Can You Keep a Secret? The Trade Secret Tightrope in FDA-Regulated MedTech

Trade secrets are a critical tool for protecting medical technology innovations. To that end, a robust trade secret management program is essential for safeguarding these valuable assets. To be effective in today’s legal environment, this program must also comply with the Defend Trade Secrets Act (DTSA) which provides a federal legal framework for pursuing remedies against misappropriation, but only if the company can prove it took reasonable measures to maintain the secrecy of the information. Therefore, a successful strategy for protecting MedTech innovations requires both a proactive internal management program and compliance with the federal law requirements. But the need to maintain the confidentiality of these valuable secrets is increasingly at odds with the competing requirement to disclose information for FDA approval.  This article explores this growing tension and offers practical strategies for navigating the FDA submission process without compromising proprietary information. 

Why MedTech Companies Are Rethinking IP Protection

Although the industry once frequently viewed trade secrets as an afterthought to patent protection, forward-thinking medical devices companies now recognize that trade secret protection plays an equally important role in protecting their proprietary methods, designs, software algorithms, and manufacturing processes. Indeed, certain MedTech innovations - such as those involving AI-enabled software and connected devices - are often difficult to protect through patents and may be better safeguarded under well-defined trade secret policies. 

But unless great care is taken, the need for FDA approval may put these secrets and policies at risk.  For most class II or III MedTech devices, once a product milestone is reached and a company begins preparing for market launch, FDA authorization becomes a necessary but resource-intensive hurdle. This approval process can be a trade secret minefield because the FDA requires a vast amount of information to be disclosed in submissions to demonstrate safety and effectiveness, almost all of which is proprietary and critical for the applicant’s business. Submissions are also a repository of sensitive information containing details like component specifications, unique materials, mechanical configurations, sterilization techniques, manufacturing parameters, testing protocols, control algorithms, source code, software architecture, and raw datasets.

And although the FDA is charged with maintaining confidentiality of submission information, there are, in reality, many potential risks. Sensitive proprietary details – including algorithms, data codes, source code, device parameters, and the like – can be inadvertently exposed. For example, cybersecurity breaches, data mishandling, or improper internal access controls post real threats to IP integrity. Even minor redaction errors in publicly released FDA summaries can unintentionally expose strategic details. Freedom of Information Act (FOIA) requests add another layer of exposure. While certain information remains redacted under FOIA, the burden falls on the company to proactively designate trade secret status. 

Staffing Shortages and Systemic Vulnerabilities at the FDA

A newer added challenge companies should factor into their regulatory strategy is the ongoing staffing shortage at the FDA. With fewer personnel overseeing the FDA processing and document management, the risk of internal missteps – such as redaction errors, misfiled documents, and overlooked confidentiality designations – has grown significantly.  Although FOIA requests remain backlogged, the recent recall of staff responsible for handling medical device records suggests the agency is aware of the strain and is taking steps to restore oversight.[1] Still, the margin for error remains thin, and companies can no longer assume that their proprietary information will be protected by default.  

These risks make it critical for companies to carefully understand and manage the limits of legal protections under FDA regulations. As public interest in transparency grows and digital requests for information become easier to file, companies face new challenges to ensure that this sensitive information doesn’t fall into the wrong hands. So, how does a company comply with FDA disclosure requirements while keeping the secret sauce actually secret? 

Legal Framework and FOIA Fallout

The legal framework surrounding trade secrets in the MedTech space is complex because companies are navigating regulations while defending their intellectual property in a landscape where disclosure is mandatory, but protection is not guaranteed. At the federal level, the DTSA offers a powerful tool for pursuing misappropriation claims. However, the DTSA is reactive since it kicks in after a breach has already occurred. When dealing with regulatory bodies like the FDA, the real challenge is preemptive protection, ensuring that trade secrets are never exposed in the first place. And although companies can file different types of FDA submissions, they all carry some of these risks. For example, a 510(k) submission may involve less detailed disclosure than a pre-market application (PMA), but both can contain proprietary elements. Even De Novo requests can require extensive technical documentation that risks revealing trade secrets. In all cases, companies must be vigilant about what they disclose, how they label it, and how they justify its confidentiality. 

This tension comes into focus under the FOIA, a law designed to promote transparency in government, but for MedTech companies, it can also serve as a pathway for unintended exposure of proprietary information. While exemption 4 of FOIA is intended to protect trade secrets and confidential commercial information, invoking the exemption requires affirmative, well-documented justification. The burden lies on the company to prove that the disclosure would result in substantial competitive harm. 

The response to FOIA requests has evolved over the years and, leading up to 2022, there was a FOIA “gold rush.” This gold rush came in response to the Supreme Court’s 2019 decision in Food Marketing Institute v. Argus Leader[2] which broadened the scope of FOIA’s exemption 4. The ruling made it easier for companies to claim confidentiality without having to prove substantial competitive harm which had been the standard for decades. This decision lead journalists, competitors, and watchdog groups to seek to access clinical trial data, manufacturing details, and other sensitive information, often under the banner of transparency. The 2022 decision in Seife v. FDA[3] helped reshape this terrain. 

The Seife v. FDA decision raised the bar for challengers and required stronger arguments to override redactions, but the decision also reinforced the need for proactive defense. Companies not only have to label the information as confidential but also must be ready to justify that designation in court. 

While FOIA requests are still quite common, it is no longer a free-for-all, and proprietary information won’t be handed over as easily if companies take the right steps to protect it. For MedTech companies, this means the best defense is well-prepared offense: clear labeling, strong declarations, and readiness to intervene if challenged. 

As a recent example, in Heeney v. FDA[4], Boston Scientific had to intervene to prevent the release of sensitive catheter design data. The court ultimately agreed that the information was qualified as a trade secret, but the victory hinged on Boston Scientific’s proactive defense and detailed evidence of competitive harm. Had the company relied solely on the FDA to protect its submission, the outcome could have been very different. 

Proactive Strategies to Keep Your Secrets Safe

To survive this battlefield, MedTech companies must treat trade secret protection not just as a legal safeguard but also as a regulatory strategy. Here are some best practices that can help ensure your most valuable intellectual property remains protected:

1. Clearly Mark Trade Secrets in Submissions: Use a specific heading like "CONFIDENTIAL COMMERCIAL INFORMATION / TRADE SECRET" and bracket the specific information that should be redacted. This flags the material for the FDA and provides a clear record of your intent to protect it.

2. Separate Sensitive Information: Where possible, segregate your trade secrets from the main body of the submission and consider placing them in a separate appendix.

3. Disclose Only What Is Absolutely Necessary: Avoid providing more information than is absolutely required for a successful submission. The FDA requires sufficient information to determine safety and effectiveness, but it doesn't need every minute detail. Be especially careful with the public summary of your submission, which is intended for public viewing and is where much of the damaging information can be inadvertently disclosed.

4. Build and Maintain a Trade Secret Registry: Internally, maintain a detailed registry of your company's trade secrets. This includes a description of each secret, its location, the employees who have access to it, and the security measures in place to protect it. This registry serves as a crucial piece of evidence in any future litigation, proving that you took "reasonable measures" to protect the information which is a key requirement for trade secret status under the DTSA.

5. Train Your Employees:  Provide regular, mandatory training on what constitutes a trade secret, how to handle sensitive materials, and the legal and business consequences of unauthorized disclosure. A well-informed team is less likely to accidentally jeopardize your company's most valuable intellectual property. This training should cover everything from proper document handling to secure digital communication and understanding the risks associated with public speaking and publication.

By following these best practices, MedTech companies can navigate the FDA's regulatory pipeline while maintaining their competitive advantage and ensuring their "secret sauce" remains just that - a secret. Stay tuned for our follow-up article which will expand on how to effectively execute these best practices. 

Subscribe To Viewpoints