By Scott Thiel and Alexandros Charitou, Navigant
With a global digital health market — comprising health technology, mobile devices, software applications, and analytics — projected to swell from $71.4B in 2017 to $379B by 2024, a range of startup and long-established medtech, pharmaceutical, and IT companies are vying for market shares. The United States (US) commanded $30.5B worth of the global market in 2017, while Germany was the European Union’s (EU) leading digital health market.
Innovators targeting these two regions must not only have differentiating technologies, they must understand the regulatory ”rules of the road” — including, among other things, clarity whether their product is considered a regulated medical device, diagnostic, or combination product, an understanding of the requirements for wireless capability, and the sense to avoid common mistakes. Namely, they must keep pace with changing regulatory expectations in the same way they do with technology changes, exercising diligence in creating and following a prudent and effective regulatory strategy, while anticipating the potential need to shift course as industry drivers change.
Current Digital Health Regulation In The EU and US
Contrary to long-held belief, the US is not necessarily the more difficult path to market for some medical technologies, particularly digital health technologies. The EU may now present more obstacles for certain digital health technologies, because the United States is further ahead in defining and clarifying a regulatory approach to Software as a Medical Device (SaMD). Additionally, in recent years, the US has taken legislative and administrative action to reduce regulatory stringency for certain digital health technologies. These actions include:
Meanwhile, EU governing bodies have made it generally more difficult for certain digital medical technologies to gain market approval. Some of this heightened oversight came as a result of public furor in reaction to two cases of faulty medical technologies — one involving what became known as “rupture-prone” breast implants, made with industrial-grade silicone rather than medical-grade silicone, and the other involving metal-on-metal hip replacement implants alleged to have caused some patients to require additional surgeries.
In part, as a result of public outrage, the 28 EU Member States increased efforts to approve the Medical Device Regulation (MDR), as well as the In-Vitro Diagnostic Regulation (IVDR). The MDR and IVDR replace the Medical Device Directive (MDD) and In-Vitro Diagnostic Directive (IVDD), respectively.
On the plus side, the regulations bring additional consistency, because the various EU member countries have less flexibility in their adoption than they did under the directives. On the minus side, many software products regulated with a light touch under the MDD (e.g., Class I) could become more tightly regulated under the MDR (e.g., Class IIa, IIb, or even III).
Furthermore, the MDR enters fully into force in 2020, at which time all applicable products sold — or being developed for use — in the EU must comply. That means manufacturers must assess new and existing product changes against the regulation, update any testing, find a qualified Notified Body (a certification organization authorized to review the submissions on behalf of the European Commission through designation by their member country), and obtain approval to sell within the European Union (and thus the European Economic Area, which generally follows the European Union).
Compounding the complex EU process is the fact that the training and qualifications required to be a Notified Body entity have become more rigorous, which has resulted in fewer Notified Bodies serving the region. In other words, little time, guidance, or access to regulators exist for companies with new or existing technologies to apply and comply with the MDR.
Creating A Regulatory Strategy
No matter which global region a digital health company elects to launch in, they must be careful not to underestimate the expertise or rigor required to seek and gain approval to market their product. Digital health companies should avoid making common mistakes preparing for or responding to regulatory challenges, including:
It’s best for digital health companies to begin planning their regulatory strategy during product design concepting, and to allow at least eight to 10 months — ideally, 12-18 months — to build a quality management system, and to generate objective evidence showing a design meets regulatory expectations. Companies that begin addressing quality management system needs earlier are more likely to meet product launch and commercialization goals. They also gain several program advantages — including cost efficiencies, improved team collaboration and output, and more thorough, accurate, and relevant data — all while creating a strong foundation for a repeatable process for future innovations. Companies that start later will have additional costs in gap assessment and remediation efforts; in the worst cases, they’ll be forced to make design changes or perform significant re-testing.
While meeting regulatory requirements is never a one-size-fits-all process, due to variations in company make-up and regional jurisdictions, companies can anticipate several areas of overlap and be proactive in bolstering:
For example, undergirding is a risk-management program to help identify and mitigate potential user or patient harm. This type of risk management tends to challenge companies new to medical device regulation, and especially those new to SaMD, because software developers generally are not responsible for — or unaccustomed to — identifying these kinds of potential hazards. Applying ISO 14971 also is challenging for newcomers, even with the help of the technical report IEC/TR 80002-1.
Hardcopies — or, more specifically, static information sets — for a given version of a SaMD design are needed to share information with a health authority. However, the information can be held electronically until the point where the sharing is needed; if there is an audit at the company, the information can be shown to the auditor via the electronic system. One note of caution: any electronic system must be proven capable of supporting the need (i.e., validated), and have appropriate authorization and authentication controls in place.
Companies pursuing digital health technologies need to navigate complex and changing regulatory schemas across the United States and European Union, as well as the rest of the world. By addressing the four areas of common requirement, companies will be in a stronger position to secure authorization and maintain products on market.
Looking ahead, digital health companies eyeing these markets should anticipate continued changes in regulatory requirements as regulatory bodies react to changes in technologies and their application. As the flow of information continues to quicken, companies should anticipate more frequent regulatory changes, especially in reaction to any adverse events or in the wake of political and philosophical power shifts.
The best bet is to plan ahead: seek advice early in the design and commercial process from regulatory specialists; assess potential gaps and opportunities in relation to current legislation; put robust processes into place; and build a regulatory strategy in line with long-term business goals.
About The Authors
Scott Thiel, MBA, MT (ASCP), RAC, is a Director at Navigant, where he leads the digital health center of excellence in the life sciences group. Scott has over 30 years of experience in the medical device industry, with expertise including product development, software, and connectivity related to medical devices, regulatory affairs, compliance, and quality system creation and remediation. Scott has been trained as an ISO 13485 Lead Auditor and Medical Device Single Audit Program. Scott holds roles in a variety of industry organizations, including the Personal Connected Health Alliance.
Alexandros Charitou, MD FRCS MBA MTOPRA, Associate Director, is an experienced clinician and chest surgeon. He has 20+ years’ experience in healthcare and life sciences, in clinical roles, commercial, and regulatory strategic consulting. Alexandros provides advisory support in strategic commercial opportunity assessments, clinical advisory, medical affairs and regulatory strategy support for both medical technology and pharmaceutical companies. Alex is a subject matter expert on the EU MDR as it relates to medical software, as well as European Medical Device Commercial Strategy, Regulatory Affairs, Clinical is Development, Medical Technology and Pharmaceutical Products Due Diligence. Alexandros also an ISO13485 Lead Auditor.