The Roszdravnadzor, the medical device regulating authority of the Russian Federation, has published a guidance document dedicated to the methodical recommendations for the quality, effectiveness, and safety assessment of medical devices (in the part of medical devices) for the purpose of the state registration under the national procedure.
The present methodical recommendations are intended to be used by the expert organizations and the Roszdravnadzor itself, and also to inform the industry representatives about the current approach to medical software. The document is based on the current legislation, regulations, and standards in the field of medical devices and information technologies.
According to the document, the methodical recommendations are intended to:
- Establish similar approaches to the quality, effectiveness, and safety examination of the software determined as a medical device,
- Align the conformity assessment of the software determined as a medical device (SaMD) to the requirements set forth in the applicable regulations in the part of the documentation to be provided in the course of registration procedures.
The document also introduces several important concepts, such as:
- SaaS – Software as a Service – the software provided as a service for the remote (“cloud”) use,
- Software (for the purpose of the document) – the software that constitutes a medical device itself.
First of all, the present methodological recommendations describe the criteria to be applied in order to determine whether the particular software in question should be determined as a medical device and treated accordingly. According to the document, the procedures to be applied are actually based on the principles set forth by law No. 323 “On the basics of the citizens` health protection in the Russian Federation.” In case if it is impossible to make an accurate determination using the aforementioned principles, additional guidelines should be applied. In particular, additional determination criteria are set forth by Roszdravnadzor`s information letter No. 02I-297/20 “On software” describing the current thinking of the authority regarding the responses to be provided to the requests associated with medical devices in the context of the software. The document establishes certain criteria to be applied for the purpose of correct determination of the medical software.
According to the aforementioned letter, the software should be deemed as a medical device providing it meets any and all criteria outlined herein below:
- It is a software or module thereto, irrespectively of the platform used, and also of the ways of its deployment and access thereto,
- Is not a part of another medical device,
- Is intended by the manufacturer to provide medical care,
- The result of its use constitutes the interpretation (in the automatic mode, including the use of artificial intelligence, or in accordance with the parameters set forth by a healthcare professional and impacting the clinical decisions) of the set of data collected from medical devices allowed to be used or introduced by healthcare professionals to provide medical care.
The examples of the methods and technologies used in the functions of medical software that do not constitute the interpretation of data include, inter alia, the following ones:
- Displaying of data collected from the medical device (including displaying in the pre-defined format),
- Calculations based on the pre-defined formulas,
- Conversions between measurement units,
- Creating statistical reports and charts,
- Image editor,
- Deviation alerts, in case of displaying source data and the possibility to set deviation parameters,
- Functions related to the creation of form, business-processes, reports, or other representation forms used for the purpose of automatization of business processes in a healthcare institution.
The document also provides certain examples of the software that should be construed as medical software. For instance, the software used by healthcare professionals to view the individual anatomical 3D-model based on the computer tomography images meet the SaMD criteria, namely:
- Interpretation function – calculating the distance between two points of the anatomical model,
- Data source – computer tomography device,
- Intended use – the use by X-ray professionals, including emergency care,
- Platform – mobile devices (e.g. smartphone or tablet),
- Access way – application store.
General Approach to the Remote Monitoring Devices
As it was already mentioned in the initial guidance, in order to ensure and expand the uninterrupted availability of non-invasive remote monitoring devices intended to be used in the COVID-19 context, the Agency is not going to object to certain changes or modifications to the indications for use, claims made by the manufacturer, functionality, hardware or software of medical devices covered by the scope of the present enforcement policy, providing that such changes do not cause an adverse effect on the safety and effectiveness of the medical devices subject to changes. This exclusion should be applied only during the public health emergency associated with the outbreak of the novel coronavirus. Under the exclusion, the medical device manufacturers are allowed to waive the requirement on mandatory submission of a 510(k) premarket notification which is required in such cases under the general rules. Aside from this exclusion, the present enforcement policy actually implements certain additional exclusions medical device manufacturers could benefit from.
According to the document, the Agency is not going to object to the modifications described therein, in case of such modifications are intended to improve the functional capabilities of non-invasive remote monitoring devices and their performance. At the same time, the authority additionally emphasizes that such changes should not affect the physiological parameter measurement algorithms.
The Agency also recommends the manufacturers to take into consideration the requirements set forth in the applicable FDA-recognized voluntary consensus standards – the standards approved by the authority to be used to demonstrate conformity with certain safety and performance requirements – including, inter alia, the following ones:
- ANSI/AAMI ES60601-1:2005 (R2012) – Medical Electrical Equipment – Part 1: General Requirements for Basic Safety and Essential Performance;
- IEC 60601-1-2:2014 – Medical Electrical Equipment Part 1-2: General Requirements for Basic Safety and Essential Performance – Collateral Standard: Electromagnetic Disturbances – Requirements and Tests;
- ANSI/IEEE C63.27:2017 – American National Standard for Evaluation of Wireless Coexistence;
- IEC 62304:2015 – Medical Device Software – Software Life Cycle Processes, and other applicable standards.
It is also important to mention that since the non-invasive remote monitoring devices require to be connected to the network when being used for the intended purpose, the medical device manufacturers shall also duly implement the measures and controls necessary to address potential cybersecurity matters.
SaMD Intended Purpose and Type, Classification
According to the methodical recommendations, the intended purpose of the software indicated in the application, and also its conformity with data provided in technical and user documentation should be subject to verification in the course of the conformity assessment.
In particular, the following non-compliance criterion should be applied – the intended purpose of the software is not detailed enough, including the lack of information about its use for medical purpose or for the purpose of provision of medical care, as well as the information about the data interpretation function and the way it could impact various medical processes. For example:
- Incorrect – “The software is intended for collecting, storing, archiving and transmitting data,”
- Correct – “The software is intended for collecting, storing, archiving and transmitting, automatic recognition of X-ray and ultrasound images, and detection of pathological changes in lungs.”
Another aspect subject to assessment relates to the type of software in question under the nomenclature classification of medical devices.
The assessment should also include the review of the indicated class of the software under the risk-based classification. In case if the class indicated in the initial application is incorrect, the expert conducting the assessment is entitled to assign the software to another class in accordance with the SaMD classification rules.
Additional Requirements For Medical Software
Besides the points described hereabove, the present methodical recommendations for medical software assessment provide additional points to be considered by the interested parties applying for the SaMD registration under the current regulatory framework.
For instance, the document states that the regulating authority is entitled to request additional information and documentation related to the design and development process. In accordance with the applicable standard (ГОСТ Р МЭК 62304-2013), this process should include the following steps:
- Planning based on the requirements of the client,
- Analysis of requirements,
- Software architecture design,
- Detailed software development,
- Execution and checking of the software modules,
- Software integration and integration tests,
- Testing of the software system,
The aforementioned standard prescribes that certain elements of the risk management with regard to the software should take place at each and every step of the development process described hereabove.
Moreover, the methodical recommendations describe the applicable non-compliance criteria, namely:
- The absence of the information regulating the design of the SaMD (e.g. its composition, description of the elements and connections with both medical and non-medical devices and software, operations controls associated with potential hazards, technical features of the software, and description of the safety measures to be applied),
- The absence of the information establishing the technical requirements related to the safety and use of the SaMD (e.g. functionality requirements, modernization compatibility, input and output data formats, interconnections between modules of the software, use conditions description, the way the software should be used),
- The absence of the information regarding cybersecurity measures to be taken by the manufacturer (developer (e.g. potential risks associated with the use of the SaMD, user authorization, and identification procedures).
- The absence of information regarding the sufficiency of data protection measures.
Summarizing the information provided here above, the new methodical recommendations issued by Roszdravnadzor describe the approach towards conformity assessment of medical software that constitutes a device (SaMD), applicable classification rules and other points to be taken into consideration by medical device manufacturers and other parties involved in design, development, distribution or use of medical software.
How Can RegDesk Help?
RegDesk is a next-generation web-based software for medical device and IVD companies. Our cutting-edge platform uses machine learning to provide regulatory intelligence, application preparation, submission, and approvals management globally. Our clients also have access to our network of over 4000 compliance experts worldwide to obtain verification on critical questions. Applications that normally take 6 months to prepare can now be prepared within 6 days using RegDesk Dash(TM). Global expansion has never been this simple.