How can your SaMD pass the clinical evaluation phase with flying colours in EU markets?

As we have previously mentioned, the Clinical Evaluation process is explained in Article 61 of the MDR. More specifically, in paragraph 3 of the article, the general requirements of the Clinical Evaluation process are explained, be it not as thoroughly as you would like it to be. In the Annex XIV, additional information can be found as well. If you are already familiar with the MEDDEV guidance document (MEDDEV is an abbreviation of Medical Devices Documents, which was developed on behalf of the European Commission to help the implementation of medical device directives), you might notice that it strongly resembles the process described in Annex XIV of the MDR. More specifically document 2.7/1 rec. 4 “Clinical evaluation: Guide for manufacturers and notified bodies”.

The process defined in Annex XIV (paragraph 1 of Part A) is as follows:

You must follow a Clinical Evaluation Plan with these stages:

1. A planning stage

2. An identification stage of relevant clinical data

3. An appraising stage for the data

4. If the appraisal stage deems it necessary, there may be the need for the generation of new data through clinical investigation. However, please note that this will not be the case with every SaMD product.

5. A reporting stage

The resemblance between both Annex XIV and the MEDDEV guidance document is no coincidence, as the authors of the MDR had the 2016 MEDDEV document in mind when writing part A of Annex XIV. This is good news for any company that may have a clinical evaluation process based on MEDDEV 2.7/1, as it means their process is also aligned well with the requirements in Annex XIV of the MDR. Thus, if you are looking to build your clinical evaluation process for the very first time, it is a very good idea to base your process on MEDDEV 2.7/1, as this will provide you with a very thorough basis for your clinical evaluation process. 

However, it is important to consider that there are three points that go beyond that of the MEDDEV. These are as follows:

1. The establishment of a Clinical Evaluation Plan, which must include the following:

• Identification of the general safety and performance requirements that require support from clinical data.
• A specification of the intended purpose of the device. Under the MDR, ‘intended purpose’ refers to the use for which a device is intended according to the data supplied by the manufacturer on the label, in the instructions for use, or in promotional or sales materials or statements, and as specified by the manufacturer in the clinical evaluation.
• A specification of intended target groups.
• A description of the intended clinical benefits
• A specification of the methods used for examination of the qualitative and quantitative aspects of clinical safety, with clear reference to risks and side effects.
• A list of the parameters to be used to determine the benefit-risk ratio of the device, and how benefit-risk issues are to be addressed.
• A clinical development plan, indicating a clear progression from initial exploratory investigations, to confirmatory investigations.
• The Clinical Evaluation Plan process must result in a Clinical Evaluation report.

2. The PMCF (Post-Market Clinical Follow-up Studies) Plan, which outlines the method for conducting post-market follow-up of your SaMD.

3. The requirement to produce a PMCF Evaluation Report during the post-market phase.

If your SaMD has a connectivity component, such as using a cloud-based platform, you will have to prove data integrity. Proving data integrity involves demonstrating that the data produced by your SaMD is accurate, consistent, and complete, and that data is processed securely in accordance with regulatory data protection requirements such as the GDPR. 

By building your SaMD on a medical Backend-as-a-Service (mBaaS) like Extra Horizon, you will make this step much easier. Our backend platform already has all the data protection standards implemented right from the start, enabling you to build a GDPR-proof SaMD solution easily. Proving data integrity will be one less burden to solve.

When developing your SaMD, the importance of having an effective QMS from the very beginning should not be underestimated. Your QMS makes sure that all procedures and processes concerning customer and regulatory requirements are documented properly, as well as making sure that continuous improvements are made to the effectiveness and efficiency of your SaMD.

In the Clinical Evaluation phase for your SaMD, your QMS is an invaluable tool, particularly during the analytical and technical evaluation phase. The QMS will generate helpful evidence that your SaMD correctly processes input data, and that your SaMD has been built properly, according to the relevant regulatory requirements.

When we are talking about quality management for SaMD, we are mostly talking about the ISO 13485:2016 standard. The ISO 13485:2016 standard is an international standard that is required to sell in the EU. If you plan on getting a CE Mark for selling your SaMD in the EU, you will need to become compliant with the MDR, and to be compliant with the MDR, you will need to be compliant with the ISO 13485:2016 standard. Thus, having an ISO 13485:2016 certified QMS will make the clinical evaluation much easier, as it proves an important and essential adherence to the MDR.

For the analytical and technical evaluation component of the clinical evaluation process, it is essential that you have proof that your software has been built in a proper way, taking into account all of the relevant regulatory requirements. Documentation generated by your QMS during the software building phase will provide solid proof that your software has been built according to the necessary requirements. See our point above about building a strong QMS from day one for more information.

Additionally, as part of the development requirements for your SaMD, you will be required to manage your software lifecycle processes according to the IEC 62304 standard, which specifies the requirements for the safe design and maintenance of software.

ISO 13485:2016 is a standard for Quality Management Systems for medical devices, and is a prerequisite for CE-approval, which is a mark that signifies that a product meets the safety, health, and environmental protection requirements of the European Economic Area (EEA). By using Extra Horizon’s ISO 13485:2016-compliant medical BaaS, you are relieving yourself of a huge chunk of the burden of building an effective QMS. The QMS also generates evidence that your SaMD correctly processes input data, and that your software has been built properly in compliance with regulatory standards.

Achieving ISO 13485:2016 certification also involves meeting thorough post-market surveillance requirements, so using a BaaS provider with an ISO 13485:2016 certification demonstrates a commitment to meeting the post-market requirements of the clinical evaluation phase.

You can read more about ISO 13485:2916 and the path to certification in our informative eBook, ISO 13485:2016: Thirteen Boxes to Tick on the Path to Certification.

Download it for free here.

ISO 27001 provides a standard for how an organisation should deal with information and data security, including all policies and processes relevant to the control and use of data. This certification shows that your SaMD follows all internationally acknowledged best practices with regards to confidentiality, risk management, and data integrity.

Read more here.

ISO 27701 specifies the requirements for establishing and maintaining a Privacy Information Management System (PIMS), providing a framework for the handling of Personally Identifiable information (PII).

The IEC 62304:2015 certification specifies the requirements for the safe design and maintenance of software. This helps greatly during the analytical and technical development stage of clinical evaluation, as it helps prove that your software has been built correctly.

Read more here.

Extra Horizon is listed as a trusted provider in the EU Cloud Code of Conduct, which demonstrates our commitment to providing a safe and compliant cloud backend environment for our customers, as well as meeting the requirements necessary to comply with the GDPR. Read more about the EU Cloud CoC here.

• CE Mark
• MDR
• GDPR