What If Digital Could Drive Revenue?

And overcome legal and regulatory issues? It can.By Chris Bergstrom, Associate Director, Digital Health, The Boston Consulting Group & Bradley Merrill Thompson, Member, Epstein Becker & Green, P.C.

The whole healthcare industry is wrestling with how to handle the new world of digital capabilities. We know the benefits are there—we just don’t always know how to maximize them.

What if digital could truly drive revenue? What if regulatory, in the digital era, did not seem like such a high hurdle?

What if you could strategize the messaging precisely to each doctor? What if you could help them with psychographics, demographics, therapeutic best practices, and patient segment strategies? One HCP’s top patient issue about hypoglycemia might be diet, while another’s might be dosage. What if your sales reps’ calls were providing insight to their specific patient population? You can use digital to address all these concerns individually.

And, from a marketing point of view, what if you could use digital to show enhanced product differentiation, especially with respect to specific patient populations? Even down to evidence of drug interactions and patient profiles?

As a follow-on benefit, what if you could show payors value by demonstrating how medications are being used, and that they are paying only for drugs that are taken, minimizing fraud, waste and abuse?

Finally, what if legal and regulatory were your advocates, rather than your stumbling blocks? Adverse events are a major concern, but these vary with regard to real world evidence vs. clinical trials. What if you could work with legal and regulatory to present this evidence in its best light? And have the muscle and firepower to ask questions that would leap the hurdles?

Well…you can.

Just as one example, digital tools can demonstrate optimal titration, tactics that promote adherence, symptom management and other value-added metrics.

So why aren’t we moving faster on this front?

One impediment is fear of regulatory consequences. The root of the problem is a lack of regulatory clarity. Without this, risk-averse organizations sit on the sidelines and watch entrepreneurs (painfully) navigate the way.

No doubt there are valid issues to manage and unknowns to navigate. At the same time, at least some regulatory fears are rooted in myths rather than facts. By busting these myths, we can more confidently enter the digital health market.


  1. Bio/pharma companies must report adverse events in any databases they touch.
  2. Any bio/pharma software must be approved via a supplemental NDA.
  3. Any clinical trial software will be regulated as a medical device.
  4. Companion digital health developers always create regulatory risk for bio/pharma.
  5. FDA wants to tightly regulate bio/pharma software.

*For further comment on FDA guidelines, see Peter Pitts’ comments in our roundtable in this issue.


Establishing new regulatory guidance in the fast- and ever-changing digital landscape is understandably challenging for the FDA. Over the last several years, at the request of industry groups, the FDA has published several new guidance documents addressing such topics as mobile medical apps, products used for wellness and technologies that serve as digital accessories to medical devices. For some, these documents have been tremendously helpful. However, further clarity is needed, especially in areas related to bio/pharma.

For example, the industry wants to help doctors get the right patient to the right medicine at the right time. Yet, although the FDA announced its intentions to publish a guidance document for clinical decision support software back in 2011, it’s not out yet. As of last July, FDA was predicting it will be out in 2018, seven years after they started. The pace of technology is simply outrunning the agency’s processes and resources.

Fortunately, new FDA Commissioner Scott Gottlieb recognizes the problem*. Over the summer, in a blog post the commissioner observed that FDA still owes industry guidance on several important topics. He emphasized the guidance will take the brakes off investment and innovation.

Sometimes, encounters with the FDA on a specific fact pattern end up getting overgeneralized to other technologies to which they were never intended to apply.

While we wait for more clarity, we have no choice but to rely on an oral system of “folklore.” Each conversation is based on that individual’s perspectives. As the information is passed on through an organization, it tends to get simplified and the nuances of policy get stripped away. And sometimes, encounters with FDA on a specific fact pattern end up getting overgeneralized to other technologies to which they were never intended to apply. At the end of the day, the “rules” frequently get misunderstood.

Repeated often enough. These myths go unchallenged, and are accepted as fact.


1 Bio/pharma companies must report adverse events in any databases they touch.

What we’ve seen is that this is the number one digital health project killer. Companies seem scared to death that they will be held responsible for reporting any adverse event (AE) that could be gleaned even conceptually from any database the company touches. But that’s simply not true. It’s an overgeneralization of a rule that is much more complex and nuanced.

Despite the huge amounts of data around the world accessible through the Internet, the FDA has not chosen to make companies responsible for all they might be able to find. Instead, it limits companies’ responsibility to information (1) known to company representatives or (2) contained on company-sponsored websites.

Specifically, the FDA advises: “…applicants should review any Internet sites sponsored by them for adverse experience information, but are not responsible for reviewing any Internet sites that are not sponsored by them. However, if an applicant becomes aware of an adverse experience on an Internet site that it does not sponsor, the applicant should review the adverse experience and determine if it should be reported to the FDA…”

You can manage AE reporting responsibilities and at the same time pursue aggressive digital health strategies. For example, using structured data collection, such as menu choices instead of free text boxes, can avoid accidental AE collection, provided there is a medical opinion that the structured data cannot constitute an AE.

On the other hand, understanding real-world evidence and patient preferences and concerns can be a powerful knowledge base for commercial and research purposes. If a company chooses to embrace this data, there are ways to efficiently and effectively manage reporting obligations. To avoid a misunderstanding, the company should communicate to the FDA their more aggressive data collection strategy.

The FDA is sophisticated enough to put that information in context and not overreact.

2 Any bio/pharma software must be approved via a supplemental NDA.

There is a variety of pathways through the FDA for software. And it is a basic principle of the FDA that those pathways are available depending on the intended use of the software, as opposed to who the applicant is. A drug company submission will not be treated differently just because the submitter is a drug company. We are watching plenty of bio/pharma companies get software cleared through means other than a supplemental NDA, for example a 510(k). Consider, for example, Lilly’s Go Dose software and Sanofi’s My Dose Coach. For medical device software, the key is for the bio/pharma company to develop software that has a generalized intended use, not focused on only its own drug products.

3 Any clinical trial software will be regulated as a medical device.

This depends on whether the software is being evaluated for its safety and effectiveness. If (1) the software is not being evaluated, (2) the safety and effectiveness of the drug doesn’t depend on the software, and (3) the software is simply used in the data collection or management of the clinical trial, the software is not a medical device.

To be clear, in those instances the software typically will require some sort of validation under the bio/pharma quality system, and may need to comply with things like electronic signature requirements, but it won’t be FDA-regulated as a medical device.

We are watching plenty of companies get software cleared through means other than a supplemental NDA, for example a 510(k).

4 Companion digital health developers always create regulatory risk for the industry.

The default mode for the industry is to treat every collaborator as a supplier, and then subject those companies to the supplier controls under Good Manufacturing Practices. But that instinct is unlikely to be a suitable approach when collaborating with digital health companies. Due diligence is important, but that doesn’t mean we are our brother’s keeper. There are plenty of instances in the law where we are not responsible for what others do.

There are ways to preserve enough distance to limit a company’s responsibility, but not saddle a software company with the burdens that apply to the drug manufacturer. For example, in many cases a healthcare company can take a minority equity position in an innovative startup company, and allow that startup company to grow and blossom without saddling it with the healthcare company’s quality system, advertising and promotion restrictions, or adverse event reporting requirements. This may allow the software company to focus on agile and quick iterations that struggle under traditional regulation. The healthcare company can then acquire more of the digital health company later on when much progress has been made and the strategic value becomes clear.

We are not advocating sleight-of-hand. There are ways to do this honestly and legally, keeping enough distance between the two parties that the digital health company is allowed to have adequate freedom. This will require new ways of thinking about partnerships and business models.

5 FDA wants to tightly regulate bio/pharma software.

To be sure, there are individuals at FDA’s Center for Drug Evaluation and Research (CDER) who would like to regulate software more than companies would like, and in fact more than their colleagues in the Center for Devices and Radiological Health (CDRH). But on the whole, the FDA seems to want to take a light touch, and that view is picking-up steam under Commissioner Gottlieb. He has been adamant that software should be overseen with a light touch.

Further, over the last few years the FDA has already down-classified medical device data systems and several other forms of software. The agency is also granting so-called de novo requests to down-classify software in other cases, for example computerized behavioral therapy devices for psychiatric disorders. And manufacturers of high risk medical devices are finding that digital accessories are no longer automatically subjected to the highest degree of regulatory control.

On the whole, the FDA seems to want to take a light touch, and that view is picking-up steam under Commissioner Gottlieb. He is adamant that software should be overseen with a light touch.

Many people at the FDA see great public health benefits to these technologies. This is frankly the most excited we’ve ever seen the FDA. They truly want to foster safe innovation that leads to better clinical and patient reported outcomes.

But the drug regulators at CDER and device regulators at CDRH operate fairly independently, making it difficult to ensure alignment. This creates undue confusion and risk. Fortunately, industry leaders are reaching out to FDA to begin a dialogue on how we can achieve better alignment between the two centers.


Let’s say your company comes up with a creative, out-of-the-box digital health strategy that promises to greatly improve care for patients, but someone in the company raises a regulatory concern based on what they’ve heard. Does the project need to die?

Here’s a pathway that we’ve seen succeed in overcoming regulatory myths:

1 CHALLENGE: First, someone must respectfully challenge the doctrine. This can take courage, and often a trusted third party, such as a consultant, can effectively initiate this challenge.

2 RESEARCH: Get someone to research it. All law is written. Anything that isn’t written isn’t law. It’s opinion. If it turns out that the doctrine is unwritten opinion, try to find where the opinion originated. Some sources are more credible than others, and above all, continue to probe deeper if you hear “because we’ve never done that” or “that’s how we’ve always done it.”

3 GET CREATIVE: Once you understand what is written, analyze whether there are nuances of the law that can be used to achieve the objective of the digital health strategy. Get creative in compliance. Complex rules mean there is often a variety of approaches that can achieve compliance. Keep in mind, “we can’t” often can be overcome by implementing new processes or procedures.

4 BENCHMARK: If the law is too general and doesn’t answer your specific question, and you fear the FDA will take a contrary view, compare notes with your peer companies at trade associations or coalitions. Often, one company’s experience is quite different from another’s, and rather than base your strategy on only your company’s interactions with the FDA, see if you can base your strategy on the collective industry’s experience with the agency.

5 CONSIDER APPROACHING THE FDA: Evaluate the merits of seeking the agency’s viewpoint, or proceeding based on the company’s existing information. Be mindful that once you ask the question, an individual FDA employee’s answer will be difficult to ignore even if it may not align to the consensus FDA point-of-view.

6 APPROACH: If you determine FDA input is necessary, approach the agency in the right way. Start with an exploratory contact to assess the agency’s true views on a given matter. For example, a coalition might probe the FDA by saying “we think the agency’s position is X.” It is not unusual to then find that the coalition did not understand the agency’s position at all. Even an industry’s collective wisdom can be wrong.

7 DON’T BE VAGUE: Avoid overly abstract discussions. Put a fact pattern in front of the FDA to get a concrete answer. You’d be surprised how often the answer is one you didn’t expect.

8 ADVOCATE: Once you have figured out the agency’s true, current position, you can proceed or advocate for change if you disagree, but that is a topic for another day…

Bottom line, there is a systematic way to debunk a myth. Sometimes it’s easy. Sometimes it’s hard and takes time. But if you have a digital health strategy worth pursuing, and the only thing holding you back is an FDA uncertainty, it often makes sense to challenge historical understanding of regulatory policy. Patients’ lives are counting on digital health innovation, and you may just be surprised how passionately FDA agrees with that.

Chris Bergstrom

Associate Director, Digital Health, The Boston Consulting Group

Chris directs digital health initiatives across large payer, provider, med tech and bio/pharma companies. He leverages the best of BCG Consulting, BCG Digital Ventures, BCG Gamma Data-Science, and B.Capital to help clients formulate a strategy, build a solution, and jointly invest in greenfield ventures or new business units.

The Boston Consulting Group (BCG) partners with clients in solving the hardest problems challenging their businesses, and the world, by channeling the diversity of its people and their thinking, as well as a shared commitment to uncovering the truth. The solutions they develop in partnership with clients transform not just companies but also entire industries and even segments of society. BCG has more than 90 offices in 50 countries, more than 14,000 employees, more than 900 partners, and more than 20,000 alumni.

Bradley Merrill Thompson

Member, Epstein Becker & Green, P.C.

Bradley counsels medical device, drug, and combination product companies on a wide range of FDA regulatory issues. He serves as Chairman of the Board of EBG Advisors, Inc., a Washington, D.C., based consultancy that takes a multidisciplinary approach to helping health care and life sciences companies navigate the many obstacles that they face. EBG Advisors is a network of international attorneys, regulatory affairs professionals, reimbursement experts, engineers, clinicians, quality systems advisors, and other professionals who specialize in providing coordinated guidance and solutions across various segments of the health care industry.

Epstein Becker & Green, P.C., is a national law firm with a primary focus on health care and life sciences; employment, labor, and workforce management; and litigation and business disputes. Founded in 1973 as an industry-focused firm, Epstein Becker Green has decades of experience serving clients in health care, financial services, retail, hospitality, and technology, among other industries, representing entities from startups to Fortune 100 companies. Operating in offices throughout the U.S. and supporting clients in the U.S. and abroad, the firm’s attorneys are committed to uncompromising client service and legal excellence.