Hi everyone,
This is my first post here. I am working for an EU based digital health startup that has a Class IIa SAMD product available for users and clients as SaaS. Initially, the product was available to end users only but very recently the company has changed its business strategy and made the software available to clients all around the world. I am new to this SAMD SaaS part and I have a couple of questions.
1. In the PMSP of the device, should we make it clear how to collect Post Market data and which type of data will be collected from clients specifically? I mean it is already clear what type of data the company is collecting for the device like feedback, complaints etc. and how we analyse those. To be honest, clients for the SAMD is something new to me and in terms of which type of data we can collect from each client is really different for each case, for example, some clients integrate feedback options in the product, some of them don't want it.
2. The second question is a bit more from a practical point of view in terms of PMS data collection from clients in data restricted geographies and ensuring the product's safety and performance.
Let's say we have a potential client in Canada who will integrate our SAMD into their website for their users. Canada is also a data restricted country and the client told us that no PHI/PII can be shared with the manufacturer and we as the manufacturer won't be able to have any control over user details and provided results since the company is based in the EU. In this case, how the device manufacturer will be able to communicate vigilance events like field safety notices with users in Canada? Should it be done by the client or is an authorised representative needed? (RA team said we won't need to have an AR in Canada)
For PMS, would that be enough if the client will timely communicate complaints and vigilance events about the device in an anonymised way without including any PHI/PII and those can be included in the PSUR? Can we solve everything easily by making the client responsible for anything with a quality agreement?
What are the other concerns you see here from an MDR compliance point of view?
Any similar experience/advice would be appreciated.
Thanks in advance.
This is my first post here. I am working for an EU based digital health startup that has a Class IIa SAMD product available for users and clients as SaaS. Initially, the product was available to end users only but very recently the company has changed its business strategy and made the software available to clients all around the world. I am new to this SAMD SaaS part and I have a couple of questions.
1. In the PMSP of the device, should we make it clear how to collect Post Market data and which type of data will be collected from clients specifically? I mean it is already clear what type of data the company is collecting for the device like feedback, complaints etc. and how we analyse those. To be honest, clients for the SAMD is something new to me and in terms of which type of data we can collect from each client is really different for each case, for example, some clients integrate feedback options in the product, some of them don't want it.
2. The second question is a bit more from a practical point of view in terms of PMS data collection from clients in data restricted geographies and ensuring the product's safety and performance.
Let's say we have a potential client in Canada who will integrate our SAMD into their website for their users. Canada is also a data restricted country and the client told us that no PHI/PII can be shared with the manufacturer and we as the manufacturer won't be able to have any control over user details and provided results since the company is based in the EU. In this case, how the device manufacturer will be able to communicate vigilance events like field safety notices with users in Canada? Should it be done by the client or is an authorised representative needed? (RA team said we won't need to have an AR in Canada)
For PMS, would that be enough if the client will timely communicate complaints and vigilance events about the device in an anonymised way without including any PHI/PII and those can be included in the PSUR? Can we solve everything easily by making the client responsible for anything with a quality agreement?
What are the other concerns you see here from an MDR compliance point of view?
Any similar experience/advice would be appreciated.
Thanks in advance.