The Health Sciences Authority (HSA), Singapore’s regulating authority in the sphere of healthcare products, has published a guidance document dedicated to a life cycle approach in the context of software medical devices. The document describes in detail the way a life cycle approach should be applied to various software-based products depending on their specific functions and features. The guidance provides additional clarifications and recommendations to be taken into consideration by medical device manufacturers (software developers) and other parties involved. However, provisions of the guidance are non-binding in their legal nature, so in case of any discrepancies with the respective provisions of applicable legislation, the latter should prevail. The present article is dedicated to the aspects related to AI-based medical devices and regulatory matters to be considered concerning software products utilizing this novel technology.
Table of Contents
The scope of the guidance covers AI-based software products incorporated in hardware medical devices, as well as other AI-based medical devices existing in other forms. According to the document, medical device manufacturers (software developers) should be responsible for ensuring their products comply with any applicable regulatory requirements set forth by existing legislation. In terms of a regulatory framework, apart from specific regulations dedicated to medical devices, the guidance refers to such general regulations as:
- Personal Data Protection Act;
- Human Biomedical Research Act;
- Private Hospitals and Medical Clinics Act
Regulatory Requirements for AI-based Medical Devices
First of all, the guidance provides an overview of the general regulatory requirements AI-based medical devices are subject to. Most of these requirements are similar to the ones applicable to software medical devices. At the same time, there are certain changes due to the specific nature of AI-based medical devices and their unique distinguishing features. For instance, usual software product operates by the pre-defined algorithm while AI-based products have continuous learning capabilities. These products are also different in terms of the level of human intervention, the models used for training and making changes, and other aspects. All these aspects should be considered carefully to ensure the safety and effectiveness of AI-based software medical devices.
As it is further described in the document, all activities related to the design, development, training, validation, retraining, and deployment of AI-MD [AI-based medical devices] should be performed and managed under an ISO 13485 based quality management system (QMS).
The guidance also outlines specific points to be addressed in the submission related to an AI-based medical device. In particular, such a submission should cover, inter alia, the following aspects:
- Dataset (input data and features/attributes used to generate the corresponding output). In this section, the manufacturer should provide detailed information about input data, as well as acceptance criteria applied. Additionally, this section should contain information about pre-processing of data, if it is required to ensure correct operations of the AI-based software medical device. Apart from the above, section dedicated to the dataset should also contain information about the source, size, and attribution of training, validation, and test datasets. In particular, the manufacturer (developer) should provide exhaustive information on the way the datasets were selected and prepared before use, and also justify the use of particular datasets. These details are requested by the authority due to the importance of datasets used to train the AI-based software – the quality and accuracy of datasets used to train the software would impact the effectiveness of a final software medical device.
- AI Model (AI model selection). Another section should provide a detailed description of the particular machine learning model used for the device. The manufacturer should explain the reason behind using the AI model selected, and also outline existing limitations and highlight additional measures duly introduced to mitigate these limitations. Additionally, the medical device manufacturer (software developer) should provide detailed enough information about metrics used to evaluate the actual performance of an AI-based software medical device, together with the results of the evaluation.
- Performance and Clinical Evaluation. This section should address such aspects as (i) Test protocol and report for verification and validation of the AI-MD, including the acceptance limits and information on the anomalies identified (ii) Performance of the AI-MD (e.g., diagnostic sensitivity/specificity/reproducibility where applicable), (iii) Clinical Association between the AI-MD’s output and clinical condition(s). The section should contain information about the evaluation the AI-based software medical device was subject to, and its results. Additionally, the manufacturer should provide information about existing limitations, as well as performance specifications.
- Deployment. The aspects to be addressed in this section include (i) Device workflow including how the output results should be used, (ii) Interval for training data update cycle, (iii) Software version to be supplied in Singapore, and the procedure or plan implemented to trace the software version for subsequent iterations. As further explained by the HSA, this section should contain detailed enough information about the extent to which human intervention is needed, as well as the particular way such intervention should be performed to ensure correct operations of the software. Additionally, the manufacturer should provide information about datasets used to re-train the existing model. The authority additionally emphasizes that in case such re-training impacts the safety and performance of the AI-based software medical device and results in changes to initial specifications, the appropriate change notification should be submitted to the HSA under the respective regulatory requirements. The approach to be applied about change control should be similar to the one applied in the case of general software-based medical devices. AI-based software intended to be marketed in Singapore is also subject to change control requirements to ensure post-market traceability.
Class I Software Medical Devices
Class I is the lowest class under the applicable classification system and applies to the devices with the lowest risk associated thereto. Hence, the applicable regulatory controls are quite low as well. In the case of software-based medical devices, this class applies for the devices that are:
- Intended to monitor the state or progression of a disease;
- Providing information that does not indicate if an individual may be in danger;
- Associated with a low public health risk.
Class IIa Software Medical Devices
This category applies to medical devices associated with medium risk. An example provided by the TGA describes diabetes diagnosis software that is intended to be used by a healthcare professional. Thus, such a product is a Class IIa medical device as the device provides information to a relevant health professional to inform the diagnosis of a serious disease. This category also covers risk prediction software, as well as the tools that record data from a patient monitor or images directly from an MRI scanner (provided that such software does not impact the operations of a scanner itself).
Class IIb Software Medical Devices
This category applies to medical devices associated with medium-high risk. For instance, such classification should be applied to a product that is intended to analyze a cardiac MRI in order to provide information used in making diagnoses of related diseases. As in the previous example, the software is intended to provide information to healthcare professionals only. As described in the guidance, Class IIb applies to medical software that is intended by the manufacturer (the software developer) to provide information to a relevant health professional to inform the diagnosis of a serious disease. Other examples of Class IIb products include tools intended to be used to diagnose an acute arterial occlusion due to the severity of potential consequences of this disease if the necessary treatment is not applied. This category also covers software products that are intended to provide recommendations for treatment or intervention on the basis of input data (e.g., a coronary angiogram). As in the previous cases, such software should be used only by healthcare professionals. Consequently, a Class IIb software-based medical device is the one that is intended to:
- Recommend a treatment or intervention to a relevant health professional for the purposes of making a decision about the treatment or intervention; and
- Be used in cases when the absence of a treatment or a treatment itself could result in severe health deterioration or other adverse consequences.
The same classification applies to wearable devices intended to collect and analyze data for screening for serious heart diseases, as well as questionnaire apps intended to analyze the information provided by a patient and provide a diagnostic output.
Additional Considerations for AI-MD with Continuous Learning Capabilities
Apart from the general points outlined hereinabove, the guidance highlights additional considerations related to AI-based software medical devices with continuous learning capabilities. The authority states that the regulatory approach to be applied in the case of such products should be slightly different since their actual behavior changes after initial deployment. Thus, the manufacturer should provide sufficient information about the learning process, including the details about controls implemented (e.g., quality checks to ensure the quality of learning datasets are equivalent to the quality of the original training datasets).
In summary, the present HSA guidance provides a brief overview of the regulatory requirements AI-based software medical devices are subject to. The document pays special attention to differences in comparison to general software products and describes the approach to be applied to ensure the safety and effectiveness of such devices.
Sources:
How Can RegDesk Help?
RegDesk is a next-generation web-based software for medical device and IVD companies. Our cutting-edge platform uses machine learning to provide regulatory intelligence, application preparation, submission, and approvals management globally. Our clients also have access to our network of over 4000 compliance experts worldwide to obtain verification on critical questions. Applications that normally take 6 months to prepare can now be prepared within 6 days using RegDesk Dash(TM). Global expansion has never been this simple.
