September 26, 2021

Volume XI, Number 269

Advertisement

September 24, 2021

Subscribe to Latest Legal News and Analysis

September 23, 2021

Subscribe to Latest Legal News and Analysis

Steps toward More Harmonized Regulation of Software as a Medical Device: New IMDRF (International Medical Device Regulators Forum) Policy Position

On September 18, 2014, the International Medical Device Regulators Forum (IMDRF) approved a potentially significant policy position regarding Software as a Medical Device (SaMD), entitled Software as a Medical Device:  Possible Framework for Risk Categorization and Corresponding Considerations (IMDRF/SaMD WG/N12FINAL:2014).  The policy was put together by the IMDRF’s SaMD working group, led by an FDA official and composed of regulators from Australia, Brazil, Canada, China, France, Japan, and Sweden, plus industry groups (such as EUCOMED, AdvaMed, DITTA and the GMTA) and representatives from certain interested companies.

The new SaMD policy follows the IMDRF’s agreement of the definition of SaMD last December and a public consultation this summer.  The policy defines SaMD as “software intended to be used for one or more medical purposes that performs these purposes without being part of a hardware medical device.”  This definition is platform-agnostic: SaMD can be built for dedicated platforms, general-purpose PCs, mobile apps, and cloud services, among others.  The new policy therefore addresses a wide range of software intended for medical purposes.  The policy also clarifies that medical purposes include treatment or diagnosis of conditions, or driving or informing clinical management.

The borderline between SaMD and non-medical software is often unclear.  Likewise, it is not always clear whether software is stand-alone, or whether it is instead considered “part of” or an “accessory” to medical hardware.  To help address those concerns, the policy provides a list of examples of software that is, or is not, SaMD.

The policy then seeks to addresses the challenges associated with applying medical device rules to free-standing software, since those rules were drafted primarily for software embedded in, or an accessory to, medical devices.  Specifically, the policy covers two aspects of SaMD regulation:

It proposes a risk-based categorization of SaMD into one of four classes (I – IV) based on two factors: (i) the importance of the software in the clinical pathway, and (ii) the criticality of the patient’s situation or condition; and

It sets out “general considerations” for manufacturers and regulators relating to safe SaMD design, deployment, updating and post-marketing surveillance.

While the IMDRF is clear that this policy is not intended to influence current regulatory classification schemes or requirements, it does lay the path for future regulatory reforms around SaMD, as part of the IMDRF’s mission to “accelerate international medical device regulatory harmonization and convergence.”  For instance, it may be possible for regulators and legislators in the EU to factor the new policy into ongoing efforts to overhaul the EU’s medical device legislation.  In fact, the European Commission has taken an active interest in SaMD and updated its guidance on the applicability of current medical device rules to SaMD earlier this summer.

For now, the IMDRF has stated that it welcomes comments from the public on the new SaMD policy, and that its SaMD Working Group will be spending the next few months continuing to assess SaMD quality management systems and risk control measures.

© 2021 Covington & Burling LLPNational Law Review, Volume IV, Number 315
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Philippe Bradley-Schmieg, Covington Burling, Data privacy and cybersecurity attorney
Associate

Philippe Bradley-Schmieg's practice covers a range of regulatory and commercial matters affecting the IT, internet media, e-health and telecoms sectors across the world.

Mr. Bradley-Schmieg advises on legislation, enforcement, advocacy and contracts relating to privacy, data protection, consumer protection, intermediary liability, copyright and databases, Big Data, medical confidentiality, cybersecurity, law enforcement data requests, and smart medical devices and apps.

44-20-7067-2282
Advertisement
Advertisement
Advertisement