Patient Device Data Access Act of 2025
- Bill Number
- H.R. 6117
- Origin Chamber
- House
- Congress
- 119th Congress, Session 1
- Policy Area
- Health
- Status
- Introduced
- Latest Action
- 2025-11-18: Referred to the House Committee on Energy and Commerce.
- Last Updated
- 2026-07-08T20:06:15Z
AI-Generated Summary
Purpose
The Patient Device Data Access Act of 2025 aims to increase patient access to their personal health data generated by certain medical devices. It amends the Federal Food, Drug, and Cosmetic Act (FD&C Act) to give the Food and Drug Administration (FDA) the authority to require device manufacturers to share this data with patients upon request, promoting transparency in medical technology without mandating device redesigns.
Key Provisions
- Authorization for Data Disclosure: The FDA Secretary may require manufacturers of "covered devices" to provide patients with all patient-specific data that the device records or transmits and that is accessible to the manufacturer. This must occur at the patient's request.
- Regulatory Framework: Any such requirements would be established through FDA regulations, applying uniformly to all manufacturers of covered devices. Regulations must consider the FDA's 2017 guidance on sharing patient-specific information from medical devices.
- Additional Regulatory Options: If regulations are issued, they may include:
- Disclosing data in a patient-friendly format (e.g., understandable language and, where feasible, the patient's preferred format).
- Requiring manufacturers to post on their public websites: (1) confirmation that the device is covered; (2) types of patient data recorded, transmitted, and accessible; (3) how the manufacturer uses patient data (excluding proprietary details); and (4) instructions for patients to request their data.
- Mandating notifications to patients about how to access their data, as well as alerts for device recalls, software updates, or error messages.
- Exceptions: Manufacturers are not required to disclose data that is stored in a "closed system" (a self-contained setup where data cannot be accessed externally), to redesign devices for data access, or to share data they cannot reasonably access.
- Definitions:
- Covered device: An electronic device intended for diagnosing, treating, or preventing disease; implanted in the body; used for remote patient monitoring; and capable of recording or transmitting patient data (e.g., pacemakers or pulse oximeters).
- Patient-specific data: Information unique to an individual patient, such as device usage logs, alarms, outputs, pulse oximetry readings, heart electrical activity, or rhythm data from a pacemaker. This includes data that might not otherwise be legally required to share.
- Inaccessible to the manufacturer: Data that cannot be reasonably retrieved by the company.
- Enforcement: Adds civil monetary penalties (fines) for violations, building on existing FD&C Act penalties for device-related issues.
Significant Changes to Existing Law
- Introduces a new section (524C) to the FD&C Act's device provisions, explicitly authorizing FDA regulations on patient data sharing—previously, such sharing relied on voluntary guidance rather than enforceable rules.
- Expands civil penalty provisions under the FD&C Act to cover non-compliance with these new data-sharing requirements, strengthening enforcement for device manufacturers.
Potential Impacts
- Government Agencies: The FDA gains expanded regulatory tools to oversee medical device data practices, potentially increasing administrative workload for issuing and enforcing regulations but enhancing oversight of health technology.
- Citizens (Patients): Improves access to personal health data, empowering patients to better understand their treatment, monitor their conditions, and share information with healthcare providers, which could lead to more informed health decisions.
- Device Manufacturers: May face compliance costs for data systems, website updates, and notifications, but exceptions limit burdens by avoiding device redesigns or sharing inaccessible data.
- International Relations: No direct impacts mentioned; the bill focuses on U.S.-regulated devices and manufacturers.
Main Stakeholders Affected
- Patients: Primary beneficiaries, gaining rights to their device-generated data.
- Medical Device Manufacturers: Directly regulated, required to implement data-sharing processes and transparency measures.
- FDA: Tasked with rulemaking, enforcement, and considering prior guidance.
- Healthcare Providers: Indirectly affected, as patients may share accessed data to improve care coordination (though not explicitly addressed).
Notable Legal, Constitutional, or Political Implications
- Legal: Strengthens patient privacy and data rights under health law by mandating access to personal medical information, aligning with broader trends in data transparency (e.g., similar to HIPAA rules on patient records). Civil penalties provide a clear enforcement mechanism but include safeguards to protect manufacturer proprietary information.
- Constitutional: Supports Fourth Amendment privacy interests by facilitating individual control over personal health data without compelling broad disclosures; no apparent conflicts with free speech or due process, as requirements are targeted and exception-based.
- Political: Advances patient-centered healthcare policy, potentially influencing debates on medical innovation, data privacy, and regulatory burdens on industry. It builds on existing FDA guidance without overhauling device approval processes, suggesting a balanced approach to technology accountability.
This summary was generated by AI and may contain inaccuracies. Refer to the official source document for the authoritative text.
Sponsor
Rep. Sherrill, Mikie [D-NJ-11]
Recent Actions
- 2025-11-18: Referred to the House Committee on Energy and Commerce.
- 2025-11-18: Introduced in House
- 2025-11-18: Introduced in House
Bill Versions
- Patient Device Data Access Act of 2025 — issued 2025-11-18 — PDF (6 pages)