Software as a medical device [SaMD] – Blurred lines for regulation?

ByLance T. Lee

May 27, 2022

The COVID – 19 pandemic has acted as a catalyst to accelerate the adoption of technological solutions in the healthcare industry, for the purposes of monitoring, diagnosing, treating, preventing diseases and disorders. A recalibration of interests during a tumultuous time has refocused people’s attention on their personal health, with wearable devices, apps to monitor vital statistics, provide lifestyle advisories, arousing wide interest.

Regulators have taken a proactive approach to provide legislative guidance for the regulation of new era digital solutions in healthcare and further leverage technologies to create a cooperative healthcare ecosystem in the country. The Medical Devices Rules, 2017 (MD Rules), modeled on the United States Food and Drug Administration (FDA) and the European Union Medical Device Regulation (EU ROW), provides a regulatory framework in India for the manufacture and sale of medical devices in India.

Medical Device Rules, 2017

Interestingly, MD Rules introduced the concept of software as a medical device, either as part of a hardware component or as a standalone product, subject to onerous testing requirements and regulatory approval. Typically, software medical device [in combination with hardware product or standalone basis] qualify as in vitro diagnostic medical devices[1].

MD rules mandate a risk-based approach to classifying and regulating medical devices, and require the submission of detailed information on the software design and development process and evidence of validation of the software, as is used in the finished device.[2].

MD Rules further imposes quality management controls on the manufacturer of the medical device; manufacturers are required to establish documented procedures and maintain records for validating the application of computer software (and its modifications to that software or its application) for the production and provision of services that affect capability of the product to conform to the specified requirements.

The MD rules were published in 2017 and have been amended again to strengthen the regulatory framework governing the quality and standard of medical devices.[3] It should be noted, however, that the provisions of these rules are far-reaching, universally applicable to all forms and classes of medical devices; there is an urgent need to update/modernize the regulations, given the many new solutions available in the field of health technologies. This is evidenced by renewed legislative interest in the US and EU, where discussions have begun to modernize the medical device regulatory ecosystem.

Legislative action in parallel jurisdictions

The safety and well-being of consumers are the guiding principles of any political discussion/decision in the health sector. The prevalence of real-time data on an ongoing basis, with the use of wearable and smart devices, has germinated the concept of “gamification of the human body” and enables consumers to make proactive decisions about their lifestyle, based on the inputs of these devices. . Additionally, the capabilities of artificial intelligence are increasingly being used to create important new insights from the vast amount of data generated every day in the delivery of healthcare.

With this in mind, regulators have taken action in all jurisdictions to initiate discussions, invite stakeholders to consult, and legislate on relevant issues relating to new-era software-based medical devices, discussed here.

Wearable smart devices

Remote or wearable patient monitoring devices include (1) noninvasive remote monitoring devices that measure or detect common physiological parameters and (2) noninvasive monitoring devices that wirelessly transmit patient information to their health care provider or other monitoring entity.[4] Given growing interest from consumers and industry applications, the FDA released a guidance document in 2016 to clarify the definition of a general wellness device.[5]

The guidance document defines general wellness products as products that meet the following two factors: (1) are intended for general wellness use only, as defined in this guidance, and (2) present low risk to the safety of users and others. General wellness products may include exercise equipment, audio recordings, video games, software and other products that are commonly, but not exclusively, available from retail establishments (including online retailers and distributors that offer software for direct download), where compatible with the above two factors.[6]

Citing low levels of risk associated with these products, the guidance document purports to classify wearable medical devices such as heart rate monitors (Apple Watch) and apps like MyFitnessPal as general wellness products. The distinction between a general wellness product and a medical device is essential to ensure undue conformities, conditions are not imposed on unsophisticated devices, which do not make claims regarding medical benefits such as prevention, treatment , alleviation or cure of disease.

It is further worth noting that the FDA document also applies to applications in general wellness products, subject to compliance with all conditions. We can assume that an application can additionally be considered a medical device, if it fulfills the necessary conditions imposed by law.

Similar guidance documents have been published by the UK Medicines and Health Products Regulatory Agency (MHRA) to determine whether a particular product qualifies as a medical device.[7] Further, reliance was placed on the “intended purpose” of the device itself to determine its legal value. For example, a wearable device can collect, analyze and process a person’s heart rates and can be separately regulated as in:

  • In the event that the analysis is carried out to determine the proper functioning of the body and to monitor the general state of health, the state of the heart [general wellness device]
  • In case the analysis is performed to determine if the person suffers from tachycardia and similar conditions. [medical device]

AI/ ML in software devices

Discussion around the regulation of AI/ML capabilities in medical devices germinated in 2019, with the release of a discussion paper by the FDA, which outlines the agency’s plan to regulate screening commercialization of software modifications based on AI and ML. Based on stakeholder input and further agency review, the FDA released an AI-ML-based SaMD Action Plan.[8]

The action plan discussed the need for a bespoke regulatory framework for AI/ML-based SaMD, and further encouraged a strong methodological framework for the evaluation and implementation of algorithms. machine learning, including the identification and elimination of biases and the promotion of the robustness of algorithms in the scientific community. The action plan further emphasizes the need for a robust cybersecurity network to build patient confidence in these technologies.

The European framework around the regulation of medical devices and AI is governed by the EU regulations on MDR and in vitro diagnostics (IVDR), which entered into force on May 26, 2021. In addition, with the notification of the Artificial Intelligence Act, clarification will be sought on its alignment with existing regulatory frameworks, which may create mechanisms to control the duplicate quality, test protocols for the use of AI/ML solutions in medical devices[9].

Singapore has co-developed a set of recommendations, in association with state regulators, to encourage the development and safe implementation of AI-centric medical devices[10]. Additionally, the document also provides better clarity to industry stakeholders on the regulatory requirements for AI-centric medical devices. The exclusive goal is to support patient safety and improve trust in the ecosystem.


Lawful and legitimate processing of healthcare data has the potential to unlock new benefits for end users and has the potential to reshape the global healthcare industry. However, regulators must muster all their regulatory might to rein in and administer the innovative bug of developers and manufacturers around the world.

Regulation in this area will no doubt increase the compliance burden, but will also provide needed clarity, reduce the risk of litigation, and give SaMD manufacturers the confidence they need to innovate and make the most of these new technologies. era in the health sector. Ongoing dialogue among stakeholders is essential in this regard, to ensure that the legacy of Therac-25 is not repeated in the modern era. The only consolation being that regulators are now concerned with overriding such unfortunate incidents, and also with prohibiting such actions from repeating themselves.

In the particular configuration of the healthcare industry, relying on autonomous and automated processes would not only mean building consumer confidence, but also gaining the necessary buy-in from the practitioner who uses the tool. Until the healthcare professional is convinced of the efficacy and purported usefulness of the solutions, ethical concerns and systems biases cannot be completely eroded. We have seen in the past that there is an inherent risk in adopting and relying on techniques based on artificial intelligence and machine learning. With the push of new technologies and solutions, it shouldn’t be about ‘over-promising’ and ‘under-delivering’. Ultimately, any perceived “dehumanization” of the health sector will lead to great imbalance and poor service.

Source link