The new article highlights the points related to the regulatory approach to be applied in the case of various products intended to collect and process electrocardiography data. 

The Brazilian regulating authority in the sphere of healthcare products (ANVISA) has published a guidance document dedicated to software products subject to regulation as medical devices (SaMD). The document describes the approach to be applied with respect to various software products that meet the definition of a medical device set forth under the existing legislation, provides additional clarifications and recommendations to be taken into consideration by medical device manufacturers (software developers) and other parties involved in order to ensure compliance thereto. At the same time, provisions of the guidance are non-binding in their nature, nor are intended to introduce new rules or impose new obligations. The authority also reserves the right to make changes necessary to reflect corresponding amendments to the underlying regulations. 

The guidance constitutes a questions and answers document and contains questions raised by the industry representatives with respect to various regulatory matters, accompanied by the responses and detailed explanations provided by the authority. 


Remote Monitoring Software System 

One of the examples included in the guidance describes a software system for remote monitoring patients with electrocardiography components, namely:

  • Mobile application to be used by the customers (patients) to record information and access it when necessary;
  • Cloud platform for secure data management;
  • Web application to be used by healthcare professionals.

The questions are whether all the components of the said system could be included in a single application and whether all of them are subject to regulation under the medical devices framework in general. 

As explained by the authority, the remote patient electrocardiographic monitoring system constitutes software as a medical device and, consequently, should be subject to regulation under the respective legal framework. Hence, the level of regulatory scrutiny to be applied should be determined in accordance with the existing risk-based classification for medical devices depending on the indications for use and functionality. For instance, in case the product will not generate any alarms, but only record and transmit electrocardiographic information, it will be subject to regulation as a Class II medical device. At the same time, if it will generate alarms or transmit information intended to be used in emergencies, it will be subject to regulation as a Class III medical device (including the situation when automatic diagnostics solutions are used). 

The authority further explains that since in case all three software products described herein above are intended to operate together in a complementary way, the system should be assessed as a whole. It is also important to mention that the medical device intended to collect electrocardiographic data should be subject to regulation (and registration) as well. However, in order to determine the details of the regulatory approach to be applied, additional information regarding the system is needed. 

Smartwatch With an ECG Function 

Another example provided in the guidance describes a smartwatch with multiple functions to be used when practicing sports. The functionality includes, inter alia, an ECG function (electrocardiogram) and measuring blood pressure. At the same time, according to the claims and statements made by the manufacturer, the product is not intended to be used for medical purposes. The data collected by the device will be stored using the respective application to be downloaded by the user from an application store. Nowadays there are a few products with similar functionality that are currently under review by the authority. The question is whether an application or a smartwatch should be subject to regulation as a medical device. 

According to the explanation provided by the authority, when determining the regulatory status of the product, not only the claims and statements made by the manufacturer should be taken into consideration, but also the way the device could actually be used based on its functionality and features. Thus, when making such a determination, the authority will assess how the device works. In this particular case, the authority describes two potential scenarios, namely:

  • Case 1: Measurement is made indirectly by software using calculations based on input or signal from the non-wearable sensor. In this case, the medical product will be the software used to make the said calculations.
  • Case 2: Sensor/wearable conducts the measurement. In this case, either the sensor/wearable or the software will be a medical device, and both products could be subject to regulation as a system. 

As further explained by the authority, in both cases (and irrespectively of the applicable regulatory framework), a party responsible for a medical device should present [the results of] robust randomized clinical studies (pre-market), as well as the results of literature review and clinical evaluation conducted in any applicable way. Furthermore, should the product subject to review employ artificial intelligence (AI) technology, a responsible party will have to provide a rationale for the use of AI-based solutions, together with extensive information about the learning activities, training, verification, and other important matters related to the AI used. 

In accordance with the clarifications provided in the guidance, in case the measurements are conducted by the hardware device, it should also comply with the respective regulatory standards. 

The authority also encourages the parties responsible for such products to get in touch in advance, before applying for marketing approval, in order to discuss the key aspects and ensure all the important matters are covered by the scope of the application submitted and the information contained therein. 

Apart from the above, the ANVISA additionally emphasizes that distribution of the software subject to regulation as a medical device without the proper registration is strictly prohibited and constitutes an offense, even when conducted for free. 

In summary, the present guidance describes the examples of products intended to collect and process ECG data. The document highlights the key points to be considered when determining the regulatory nature of such products and the approach to be applied.  



How Can RegDesk Help?

RegDesk is a next-generation web-based software for medical device and IVD companies. Our cutting-edge platform uses machine learning to provide regulatory intelligence, application preparation, submission, and approvals management globally. Our clients also have access to our network of over 4000 compliance experts worldwide to obtain verification on critical questions. Applications that normally take 6 months to prepare can now be prepared within 6 days using RegDesk Dash(TM). Global expansion has never been this simple.