Transcript, Meeting 18, Session 2


August 20, 2014


Washington, D.C.


John Reppas, M.D., Ph.D.
Director of Public Policy
Neurotechnology Industry Organization

Carlos Peña, Ph.D., M.S.  
Director, Division of Neurological and Physical Medicine Devices
Office of Device Evaluation
Center for Devices and Radiological Health
U.S. Food and Drug Administration

Freddie Ann Hoffman, M.D.|
Chief Executive Officer and Founding Member
HeteroGeneity LLC
Former Deputy Director, Medicine Staff
Office of the Commissioner
U.S. Food and Drug Administration

Deven McGraw, J.D., M.P.H., LL.M.
Partner, Manatt, Phelps & Phillips, LLP
Former Director, Health Privacy Project
Center for Democracy and Technology

Download the Transcript



DR. WAGNER:  Let me welcome all of our Commissioners back.  And who are we waiting for?  Steve.

DR. GUTMANN:  Let's just get started.  We can get started.  People will come very quickly when you ‑‑ once you get started.

DR. WAGNER:  Steve and John are out in the hallway.  And ‑‑ are they just chatting?  Here comes John.

Our session, after a wonderful first session, our second session looks like it's going to tee up to be just as interesting.  It shifts directions a bit because we're going to talk about direct‑to‑consumer neurotechnology.  And let me get right into the introductions.

As we did before we'll have everybody make their presentations and then open the floor for Q&A.

Our first presenter is Dr. John Reppas.  He is the Director of Public Policy for the Neurotechnology Industry Organization, responsible for government engagement, advocacy, international initiatives, and public/private collaborations to advance commercial neuroscience.

He's also current industry representative to the Neurological Device Advisory Panel at the U.S. Food and Drug Administration.

And previously, he was focused on translational neuroscience at Harvard Medical School, and the Stanford University School of Medicine.

Dr. Reppas, welcome.  We're pleased to have you here.

DR. REPPAS:  Thanks very much.  Good morning, everyone.  And thank you for the opportunity to address the Commission.

So I was asked to talk about consumer neurotechnology, with a specific focus on how this industry markets its products and how it guarantees or ensures their safety.  So let me begin with a few general observations about the industry.

When our organization, the Neurotechnology Industry Organization started about eight years ago, almost every company we worked with then was developing a regulated technology.  Something that would have to undergo scrutiny by Carlos and his team over at FDA before coming to market.

Since then, however, we've seen a really substantial growth on the consumer side of the industry.  And this trend started with so‑called brain training software, which was mentioned earlier this morning.  And I think it now includes many, many, many things, including apps, including wearable devices, and even electronic games.

So historically the consumer offerings have often trickled down from the enterprise side once they get cheap enough to make.  But in neurotechnology, as in other parts of health care right now, we're seeing this trend substantially reversed.  So the medical device industry, for example, the regulated side, struggled for many, many years to develop an effective technology to record brain activity at the point of care.

Ultimately, however, it was actually the videogame industry, videogame makers of all people, who came up with a cheap, dry contact, low noise headset that is now well on its way to being used in a clinical situation.  So it's an example of how the consumer focus can actually catalyze innovation in neurotechnology.

So the consumer-first approach is also important, even for companies who ultimately want to focus on FDA-regulated markets.  By accessing the market relatively quickly, they get to learn what the consumer wants, how to minimize costs; essentially what works and what doesn't.  They can also generate the revenue they need to finance clinical studies and other parts of expensive product development.

And I would say from my experience that the last several years have seen a substantial number of companies with a very compelling therapeutic technology that they hope will eventually make its way into medical care, start off as a consumer company.  And these companies will, at least in my experience, remain consumer-focused only for as long as it takes for them to pivot back to the regulated side and elect ‑‑ then address a real clinical need.

So I think there are important links between ‑‑ that connect the consumer side of our industry back to efforts to develop safer and more effective treatments for neurological and psychiatric disease.  And so I urge the Commission to see the industry in that much broader context.

So turning specifically to the type of devices we're here to discuss today, the DTC market can be split out into really two broad product types.

The first type reads out information from the brain or from the nervous system.  These products typically have a device component, like a headset, and that measures the biological activity, as well as a backend technology platform that handles the data.

Because these are more or less just measurement devices, they are considered quite safe.  For this product class the major real world ethical concerns we struggle with center on data privacy, on data ownership, as well as how that data ends up being presented back to the consumer.

The second product type is a set of devices that read an artificially generated signal into the brain.  These products aim to modify an ongoing neurobiological process to produce specific behaviors, like relaxation, like more efficient learning, amongst other things.

Here the ethical imperative is to ensure that these products don't have unanticipated long‑term effects on user behavior or health or brain development.

Turning now to the marketing of these products, the companies we talk about take a fairly standard approach to building consumer awareness.  I think there's a very clear understanding on the part of these companies of the need to avoid a therapeutic claim in labeling and advertising, and to emphasize the product's lifestyle or wellness aspect.

I assume, and I know, in fact, from many companies that I work with that almost every company in this space is very well aware of the remit of FDA and of the FTC, and they make substantial efforts to comply with that guidance, at least as best as they understand it.

And if you look at the demographic who ends up buying these products, we see a very standard, very typical early adopter profile.

The average price point for these products, together with their form factor, something that often sits on the face or the head, means that a user has to be incredibly engaged around the technology, and really, really want to use it.

And I think that's something that may be relevant to the issue of capacity when the Commission turns to it later today.

So what about safety?  As I said previously, the real concerns that ‑‑ for these products, and I think that panelists eluded to this earlier, as well, is for those that apply some form of energy to the brain or to the nervous system.

So as far as safety goes, the starting point here is really the guidance that FDA has issued over many, many years around any medical device that passes energy into the body from the skin surface.

So relative to these technical specifications, most consumer neuro-modulation devices are, and could be considered quite safe.  In fact, many of these devices deploy orders of magnitude less energy than what a lot of these guidelines allowed.  And certainly compared to their clinical counterparts, things like TMS.

What we don't yet know, and I think it's an important issue here that’s again has also been alluded to, is whether these devices that are considered safe as far as energy delivery are concerned, might not have long‑term effects on the brain that actually result from the activity they elicit.  And this is a particular issue as panelists have ‑‑ and the Commission has alluded to in the context of the developing brain.

So before finishing, I wanted to offer up two suggestions to the Commission, in the event that you end up recommending new guidelines for the consumer side of our industry.

The first would be to limit the scope of any guidance to the post‑market phase.  This industry has so far shown itself to be incredibly safe.  And a lot of this ‑‑ I don't think there's a compelling reason to raise the bar to access the market for people who are making these products.

Having said that, I think the real concern is the wide‑ranging ways in which the consumer will eventually interact with these types of technologies.  And there are so many ways.  When you look at the people who are using these things, whether it's parents giving them to their children, whether it's hackers who are trying to hack the body, whether it's just technologically engaged people, there are so many ways to use these devices that I don't think anybody, not least the manufacturer of the product, can really anticipate the many, many myriad ways in which they'll be used once they're in the wild.

So I think it makes most sense to address any residual concerns that you and others have about the ethical aspects of these devices to the post‑market phase, and to rely on a mechanism that collects data on the meaningful use of these technologies once they're actually out there.

My second suggestion concerns data privacy on the readout side.  There is a very legitimate concern that we as a society may one day have to deal with devices that reliably detect what people think, what they intend to do, and how they're feeling.  In fact, I think this is one of the main reasons we're here today.

But I also would point out that we are today in this room surrounded by technology and can quite easily and very effectively generate a pretty good proxy for all of those things.  And of course I'm talking about cell phones, based on their ability to capture everyday behaviors like where we are, who we're interacting with, what time of day we're doing all these things; you can build a pretty good predictive model of what people are going to do on the behavioral side.  And these are probably a lot better than any of the cutting-edge neurotechnology we have, even in the lab, for predicting what people are going to do next.

Despite that, we currently live in a world where a neuroscientist or a neurotechnology developer can be subject to much more data privacy oversight than a technology or a wireless company.  So I would therefore urge you and advocate for a common privacy framework across the brain and across behavior.  One that doesn't distinguish between the origins of data that's to be protected, and which was ‑‑ does not hold neurotechnology to an arbitrarily higher standard than anything else.

Thank you very much, and I look forward to your ‑‑ the discussion.

DR. WAGNER:  Thank you.

Our next speaker, as soon as my computer comes back up, is ‑‑ it just popped up, thank you ‑‑ is Dr. Carlos Peña.  He is the Director of the Division of Neurological and Physical Medicine Devices in the Office of Device Evaluation at the U.S. Food and Drug Administration.

Dr. Peña is involved in all aspects of the safety and effectiveness review of neuro-stimulation, neuro-diagnostic, neurosurgical, neuro-therapeutic, and physical medicine devices.

He also serves as the principal investigator on an FDA-sponsored clinical study focused on the treatment of pediatric neurologic disorders.

Previously, Dr. Peña served on detail as the Assistant Director for Emerging Technologies, in the Office of Science and Technology Policy.

And we are grateful that you are here this morning, Dr. Peña.

DR. PEÑA:  Thank you.  Good morning.  I would like to thank the meeting organizers for inviting FDA to present to you today.

The focus of my talk is provide a little bit more perspective on FDA's approach to neurotechnologies, including direct‑to‑consumer neurotechnology.

FDA's mission is threefold: protect the public health, safety ‑‑ by assuring safety, effectiveness, and security of drugs, vaccines, biologics, devices, the food supply, cosmetics, and number of other product areas; speed product innovation; and give the public accurate science-based information about foods and medicines is also within its goals.

The purpose of the presentation today will cover three areas.  First I plan to discuss what we regulate and a few products that we have moved to market. Second I plan to discuss how we regulate and the organization at FDA that helps to address neurologic devices and related neurotechnologies.  And third I plan to discuss when we regulate, including a few regulatory paths and important considerations for developers and innovators, with an inclusion about direct‑to‑consumer devices.

The goal here is to have a better perspective of how these devices get to market, as well as a sense of the Agency's effort, which are also relevant to the BRAIN Initiative and the White House Neuroscience Initiative as a whole, which I believe this Commission's also quite focused on.

First, FDA has been engaged in neurologic devices for quite some time.  Here I show you an array of products with neurological indications, beginning from neurothrombectomy devices, epilepsy deep brain stimulators, neuro-diagnostic devices, a new prosthetic arm, to therapeutic devices for migraine and microcatheters for the neurovasculature during neurosurgery.

The purpose is not to discuss the safety or effectiveness of individual devices, but share with you that each device went through a regulatory path that was in part tailored to the individual risk and benefits profile of the device.

In the first device, we were talking about 100 plus patients, versus the last device we cleared with non‑clinical performance data, due to safety and effectiveness information being available on these devices from prior submissions.

The take-home message here is that we continue to optimize our approach to reviewing devices, reducing the time and costs of the clinical trials enterprise, and striking the right balance between conducting the appropriate assessments of products, while at the same time getting products to patients who need them.

One very important step in making sure developers and innovators understand the options that are available to them to get their product to market is a primary objective at FDA.  And increasing transparency of the regulatory landscape is important to the Agency.

For example, pre‑submission guidance documents and early feasibility clinical study guidanc[e] allow[s] for an opportunity for early discussion and feedback to sponsors.  And we have a full listing of guidance documents that is curtailed to the needs of the developers and innovators based upon product type and what the product is indicated for.

The way we are organized at FDA is by product area and type.  So here I present to you a diagram of the three branches contained in the Division of Neurological and Physical Medicine Devices.  There are three branches; the Neurostimulation Branch, the Neurodiagnostics and Neurosurgical Branch, and the Physical Medicine and Neurotherapeutics Branch.  And a lot of the discussion is focused on that left column of neurostimulation.  But I could imagine that parallels could be made for other product areas in the other two branches.

The Division of the Neurological and Physical Medicine Devices is one of the newest divisions at the Center for Devices and Radiological Health in the Office of Device Evaluation.  And the take-home message here is that the Center has invested and dedicated a regulatory review component to this important product area.

So this will bring us to, what is a medical device?

A medical device is an instrument, apparatus, implement -- implant.  It goes on, and you can probably read from the slide.  And so you're probably really saying now, "Seriously, what is a medical device?"  If a manufacturer claims or implies a product can cure, treat, or prevent a disease or condition, the device may be subject to FDA regulation.

The FDA provides information for manufacturers to help them determine if their product is a medical device, and what regulatory requirements may apply to their medical device online.  And has dedicated quite an amount of content online in helping folks know all they should know about the medical devices they have an interest in, for both innovators, developers, as well as consumers.

So, who makes medical devices?  Generally any company or entrepreneurs who produce a medical device for sale in the U.S., all manufacturers must register and list with the FDA.  And this includes small businesses and entrepreneurs, as well as regulatory consultants.

Medical devices are classified into three classes: Class I, II, and III.  Regulatory control increases from Class I to Class III.  And the device classification regulation defines the regulatory requirements for a general device type.

For example, most Class I devices are exempt from submitting an application to FDA.  Most Class II devices require pre‑market notification.  And most Class III devices require pre‑market approval.  It really depends on the indication of use, the technology, and how the device would be used by the user.

We provide oversight across the three classes using tools known as "General" and "Special Control," which are the bottom two boxes of this slide.

So now I would like to turn to a few topics of interest.  With regard to the direct‑to‑consumer devices ‑‑ and I'll plan to touch upon the general framework versus a case‑by‑case approach that was discussed earlier this morning ‑‑ FDA supports direct‑to‑consumer devices.

As mentioned in the last slide, if a manufacturer claims or implies a product can cure, treat, or prevent a disease or condition, this product may be subject to FDA regulation.  Our primary concern is making sure for those devices that are termed "medical devices," that the user, the consumer, the patient, and the physician have enough information to use that product safety ‑‑ safely and effectively.  And the FDA provides information for manufacturers to help them determine if their product is a medical device, and what regulatory requirements may apply to their medical device.  That's the general framework.

Now, if there are components of that product that require additional assessment, additional evaluation, then we can move to potentially a case‑by‑case basis where we would, sort of, curtail the regulatory requirements for that product accordingly; and that brings in the case‑by‑case approach.

There has also been discussion with regard to neurocognitive devices as it relates to direct‑to-consumer devices, and the use of mobile medical applications, as direct‑to‑consumer devices as well for some of the brain enhancement-type technologies.

Here again, the point I would like to return to is that if a manufacturer claims or implies a product can cure, treat, prevent a disease or condition, it may be subject to FDA regulation.  Where questions exist, and they do, we ask that all developers, sponsors, and users contact us, and we try to provide as many opportunities for information online, at public meetings for them to have a discussion with us to figure out what's the most appropriate path for this ‑‑ for their product.

Last, I would like to review key – a few key priorities.  I'm not going to go into detail, but the first one is the transparency, because I think if we can make our ‑‑ if we can make our regulatory paths and processes more transparent to the public and to sponsors and developers, this will help better provide some understanding and approach to those products when they reach our ‑‑ when they reach us at FDA.

A few closing thoughts.  One of the most important aspects of getting a medical device to market is to know where to begin.  If developers and innovators have questions on whether or not they should contact FDA or submit a marketing application, they probably should.

This has increased opportunities and approaches when using this mechanism to get feedback from the Agency through several mechanisms.  And FDA takes ‑‑ FDA takes very seriously the ethics component of this discussion.

We have ethics personnel on staff, should ethics issues arise.  We are also able to consult with staff on a particular topic or medical device issue.  And this research at FDA nicely crosswalks the Recommendations 1 through 4 in the Gray Matters publication of the latest bioethics report that underscores the importance of integration and inclusion of ethical perspectives on advisory and review bodies, specifically our FDA advisory committee meetings that we have.  We just had one in April.

Third, where questions exist, and they do, often FDA uses public meetings and advisory committee meetings to address that particular issue.  This is particularly relevant to one of the recommendations in the earlier publication of the Bioethics Commission, which focused on communication and the ethical management and integration of information.

I've also ‑‑ like to include here a number of FDA resources for the part of the record for the slides, so folks can also explore what we have online for sponsors, developers, and innovators.

With that, I would like to yield back my time ‑‑ any remaining time that the panel has.  And I thank you for your attention to FDA’s presentation.

DR. WAGNER:  We appreciate the additional seconds, thank you.


DR. WAGNER:  Our ‑‑ 30 seconds; yeah, half a minute.

Our third speaker is Dr. Freddie Ann Hoffman, CEO of a consulting firm.  It's spelled HeteroGeneity, but I wonder if we ‑‑ do we emphasize the "gene" in there?

DR. HOFFMAN:  No.  It's ‑‑

DR. WAGNER:  The way you have written it here.

Previously, she served as Deputy Director of the Medical Staff in the Office of the Commissioner of U.S. Food and Drug Administration.  She developed the Agency's positions and policies on botanicals and alternative medicines.

Most recently, Dr. Hoffman was Senior Medical Director for the New Product Development at Warner Lambert Consumer Healthcare, where she served on the Technology Search and New Product Development Teams and was involved in strategic development and positioning of dietary supplements and other direct‑to‑consumer products.

Welcome to you.

DR. HOFFMAN:  Thank you very much.  And thank you for the invitation.

Very briefly, I'm here to talk about the direct‑to‑consumer products, dietary supplements and dietary ingredients.

I would like to start by saying that I was called by a physician whose wife had Alzheimer's and he was debating whether he should put his wife on a Phase III trial for a drug, versus taking something that was direct‑to‑consumer, because he had concerns regarding whether his wife would be randomized to the non‑treatment group, the placebo group.  So this, sort of, got me thinking about dietary supplements and their role.

Very briefly, dietary supplements are part of the food category that the FDA regulates and had a very good preview of the overview.  It is only one of several food categories.  I'm not going to be talking about medical foods or foods for special dietary uses.

But a dietary supplement can be various types of ingredients; vitamins, minerals, herbs, botanicals, concentrates, metabolites.  But they can also include drugs and biologics if marketed as a dietary supplement or food prior to approval as a drug or biologic.  But the key point is that a dietary supplement is intended to supplement the diet.

The dietary supplement industry, and this is just from 2012, it's roughly about $12 billion.  It's sold direct‑to‑consumer, and that means any consumer.  About half and perhaps even more of the U.S. population has used some sort of supplement at some time.  But manufacturers have access to U.S. consumers through a whole range of places; grocery markets, pharmacies, health food stores, the Internet, media, and of course celebrity endorsements, as well.

The types of products can be single‑ingredient products; vitamins are an example.  I was looking up and seeing that there are now new nootropics, smart drugs, energy ingredients, which you've talked about, that can be complex heterogeneous products, which we deal with a lot; natural products such as botanicals, lipids.  You mentioned fish oils and Omega‑3's.  Combinations of the above.  But the types ‑‑ the indications are really myriad.   There's mood and depression, seizures, anxiety, insomnia, Alzheimer’s, which is serious, very serious of course, as can be depression.

Cognitive function is mentioned, of course, ADHD, but these are only a smattering of the products that are used in these areas.  And they range from, again, vitamins and certain single compounds to very complex products.

Label claims.  For dietary supplements, there are a set group of label claims that can be used.  Nutrient content claims, such as a good source of calcium, for example.  Nutrient deficiency claims, Vitamin C prevents scurvy, claims of well‑being, just what they say.  Health claims, which are unqualified or qualified, reduce the risk of colon cancer or whatever. Structure function claims, that such and such maintains some function of the body.

The FDA controls the actual label.  The FTC, the Federal Trade Commission reviews the advertising and promotion for direct‑to‑consumer products and services.  Substantiation is required.  I'm not going to go into this.  It is very complicated.  We could talk about this for two days.  But, for example, for the health and nutrient content claims, specific bodies of evidence, specific levels of evidence which are required, structure function claims are very interesting because, again, dietary supplements are intended to supplement the diet and to affect the structure or the function of the body for the device area.

These are authorized under the Dietary Supplement Health and Education Act of 1994.  The manufacturer is responsible for assuring truthfulness of the claim.  They are not pre‑approved or authorized by the FDA, but they should not have any direct or implied disease claims.  And the label for a structure function claim must state that this statement has not been evaluated by the FDA.  This product is not intended to diagnose, treat or prevent, or cure the disease.  However, drugs ‑‑ drugs are intended for use in the diagnosis, mitigation, treatment, cure or prevention of a disease and to affect the structure or the function of the body.  There is a lot of confusion about this.  Pharmacists, physicians and the public are confused about the structure or function complaints from drugs versus dietary supplements.  And dietary supplements come in certain forms that look like drugs, pills, capsules and the like.

However, there are specific legal assumptions that surround these two categories.  Dietary supplements are intended to supplement the diet of healthy, normal individuals for which no risk is really tolerable, versus drugs which are intended for use by a population for which the benefit has been proven to outweigh the risk, very key difference here.

Safety.  For foods and drugs, there's really opposing legal premises here.  For foods, foods are generally recognized as safe or contain ingredients with a history of use or other evidence of safety which will reasonably be expected to be safe.  That is kind of redundant but that is how it is worded, whereas drugs, especially new drugs, are not generally recognized as safe and effective under the conditions of their labeling.

So the assumption is the opposite assumption for drugs.  They have to be shown to be safe.  So with the same evidence for foods, no risk is really where we are at for the general population, whereas for drug benefit-to-risk ratio, safe relative to the efficacy for specific indications in a target population.  And there are products that would be unsafe for the average individual walking around on the street, which are perfectly safe for, for example, patients, cancer patients for example, or people with Alzheimer's because it is a risk/benefit.  But on the other end, there are certain products that are safe for healthy people that are not safe for patients either.  It works both ways.

So regardless of a product’s current market channel, when the labeling shows that it is intended to be used to diagnose, prevent, or cure, it becomes a drug regardless of how it is currently being sold in terms of FDA.  So in terms of ethical considerations, are dietary supplements adequately regulated for the direct‑to‑consumer use for neuropsych conditions?

Do consumers have adequate information to make these sorts of decisions to use these products for their conditions?  What role should these supplements have in the management of neuropsych conditions?  I'm not going to answer these but I'll pose these for the panel.

So, now one of the questions has been dietary supplements are not regulated.  Well, they are regulated; they’re regulated as dietary supplements, which is a category of foods.  And there are what we call Good Manufacturing Practices, which require a whole slew of different monitoring in terms of the manufacturers, packagers, labelers, which ensure identity, purity, quality, strength, et cetera for these products.  However, again, for dietary supplements, the FDA does not inspect these.  They are not pre‑approved or tested by the agency.  There is no requirement as there is for a drug for lot-to-lot consistency or stability. It is not required, some people do it.

Labeling.  Labeling, the supplements must bear supplement facts.  They must meet FDA requirements depending on the type of claims.  Some certain claims, like health claims, the FDA actually puts out by regulation.  Others are not approved at all.  But they are not labeled for specific populations or clinical indications, and there are no warnings or risks of contraindications, interactions, dose modifications listed on their packaging, just as there isn't on a milk carton.

So ingredient safety, safe for the general healthy population.  There are various ways that these ingredients can become dietary ingredients.  Some are grandfathered if they were on the market prior to the dietary supplement law.  Some are generally recognized as safe.  And there is the new dietary ingredient notification process, which requires that the manufacturer submit data to the agency prior to interstate commerce or marketing.  And there is now adverse event reporting, which is the same as OTC monograph drugs.  But there is no testing in specific populations or for specific medical conditions.  And clinical study protocols and data are not reviewed or audited by FDA as they would be for a drug.

So dietary ingredients can prevent or treat disease.  That is true.  Sold direct to the consumer though, anyone can purchase them.  There are no restrictions.  Children can purchase them, patients, pregnant women.  Licensed practitioners can prescribe dietary supplements and get ingredients to their own patients.  That is perfectly legal.

Self‑medication.  Consumers can use these as they wish without out a learned intermediary.  And some of these products and ingredients are both drugs and dietary supplements.

Thank you.

DR. WAGNER:  Okay, thank you very much.  Our final panelist is Deven McGraw.  She is a partner in the health care practice of Manatt, Phelps & Phillips, LLP.  Her area of focus there include HIPAA and privacy advice and compliance, data security, data governance, research and health data analytics, health information technology policy, and patient engagement.

She was appointed by the former HHS Secretary Kathleen Sebelius to serve on the Health Information Technology Policy Committee, for which she is a member of the Meaningful Use Work Group.  She chairs the Privacy and Security Tiger Team and co‑chairs the Information Exchange Workshop.  Previously, Ms. McGraw was the director of the Health Privacy Project at the Center for Democracy and Technology.

Welcome to you.  It is good to have you here.

MS. McGRAW:  Thank you very much.  I appreciate it.  I actually just went back into the private sector about four months ago.  So the previous job as the Health Privacy Project director I had for six years.  And that is largely what informs the testimony or presentation that I am going to give today, which is about the privacy implications of direct‑to‑consumer neurotechnology.

And to be quite honest, the neurological apps or the tools that are marketed to consumers for brain function or brain health have not been overly targeted or sort of appearing in newspaper articles as being of great concern from a privacy standpoint.  So for the most part, my presentation is really sort of focused on what are the implications of direct‑to‑consumer technologies that gather data generally, which would apply in the case of neurotechnological apps or social networking sites as well.  So, this is really about the data, not necessarily about supplements, and again a more general presentation, but it certainly would apply in this context.

So people generally tend to think that in this day and age where so much information is exposed that people just don't have any privacy at all or they don't care about it anymore.  And that is not true.  We still have a segment of the population that readily admits in survey data that they don't go to see a doctor, that they lie about their medical condition or that they try to see medical professionals out of the area because they have concerns about the privacy of the information.

This doesn't tend to be the case for people who are very, very ill because frankly they would give up a lot of privacy in order for their data to be used more robustly to help them.  But for other folks, and it is not an insignificant number, and this is survey data, but it ranges between one and six and one and eight.  And the one in eight is the most recent survey that I've seen, that they admit that they withhold things or, again, don't seek treatment because of privacy concerns.

And these concerns are about the information being used in some way to harm them, so whether it is for discrimination or embarrassment.  But it is also just generally about trust, and the idea that ‑‑ and the idea that, you know, if I'm doing something that is about my health, I don't necessarily want anyone else to know about it.  And it is nobody else's business but mine, mine and whoever I choose to share it with and not legions and legions of people.

Frankly, I think that the recent revelations about NSA access to consumer data, as well as the recent Facebook research controversy and digital health data breaches, which seem to occur with some regularity within the medical system in particular, have frankly increased rather than decreased the public's sensitivity on some of these issues.

So are there federal protections for the data that is collected in some of these direct‑to‑consumer technologies?  Yes and no.  HIPAA, which is the set of privacy and security regulations that apply to health data, generally is not going to apply in the context of a direct‑to‑consumer technology.  It has very limited coverage.  It applies to what are called covered entities and their business associates or contractors who receive health information in order to perform a service on their behalf.  But a covered entity is limited.  It is not anybody who gets health data.  It is hospitals, physicians, labs, pharmacies, health plans, entities who are in the traditional health care ecosystem and who bill electronically.

So, frankly, a lot of the sort of paper‑based medical professionals that are still using only paper records and don't tend to bill health insurers electronically are not covered under HIPAA and that is sort of a historical antecedent to how the law was enacted that authorized the regulations in the first place.

And so, again, the direct‑to‑consumer space is collecting a lot of health data or potentially health implication data, so data that might not be health data on its face but might be useful for health care purposes, is not going to be covered.  Most medical devices, frankly, are not covered as well.  There was recently coverage in the press some controversy about a patient with a pacemaker who wanted to be able to obtain the data that was collected in his pacemaker in order to understand it a little bit better.  And HIPAA gives patients the rights to have a copy of their information, but the medical device, the manufacturer of that device is not a HIPAA‑covered entity.  So while a doctor may have implanted it, the device is not covered by HIPAA; and he does not have any legal rights to obtain copies of that information.  Just as an example of sort of where the lines that we have ended up drawing from a regulatory standpoint have really missed out on this particular segment in not insignificant ways.

Mere connectivity between the device and a health care professional does not render the manufacturer of that device HIPAA covered.  It really is a facts and circumstances test that depends on sort of who is providing the technology to the patient and on whose behalf, who is benefitting from it, who is responsible for day-to-day operation and repair, who controls the information that is generated by the technology.  And, in general, really the direct‑to‑consumer in some ways says it all.  It is highly unlikely to be covered by HIPAA, which sets very, very detailed regulations, both on the privacy and the security side if you are talking about digital data for how that data can be accessed, used, and disclosed.

So it isn't the case though that this is a completely unregulated atmosphere.  The data and the use of it are regulated to some extent by the Federal Trade Commission.  And the Federal Trade Commission has authority to prevent and seek redress for unfair or deceptive acts or practices.  It is very broad authority.  And they have used it to penalize some consumer‑facing for‑profit companies for failing to abide by commitments that they make to users regarding data collection and use, such as in a privacy policy.

Less frequently, they have used their unfairness authority to crackdown on unfair practices. Their authority though is, again, very general.  And the way that they have exercised it essentially gives you a sense of the direction that the Commission is headed in in terms of their priorities.  But it doesn't set the sort of comprehensive set of sort of guardrails and rules about how the data that are being collected in these devices or mobile apps or social networking sites is going to be able to be accessed, used, and disclosed.

So it is not inaccurate to say essentially the vendor sets the rules about how the data can be accessed, used, and disclosed, and then they are communicated to patients through user agreement ‑‑ consumers through user agreements or through privacy policies.

There also are data breach notification requirements that were recently enacted by Congress for personal health records and related apps, which might apply to some of these technologies.

The FTC is focusing a bit more on the health space and devices and tools that are connected into the internet.  They recently had a workshop on this issue in order to gather more information.  Exactly where that is headed it a little bit unclear.

You've already heard a lot about how the Food and Drug Administration regulates these technologies.  They do not regulate for privacy, but there are some security aspects of their regulation of a technology that actually fits the definition of medical device because obviously there are concerns about making sure that the device isn't vulnerable to being hacked in a way or compromised in a way that would render the device not able to perform in the way it was intended or to cause a safety issue for the users.

States have begun to jump into this absence of regulation on consumer technologies.  One state in particular, California, extended its medical privacy rules to apps that collect information on a patient's behalf in order for them to use for their health purposes.  But that particular development was met with, at least in my view, some consternation.  I mean in some degree, leaving consumers to this completely unregulated space or minimally regulated space is not the greatest idea.  But the rules that were ‑‑ like HIPAA and the Confidentiality of Medical Information Act were designed to cover how hospitals and doctors and labs use information.  So there are lots and lots and lots of permissive provisions in there about how they can use data in the ordinary course of business that don't necessarily fit with the direct‑to‑consumer app.

The provisions regarding marketing have lots and lots of permissive provisions to allow doctors and hospitals to communicate with patients, but it isn't the case that those kinds of permissive provisions should necessarily apply to a direct‑to‑consumer application.

So here are just some resources about some concerns that have been raised, which again is largely about what happens to the data that are collected in these devices.  And, frankly, a lot of them are free, which means the business model for the device is likely to be advertising.  And so there is a fair amount of sharing of the data that is collected in devices and apps and social networking sites with advertisers, with data miners.  It can be combined to use some profiles for folks way outside of the health care environment.

So you could certainly foresee in the case of a neurotechnology app that this kind of data might be combined with other data and sold and used for scoring of consumers in terms of ability to get credit or for job applications where there are investigations done using mined data in commercial spaces.  Similarly, the sort of creepiness factor for folks of sort of discovering, you know, I'm using this app and now suddenly I have ads popping up when I'm using my email for a drug that is targeted to people who have a certain condition that nobody is supposed to know about because I thought I was using this app in some sort of private way.

Similarly, there has been a study of the privacy policies, which generally tend not to be terribly readable.  That won't surprise any of you who have ever read one.  And similarly are written in such a way that it is not entirely clear the amount of third party use of the data that is going on.

So I am way over time.  I will stop, and I look forward to the discussion.


DR. WAGNER:  Deven, thank you very much.  Well, John is ready to charge in, so go ahead John.

DR. ARRAS:  Why not?  Thanks very much.  So let me raise a problem that might be indelicately phrased as a "snake oil" problem.  So if you tune into NPR, you will most likely be deluged by ads from companies like Lumosity, which, you know ‑‑ which feature very attractive people who are attesting that their brains are really being improved by these games that they have devised.  Then you turn to the literature, you turn to the medical scientific literature, the New York Times and so forth, and these sources habitually debunk all the claims that you hear on NPR for Lumosity and kindred companies.

So, I'm just wondering what our societal ‑‑ I want to get advice from you about what our societal response should be in cases where people put all these claims out there about beneficial effects on learning, brain retention, which are in no way validated by any kind of research.  Should those sorts of companies be subjected to increased scrutiny with regard to regulation or should we just consider this to be a general problem of capitalism where consenting adults can pretty much do whatever they want even if they are being sold snake oil?

DR. WAGNER:  John, go ahead.

DR. REPPAS:  The latter.

DR. GUTMANN:  I want to just add a category here of possible response.  Just that it is very important for us as an ethics commission, a bioethics commission, to consider.  A lot of what we are hearing from the three people other than John comes from a regulatory -- you know, a perspective of people who have been involved with regulation.  So ethical standards don't immediately require regulation to follow.  And I think it is really ‑‑ so let me give you an example, which if you want to see the humorous version of it you could watch John Oliver, he has a weekly ‑‑ half hour weekly show following the news.

So, a lot of people in our society, a lot of people continue to claim that Barack Hussein Obama was not born in the United States.  Birth certificates have been produced to prove otherwise.  And there is beyond a reasonable doubt, there is no reasonable doubt that the President, our President of the United States, these are the same people who will not call him President, they will call him Mr. Obama, our President was born in the United States and is constitutionally President of the United States.

Now, what is the response to that?  There is no regulation possible to prevent people, and people who have very bad motives as well, from saying that over and over and over again.  But there are many ethical responses to that, and there is every reason to say that most of those people are the equivalent in the political realm of snake oil salesmen in the consumer realm.  And they should be denounced.  They should, you know, be taken to task.  And we have a free press, and we have freedom of speech and freedom of action as far as what we do.

I would at least say that as a Commission we should not underestimate the power in a free society of the realm of denunciation, of calling businesses to task who make claims, whether on NPR or any other, that are patently false where the "patently" requires some, in this case, education and understanding.  And it is not as obvious as producing a birth certificate for the President.  So, I would say that let's not dismiss the importance of what we can do as a Commission short of calling for more regulations.

DR. WAGNER:  In fact ‑‑ well, comments from this group before I, I would like to segue that into a question, okay.  When you say, "What is it as a Commission we can do," going back years ago to the initial charge letter that we received from Mr. President Obama, it included centrally a sentence that charged the Commission to be part of what it would mean to maximize the benefits of new technology while minimizing the risks.

DR. GUTMANN:  Right.

DR. WAGNER:  Imagining that the consumer market is one of the ways actually affirmatively positively to introduce technology for the public benefit is I think something we can help to encourage. Now I'm going to end up with a negative question on this.  One of you, and I think Deven, it was you, mentioned unfair practices.  Is there a definition for "unfair practices"?  What does that mean?

MS. McGRAW:  That's a good question.  Generally, the Federal Trade Commission has what a lot of sort of privacy scholars or even people who follow the FTC consider to be the FTC's “common law,” which is that over time they have engaged in a number of enforcement actions using their unfairness jurisdiction that starts to sort of carve out what is meant by unfairness.  Generally, it's sort of a risk/benefit calculation in many respects in terms of what are the ‑‑ might have had something that is used, you know, in the security setting, for example.  They have acted in the case of unfair design or unfair default settings or unfair data security practices that have ended up causing injury to consumers that are not offset by other benefits of use.

So, I don't think there is a hard and fast definition, so maybe it is sort of like the Supreme Court and pornography, "you know it when you see it," in the balance and in the context in which it arises, right?  It is usually behavior that is out of bounds in terms of commercial reasonableness for the other apps that are going on that the consumers would not reasonably anticipate from the use of the tool or the technology.  And it is probably going to evolve based on the setting and the particular context.  And, frankly, what the technology does or doesn't promise, what it does or doesn't do, and what the consequences are to the particular activity that is being complained about.

DR. WAGNER:  How about pointing back to John Arras' question.  For reasons I fully understand, you have been describing unfair practices about the way one uses information gathered from an individual.  Are there correlate unfair practices associated with claims about the efficacy of consumer-available technology in neuroscience?

DR. PEÑA:  So maybe I can provide some comment here.  There are a couple of things I would like to say, one general and one specific and an approach.  In general, when you talk about the mobile medical apps, I sort of return to the statement I made during the statement component of this session:  "If a manufacturer claimed or implies a product can cure, treat or prevent a disease or condition, they would probably likely -- may be subject to FDA regulation."

For this specific example that you've raised, in general for products that focus on the general well‑being of users, looking at mental acuity, physical mental health, it is not really subject to our regulations.  We come out with a guidance on that, mobile medical apps guidance.

That being said, using our limited resources here, if they expand that to say, "Oh, and this is going to be useful in the treatment of Alzheimer's patients, early onset in the disease," then we might want to take a little bit of a closer look.

And the last point I will make is that for some of the statements that maybe are made in the public, there is a user component that they want to be careful of what they are saying.  And there is also an FTC component that also has some stake in this dialogue.

So I think there is a couple of steps here that play into that question that I think we need to sort of make sure we address, each of the multi‑factorial components of that question.

DR. KUCHERLAPATI:  I have a question for the regulators and former regulators.


DR. KUCHERLAPATI:  We are discussing, you know, probably the increasing use of the software tools, like the ones that were described today, to enhance cognition and so on.  Should they be regulated and what are the criteria that should be used to regulate them?  And I tell you what the dilemma is.  So, you know, yesterday, I was coming in, and I forgot to bring my travel documents, and I didn't remember what hotel I needed to go.  So I went to my computer and pulled out, and the information was there.  So I knew where to go, right?  So my cognition was impaired, but I was able to enhance it by going to the computer and pulling out my e‑mail that contained the information.  And that was present in Outlook.  So Outlook, I'm sure they would consider that Outlook doesn't have to be regulated.  But some of the other things, like the example that John provided, maybe you think, you know, that they are not making the right claims and they should be regulated.  What is your view?  Where is the line to draw?

DR. PEÑA:  So I'm going to return to a statement that I made, "If the manufacturer claims to cure, treat or prevent a disease," I think we will have a stronger interest in making sure that that claim with regard to safety and effectiveness, that product is truthful and accurate.  If you are talking about the mental acuity, making sure that your schedule is in place, which is now performed as a function of an app, this may not be on that same severity that we would want to invest a regulatory control over.

DR. GUTMANN:  That's, you know, the Food and Drug Administration, but, you know, FTC, deceptive claims, there is an argument that the consumer can't be expected to figure out every deceptive claim.  So deceptive claims are subject to regulation.  Where you draw the line is a difficult issue, but there is a ‑‑ you know, deception in many ways, and I speak again now as a moral philosopher, but it is everyday life.  Deception in many ways is worse than lying.  Lying is ‑‑ an out and out lie is easier to discern than something which is deceptive and tries to trick you into believing that something that is false is true.

So, we want to have, we have bought into a society in which there is regulation of deceptive claims, which is consistent with our being able to have a modicum of trust.  At the same time, Raju, it is absolutely true, there is this continual issue of where you draw the line between how small does the print ‑‑ how small can the print be and still actually be consistent with telling people what they need to know? We can't answer.  That is where you have to do it on a case by case ‑‑ you have to have case law to do it.  There is no bright line here.  You need case law.

DR. GRADY:  So my question actually follows a little bit on Raju's but is specific to the issue of privacy because I think you said something about a general framework for privacy, and I think you said ‑‑ you at least alluded to this inadequately regulated space with respect to privacy.  So, I guess my question is, I sort of think that maybe there is no way to regulate privacy in that the sort of HIPAA model is not one that we want to try to emulate in a wider space.  And so the question is what should we do about privacy? And one question I had was whether or not the wisest thing to do, or maybe it is not, I would love to hear your ideas, but one idea I had was maybe we should think about, you know, improper use of information.  And so do something along non‑discrimination, you know, genetic non‑discrimination laws or something like that. But do you think there is room ‑‑ do you think there is a role here for more regulation about privacy or legislation about privacy or something else?

MS. McGRAW:  Right, well, I do think it would be helpful for consumers to have some consistent framework for privacy so that it is not the case that the data is protected in their doctor's office but once it goes outside of their doctor's office and outside of the HIPAA coverage bubble, it is not.  And then, you know, we are trying to facilitate arrangements where patients are gathering data on their own that is relevant to their lives.  They should be sharing that information with their care providers where it is relevant.  And we want this sort of seamless data flow, and yet it is going to sort of pop in and out, pop in and out of being regulated from a privacy standpoint.  It is not necessarily the best environment to put consumers in.  They have got sort of "buyer beware" on the one hand and heavily regulated, some would say over‑regulated, on the other end.

I think we could do a lot better in terms ‑‑ there have been lots of sort of frameworks proposed that are based on fair information practices that elevate the importance of being transparent, much more transparent than is the case today with a lot of these apps about what happens to data and in a way that consumers can meaningfully understand.  Largely, that is being pursued through voluntary codes of conduct, which is not a bad place to start.  And once somebody adopts a code of conduct, then the Federal Trade Commission has the power to enforce it if you are a for‑profit company and you are operating under their jurisdiction.

Data security is another issue that where either voluntary codes or some sort of regulatory framework would be enormously helpful, the ability of consumers to find out more about where the data has gone and maybe even to be able to access it.

And then on the discrimination sort of what is done with the data, frankly, that was the focus of the White House big data report of just a few months ago, which was to say we probably can't really get a handle on this collection, how ubiquitously it is being collected.  We should focus more on the issue of use.  And whether you agree with that proposition that we should just let go on the data collection.  Certainly in terms of how that data are being used and the use of it, that ends up denying people benefits that they are seeking, whether it is a public benefit or a private benefit, is a big one.

The Fair Credit Reporting Act provides for some coverage for credit determinations, but it doesn't really cover this entire field and how can we sort of pull that out and either expose it more from a transparency standpoint or place some regulations around how it is used and how consumers could challenge it, for example, if it turns out to be false.

DR. WAGNER:  Let's see if we can squeeze in Nita, John, and Nelson and call it a session.

DR. FARAHANY:  I want to pick up on both of the themes that we have just been exploring, regulation and privacy, the first one on FDA.  So this has been an area of significant interest for me, particularly since FDA regulation has very different implications than FTC regulations since it’s pre‑market approval and potentially whether or not a device ever makes it to market.

And it is the second part of the definition of the device that is particularly interesting to me, the "or if it is intended that," you know, "in a way that could affect structure or function."  And we have been focusing primarily on the first part of the definition, which is intended for use and diagnosis.

It seems like a number of companies, particularly in the neurotechnology field, have learned from the 23andMe example to not use the "intended for use and diagnosis” language.  And if we take, for example, the transcranial direct current stimulation, they say on their website, "Make your synapses fire faster and overclock your brain."  But they make it very clear that what they are talking about is for gaming purposes, right, to improve your performance for gaming purposes.  But whether it is that or other apps that are about overclocking your brain and improving synapse firing, it is about affecting the structure and function of the brain, and in fact they do affect the structure and function of the brain.

So I am curious about how FDA is thinking about that class of devices, and how you approach devices which are really targeted at enhancements rather than trying to treat abnormal conditions looking at the risk/benefit analysis?  And on the privacy front for John and Deven, I'm interested in Christine's kind of comments in thinking about a particular EEG tracking company that has been able to integrate into workplace environments where, whether it is for Nascar racers or just in the ordinary workplace environment or in the military, they are doing real time EEG monitoring to try to suggest that you can monitor productivity of your employees or different emotive states.

And it seems like there is privacy of ordinary consumers who voluntarily choose to wear one of these devices recognizing that they are ceding a lot of privacy and information for the benefit that they are getting versus the lack of regulation in the workplace which would prevent anything ‑‑ you know, which would say a consumer, sorry, an employee has to wear these devices in order to track their productivity.

So, I wonder if you have thought about that within your organization in providing any sort of advice about the context in which it is used?  And if you thought about the kind of privacy implications in the workplace setting versus for ordinary consumers?

DR. PEÑA:  So I can start off.  Regarding the structure function claim, we take those as serious things.  So even if the sponsor does not mention a health claim, but they mention a structure function change, like maybe increase in synaptic activity, we will look at those submissions.  And we do receive regularly information from the public that is investigated by our Office of Compliance, to look at those claims that are either online or on products.  So we do take that seriously.

With regard to enhancement, I think it sort of harks back to the mobile medical apps question about mental acuity, physical -- sort of mental fitness, those are again claims of general wellness and health ‑‑ general well‑being, so there we would be inclined ‑‑

DR. FARAHANY:  Sorry, so tDCS makes the same kinds of claims that they're enhancing your brain, not that they are treating some condition.  And the question is if there is a different risk/benefit model in evaluating those devices versus devices for treatment?

DR. PEÑA:  Right, so if there is an enhancement and there is also a structure function claim change, we would look very seriously at those products.

DR. REPPAS:  Oh, I'm sorry, I don't mean to ‑‑

DR. WAGNER:  Oh, yeah, go ahead.

DR. REPPAS:  So, to the privacy issue, I think I return to the comments I made earlier on, which is in their current form, these devices to which you refer require compliance, right.  So, the idea that a person would have this activity surreptitiously recorded I think is ‑‑ that is not a concern at least at this point.

I think that in the settings that you are talking about, whether it is Nascar racing or whether it is, for example, military marksmen who are using some of these devices to improve the way they do their jobs, I think that there is probably substantial buy‑in on the people who are using the technology.  And to step back and say that there is a general concern, I agree.  But is neurotechnology a unique concern, right? So your employer, my employer can track, for example when I'm in the office, the keystrokes I generate at all times of day.  So, if I step away from the computer, if I'm not doing something or if I'm on my phone, that shows up.  And so the question is, is that a different type of surveillance?  Does that infringe upon my workplace liberty in a substantially different way than if I were wearing a headset?  I don't know.

MS. McGRAW:  I think the only thing I will add is that it is interesting from the privacy advocacy side, we have sort of ceded the territory of what happens in the employment context in part because people don't have much, if any, reasonable expectation of privacy while they are at work.  Having said that, I do wonder whether there are some ADA implications for how data might be used on “poor performers” that are being monitored in this way.  And so that is another issue that might come up because there isn't really a way to say no to the use of those technologies.

DR. WAGNER:  I will just cede, go ahead.

COL. MICHAEL:  I was going to ask a very simple question of coordination between FTC and FDA because there has to be cases that don't fall neatly into the disease‑specific claims or unfair practices.  So, is there a mechanism for the two agencies to sort of coordinate on cases that may be in gray zones?

DR. HOFFMAN:  Yes, actually I sat ‑‑ when I worked at FDA, I did sit on the FDA/FTC Working Group, which also works with the states, the Attorneys General, for a very long conference call because we had all the states on so.  But that is a routine, at the time it was a monthly meeting, I don't know what it is now.  But there are specific, how can I say this?  There is a space between the two agencies.  I will very briefly state that the FTC has a lot of economists and lawyers. The FDA has scientists and public policy, pharmacists, for example, chemists.  There are differences.  And the approach for FDA for a lot of areas is the product safety and efficacy.  And for FTC, it's the proof of what you are saying.

And certain things came about that the FTC, and this happened with dietary supplements a lot, the FTC was perfectly fine for you to say that something treated cancer if you had the data that they would accept to treat cancer even though you can't say that direct-to-consumer.  That becomes a FDA‑approved drug. So there are some gaps in how they regulate.

DR. WAGNER:  Panelists, we appreciate ‑‑ oh, I'm sorry, Carlos, did you want to ‑‑

DR. PEÑA:  The only thing I will add is that the Consumer Product Safety Commission also plays a role.  We have had discussions with that agency.

DR. WAGNER:  Oh, right.

DR. PEÑA:  And then on a general framework, these are sort of more on case-by-case basis, in general, there are other forums that may foster inter‑agency cooperation and communication, such as the Inter‑Agency Working Group on Neuroscience, which may also be something for the Bioethics Commission to consider.

DR. WAGNER:  With that, ‑‑

DR. GUTMANN:  Thank you.

DR. WAGNER:  ‑‑ thank you, panelists, very much for your contributions today.


DR. WAGNER:  We are adjourned until 1:15.  Commissioners, we have an administrative lunch business to get right to.

(Administrative lunch recess.)



This is a work of the U.S. Government and is not subject to copyright protection in the United States. Foreign copyrights may apply.