Steps toward More Harmonized Regulation of Software as a Medical Device: New IMDRF (International Medical Device Regulators Forum) Policy Position
On September 18, 2014, the International Medical Device Regulators Forum (IMDRF) approved a potentially significant policy position regarding Software as a Medical Device (SaMD), entitled Software as a Medical Device: Possible Framework for Risk Categorization and Corresponding Considerations (IMDRF/SaMD WG/N12FINAL:2014). The policy was put together by the IMDRF’s SaMD working group, led by an FDA official and composed of regulators from Australia, Brazil, Canada, China, France, Japan, and Sweden, plus industry groups (such as EUCOMED, AdvaMed, DITTA and the GMTA) and representatives from certain interested companies.
The new SaMD policy follows the IMDRF’s agreement of the definition of SaMD last December and a public consultation this summer. The policy defines SaMD as “software intended to be used for one or more medical purposes that performs these purposes without being part of a hardware medical device.” This definition is platform-agnostic: SaMD can be built for dedicated platforms, general-purpose PCs, mobile apps, and cloud services, among others. The new policy therefore addresses a wide range of software intended for medical purposes. The policy also clarifies that medical purposes include treatment or diagnosis of conditions, or driving or informing clinical management.
The borderline between SaMD and non-medical software is often unclear. Likewise, it is not always clear whether software is stand-alone, or whether it is instead considered “part of” or an “accessory” to medical hardware. To help address those concerns, the policy provides a list of examples of software that is, or is not, SaMD.
The policy then seeks to addresses the challenges associated with applying medical device rules to free-standing software, since those rules were drafted primarily for software embedded in, or an accessory to, medical devices. Specifically, the policy covers two aspects of SaMD regulation:
It proposes a risk-based categorization of SaMD into one of four classes (I – IV) based on two factors: (i) the importance of the software in the clinical pathway, and (ii) the criticality of the patient’s situation or condition; and
It sets out “general considerations” for manufacturers and regulators relating to safe SaMD design, deployment, updating and post-marketing surveillance.
While the IMDRF is clear that this policy is not intended to influence current regulatory classification schemes or requirements, it does lay the path for future regulatory reforms around SaMD, as part of the IMDRF’s mission to “accelerate international medical device regulatory harmonization and convergence.” For instance, it may be possible for regulators and legislators in the EU to factor the new policy into ongoing efforts to overhaul the EU’s medical device legislation. In fact, the European Commission has taken an active interest in SaMD and updated its guidance on the applicability of current medical device rules to SaMD earlier this summer.
For now, the IMDRF has stated that it welcomes comments from the public on the new SaMD policy, and that its SaMD Working Group will be spending the next few months continuing to assess SaMD quality management systems and risk control measures.