Makers of digital health apps are not often subject to the provisions of the Health Insurance Portability and Accountability Act (HIPAA), but any such liabilities may soon become more onerous. The Department of Health and Human Services released a draft update for HIPAA cybersecurity mandates – the final version of which is sure to be accompanied by much more vigorous enforcement.

Some people may have seen 2024 as the year of artificial intelligence (AI) in med tech, but the FDA is off to a strong start in 2025 with a dual-purpose AI draft guidance. While the draft covers both premarket submissions and life cycle management considerations, the more important consideration is that the FDA’s centers for devices, drugs and biologics have all signed off on the draft, suggesting an agency-wide convergence in thinking about AI.

Regulatory overhauls are never a simple affair, but the med tech industry ran into an amorphous, ennui-inducing mess in dealing with the EU Medical Device Regulation almost immediately. Even though the underlying legislation passed in 2017, the MDR impasse continued to impede innovation on the continent – a problem that might be only partly resolved in 2025.

The device industry is extraordinarily dependent on administrative activity where Medicare coverage is concerned, and this was exceptionally evident in 2024 when software and digital health coverage policies remained bogged down.

2024 was a critical year for the FDA’s Center for Devices and Radiological Health and included a smooth transition in leadership, but it was not without controversy. The agency triggered not one but two lawsuits over the final rule for regulation of lab-developed tests, a problem that promises to distract the agency throughout 2025 and potentially beyond.

The U.S. FDA’s draft guidance for reporting of deviations from clinical study protocols lends some insight as to the definition of a deviation, but the agency highlights some concerns about related compliance activities.

Artificial intelligence (AI) is no novelty for medical technology, but 2024 saw an interesting series of events in this area from across the globe. While some of these developments portend immediate regulatory clarity, some are harbingers of continued regulatory flux in 2025 and beyond.

The U.S. FDA has issued a second report in connection with device software functions, which includes surveillance data for clinical decision support (CDS) tools. While the report lists three events that qualify as adverse events, the FDA offered no information that would provide an adverse event rate for CDS products.

Device makers doing business in the U.S. have had a much more stable regulatory regime than has been true for companies in other jurisdictions, but that will shift somewhat in 2025. Brynn Stanley of Gardner Law told BioWorld that manufacturers should get busy with the U.S. FDA-mandated do-over of their quality management systems as the compliance deadline of February 2026 does not generally permit procrastination.

The U.S. FDA’s newest draft guidance for dealing with medical product misinformation might seem to signal a cooperative attitude toward misinformation on the agency’s part, but regulatory attorney Daniel Kracov told BioWorld that the disincentives for doing so might still outweigh the incentives despite the reworked draft guidance.