In April, the UK Medicines and Healthcare Products Regulatory Agency (MHPRA) released a guidance document, called Software and Artificial Intelligence as a Medical Device. This document is a compilation of previous guidance, advice, and regulatory requirements for Software as a Medical Device (SaMD) and Artificial Intelligence as a Medical Device (AIaMD).
The document covers:
- How software as a general medical device or an IVD should be classified
- What the UK regulatory framework is for SaMDs
- A change programme roadmap for software and AI as a medical device
- How to qualify and classify one’s SaMD, including how to create an intended use statement
- Reporting adverse events once the SaMD is in use, and requirements for field safety corrective actions
- The guiding principles to inform the development of Good Machine Learning Practice (GMLP) for artificial intelligence
This document has been developed keeping in mind the goal of advancing software and AI medical device regulation. With these technologies becoming a growing part of the MedTech industry, this seems like a reasonable next step.
Data-Enabled Solutions in MedTech
Whilst software and AI as a medical device is a growing market which is now at the forefront due to the rapid rise in the use of AI, it’s not a completely new idea.
Technology has been in use in medicine and medical research for a while now. However, as computing grows more sophisticated, so do the devices.
In fact, across the pond, there is a growing concern about regulatory compliance issues surrounding MedTech.
Earlier this year, an article in Med City News talked about the top five compliance issues faced by MedTech companies transitioning to data-enabled solutions.
Here they are.
Compliance Issues That MedTech Companies Face
Managing How the Data Is Collected, Used, and Shared
Smart MedTech solutions rely on data gathered from the people who use them. That is why the first issue to consider is related to data gathering and storage.
Companies that use MedTech-enabled data platforms are obligated to take appropriate care of any information collected, including,
- Patient data
- Drug development data
- Customer or provider data
- AI/ML-developed data sets
Any data collected, used, or shared must be prioritised with the following in mind:
- Legal mandates
- GDPR
- HIPAA
- Others
- Ethical values
- Patient rights and dignity
- Patient care and care quality
- Minimising patient risk and burden
- Data access
Keeping the Changing Interactions Between Patients, Physicians, and Other Stakeholders in Mind
Medical care is shifting from treatment to preventative treatment, which has led to a change in how patients interact with healthcare providers.
This means that not only is the relationship between them changing, but there’s also an increase in the use of technology for patient monitoring and real-time data entry.
This data collection would require greater collaboration with stakeholders, which is something to consider when planning compliant protocols.
Planning New Regulation Regimes for Donation of EHR, Cybersecurity Technology, and Information Blocking
Electronic Health Records (EHR) are replacing the old paper documentation. These EHRs can be shared between health systems and providers for the sake of interoperability.
However, those donations need to be adequately tracked.
There needs to be a system in place to ensure there is a legitimate need for the adoption and topics such as updates and replacements have been addressed
Additionally, the provider of this information must not engage in “information blocking”, which has been defined as any activity that impedes the exchange or use of the health information.
Addressing Value-Based Care Considerations and the Federal Anti-Kickback Statute Safe Harbours
Data-enabled MedTech has the potential to make patient care much more empathetic, streamlined, and comprehensive. However, these qualities rely on better design and regulations.
At the same time, MedTech companies also need to ensure that their practices align with the regulatory requirements of the federal Anti-Kickback Statute safe harbours.
Balancing the Lack of Advanced Industry Standards Against a Rapidly Growing Technology
MedTech and communication technologies have exploded in the last couple of decades. And, the rise of AI has been even more dramatic. As such, the existing rules and regulations need to evolve with these new developments.
Managing regulatory compliance, especially for an industry like MedTech, can be quite challenging. That is where companies like RegASK can help. Such a service can help one not only maintain compliance but also keep up with any changes.
As is evident from the rise of tools like ChatGPT, the world is going to see more automation through AI. The important thing is to design compliance regulations that are as effective and as scalable as that technology.