igital health is a term for a broad range of health technologies that includes mobile apps, wearable gadgets, and even artificial intelligence. These technologies have the potential to make the delivery of healthcare more accessible, convenient, and cost-effective. Software as a Medical Device (SaMD), a type of digital health technology, is standalone software that can aid a clinician in making decisions, provide treatment options for a condition, or even provide early diagnosis of life-threatening diseases.

While SaMD has the potential to offer tremendous benefits to the healthcare system, the International Medical Device Regulators Forum (IMDRF), a group of medical device regulators working towards the goal of international regulatory harmonization, has recognized that SaMD presents new challenges to the regulation of medical devices. Many non-traditional medical device manufacturers such as software developers of SaMD have found themselves in unfamiliar medical device regulatory territory. On the other hand, regulators are faced with the challenges of regulating software that can have frequent updates, potentially changing safety and/or effectiveness of the software. The ability to download software over the internet also poses risks as the traditional physical boundaries of containment are no more.

Given that the growth in this sector is expected to continue for many years, how will regulators balance the need to support the pace of innovation, all while ensuring that these medical devices remain safe and effective?

Key Takeaways

• SaMD is defined as software intended to be used for one or more medical purposes that perform these purposes without being part of a hardware medical device.
• SaMD has a huge potential to improve the healthcare system but is accompanied by new challenges for both regulators and industry such as tracking, cybersecurity and interoperability.
• IMDRF is working with medical device stakeholders to find regulatory convergence and harmonization in this space.

SaMD: Opportunities and Challenges for Life Sciences

Regulators and industry must agree on a globally implemented device identification and coding standard to identify and track SaMD throughout its life. They differ from a traditional medical device that can be physically labelled with a Unique Device Identifier.

Another challenge of SaMD is the security of the software. Cybersecurity vulnerabilities may introduce risks during use of the medical device. It may allow the attacker to remotely take control of the device, change its functionality and affect the safety or effectiveness of the device, or leak confidential information.

FDA is currently piloting a Software Pre-Certification Program to help inform development of a future regulatory model for digital health technology such as SaMD. The program is first examining the software developer for demonstration of a robust culture of quality and organizational excellence, which differs from the traditional approach of examining a medical device product.

Digital Health Canada: SaMD, Cybersecurity, and Artificial Intelligence

In 2018, under the Regulatory Review of Drugs and Devices initiative, Health Canada established the Digital Health Division (DHD) in the Medical Devices Bureau. DHD focuses on pre-market review of digital health technologies and contributes to developing better ways to advance and adapt regulatory approaches to digital health technologies while ensuring that they remain safe and effective.

The DHD has been building expert review capacity to stay ahead of these innovative software products and the challenges that come with them. Challenges of SaMD from a regulatory perspective include:

• The Medical Device Regulations set out rules to inform the categorization of medical devices from lowest to highest risk. Some SaMD do not fit exactly into the categorization system that was created with traditional medical devices in mind.
• Artificial Intelligence is already enhancing some SaMD applications in the field of image-based healthcare by continuously learning from the data the software is given. But how does a regulator ensure that there are no unintended consequences for the intended purpose of the software when the software delivers the output?
• Health Canada is currently co-chairing an IMDRF cybersecurity working group with FDA to develop standards and best practices to address cybersecurity risks.

Industry Perspective: Innovations and Challenges Regarding SaMD in Canada

Industry appreciates the efforts of regulators and IMDRF to align regulatory processes with respect to SaMD. This has helped to simplify classification and registration of these types of medical devices and spurred innovation by software developers. Health Canada’s current draft SaMD guidance document has been helpful, but questions remain as to how to classify certain software, how to handle software updates and usability, and how to satisfy cybersecurity requirements. Industry will continue to work with regulators to seek clarity on policies and processes so that SaMD developers know the regulatory requirements they must meet to get their product to market.