There is a lot of discussion about digital health regulations, especially in Europe, where the EU Medical Device Regulation (MDR) came into effect on May 26 after a year of delay due to the Covid-19 pandemic. Mark Tarby, thought leader in digital health Bright Insightof The Vice President of Regulatory and Quality Management Systems shared his views on what the new regulations mean for connected devices, software as medical devices (SaMD), and the company’s listing strategy behind them.
EU Medical Device Regulation (MDR)
Some notable changes included in the EU MDR include:
- Tighter control of high-risk equipment through a new pre-market review mechanism, which involves a pool of experts in the EU
- Strengthen the designation and process standards for the supervision of designated agencies
- A new risk classification system for in vitro diagnostic medical devices in compliance with international guidelines
- Improve transparency through database and device traceability based on new device identification
- Additional rules regarding manufacturer’s clinical evidence and post-market surveillance requirements
Tarby said that one of the biggest impacts of the EU MDR will be the implementation of a larger and improved EUDAMED database, which will simplify the exchange of medical device data among medical device patients, users, suppliers, manufacturers, and medical device regulatory agencies. Improving the coordination of vigilance and post-marketing surveillance among EU countries will make the patient experience throughout the EU more confident.
Mark Tubby
But the new regulations have also brought a series of new challenges. Tarby pointed out that some Class I products that previously carried the CE mark for self-declaration now require the participation of the notified body to obtain the CE mark because their classification has been upgraded, which may increase the time required to launch the product. The notified body is an organization designated by the EU member states to assess whether the equipment meets the basic technical requirements before the equipment is placed on the EU market.
Another change is the requirements for clinical data, including pre-marketing and post-marketing, as well as review of clinical data. For example, an expert panel will be created for all Class III and certain Class IIB equipment. The expert panel review will strengthen the medical, technical, and scientific review of high-risk equipment to ensure the safety and effectiveness of the establishment for a more comprehensive understanding of clinical data. These experts will also play a role in post-marketing supervision.
Another feature of the EU MDR is the addition of a unique device identification system, which has been established in the US market for some time. Whenever a modification changes the original performance, software security or data interpretation, a new code or UDI-DI is required. Modifications include new or modified algorithms, database structures, operating platforms, architectures, user interfaces, or new channels for interoperability.
Tabby said BrightInsight has processes and procedures to monitor these changes and work with customers to implement them.
“When a company does change software equipment, it is important to ensure that these changes are properly addressed. Our quality management system (QMS) program has built-in management of such changes. If the platform provider does not have a strong QMS, develop The cost of one and revising its design document to support the demand is very high.”
BrightInsight has been tracking the development of the EU MDR for many years, enabling it to provide customers with advice on how to effectively integrate the necessary changes to ensure compliance with their equipment and medical device software.
“We conducted a thorough gap analysis of our quality management system and our products to determine the required changes,” Tarby points out. “We developed a plan, and then implemented any changes needed. If the customer’s product classification changes, we will help them effectively plan for any needed changes. For example, if the product is converted to Class II designation, a designated agency is required to evaluate.”
One of the key decisions companies need to make is whether they can use the Medical Device Data System (MDDS), a term of the US FDA, which is an unregulated platform for storing and transmitting data and displaying medical device data -Or should the company choose a platform that supports regulated software? The answer depends on the intended use of the data.
“If you go beyond the original unregulated use case, you may enter a regulated medical device function…and the platform your software builds needs to have appropriate quality and safety design requirements built in,” Tarby said . “It needs to meet appropriate regulations and standards, and have the necessary risk design verification and verification test documents to support regulated products.”
An example provided BrightInsight’s latest white paper Emphasizes the contrast between unregulated and regulated use cases.
“Assuming that the patient is wearing a Class 2 (FDA) medical device, the data can be transmitted to the caregiver. If the doctor wants to review the raw patient data and make a clinical decision on it, this is likely an unregulated use case. But if You want to develop a software as a medical device (SaMD) algorithm to analyze the data on the platform and make clinical recommendations, then this is a regulated use case.”
As the white paper points out, it is important to consider that the intended use of the data may evolve over time. Another example cited in the white paper is a companion application that tracks device usage, which is an unregulated use case. But maybe the company later hopes to add alerts such as dosage recommendations based on patient data analyzed on the platform to attract users. This will transform the application into regulated software as a medical device.
Tarby points out that over time, use cases tend to expand rather than shrink. Although the use cases may be very limited at the beginning of the project, subsequent use cases tend to expand the functionality and can move the functionality beyond the unregulated intended use.
“This is why it is important that the platform on which the software is built has proper quality design requirements built in, otherwise you have to fix it, which can be time-consuming and expensive, and requires major design changes to the platform itself to support things like privacy and Safety.”
How biopharma and medical technology companies should consider U.S. law enforcement discretion
The broader set of challenges the company has to solve is to navigate the gray areas of law enforcement discretion in the US market.
“From a connected medical device (CMD) perspective, your system support software is important as a medical device, especially. From a quality management system perspective, it is important for a company to meet all global requirements because different regions The situation may be different,” Tarby said. “You need to ensure that your system is set up to continuously monitor all regulatory changes and communicate, adopt and implement them into your quality management system. It is vital for BrightInsight to keep up with these changes, and these changes have Built into our processes and procedures.”
Tarby also emphasized that companies need to work with regulators so that they can correctly classify your software.
“I think it’s important to interact with regulatory agencies. In the US, you can submit a 513(g) application to confirm the classification of your device with the FDA and avoid any downstream delays. Notified agencies (in the EU market) can also treat your products in the EU Provide guidance. You need to ensure that you keep up to date with changing regulations and guidelines.”
The new regulations may also affect medical technology companies’ decisions about which market licenses to first seek for their devices. Historically, some people will try to market their products to the EU market first, because this route may be faster than obtaining FDA approval. Tarby pointed out that although logistics and timing have driven some of these decisions in the past, MDR may change this trend.
“With MDR, it may affect some of these choices, especially if the product is now moved to a higher category,” Tarby pointed out. “With the implementation of the new MDR, some time-to-market advantages may have diminished.”
Good Practices in the Life Sciences Industry (GxP)
GxP is an acronym that refers to good practice regulations and standards. For example: Good Manufacturing Practice (GMP), Good Laboratory Practice (GLP) and Good Clinical Practice (GCP) and many other practices in different industries. Following these guidelines can improve quality and ensure that the product meets its intended use.
“GxP is a collective term such as good manufacturing practices, good clinical practices, and good laboratory practices,” Tarby said. “The term covers many areas. Regulated software must be designed to be compliant from the beginning and developed within a certified quality management system. It is important to understand this in advance and put it in place so that it can be submitted Everything needed is there.”
Navigating the complexity of digital health compliance
As biopharmaceutical and medical technology companies plan, build, and launch digital health products, it is important to understand regulatory, privacy, and security issues in advance, focusing on the need to grasp the regulatory and device classification changes to ensure continued compliance.
photo: NicoElNinom, Getty Images
