App Certificering

Brian Hedegaard, DELTA

Sundhedsapps fra innovation til kommercialisering

Apps – Hot as ever

Ref: https://ec.europa.eu/digital-agenda/en/news/mhealth-what-it-infographic

82% downloaded less 50,000 times68% generate less $10,000Research2guidance – mHealth App Developer Economics 2014

2014 ~ 97.0002015 ~ 165.000 !

50.000 …

2012 - ~ 40% medical deviceor likely to be!

CE-MARKINGMedical Device approval

EU Market and CE marking

• Legislation aligned between countries – one market

• CE marking is mandatory for most products and must be affixed before the product is placed on the market in EU

• Indicates that a product has been designed and manufactured in conformity with essential requirements in all applicable directives

• Products manufactured in compliance with harmonised standards benefit from a presumption of conformity

DEFINITIONMedical Device

Legislation: – Article 1-2 'medical device' means any instrument, apparatus, appliance,

Software, material or other article, whether used alone or in combination, including the software necessary for its proper application intended by the manufacturer to be used for human beings for the purpose of:

Diagnosis, Prevention, Monitoring, Treatment or Alleviation of disease, injury or handicap

Required to have an intended use in a “medical context” as opposed to non-medical use, e.g. in sports

Medical devices - EU

Applicable Legislation in DK:

Council Directive 93/42/EEC of 14 June 1993 + amendments

Bekendtgørelse 1263 af 8 december 2007

Intended use:– What does it do

– Where is it intended to be used

– For whom is it intenteded

– By which means is the effect obtained

Claims !– The benefit from use you are stating

Marketing material– Web, Printed, presentations, sales reps.

What is a Medical device ?

Not a medical device

Software as medical device (MEDDEV 2.1/6)

Application Description Qualification as medical deviceHospital information systems Control of logistics – admissions,

planning and administrative tasksNo

Decision support software Planning of radiological treatment, Medication planning,

Yes

Information systems Electronic Health Records, Clinicalinformation systems

No (but might be)

Communication systems Email, mobile, video conference, swtranfer of messages like prescriptionsand Health Records

No (but might be)

Software communicating alarms basedon vital parameters for the patient

Yes

Telemedicin Telesurgery YesVideo consultation software NoHome monitoring Communications part – No,

Monitoring sw might be

Segmentation,

Registration (e.g. mapping a data set to a model or atlas or to another dataset, e.g. Registering an MRI image on a CT image),

Complex calculations,

Qualification (e.g. comparison of data against references),

Visualisation, and

Interpretation

Regulated functionalityReconstruction,

Lossy compression,

Fltering,

Pattern recognition,

Modelling,

Transformation,

Classification (e.g. scoring of tumors against specific criteria),

Rendering

For example: plotting data points over time against a bandwidth of (un)healthy values would typically be regulated functionality.

As an example, if the application is intended to carry out further calculations, enhancements or interpretations of entered/captured patient data, we consider that it will be a Medical Device.

If it carries out complex calculations, which replaces the clinician’s own calculation and which will therefore be relied upon, then it will certainly be considered a Medical Device.

NON Regulated functionality ( Currently)

Body Mass Index (BMI)

Total Body Water / Urea Volume of Distribution

Mean arterial pressure

Glascow Coma Scale score

APGAR score

NIH Stroke Scale

Delivery date estimator

Electronic copies of medical textbooks

Educational tools

Facilitate patient access to information

Business operations in healthcare settings (accounting, billing)

Generic aid (e.g. magnifying glass)

Non-Regulated functionality

DEVELOPMENTMedical device App

Path to market

Idea Requirements-User- Environment

Medical device

?

Intendeduse

Identify applicabledirectives

Classification

Choosing path to CE (Conformity assesment procedure)

Annex II

QMS

Annex VII

QA

Implementation -> Technical File

Assessment with NBRegistration

CE CExxxx

Class I Class IIa-> III

NO

YES

Annex VII

Registration(NB assesment)

CE

Class Im

Post market surveillance

In 8 small steps..

Quality Management

Risk Analysis

Step 0 – Concepting phase

IPR• Freedom to

operate• Novelty

Commercial• User need• Market potential• Market

penetration• Business case• Reimbursement• Lifecycle costs

Product• Technology• Materials• Processes

Clinical• Publications• Clinical

evaluationProduct Concept• Intended use• Claims• USP

Regulatory• Strategy• Product risks• Launch plan• Approval

process

Risk –Patient / project

Step 1 – identifying applicableDirectives (EU)Directive 93/42/EEC - medical devicesDirective 90/385/EEC - Active Implantable Medical DevicesDirective 98/79/EC - In Vitro Diagnostic Medical Devices.

Applicability is based on INTENDED USE

Medical Device Regulation

2016 ?

CLASSIFICATIONDetermining

Step 2 - Classification

Time Active product Invasive

Higher classification–more documentation and more control required

MEDDEV 2.1/6 and MEDDEV 2.4.1

18

Step 2 - Classification- EU

MEDDEV 2.4 /1 rev. 9 page 21

CONFORMITY ASSESMENTPROCEDURE

Choosing

Step 3 - Conformity assessment procedure

Annex VIIEC Declarationof conformity Annex IV

EC VerificationAnnex VI

Product qualityassurance

Annex IIFull QualityAssurance

system

Annex IIIEC Type Examination

Annex VProduction

qualityassurance

CE xxxxCE

Desi

gnM

anuf

actu

re

Hardly applicable for software

Ref: NB-MED/2.2/rec4 rev 5.

RISK MANAGEMENTAvoid harms - think

Terms and definitionsHazard:– Potential source of harm. - [ISO 14971 clause 2.3]

Hazardous situation:– Circumstance in which people or the

environment are exposed to one or more hazard(s). - [ISO 14971 clause 2.4]

Harm:– Physical injury or damage to the health of

people, or damage to poperty or the environment. - [ISO 14971 clause 2.2]

Risk management

Terms and definitionsRisk:– Combination of the probability of occurrence

of harm and the severity of that harm. - [ISO 14971 clause 2.13]

Residual risk:– Risk remaining after protective measures

have been taken. - [ISO 14971 clause 2.12]

Safety:– Freedom from unacceptable risk. - [ISO 14971 clause

2.20]

Risk management

Apps may introduce new or changed risks due to the special conditions of the platform (mobile computing platform)

Example 1: Reading and interpretation of radiological images on a mobile platform may be affected by:

– Screen size

– Contrast ratio

– Uncontrolled surroundings

Example 2: Colors

UI Considerations

DEVELOPMENTMedical device

Execution of development plan to: – Fulfill essential requirements

– Create Design History File

– Perform and update Risk assessment

– Ensure traceability in development

– Prepare Test

– Prepare Clinical evaluation

– Execute usability test

– Etc…

Step 4 – Implementation

Quality Management

Risk Analysis

TECHNICAL DOCUMENTATIONCompiling the

Compilation of documents describing the product in details eg.:– Essential requirements checklist

– Design History File

– Risk assessment

– Test Reports

– Production (and development) process

– Clinical evaluation

– Labelling

– Etc…

The manufacturer or the authorized representative established in the European Community is requested to keep copies of the technical documentation for a period of at least 5 years, in the case of implantable devices at least 15 years, after the last product has been placed on the market.

Step 5 – Compile the Technical File

Step 6 + 7 Assessment and Declaration of conformity

Assessment– Class I -No Notified Body assessment needed

– Class Im - Notified Body assessment needed - for the measurement part

– Class IIa, IIb and class III• Notified Body assessment required for the QMS and Technical file

Declaration of Conformity– Declaring conformance with ALL applicable legislation

Registration through web form (DK)

Class I device – Devicename

– Generic Device name

– Alternative device names

– Type of device (KLI, SBP, STE)

– Model

– (GMDN code)

Class IIa – >– Additional information and Notified Body declaration required

Step 8 – Apply CE- Mark / Registration

Registation fee: 1149 kr.

Yearly manufacturer fee 2015

Employees Fee0-5 4.686 kr.

6-20 14.056 kr.

21-50 23.426 kr.

51-100 39.045 kr.

Over 100 62.472 kr.

GMDN: Global Medical Device Nomenclature

ISO 13485 – Quality Control

ISO 14971 – Risk management

ISO 62304 – Software Life Cycle

ISO 62366 – Usability – Design for Human factors

ISO 60601 – Medical Electrical Systems

ISO 14155 – Clinical trials

ISO 10993 – Biocompatibility (Not for software)

Important standards –App Development

The motivation for the development is misguided– Too generic – must adress a specific problem

• If collecting data, data must be collected and filtered in a way that it translates a message to the end-user, whether that be a patient or clinician

Lack of Clinical involvement– Technologies do not operate in a vacuum – consider the environment– Think connectivity – data shall be available else where

Poor attention to Usability– Keep the user in mind (ability, educational level, surroundings)

– Design for multiple display sizes and resolution (sw)

Take home part 1

Not knowing the healthcare landscape– How can adoption be planned if the landscape is unknown

Not building to regulatory specifications– Wow effect doesn’t make the cut! Requirements from eg. FDA/MDD,

HIPAA/GDPR must be met.

Think 360°

Frontload development (refine the concept)Be agile – adapt to the market and needs– But be carefull to maintain documentation !

Selling an app does not translate to adoption. Selling a good app improves its chances dramatically !

Take home part 2

Sundheds-apps fra innovation til

kommercialiseringCertificeringer af sundheds-apps

Susie Wagner BondorfPartner og med-stifter

EU guidelines on assessment of the reliability of mobile health applicationsFirst draft of the guidelines presented at an open

stakeholder meeting in Brussels 4th of May 2016

Related Initiatives (1)üData protection

• industry-led privacy code of conduct for mobile health apps (process started in Apr 2015)

üMedical devices legislation• New regulations negotiated in the Council and EP• Updated MEDDEV guidance 2.1/6 on qualification and

classification of stand-alone software • Updated Manual on Borderline and Classification (two new

entries on mobile apps for the assessment of moles)üDigital Single Market strategy (6 May 2015)

• Public consultation on safety of apps and other non-embedded software (to be launched in May 2016)

Related initiatives (2)üEuropean standard on quality criteria for the

development of health and wellness apps• based on the PAS 277:2015 on Health and wellness apps –

Quality criteria across the life cycle (UK)• does not cover requirements for apps that are classified as

medical devices

üPolicy discussions at the Member States level (eHealth Network subgroup on mHealth)

üWHO-ITU innovation hub for mHealth (under H2020)

3.Health&wellbeingapps

Three main groups of apps

1.CE marked medical

devices.

2.Other apps used in a

medical setting.

3.Health & wellbeing

apps.

2.Otherappsusedinamedicalsetting 1.CE

marked

Additionalfocus

areaslikee.g.GUI

Process for guideline productionFirst Iteration – as presented today

Followed by stakeholder engagement and written feed-back

Second Iteration – targeted for end-MayFollowed by stakeholder engagement and changes to next draft in light of feed-back

Third Iteration – targeted for mid October Followed by stakeholder engagement and changes to next draft in light of feed-back

Fourth (and Final) Iteration – targeted for end DecemberFinal draft guidelines sent out for written comments to the extended stakeholder group.ü When feedback received, final draft guidelines produced and discussed with

Commission.ü Included in final report (2017-01-25)

Focus groupsüCitizens.

üApp developers.

üHealthcare professionals.

üPrivate & public healthcare providers, public

authorities & health ins. providers.

A view to the engine compartmentScrutiny questions:

Currently nine summary questions:üIs the app usable & accessible? (repeat for each o/s)üIs the app desirable to use?üIs the app credible?üIs the app transparent? üIs the app reliable?üIs the app technically stable?üIs the app safe?üIs the app effective?üIs the app private & secure?

CoveredbyPrivacyCofC?

Further informationFind the first draft of the guidelines here:http://ec.europa.eu/newsroom/dae/document.cfm?action=display&doc_id=15353

Thank you!

Brian Hedegaard+45 5177 8762bhe@delta.dk

Susie Wagner Bondorf+45 2494 7270

swb@synsana.com