for the human body," said Derek Mathers, an adjunct professor of 3-D printing at the University of Minnesota and business development manager at Worrell Designin Minneapolis.

Mathers called "patient-match" an "ideal term to describe patient-perfect devices."

"Standard-sized 3-D printed devices are offered in discrete sizes, and include features that are too complex to be manufactured with traditional processes like machining and molding," he explained. "Patient-matched 3-D printed devices are devices that are digitally scaled (manually or by using an algorithm) to match a patient's specific anatomical features. The FDA identifies that these bespoke devices will require significantly more validation work across every step of the 'scan-to-fit' design process."

Creating compelling 3-D production flow diagrams with comprehensive summaries of each step, as the draft guidance describes, will be important to any 510(k) or PMA application for a 3-D device, Mathers added. The specific steps are broken into device design, software workflow, material controls, build process validation, post-processing workflow, and testing considerations.

CBER and CDRH will have to work together to be certain that the next generation of 3-D printed materials are safe and effective for use, Mathers added.

"This guidance document should serve as a boilerplate for analyzing future combination products, but will require collaboration with the agency to obtain more detailed feedback," Mathers said.