The FDA is in dire need of some regulatory design thinking
The FDA has no shortage of information and databases at its disposal, but an AgencyIQ analysis has found extraordinary gaps in how patients, consumers, retailers and life sciences companies can access and use the data in FDA’s possession. Such gaps leave patients exposed to potentially violative or harmful products, retailers and manufacturers exposed to unnecessary regulatory risk, and the FDA itself sometimes acting against its own interests. Our analysis identifies the major gaps in FDA’s systems and proposes a new approach for the FDA to potentially close them.
As the FDA is fond of saying, it regulates a significant percentage of the U.S. economy
- By its estimates, it regulates about 20% of all U.S. consumer spending – drugs, medical devices, biologics, food, tobacco, cosmetics and more.
- That’s an incredible amount of oversight and responsibility for any one agency to have, made even more impressive given the stakes of that oversight. Every issue with a product or its manufacture poses a potential risk to consumers and patients – a risk that may be deadly if not appropriately managed and communicated.
- But for all of FDA’s oversight, its warnings and actions mean little if they are not effectively communicated to stakeholders. Even the best-written warning is useless if it’s not read by a patient. The most up-to-date information isn’t helpful if it’s inaccessible to a prescriber.
- And yet, that is exactly the problem that the FDA is facing: Though the agency maintains hundreds of databases and communications channels, important information about product safety, efficacy and regulatory status is frequently siloed. The effect? Important information is often inaccessible and inscrutable to the agency’s core stakeholders, including patients, consumers, manufacturers and retailers.
- Critically, those silos make it more difficult for the FDA to accomplish its goals: It’s harder for patients to keep abreast of FDA’s latest safety warnings, health care professionals to understand the latest changes to an oft-prescribed drug’s label, and retailers to understand the regulatory status of the products they sell. Ultimately, the silos make more work for FDA regulators, requiring them to spend more time sending out repeated warnings and conducting inspections for issues that could otherwise have been addressed.
To understand the extent to which FDA’s communications and information is fundamentally broken, consider the following thought experiment:
- Imagine you’re a regular person shopping in a store or on an online retailer’s website. You find a product you want to purchase – say, a wellness product – and proceed to the check-out process.
- But then a few cautious thoughts enter your mind: Is this product regulated by the FDA? Is this product safe, or has this product been recalled? Will this product be effective at treating the condition I think it treats? Has this product, or have products like it, been subject to FDA warnings? With those questions in mind, you try to find the answers on the FDA’s website.
- Those are all reasonable questions to ask, and you would think that it would be easy for anyone to answer them with the aid of the FDA – the regulator of such a significant number of products.
But you would be wrong. In fact, even basic information about the regulatory status of FDA-regulated medical products is dizzyingly difficult to find. There are a series of major problems:
- The FDA does not maintain any sort of “single source of truth” database to check on the approval status of medical (and other) products. And in some cases, information on the regulatory status of a product is essentially non-existent.
- For example: The FDA has different regulatory databases containing information on the approval status of small-molecule drugs (Drugs@FDA), biological products (The Purple Book), medical devices (Devices@FDA), and a limited number of dietary supplement products.
- But these databases don’t contain everything. Some products were marketed prior to the advent of modern regulatory frameworks, and were therefore not approved (but are still legally marketed) as a “grandfathered” device or drug. Some products aren’t necessarily approved, but are instead marketed: 1) As product monographs, like many over-the-counter drug products; 2) As compounded drugs; 3) As products exempted from regulation, like many Class I medical devices; 4) As subject to FDA enforcement discretion policies, a common scenario during the pandemic; or 5) As approved through a special regulatory pathway, such as Emergency Use Authorization. Some products are regulated as both a drug and a dietary supplement, or as a prescription product and a nonprescription product. Other products, like medical foods, are so uncommon that the only real information that the FDA offers on them is found in guidance documents.
- This issue is even more acute for dietary supplements. There is currently no simple way to tell if a dietary supplement is legally marketed. The FDA itself has conceded that many dietary supplement products are marketed without its knowledge. According to a recent guidance document, FDA estimates there are about 3,400 marketed dietary supplement products containing new ingredients that were never reviewed by the FDA. And while the FDA does maintain a list of the New Dietary Ingredient (NDI) Notifications it has received that support the use of an NDI in a dietary supplement, that’s not the same as a list of marketed dietary supplements. That list would include products marketed prior to the 1994 passage of the Dietary Supplement Health and Education Act (DSHEA), which are effectively “grandfathered” in. In fact, the best resource for dietary supplements isn’t maintained by the FDA – it’s maintained by the National Institutes of Health. The Dietary Supplement Label Database contains more than 165,000 products, although it, too, has major shortcomings: It gives no information about the current regulatory status of a product and information is collected from voluntary industry submissions and surveys. Further, it is not necessarily up to date, and therefore isn’t a complete resource in the way that some other FDA databases purport to be.
- And if you’re trying to find the regulatory status of widely sold homeopathic products, you’re out of luck. Homeopathic products exist in a no-man’s-land of regulation. The FDA maintains that homeopathic products are in fact drugs, yet typically permits them to be marketed under a risk-based enforcement strategy. In short, homeopathic drug products with known risks, with routes of administration other than oral or topical, that are intended for use in serious or life-threatening conditions or in vulnerable populations, or that have “significant quality issues” may be subject to FDA enforcement action. But the fact remains – the FDA does not approve homeopathic drugs and does not maintain a database of these products. Neither does the NIH. In fact, the only resource that we’re aware of is one maintained by the Homeopathic Pharmacopoeia of the United States. The regulatory status of these products can be so confusing that even major manufacturers and sellers of these products, such as CVS Health and Walgreens, may be unaware that they are marketing products in violation of federal law.
Consumers and healthcare professionals are also left in the dark when it comes to finding easy-to-access up-to-date information about these products – even though the FDA demands this information from companies
- The FDA maintains a multitude of databases containing information that would be useful to consumers and healthcare professionals – notices about recalls, product shortages, safety alerts (both those specific to individual products and those related to whole product categories), Import Alerts, Warning Letters, facility inspections and more.
- And yet, by and large this information is both difficult to find and generally impossible to contextualize. These various databases generally are disconnected from one another and are constructed in such a way that makes their use, even by savvy stakeholders, difficult.
- Let’s think about a potential use case to illustrate what we mean. Imagine having an elderly relative who is taking a product that was either prescribed or purchased at the local drugstore – Product X – and they are asking what you know about it.
- You have some questions that would allow to you help this relative: Has this product been reviewed and approved by the FDA? Has this product been associated with any major safety concerns? Have there been any recalls associated with this product? Has the label for the product been updated since my relative started taking it and, if so, what changed?
- A particularly savvy consumer or healthcare professional may have additional questions: Have there been any warnings associated with the class of drug that the product belongs to? Has the manufacturer of this product been subject to a Warning Letter, and if so, why? Is this product in shortage, or do I need to be concerned about obtaining a continued supply? When was the last time the facility where the product was made was inspected, and what was the result of that inspection? Where is this product made?
- These are all good and reasonable questions to ask – in particular, some patient populations such as those who take life-saving or life-sustaining drugs to treat cancer, neurodegenerative diseases, and rare conditions may be especially invested in their own care. And healthcare professionals may have reasons to seek out this level of information on a given product.
- And yet, the answers to any of those questions are difficult to find. The FDA generally doesn’t associate information pages for a drug (such as in Drugs@FDA) with any recall information (although its device database helpfully does make such associations through the Total Product Lifecycle database). When FDA issues class-wide warnings for products, it generally doesn’t list out which products are affected. Even if a consumer knew where to find labeling updates for products, those updates don’t always clarify what was changed or explain why the change was made, even in the case of new data or a new safety signal). Drug shortage information is similarly not associated with product pages, even when they exist.
- Stepping back from drugs and devices to the full array of products that the FDA oversees, these difficulties continue. Many FDA Warning Letters don’t cite specific products made at a facility due to confidentiality concerns. For Warning Letters that do mention specific products, such as ones for alleged violations of federal marketing statutes, that information is not associated in any database containing that product (including close-out letters to show that an issue has been resolved). Product manufacturing facilities are not associated with individual products in FDA’s databases (again, for commercial confidentiality reasons), making it impossible for most consumers to know if the manufacturing facility that makes the product they rely on has been found to have sub-par quality practices. And if a product or its manufacturer is subject to an Import Alert notice prohibiting its import into the U.S., a consumer would have almost no way of knowing. And almost no FDA databases allow an interested consumer to subscribe to updates on that specific product to help them stay up-to-date on important information, such as product shortages.
- And even when the FDA does make an effort to communicate issues to consumers, such as in the form of a “consumer alert,” some are so obscure as to border on negligence by the FDA. Consider the following example: At 7:30 PM ET on Friday, October 27, 2023, the FDA published a warning to consumers “not to purchase or use certain eye drops from several major brands due to risk of eye infection.” Despite the concerning nature of the subject matter, this warning wasn’t communicated through any of the agency’s dozens of email lists. It wasn’t sent out on Twitter through any of the agency’s dozens of Twitter accounts. Only on the afternoon of Monday, October 30 did the FDA send an email alert to its MedWatch email listserv, and post on its social media channels. To be clear: Not only was this alert likely missed initially by almost every patient the FDA would want to reach, it was probably also missed by most medical professionals and medical journalists who would be able to disseminate this information. In fact, the only reason that AgencyIQ noted the alert was because an industry source tipped us off to the fact that the communication was pending.
- We should concede an obvious point: Most consumers probably won’t ever look for (or need) in-depth, detailed regulatory information about the products they take. It’s a challenge just to get most people to even read a basic Drug Facts Label on an OTC product, let alone get them interested in product recalls and Warning Letters.
- But that line of thinking misses a more important point: This sort of information should still be easy to find. Any U.S. citizen should be able to find the regulatory status of the product they’re purchasing or being prescribed. It shouldn’t be difficult to protect family members from illegal products or determine if a product has been subject to recent safety warnings. For that matter, medical professionals should be able to find this information with ease as well. And yet, under current FDA practices, it is profoundly difficult to do exactly that, thanks to the FDA’s maze of regulatory databases, compliance information and communications.
All these problems have practical impacts not just for consumers, but also for regulated industry
- Just as consumers have no easy way to monitor the legal status or compliance history of products or product categories, neither do life sciences companies or retailers. That has made it more difficult than it should be to ensure that all products sold to consumers are legally entitled to be sold; that companies are not subject to Warning Letters or recall notices; or that manufacturing partners are not subject to enforcement actions. For retailers, these issues are compounded because the FDA does not maintain a list of all diseases or conditions for which it would find that a product is being unlawfully marketed.
- Consider the case of recent Warning Letters sent to internet retail giants Amazon and Walmart related to their sale of products intended to treat molluscum contagiosum, a skin condition. The FDA recently approved the first product, Ycanth (cantharidin, Verrica Pharmaceuticals), to treat molluscum contagiosum, apparently triggering greater regulatory scrutiny of products that were being marketed without FDA approval for the condition. As the Warning Letters made clear, Amazon and Walmart had been allowing products to be sold for this medical condition on their respective web platforms. While neither Amazon nor Walmart made these products directly, the FDA has for several years taken the position that the introduction or delivery of unapproved new drugs into interstate commerce is a prohibited act, and internet retailers can be held “responsible for introducing, delivering or causing the introduction or delivery” of unapproved products into interstate commerce.
- You could of course argue, as the FDA has previously done, that retailers have an inherent responsibility to police their platforms and only sell products which are legal. After all, failure to conduct due diligence with adequate compliance systems can certainly rise to the level of negligence.
- But perhaps there’s a simpler question to be asked: Shouldn’t it be easier for companies to know if the products they sell are compliant with the FDA? For example, prior to this batch of Warning Letters related to molloscum contagiosum, the FDA’s only warning about the sale of such products was a June 2023 consumer update on its website. This update asked that patients refrain from trying to treat molluscum contagiosum with unapproved or non-prescription products. That’s hardly an easy or obvious way to notify key sellers of a product that it is being illegally marketed – especially when modern retailers may sell millions of products.
- To put it plainly: If the FDA was actually interested in helping retailers remain compliant, it would provide this information in a standardized manner on a single, machine-readable webpage or database rather than expecting companies to closely read each and every website update it makes. This database would contain information about all approved products, the conditions for which they are approved, any warnings or limitations about those products, and any important safety warnings. It would also contain information about any products that aren’t approved but are still being marketed (that it knows about), and information regarding conditions for which products are often marketed illegally or contain undeclared ingredients. While the FDA maintains some webpages that contain some of this information, they are generally incomplete, infrequently updated, and not designed to present the latest information (such as its “ Dietary Supplement Ingredient Directory,” which has numerous issues). And, as noted earlier, very few of FDA’s existing databases exchange information with each other.
- The same issues which prevent consumers from understanding which products are legally sold can also plague retailers and companies, making it difficult for them to police their own marketplaces. And sometimes efforts to police a marketplace can have unintended – and negative – consequences for the FDA. Consider a policy by Amazon in which the retailer required all dietary supplement companies who wished to sell products on the platform to provide Amazon with documentation that the product was not violative of federal law. Since Amazon said it would accept a NDI Notification (NDIN) response letter, the FDA’s Office of Dietary Supplement Programs (ODSP) was flooded with poor-quality requests for review, according to Bob Durkin, the former Deputy Director of ODSP. Amazon no longer asks for anything related to an NDIN, but instead asks for a Certificate of Analysis issued by an accredited laboratory or evidence of enrollment in a third-party quality certification program.
- The FDA can also quietly change its own thinking about the legal status of drugs or ingredients, posing major problems for retailers and manufacturers alike. Take, for example, FDA’s handling of the dietary ingredients N-acetyl-L-cysteine (NAC) and β-Nicotinamide Mononucleotide (NMN). Both ingredients had been marketed as dietary supplements before the FDA reversed course and determined that they had first been investigated as drugs and were therefore ineligible to be marketed as dietary supplements. The FDA didn’t make clear public announcements about these changes; rather, it indicated the changes in Warning Letters and in response to a New Dietary Ingredient Notification (NDIN), respectively. If retailers weren’t closely reading every line of every Warning Letter and NDIN, they would not have been made aware of this status change.
- Even when companies do closely read every compliance document and update published by the FDA, there can be gaps. That’s because the FDA doesn’t necessarily clarify whether an identified issue is specific to a single product or is representative of issues associated with an entire class of products. For example, the FDA recently issued a public warning about two weight loss supplements that allegedly contained a hidden drug ingredient that could be harmful if ingested. These products were labeled as “Nuez de la India,” but were also marketed under other names, including “India Nuts for Weight Loss,” “slimming seeds,” and more. However, they actually contained yellow oleander, “a poisonous plant native to Mexico and Central America.” That warning may have been helpful for consumers at risk of using the two specified products, but it left open an important question for retailers to interpret: Should they assume that every product marketed under those names is suspect and should no longer be sold? If retailers failed to act, would they be subject to a Warning Letter? FDA could be – and should be – more specific about what it’s trying to tell industry in these letters instead of expecting that each company employ an Oracle of White Oak.
- Another example of a broken system is the FDA’s Import Alert system, which is meant to indicate which products may not be imported into or sold in the U.S., regardless of approval status. Import Alerts are most often raised in response to serious issues associated with the manufacture of a product at a facility. Import Alerts may pertain to a single product or to all (or most) products sold at a specific facility or by a specific company. This is important information for a retailer and the public to know. As the FDA explains on its website, an Import Alert is meant to “inform the FDA’s field staff and the public that the agency has enough evidence to allow for Detention Without Physical Examination (DWPE) of products that appear to be in violation of the FDA’s laws and regulations.” For retailers, specifically, the FDA explains that importers of products should know if those products are subject to an Import Alert. And yet, the FDA’s Import Alert databases are infuriatingly opaque. The Import Alert lists are spread into dozens of different subcategories, each with a separately maintained list. The lists are not chronological. The lists do not detail what changes have been made since the last update. Most of the entries do not identify affected products (such as by National Drug Code), but rather indicate that “all products” made at the facility are subject to the alert – information typically not known to the importer. The alerts also don’t associate with a specific compliance action, such as a Warning Letter, which could provide more information about the reason for the alert. Neither are the lists formatted in a way that makes them machine-readable without significant effort.
- Another way to think about all of this? It’s more than a little hypocritical for the FDA to chide retailers for failing to police their own marketplaces, or manufacturers for failing to heed a warning, when the FDA makes it so profoundly difficult to keep track of relevant information in any sort of centralized way. These aren’t trivial points: To the extent that tens of millions of Americans regularly shop on Amazon, Walmart and other online e-retailers, the regulator needs give information to companies in a way that best facilitates the actions it wants those retailers to take, and patients the information they need to best protect themselves. To the extent that manufacturers make products that are relied upon by tens of millions of Americans, FDA should take steps to highlight important information contained in things like Warning Letters or Import Alerts.
How can the FDA solve these issues? Through “Regulatory Design Thinking”
- The FDA shouldn’t be in the business of making it as difficult as possible to comply with its regulations and directives or discover useful information about a product. Instead, the FDA ought to be investing in Regulatory Design Thinking. The term “ design thinking” is meant to convey an approach by which an entity would consider how a user would interact with a process, allowing the design of a human-centric approach that facilitates better outputs. Critically, the approach takes into account the user’s needs and problems, seeking to design processes around both.
- To apply Regulatory Design Thinking to this issue, the FDA ought to be considering the needs of consumers, healthcare professionals and the retailers who serve them. Regulators could start with a basic question: What information do my constituents need to know, and why do they need to know it? Consumers, for example, likely want to know if a product is safe and has FDA assurances for safety or efficacy. Health care professionals want to know if a product is safe to prescribe to their patients. Retailers want to know if a product is legal to sell to consumers. And life sciences companies want to know that they’re not breaking the law.
- The second part of this process would be for the FDA to understand which systems it would need to build, improve or maintain for the benefit of those stakeholders. As discussed, there are significant gaps in the agency’s systems that leave stakeholders unable to answer some of the most basic questions about products regulated by the FDA. Answering those questions will undoubtedly take significant time and resources.
- At a time when the agency is already working on modernizing its technologies through its Technology Modernization Act Plan and Data Modernization Act Plan, and seeking to modernize its recall process, we’ve been perplexed to see that FDA has mostly ignored how its data is used by stakeholders outside of the agency. This is a missed opportunity to improve regulatory compliance or better capitalize on the sum total of the FDA’s regulatory information. The FDA can have all the data in the world, but if it’s not structured to actually answer real questions or address the real needs of its stakeholders – in a simple, easy-to-use way – that data is effectively worthless.
- This is all the more perplexing for an agency that has otherwise been embracing risk-based regulatory approaches as a means of making itself more efficient. A heightened emphasis on Regulatory Design Thinking could help the industries the FDA regulates to better achieve compliance, allowing the FDA to focus more of its limited resources on a comparatively smaller number of issues. Improving consumer tools regarding the status of approved and unapproved products could help them to be savvier consumers, lessening the public health impact of illegal products and increasing the chances that vigilant consumers could report illicit products to the FDA, serving as a sort of logical extension to other FDA vigilance programs like the “ Bad Ad Program.” While the FDA already has such a program, it’s likely that only the savviest regulatory professionals have the knowledge to determine the legality of marketed products.
- Good Regulatory Design Thinking would likely also lessen the cost of regulatory compliance, ensuring that retailers who aren’t named Walmart or Amazon can do right by their consumers. At present, Amazon has a market capitalization of approximately $1.3 trillion and Walmart has one of $440 billion. These are massive companies with huge customer bases and a disproportionately large ability to invest in the creation or purchase of sophisticated regulatory compliance monitoring systems. But for every Walmart and Amazon, there are dozens of smaller internet retailers with a narrower focus for which the same basic problems exist. The ability to effectively protect a company’s consumers shouldn’t be a privilege only available to the largest, most-capitalized companies – and yet with the design of the FDA’s current data systems, it is.
- Good Regulatory Design Thinking should also help patients and consumers solve basic problems. A patient shouldn’t need regulatory affairs work experience to understand how to protect their health. A well-designed system would allow a patient to search one database to see its regulatory status – not find the right database to figure out more. This is all the more important with the increasing sophistication of products and the overlap between internal FDA jurisdictions. For example: A biologic is sometimes regulated as a drug and contained in the FDA’s Orange Book, and other times in its Purple Book. Some products are combination products, and outwardly appear to be devices despite their mechanism of action causing them to be regulated as a drug or biologic. Some products appear to physically be a drug, but may in fact be a medical device (like lubricant). Even for some seasoned regulatory professionals, matters of product classification are difficult and occasionally opaque. For patients, a lack of advanced regulatory knowledge should not act as an impediment to their ability to advocate for their health and the health of their loved ones.
- It’s worth noting again the extent to which the FDA’s current approach can be a waste of government resources. At some point, the FDA ought to look at how many nearly identical warnings it has published about products intended for use with certain health conditions and think: How can I present a better warning to the public we serve – one that is more enduring and more accessible? And how can we make it easier for retailers to take action against these products more quickly and wholly – or more difficult to argue that selling violative products was an inadvertent accident? A better-designed regulatory solution might make it easier for companies to make use of FDA data to take preventive action against such products automatically, freeing FDA resources to focus on other challenges.
- The FDA is undergoing regulatory transformations right now, including to its compliance divisions. It ought to capitalize on this opportunity to create better systems. For example, as the agency works to revamp its Office of Regulatory Affairs, it could use that opportunity to envision ORA as a clearinghouse of regulatory compliance data from all of its product centers, benefiting consumers and industry alike. FDA is also modernizing its recall processes, which could potentially help put more data about recalls into the hands of consumers. It’s also worth noting that FDA has several reforms in the works focused on making better use of data, like its Drug Supply Chain Security Act (DSCSA) enhanced supply chain provisions that are set to come into full effect in November 2024, or its drug quality metrics proposal. While different, both proposals are inherently about making use of data to ultimately benefit consumers. And yet, such data would be most useful linked up to the agency’s other databases to allow it to get into the hands of the stakeholders that need it most.
- The agency recently asked the Reagan-Udall Foundation for the FDA to issue a report on “Improving Public Understanding of FDA-Regulated Products.” That report, issued in October 2023, raised some important points for the FDA to consider about how the public perceives the agency. “Consumers won’t understand or trust policy—and the scientific evidence it is based on—if it is not well communicated to them or if they never hear about it at all. Strong communications reinforce sound policy and science; insufficient communications undermine it,” the report explained.
- Good Regulatory Design Thinking should be thought of as a core part of that report’s conclusion – the FDA needs to work smarter to “pre-bunk” misinformation. After all, if it’s difficult for the public to obtain information about regulated products from the FDA, they’ll get that information from somewhere else – including less reputable sources.
To contact the author of this analysis, please email Alec Gaffney ( [email protected])
To contact the editors of this analysis please email Chelsey McIntyre ( [email protected]) or Kari Oakes ( [email protected]).