Insulin, Diabetes, Medication Safety, FDA Regulations

FDA Regulation of Insulin Dosing Software: What You Should Know

It’s been 20 years since the first landmark study, published in the New England Journal of Medicine, concluded “intensive insulin therapy to maintain blood glucose ... reduces morbidity and mortality among critically ill patients.”

Hospitals and health systems are now beginning to wake up to the importance of inpatient glucose management, as well as the downsides when it is implemented poorly and with outdated or unvalidated protocols.

As hospitals move toward digital solutions for insulin dosing, it’s critical they choose software that’s proven to be safe and effective.

In this article, we’ll cover the ins and outs of FDA regulation, as it pertains to insulin dosing software, and the role they play in protecting public health by assuring the safety, efficacy, and security of these products.

Software as a Medical Device?

Standalone software used by clinicians to calculate patient-specific intravenous or subcutaneous insulin dosing in the hospital is regulated by the FDA as a Class II medical device, and is characterized as Software as a Medical Device (SaMD).

The clinical evaluation of SaMD typically involves addressing 3 important questions:

  1. Is there a valid clinical association between your SaMD output and your SaMD’s targeted clinical condition?
  2. Does your SaMD correctly process input data to generate accurate, reliable and precise output data?
  3. Does use of your SaMD’s accurate, reliable and precise output data achieve your intended purpose in your target population in the context of clinical care?

Infusion pumps are another example of a class II device. No hospital would ever consider building their own infusion pumps and using them on patients without FDA review. The patient safety risks associated with the use of such an unvalidated device is just too great.

Likewise, illicit development and use of regulated insulin dosing software could also come with substantial legal risks, like malpractice lawsuits or disciplinary actions with licensing boards. Depending on state laws, the use of unapproved software could constitute negligence per se (negligence established as a matter of law) or breach of the standard of care, and could result in legal and/or disciplinary action.

When does insulin dosing software require FDA clearance?

Not all digital solutions for insulin dosing need FDA 510(k) clearance. Notably, insulin dosing “calculators” which are commonly built into the EMR, and merely automate simple calculations, would likely be considered clinical decision support, and not require FDA clearance. In these cases, the calculations are simple enough that they allow a clinician to “independently review the basis for the recommendations so that it is not the intent that the user rely primarily on any such recommendation.”

These calculators are typically digitized versions of existing paper protocols, or may use basic algorithms and simple automation to support providers. One example of this could be a hospital digitizing their IV insulin dosing chart.

However, if the software is so basic as to not meet the threshold for FDA regulation, and does not use patient-specific inputs to generate patient-specific dosing recommendations, one might ask whether it’s actually going to improve patient outcomes.

Without clinical validation, there’s no way of knowing. However, we do know that the protocols and outdated and simplistic algorithms upon which these calculators are often built lead to higher rates of hypoglycemia and hyperglycemia than Glytec’s FDA-cleared software solution.

Here are some of the benefits of FDA-cleared software when it comes to insulin dosing:

Indications for use and clinical validation

FDA-cleared insulin dosing software solutions have approved indications for use describing the conditions that the software can safely and effectively treat, as well as the approved target patient population.

For example, there are currently two FDA-cleared insulin dosing software platforms indicated for use in children and adolescents (ages 2 and above). There are no products indicated for use with infants (ages 29 days to less than 2 years) or neonates (from birth through the first 2 days of life), as no insulin dosing software platforms have been evaluated for safety and efficacy in these pediatric subgroups.

There are many different types of insulin algorithms that have been developed over the past few decades, with wide variation in the rates of severe hypoglycemia associated with each.

Some insulin dosing algorithms have no evidence of safety or efficacy. Of further concern is how they perform in uncommon clinical scenarios such as patients on enteral or tube feedings, glucose toxicity, therapeutic hypothermia and high-dose intravenous steroids.

In other words, without FDA clearance or clinical evidence, there is no way to know which software/algorithms are safe to use for which patients.

Post-market surveillance

Post-market surveillance activities, including assiduous complaint management and tracking, public adverse event reporting, procedures for product corrections and recalls exist to help improve quality, provide public transparency, and ensure patient safety.

When serious software defects are identified, product recalls ensure that hospitals are aware of the defects and mitigation plan from the software developer. In 2019, for instance, one FDA-cleared insulin dosing software platform issued a recall due to their insulin dosing calculations being erroneously high.

Hospitals using illicit insulin dosing software that is not FDA-cleared and not subject to post-market surveillance may never learn about potentially harmful software defects that are discovered in the software platforms they use.

Designing software to minimize human error

When designing SaMD, developers should employ human-factors engineering to assess and mitigate various use-related risks and anticipate potential for human error.

For instance, one risk in insulin dosing software platforms is typography and the misidentification of alphanumeric symbols. Misidentification may occur depending on the text font, size and style because of similarities between some alphanumeric symbols, such as 1 (one) and 7 (seven) or 6 (six) and 8 (eight). Misidentification of dosing numerals could result in a patient receiving an incorrect dose of insulin and could lead to patient harm.

Software that has not been FDA-cleared may have a higher potential for user error because it has not been designed with FDA’s guidance in mind. Once again, due to the lack of clinical validation and post-market surveillance, there is no way to know.


Cybersecurity threats to hospitals have become more sophisticated, frequent and dangerous. These incidents have shut down hospital networks, locked clinicians out of electronic medical records and caused disruption in delivering urgent care to patients.

The FDA has established draft cybersecurity guidance for medical device manufacturers to follow in software design and development. It recommends that medical devices, such as insulin dosing software, be designed to 1) detect cybersecurity events in a timely fashion; 2) respond to and contain the impact of a potential cybersecurity incident; and 3) recover capabilities or services that were impaired due to a cybersecurity incident.

Clinical software should be designed, developed and delivered employing best practice cybersecurity standards, such as HITRUST, ISO 27001 or the NIST Cybersecurity Framework.

Software that has not been FDA-cleared, especially standalone homegrown software, may introduce cybersecurity risks to a hospital’s network.

Insulin dosing software options

Some hospitals do try to build their own insulin dosing software solutions. Again, if they are simple and don’t generate patient-specific guidance, it probably isn’t a medical device, but it could still come with legal risks and liability in addition to the burden of technical maintenance, updates, training and support.

Luckily, there is another option.

Glytec’s eGlycemic Management System (eGMS) is FDA-cleared, clinically validated and has been proven to reduce hypoglycemic events, readmissions and length of stay. It’s been used in over 300 facilities across the United States and has been FDA-cleared since 2006.

Unlike homegrown software or insulin calculators, it’s been tested rigorously and validated by over 90 published clinical studies that demonstrate its safety and efficacy.

FDA regulation of SaMD solutions isn’t just about compliance: first and foremost, it’s about patient safety. Therefore, FDA’s guidance provides a useful framework for evaluating solutions even if they are not subject to FDA scrutiny.

When choosing an insulin dosing software solution, keep in mind the factors I’ve discussed here, like clinical validation, cybersecurity, post-market surveillance and human error, which all have the potential to impact patient safety and hospital performance.

Selecting an FDA-cleared platform like Glytec’s eGMS is one way to check all those boxes, so you can continue providing the best possible care for patients.

10 reasons you need an eGMS_blog

ECO #01118-A

Subscribe to our blog!