PMS Data collection for SAMD SaaS from clients

Z

zlemp

Registered
Hi everyone,

This is my first post here. I am working for an EU based digital health startup that has a Class IIa SAMD product available for users and clients as SaaS. Initially, the product was available to end users only but very recently the company has changed its business strategy and made the software available to clients all around the world. I am new to this SAMD SaaS part and I have a couple of questions.

1. In the PMSP of the device, should we make it clear how to collect Post Market data and which type of data will be collected from clients specifically? I mean it is already clear what type of data the company is collecting for the device like feedback, complaints etc. and how we analyse those. To be honest, clients for the SAMD is something new to me and in terms of which type of data we can collect from each client is really different for each case, for example, some clients integrate feedback options in the product, some of them don't want it.

2. The second question is a bit more from a practical point of view in terms of PMS data collection from clients in data restricted geographies and ensuring the product's safety and performance.

Let's say we have a potential client in Canada who will integrate our SAMD into their website for their users. Canada is also a data restricted country and the client told us that no PHI/PII can be shared with the manufacturer and we as the manufacturer won't be able to have any control over user details and provided results since the company is based in the EU. In this case, how the device manufacturer will be able to communicate vigilance events like field safety notices with users in Canada? Should it be done by the client or is an authorised representative needed? (RA team said we won't need to have an AR in Canada)

For PMS, would that be enough if the client will timely communicate complaints and vigilance events about the device in an anonymised way without including any PHI/PII and those can be included in the PSUR? Can we solve everything easily by making the client responsible for anything with a quality agreement?

What are the other concerns you see here from an MDR compliance point of view?

Any similar experience/advice would be appreciated.

Thanks in advance.
 
Y

yodon

Leader
Super Moderator
Well, I'll boldly step into this where no other Covers dare to tread. :)

Seriously, as best I can tell, this is still shrouded in a lot of fog so take this all with a huge grain of salt.

Can you clarify for me, though, what the difference is between "users" and "clients"?

Regardless, from what I've read, I believe these are the data you should be gathering as part of your PMS work:
  • info on serious incidents, including
  • info from PSURs, & FSCAs;
  • info on non serious incidents & data on any undesirable side effects;
  • info from trend reporting
  • relevant specialist or technical literature, databases and/or registers;
  • info, including feedback & complaints, provided by users, distributors & importers;
  • publicly available information about similar medical devices.
I think any feedback would just feed into the trend reporting.

Data security is a totally different ball of wax. If you can avoid collecting any PII/PHI, you should. If you must, though, you'll need all sorts of procedures on how you protect the data. An event is an event - it shouldn't matter on whom the event occurs (in terms of your postmarket work).

That's my take. Other thoughts would be welcome!
 
Z

zlemp

Registered
yodon said:
Well, I'll boldly step into this where no other Covers dare to tread. :)

Seriously, as best I can tell, this is still shrouded in a lot of fog so take this all with a huge grain of salt.

Can you clarify for me, though, what the difference is between "users" and "clients"?

Regardless, from what I've read, I believe these are the data you should be gathering as part of your PMS work:
  • info on serious incidents, including
  • info from PSURs, & FSCAs;
  • info on non serious incidents & data on any undesirable side effects;
  • info from trend reporting
  • relevant specialist or technical literature, databases and/or registers;
  • info, including feedback & complaints, provided by users, distributors & importers;
  • publicly available information about similar medical devices.
I think any feedback would just feed into the trend reporting.

Data security is a totally different ball of wax. If you can avoid collecting any PII/PHI, you should. If you must, though, you'll need all sorts of procedures on how you protect the data. An event is an event - it shouldn't matter on whom the event occurs (in terms of your postmarket work).

That's my take. Other thoughts would be welcome!
Click to expand...

Hey thank you so much for taking your time! Super helpful.

For the info, we already collect all the data you mentioned above that are highlighted in the product's PMSP. However, this client (B2C) strategy is new and there are/will be new users via clients from new regions. One thing I am not sure is if I need to update PMSP by dividing feedback part into two areas like feedback from clients/feedback from users? We receive feedback from users, clients and from clients' users. Or it is not needed since a feedback is a feedback?

Also, let me summarise as much as I can what a client is for us. The company offers an SAMD product to end-users for free via app store/google play store, which is the main source of PMS feedback/complaints/incidents for the product. Now we also offer this product to other health organisations/hospitals/pharma companies etc., so that they can integrate it into their systems/websites/apps for their own users/audience as if it is their product or they just implement our solution to their website under our company name - for various reasons like raising disease awareness and directing users to digital care options.

All these companies/organisations pay us for using our SaMD solution and this is basically why we call them "clients". If it was a physical device, maybe they could be named as "distributors/importer", I am not sure. :D

I believe PMS surveys with those clients could also be one option. All in all, I just wanted to anticipate what could be the gaps/loopholes specific to this client side, although we have enough post-market surveillance data from end users for the product.
 
Ed Panek

Ed Panek

QA RA Small Med Dev Company
Leader
Super Moderator
We have several of the same questions. Does your notified body have an industry engagement person? They will sometimes offer advice although they cannot be consultants. Ultimately whatever you do the NB will either say yes or no. With the 3 strikes, you're out rule on reviews just make sure this PMS is included in their initial review.\

Apply risk-based thinking for PMS and develop methods with partners who in-country can analyze that data for you and provide summary action data.
 
You must log in or register to reply here.

Similar threads

C
Resume Feedback - Medical Device (SaMD) Regulatory Affairs, 5 YOE
Replies
5
Views
1K
EmiliaBedelia
E
C
Can SaMD consist almost entirely of Software of Unknown Provenance (SOUP)?
Replies
4
Views
639
CharmaineK
C
M
Data integrity for equipment/method used for combination device design verification
Replies
2
Views
686
MedDevGuy
M
T
MDR PMS System Vs. Plan Vs. Procedures
Replies
3
Views
788
Junn1992
J
iMPact Business Group
  • Locked
Hiring: Sr. Supplier Quality Engineer (Fully Remote)
Replies
1
Views
783
Jim Wynne
Jim Wynne
Top Bottom