software

On July 28, 2020, FDA announced the publication of a final guidance on Multiple Function Device Products: Policy and Considerations that outlines FDA’s evolving approach to the regulation of multiple function device products, including software.

The concept of “multiple function” products was introduced by the 21st Century Cures Act (“Cures Act”) of 2016, which

The EU’s regulatory rules for medical devices are due to change on 26 May 2020, when the new Medical Device Regulation (“MDR”)[1] comes into effect.  The regime for in vitro diagnostic devices will change two years later from 26 May 2022 when the In Vitro Diagnostic Devices Regulation (“IVDR”)[2] will apply.

In advance of these changes, the EU Medical Device Coordination Group (“MDCG”) has recently published guidance on the Qualification and Classification of Software in the MDR and IVDR (the “Guidance”).

The aim of the Guidance is to assist manufacturers with interpreting the new Regulations to assess whether their software meets the definition of a medical device or an in vitro diagnostic device (i.e., “qualification”); and if so, what regulatory class the software would fall under (i.e., “classification”).

The MDCG is a coordination group established under Article 103 of the MDR, comprising up to two medical device experts from each EU Member State.  Its key functions include contributing to the development of guidance to ensure effective and harmonized implementation of the EU’s new medical device rules.  The Guidance is not legally binding nor does it necessarily reflect the official position of the European Commission.  However, given the MDCG’s important role in the regulatory landscape, the Guidance is likely to be highly persuasive.

Continue Reading EU Medical Device Coordination Group Publishes Guidance on the Qualification and Classification of Software under Upcoming Medical Device Regulations

On January 3, 2019, the National Medical Products Administration (“NMPA”) published a draft standalone software appendix of medical device good manufacturing practice (“Draft Standalone Software GMP” or “Draft Appendix”) for public comment (available here).  Comments are due on January 30, 2019.

China revised its medical device GMP in 2014, which apply to all classes of devices regardless of whether they are imported or made in China.  Subsequently, NMPA added various appendices (fulu) to articulate special requirements for certain types of devices, including sterile, implantable, and in vitro diagnostic devices.    The Draft Appendix sets out proposed special requirements for software that falls under the definition of medical device.

In China, the definition of a medical device covers software that either itself constitutes a device (i.e., standalone software) or is an accessory/component of a device (i.e., component software).  The Draft Standalone Software GMP expressly applies to standalone software and it states that it applies, “by reference,” (mutatis mutandis) to component software.  If finalized, the Draft Standalone Software GMP would be effective on an undetermined date in 2020.

The Draft Appendix is a relatively simple document with four main sections:

  • scope and general principles of the Draft Appendix ;
  • special requirements for various aspects of the manufacturing and post-market processes (see below);
  • definitions of key terms; and
  • miscellaneous provisions.

Key features of the Draft Standalone Software GMP include the following:

Continue Reading NMPA Releases Draft Good Manufacturing Practice Appendix on Standalone Software

The UK Information Commissioner’s Office (“ICO”), which enforces data protection legislation in the UK, has ruled that the NHS Royal Free Foundation Trust (“Royal Free”), which manages a London hospital, failed to comply with the UK Data Protection Act 1998 in providing 1.6 million patient records to Google DeepMind (“DeepMind”), requiring the Royal Free to sign an undertaking committing to changes to ensure it is acting in line with the UK Data Protection Act.

On September 30,  2015, the Royal Free entered into an agreement with Google UK Limited (an affiliate of DeepMind) under which DeepMind would process approximately 1.6 million partial patient records, containing identifiable information on persons who had presented for treatment in the previous five years together with data from the Royal Free’s existing electronic records system.  On November 18, 2015, DeepMind began processing patient records for clinical safety testing of a newly-developed platform to monitor and detect acute kidney injury, formalized into a mobile app called ‘Streams’.
Continue Reading ICO Rules UK Hospital-DeepMind Trial Failed to Comply with UK Data Protection Law

On 15 July 2016, the European Commission updated MEDDEV 2.1/6 (the “MEDDEV Guidance), its medical device guidance on the qualification and classification of stand alone software used in the healthcare setting. The updated version replaces an earlier version of MEDDEV 2.1/6 issued by the European Commission in January 2012.

MEDDEV 2.1/6 generally stands as a valuable resource to assist software developers in the assessment of whether software is a medical device. However, some have expressed disappointment that the updated guidance did not go further in clarifying the picture, particularly those operating within the mobile health (mHealth) space.

Indeed, the main changes consist of additions to the definitions section of the MEDDEV Guidance. There is now a definition to clarify that “software” is a “set of instructions that processes input data and creates output data“. There are also accompanying definitions of “input data” and “output data”.
Continue Reading EU Updates MEDDEV 2.1/6 Guidance on Standalone Software