Qualification of a Software as a Medical Device (SaMD) guidance under MDR

[jlehikoi]

Hello all,

I was wondering if the European Commission has released any guidance on qualification of Software as a Medical Device under the Medical Device Regulation, i.e. something similar to MEDDEV 2.1/6 guidance? To my understanding, the MEDDEV 2.1/6 guidance pertains to the Medical Device Directive, and at least I couldn't find any updated version that would address MDR explicitly.

MEDDEV 2.1/6 excludes from medical device status software that does not "perform an action on data different from storage, archival, communication or simple search". To my understanding, this guidance has excluded many electronic health record systems from medical device status. Now, the Rule 11 of the MDR states that "Software intended to provide information which is used to take decisions with diagnosis or therapeutic purposes is classified as class IIa, ...". Interpreting the text of Rule 11 literally, I would say that a typical EHR system provides information for taking decisions with diagnosis or therapeutic purposes, which would make EHRs Class IIa (or potentially even higher) Medical Devices. This would of course constitute a massive change.

Thus, my question is that can we expect software that does not "perform an action on data different from storage, archival, communication or simple search" to be excluded from medical device status also in the future? Has EC released any guidance on this matter?

 

[Jean_B]

Though I do not know of any (draft) guidance from the EU to the MDR, the Australian Consultation on SaMD explicitly gives an aligned but more detailed interpretation to the MDR one.
Consultation: Regulation of software, including Software as a Medical Device (SaMD)

Probably wise to be aware of it in this discussion.

 

[dgrainger]

The MEDDEV examples are not necessarily applicable to modern systems with added functionality. Most Class I software will be up classified to at least Class IIa.
The exclusion you mention is only for simple software that performs a single action on data.

EC guidance is in draft stage at the moment. It's based on the IMDRF risk categorization document (but with a minimum of class IIa).

http://www.imdrf.org/docs/imdrf/fin...samd-framework-risk-categorization-141013.pdf

 

[jlehikoi]

Thank you both for interesting reads! If the MDR guidance will indeed follow the principles of IMDRF risk categorization, it will make quite many product medical devices with Classes IIa - III. It will be interesting to see if the manufacturers are aware of this and if they can react in time.

 

[Ronen E]

and if they can react in time

Most likely not. If a manufacturer hasn't started gearing up towards the MDR by now, it's probably a bit too late, and there will be some implications or other. Especially if they were exempt or self-certified under the MDD and need NB involvement under the MDR, especially with all the current uncertainty and apparent major lack of MDR NB capacity.

 

[jlehikoi]

Most likely not. If a manufacturer hasn't started gearing up towards the MDR by now, it's probably a bit too late, and there will be some implications or other. Especially if they were exempt or self-certified under the MDD and need NB involvement under the MDR, especially with all the current uncertainty and apparent major lack of MDR NB capacity.

That's my hunch as well. It will be interesting to see how more "generic" healthcare IT vendors will respond to this - and how strictly authorities are going to deal with them.

 

[kreid]

The MANUAL ON BORDERLINE AND CLASSIFICATION IN THE COMMUNITY REGULATORY FRAMEWORK FOR MEDICAL DEVICES Version 1.18 (12-2017) is still valid and might help you.

I personally think the answer to your question jlehikoi is Yes

 

[jlehikoi]

The [link redacted, because forum doesn't allow me to post it] is still valid and might help you.

I personally think the answer to your question jlehikoi is Yes

Thanks, the manual is definitely a useful resource. We actually ended up reviewing it with our NB, but it didn't really provide examples that would have hit close to us - for others, it may be a useful resource nonetheless.

 

[dgrainger]

Remember the rules only apply to the classification of software that is a device and are not qualifying rules.

 

[moounir]

Interesting question @jlehikoi,
I think you got a lot of good answers here. In case, I interviewed an SME on Softwares so if his answers can help you this would make my day.
He mainly had the same answers relating to the change of classification on software and the fact that MDD was not really considering the new Software that is now on the market (Artificial intelligence, mobile application..)
Regarding vendors of software, if their products are now reclassified to class IIa or more then it's really a challenge if they have not already followed some good practices for software development. And they will also experiment audits which I think will be a problem on the 2 sides.
Notified Bodies didn't need IT Auditors before so now they will need to train a maximum of them to support the demand.

Exciting time.