A SaMD (Software as a Medical Device) refers to software that is used for a medical purpose, without being part of a physical medical device. For example, it may refer to an application for a computer, mobile phone, or tablet that is intended to treat, diagnose, relieve, monitor, or cure a medical condition or disease.
A pure example of SaMD is the certified and successful app
FibriCheck.
FibriCheck is a smartphone app that can check your heart rhythm, detecting any irregularities and therefore preventing strokes. FibriCheck is not part of a physical medical device, but is instead installed directly on the user’s smartphone. Almost any smartphone, that is! This is why FibriCheck is classified as SaMD.
SaMD offers many useful benefits. It can facilitate rapid data collection and analysis, which is far quicker and more efficient than what can be achieved by clinicians in the same timespan. It can also pick up on any sudden changes in a patient’s condition very quickly, even detecting subtle changes that may not have been noticed by the patient or their monitoring clinician. For this reason, SaMD can have considerable benefits to the patient, as detecting abnormal patterns early means that these can be investigated and addressed, thus opening the possibility of preventative care and preventing the patient from becoming more seriously ill.
In essence, the purpose of performing clinical evaluation is to make sure that the SaMD conforms with the required regulatory requirements. In the process of clinical evaluation, the clinical data related to the SaMD is analysed and assessed to verify that the SaMD is safe to use and that the data is clinically useful. Performing clinical evaluation also enables any risks to be identified that have not already been identified and assessed as acceptable in the risk analysis, thus preventing any unexpected and potentially dangerous side effects.
In the EU, the path for clinical evaluation of SaMD is split into 5 stages. These are illustrated in the figure below:
The requirements for the clinical evaluation of SaMD are outlined in Article 61 of the MDR. When it comes specifically to the clinical evaluation of SaMD, the path for this is outlined in the document ‘MDCG 2020-1 Guidance on Clinical Evaluation (MDR) / Performance Evaluation (IVDR) of Medical Device Software’; a document endorsed by the Medical Device Coordination Group (MDCG) of the European Commission.
The MDR (Medical Device Regulation) is a set of regulations that governs the manufacture and distribution of medical devices in the EU. It came into effect on 26 May 2021. The MDR aims to ensure a high quality and safety of medical devices in the EU.
The IVDR (In Vitro Medical Device Regulation) is a regulatory framework for in-vitro medical devices in the EU. It was entered into force on 26 May 2017, and will apply fully in all EU member states by 26 May 2022. The IVDR sets rules on how in-vitro medical devices are classified, and how they are regulated and kept under surveillance.
Both the MDR and the IVDR are especially important when building SaMD, as they are used as the basis of the requirements for building SaMD. Therefore, being compliant with the MDR and the IVDR is essential for any company developing SaMD.
The three main components in the EU SaMD clinical evaluation stage are as follows:
For this component, you must be able to prove a valid association between the output of your SaMD (e.g. measurements, conclusions) and the clinical condition that it is intended to target. You can prove a valid association by using things such as findings from clinical research and trials, secondary data analysis, etc.
Here, you must prove that your SaMD correctly processes input data to produce accurate and reliable output data. Not only must you prove that your SaMD processes data properly, but you must also show that your software has been built properly.
For the clinical validation element, you must prove that any data produced by your SaMD is clinically meaningful and beneficial. For example, with the FibriCheck app, it must be proven that the data produced is clinically useful for detecting cardiac arrhythmias.
For more information on these three main components, you can read this document here.
There are many ways to obtain the necessary clinical data for the clinical evaluations of a SaMD. Here are several possible ways to collect the data:
As we have previously mentioned, the Clinical Evaluation process is explained in Article 61 of the MDR. More specifically, in paragraph 3 of the article, the general requirements of the Clinical Evaluation process are explained, be it not as thoroughly as you would like it to be. In the Annex XIV, additional information can be found as well. If you are already familiar with the MEDDEV guidance document (MEDDEV is an abbreviation of Medical Devices Documents, which was developed on behalf of the European Commission to help the implementation of medical device directives), you might notice that it strongly resembles the process described in Annex XIV of the MDR. More specifically document 2.7/1 rec. 4 “Clinical evaluation: Guide for manufacturers and notified bodies”.
The process defined in Annex XIV (paragraph 1 of Part A) is as follows:
You must follow a Clinical Evaluation Plan with these stages:
1. A planning stage
2. An identification stage of relevant clinical data
3. An appraising stage for the data
4. If the appraisal stage deems it necessary, there may be the need for the generation of new data through clinical investigation. However, please note that this will not be the case with every SaMD product.
5. A reporting stage
The resemblance between both Annex XIV and the MEDDEV guidance document is no coincidence, as the authors of the MDR had the 2016 MEDDEV document in mind when writing part A of Annex XIV. This is good news for any company that may have a clinical evaluation process based on MEDDEV 2.7/1, as it means their process is also aligned well with the requirements in Annex XIV of the MDR. Thus, if you are looking to build your clinical evaluation process for the very first time, it is a very good idea to base your process on MEDDEV 2.7/1, as this will provide you with a very thorough basis for your clinical evaluation process.
However, it is important to consider that there are three points that go beyond that of the MEDDEV. These are as follows:
1. The establishment of a Clinical Evaluation Plan, which must include the following:
2. The PMCF (Post-Market Clinical Follow-up Studies) Plan, which outlines the method for conducting post-market follow-up of your SaMD.
3. The requirement to produce a PMCF Evaluation Report during the post-market phase.
If your SaMD has a connectivity component, such as using a cloud-based platform, you will have to prove data integrity. Proving data integrity involves demonstrating that the data produced by your SaMD is accurate, consistent, and complete, and that data is processed securely in accordance with regulatory data protection requirements such as the GDPR.
By building your SaMD on a medical Backend-as-a-Service (mBaaS) like Extra Horizon, you will make this step much easier. Our backend platform already has all the data protection standards implemented right from the start, enabling you to build a GDPR-proof SaMD solution easily. Proving data integrity will be one less burden to solve.
When developing your SaMD, the importance of having an effective QMS from the very beginning should not be underestimated. Your QMS makes sure that all procedures and processes concerning customer and regulatory requirements are documented properly, as well as making sure that continuous improvements are made to the effectiveness and efficiency of your SaMD.
In the Clinical Evaluation phase for your SaMD, your QMS is an invaluable tool, particularly during the analytical and technical evaluation phase. The QMS will generate helpful evidence that your SaMD correctly processes input data, and that your SaMD has been built properly, according to the relevant regulatory requirements.
When we are talking about quality management for SaMD, we are mostly talking about the ISO 13485:2016 standard. The ISO 13485:2016 standard is an international standard that is required to sell in the EU. If you plan on getting a CE Mark for selling your SaMD in the EU, you will need to become compliant with the MDR, and to be compliant with the MDR, you will need to be compliant with the ISO 13485:2016 standard. Thus, having an ISO 13485:2016 certified QMS will make the clinical evaluation much easier, as it proves an important and essential adherence to the MDR.
For the analytical and technical evaluation component of the clinical evaluation process, it is essential that you have proof that your software has been built in a proper way, taking into account all of the relevant regulatory requirements. Documentation generated by your QMS during the software building phase will provide solid proof that your software has been built according to the necessary requirements. See our point above about building a strong QMS from day one for more information.
Additionally, as part of the development requirements for your SaMD, you will be required to manage your software lifecycle processes according to the IEC 62304 standard, which specifies the requirements for the safe design and maintenance of software.
Extra Horizon offers a Lifecycle tool; a tool that makes it easier to manage software lifecycles. Lifecycle management refers to the specification, design, development, and testing of a software application, from the initial conception of the application, right up until the discontinuation of the product. The documentation generated by the Lifecycle Tool can be used as valuable evidence to prove that your SaMD conforms to the necessary regulatory requirements - something that is extremely important during the Clinical Evaluation Phase.
Using Extra Horizon’s medical Backend-as-a-Service (BaaS) offers numerous benefits during the Clinical Evaluation phase. As we provide a leveraged platform, this means that companies are able to simply configure their own backend platform instead of building it from scratch in-house. This will save you a lot of time and money, which means you will have more time and effort to focus on tackling the often-daunting SaMD Clinical Evaluation phase.
Extra Horizon holds a number of regulatory certifications, including, but not limited to, the list below:
ISO 13485:2016 is a standard for Quality Management Systems for medical devices, and is a prerequisite for CE-approval, which is a mark that signifies that a product meets the safety, health, and environmental protection requirements of the European Economic Area (EEA). By using Extra Horizon’s ISO 13485:2016-compliant medical BaaS, you are relieving yourself of a huge chunk of the burden of building an effective QMS. The QMS also generates evidence that your SaMD correctly processes input data, and that your software has been built properly in compliance with regulatory standards.
Achieving ISO 13485:2016 certification also involves meeting thorough post-market surveillance requirements, so using a BaaS provider with an ISO 13485:2016 certification demonstrates a commitment to meeting the post-market requirements of the clinical evaluation phase.
You can read more about ISO 13485:2916 and the path to certification in our informative eBook, ISO 13485:2016: Thirteen Boxes to Tick on the Path to Certification.
ISO 27001 provides a standard for how an organisation should deal with information and data security, including all policies and processes relevant to the control and use of data. This certification shows that your SaMD follows all internationally acknowledged best practices with regards to confidentiality, risk management, and data integrity.
ISO 27701 specifies the requirements for establishing and maintaining a Privacy Information Management System (PIMS), providing a framework for the handling of Personally Identifiable information (PII).
The IEC 62304:2015 certification specifies the requirements for the safe design and maintenance of software. This helps greatly during the analytical and technical development stage of clinical evaluation, as it helps prove that your software has been built correctly.
Extra Horizon is listed as a trusted provider in the EU Cloud Code of Conduct, which demonstrates our commitment to providing a safe and compliant cloud backend environment for our customers, as well as meeting the requirements necessary to comply with the GDPR. Read more about the EU Cloud CoC here.
In the FDA controlled regions, which includes the 50 United States, the District of Columbia, Puerto Rico, Guam, the Virgin Islands, American Samoa, and other U.S. territories and possessions, the clinical evaluation phase is quite similar to that of the EU markets, although there are some differences that are well worth mentioning. We're currently writing a piece that dives a bit deeper into this aspect, so keep your eyes open or stay in the loop via our newsletter.
The Clinical Evaluation phase can be a very daunting process, but by paying close attention to the regulatory requirements and making sure that your SaMD has a good and thorough QMS, you will be able to pass the Clinical Evaluation phase with flying colours. By using Extra Horizon’s ready-made, already-compliant medical BaaS, you will relieve yourself of even more pressure during the process. To find out more, please do not hesitate to
get in touch.
RECENT POSTS
FREE EBOOKS
GOT QUESTIONS?
Solutions
BY USE CASE
BY CAPABILITY
BY STAGE
Getting Started
AS A DEVELOPER
AS A PARTNER
© 2023 Extra Horizon, All rights reserved
Kempische Steenweg 303, 3500, Hasselt, BE
— Hasselt, Belgium