FDA asks Congress for 14% bump in device budget for supply chain, cybersecurity programs

Dive Brief:

• The FDA has asked Congress to increase its devices program budget authority by 14% to enable it to invest more in medical product safety at a time when income from user fees is flatlining. 
• The fiscal year 2023 budget request features an additional $62 million in the FDA's funding for Devices and Radiological Health, more than 90% of which will come from Congress. After seeing user fee funding climb 75% from 2019 to 2021, FDA is now facing its second year of minimal growth in the money it receives from industry. 
• The agency plans to allocate one-third of the requested additional funding to a Resilient Supply Chain and Shortages Program (RSCSP), which is intended to reduce U.S. dependence on medical devices from other nations. The FY 2023 budget also includes $5.5 million to begin the FDA's development of a comprehensive cybersecurity program for devices, which will be used to "hire additional staff to recruit and develop greater cyber expertise within the devices program."  

Dive Insight:

The FDA is requesting an overall budget of $8.4 billion in fiscal year 2023, a nearly 34% increase over the FY 2022 appropriated funding level. For the devices program, the FDA is asking for roughly $698 million, with approximately $466 million from the budget authority and $232 million in user fees.

The agency's request for more budget authority from Congress is split fairly evenly between money for medical product safety and crosscutting, a term that captures work such as capacity building and inspection activities that span multiple departments.

FDA Commissioner Robert Califf in a statement said the budget request is critical as the agency continues to work on a wide range of COVID-19 and non-coronavirus priorities, with a focus on some of the most urgent needs including medical device safety and security.

At $31.4 million, the safety program is in line to receive slightly more money, reflecting the fact that it covers the single biggest change in FDA's medical device spending plans for fiscal 2023, namely RSCSP. The budget proposes investing $21.6 million in the program.

"This funding will provide resources that will enable establishment of a permanent program for U.S. supply chain resilience for medical devices for the first time. The establishment of a permanent device shortages program will help ensure U.S. patients and health care providers have access to the critical devices they need and help reduce U.S. dependence on devices from other nations by enhancing CDRH's capacity to enable rapid intervention to prevent and mitigate supply chain interruptions," the FDA wrote in its budget justification.

The agency envisages RSCSP using "state of the art supply chain intelligence for predictive modeling, early signal detection and continuous surveillance" as part of a push to establish preventative measures that make the supply chain more resilient by enabling the agency to avert shortages before they occur.

The FDA said the funding is critical to reducing or eliminating the risk of medical device shortages experienced during the COVID-19 pandemic in order to ensure the U.S. is better prepared for future public health emergencies. 

The RSCSP funding covers 18 full-time equivalents (FTEs), representing more than one-third of the 48 staff FDA plans to add in fiscal 2023. FDA plans to add six FTEs if it secures its requested $5 million funding boost for its cybersecurity program. The funding boost will bring FDA's total medical device cybersecurity budget up to $5.5 million. 

FDA wants to take on the six FTEs to "increase its internal capabilities through the recruitment and development of cyber experts to support the review of medical devices and assure that they are highly resistant to security breaches before being marketed." 

The funding will also enable the agency to administer grants and contracts "to develop infrastructure geared towards addressing emerging challenges in order to strengthen cybersecurity resilience in the medical device ecosystem, such as tools to track vulnerabilities associated with devices."

The FDA wants to establish "tangible measures" of cybersecurity such as time from vulnerability identification to remediation.

In addition, the FDA is asking Congress for the "express authority" to require premarket submissions to include evidence of "reasonable assurance of the device's safety and effectiveness for purposes of cybersecurity" and for devices to "have the capability to be updated and patched in a timely manner."

Currently, there is no statutory pre- or post-market requirement that expressly requires medical device manufacturers to address cybersecurity, according to the agency. The FDA's FY 2023 budget includes a legislative proposal that "seeks additional authorities across the lifecycle of the device and includes elements such as a software bill of materials."

The FDA is also seeking a further $26.4 million and 24 FTEs in relation to crosscutting work such as capacity building and inspection activities that span multiple departments.

Pay costs are the biggest crosscutting budgetary line item, with the agency calculating that the 4.6% cost of living adjustment and 1.1% increase in retirement contributions will require an additional $8.1 million for the devices program. 

Most of the crosscutting FTEs are earmarked for inspection activities. The FDA plans to take on 14 FTEs to "support capacity building towards an advanced, highly trained investigators capable of analyzing available data to increase the efficiency and productivity of our inspection operations."

Comments are closed.