MHealth software is big business: understand regulations and be a leader in this area

MHealth Software Regulation: part I

MHealth is big business and is still growing: Marketwatch estimate the mHealth market will be worth over $200bn by 2025. It is likely mHealth will soon be the norm for diagnosis and patient monitoring, owing to the financial, clinician and patient benefits offered by the intuitive technology. So now is the time to get a tight hold on regulations and drive your product’s growth.

Recent years has seen increasing focus on regulation, for example privacy is a hot topic across the whole software industry: GDPR (General Data Protection Regulation) is probably the most recognisable subject in this area. But there is more to it and it’s complicated. Therefore, it is important to embrace this complexity and ensure regulation is at the heart of your mHealth software solution.

Ignore regulations at your peril!

mHealth regulations are key to your product and brand’s success. It is as simple as that; ignore the regulations and you risk everything.

Complementary Smartphone Apps that read lateral flow rapid tests are increasingly being incorporated in to mHealth solutions. One such example is AppDx^®, Abingdon Health’s adaptable smartphone app that reads lateral flow rapid tests and captures sharable data for faster analysis.

In developing AppDx^®, our in-house regulatory team had to prepare and plan for the complex regulations, while at the same time being prepared for when the regulatory landscape will change. When working with clients who wish to configure AppDx^® with their lateral flow rapid test we use our regulatory expertise and apply the same plan, prepare and anticipate principles.

The regulatory process

When placing a Medical Device on the European market the Legal Manufacturer must apply CE marking to their device, indicating compliance with applicable European Medical Device Directives.  These directives contain General Safety and Essential Performance Requirements (GSPRs) which aid in compliance with harmonized standards.  This makes understanding and meeting the requirements and knowledge of standards such as EN 60601 - Medical Electrical Equipment and Systems and IEC 62366-1:2015 Medical devices — Part 1: Application of usability engineering to medical devices, essential for all manufacturers of Medical Electrical Equipment.

There are many additional considerations needed, such as compliance with:

• ISO 13485:2016 - Medical devices - Quality management systems - Requirements for regulatory purposes,
• ISO 14971: 2019 Medical devices — Application of risk management to medical devices,
• BS EN 82304-1:2017 Health software — Part 1: General requirements for product safety,
• and it doesn’t stop there……

When developing medical device software in line with your product requirement specifications ‘intended use’, compliance with IEC 62304:2006 Medical device software - Software life-cycle processes should be a significant part of your new product development planning, along with EN 62366:2008 Medical devices - Application of usability engineering to medical devices.

Stay abreast of the changing landscape

The revision of the Medical Devices Regulation (MDR) and In-vitro Diagnostic Medical Devices Regulation (IVDR) increases the need to ensure when placing devices on the EU Market which contain software, fit for the new technology challenges, such as cybersecurity risks. The Directives outline certain new General Safety and Essential Performance Requirements for all medical devices that incorporate electronic programmable systems and software that are medical devices in themselves.

The Medical Devices Regulation (MDR) and In-vitro Diagnostic Medical Devices Regulation (IVDR) require manufacturers to consider the state of the art when designing, developing and upgrading medical devices across their life cycles.

Some key GSPRs identified in MDR Annex I and IVDR Annex I include:

• Device performance
• Risk management systems
• Risk reduction
• Risk control measures
• Combination/connection of devices and systems
• Interactions between software and IT environments

At the beginning of this year new guidance was published by the Medical Device Coordination Group (MDCG) to assist manufacturers in their duties to adhere to all the relevant cybersecurity requirements in Annex I of the Medical Devices Regulation (MDR) and In-vitro Diagnostic Medical Devices Regulation (IVDR).

The guidance provides clarification for the EU market that the Directive (EU) 2016/1148 concerning measures for a high common level of security of network and information systems across the Union and the General Data Protection Regulation (EU) 2016/679 (GDPR) are relevant to the cybersecurity of medical devices or to operators dealing with protecting or processing of personal data stored in medical devices, and thereby may apply in parallel to the MDR/IVDR regulations.

Not to be overlooked at EU level is the EU Cybersecurity Act (Regulation (EU) 2019/881) which is responsible for the introduction of an EU-wide cybersecurity certification framework for ICT products, services and processes.

It’s a complicated business but the solution is simple

The regulation is complex and the landscape will continue to change. It’s a complicated business and at Abingdon our in-house regulatory team can support you in this through and ensure regulation is a consideration from the start. Our simple advice is prepare and plan from the outset.

View MHealth Software Regulation: part II here