Software, Artificial Intelligence (AI) included, plays an increasingly important and crucial role in the health sector. AI Software with medical intended purpose are generally classified as medical devices in the UK. To enhance and set the regulatory requirements for software and AI and consequently ensure the safety and protection of patients, the MHRA announced the Software and AI as a Medical Device Change Programme (MHRA, 2022)last year. The Programme is part of a broader reform regarding the future regulation of medical devices in the UK.
On October 17, 2022, the MHRA delivered further information on the Change Programme and its work packages and how they will implement them. The aspects of the Programme roadmap will be the subject of this article.
General scope
The Change Programme is setting out to achieve three primary goals:
- Make sure that specific requirements are in place for software and AI as a medical device regarding their safety and safeguarding patients and the public;
- Make sure that manufacturers have a clear image and are provided guidance and a streamlined process on the regulatory framework, their responsibilities, and how to ensure compliance;
- Make sure there are no disturbances to the market through the cooperation with key partners;
The Programme comprises eleven work packages split into two workstreams. The first eight work packages will concern reforms on software as a medical device (SaMD); the remaining three work packages will tackle the challenges that AI as a medical device (AIaMD) can pose compared to “classically programmed software” (MHRA, 2022).
The first drafts for some work packages are planned to be published before the end of 2022.
The changes will be implemented in the form of secondary legislation and will be reliant on guidance documents to achieve their objective. The MHRA will increase its efforts to engage patients, the public and the health sector as a source of input. Furthermore, the MHRA will ensure the specific needs of diverse communities are served, examining, for example, health inequalities in medical device regulation. It is hoped the Programme will drive international harmonization concerning SaMDs and AIaMD so that a regulatory consensus may be reached. As such, new standards will need to be developed to assist manufacturers in meeting their requirements. Finally, it is of great importance that all these changes are performed while respecting the right to privacy and personal data of patients and consumers and following ethical principles for AI in health and social care.
The work packages at a glance
The work packages presented will often be comprised of smaller ones or build on the conclusions of previous ones. All of them will have specific objectives and methods outlined. They will all follow a central goal regardless: protecting patients and the public while accelerating innovation.
At a glance, the work packages address the following issues:
- Qualification: addressing the lack of clarity for what qualifies as an SaMD and software in a medical device.This Work package comprises three deliverables, assisting with the definition of SaMD, helping manufacturers define the purpose of their devices and clarifying the concept of the manufacturer.
- Classification: addressing the inability of MDR 2002 to classify software with regards to patient and public safety correctly.This Work package contains three deliverables, ensuring the classification of SaMDs is clear and valuable evidence can be gathered in a premarket phase.
- Premarket requirements: ensuring more apparent premarket requirements fitting for software are in place.This Work package comprises six deliverables, tackling the essential requirement for SaMDs and AIaMDs, their deployment, the impact of human factors, and the establishment of a proper nomenclature for these devices in cooperation with other bodies.
- Post Market: establishing a more robust Post Market Surveillance system for SaMDs and Vigilance for manufacturers to detect and mitigate the risk of incidents.Five deliverables are planned for this work package, providing guidance on gathering information, reporting adverse incidents, quality management systems and risk management.
- Cyber Secure Medical Devices: mitigating cyber security vulnerabilities and operational issues by legacy SaMDs.
- Cyber Secure Medical Devices: mitigating cyber security vulnerabilities and operational issues by legacy SaMDs.Four deliverables will assist in this objective, setting and clarifying cybersecurity requirements for MDs and IVDs, offering guidance on unsupported software devices and reporting on cybersecurity vulnerabilities.
The final three work packages concern AIaMDs. Their deliverables will address various aspects regarding AI and its incorporation into medical devices. These include measures to ensure the AIaMDs placed on the market are safe and effective, that AIaMDs take into account human interpretability and are Human-centered, and finally, provide guidance and direction regarding adaptive AIaMDs.
MHRA’s effort with the Change Programme is a bold step towards a robust and streamlined regulatory framework about SaMDs and AIaMDs. One that the patients, the public, and the manufacturers can all take advantage of. It remains to be seen, however, whether the Work Packages and Deliverables will manage to conform to the announced schedule and timeline fully.
Was this article helpful?
Check Obelis UK News page to keep up to date with the latest Medical Devices and Cosmetics market in the UK.
Nikolaos Chatzistavrou
RA Department
28/10/2022
Would you like to place medical devices on the UK market? Contact us and we will guide you through the process!
References:
- MHRA.(2022). Software and AI as a Medical Device Change Programme – Roadmap – GOV.UK (www.gov.uk). Retrieved on 28/10/2022.
The information contained on Obelis UK is presented for general information purposes only, without obligation and it has been compiled with the utmost care to ensure it remains up to date. Nevertheless, Obelis Group cannot be held liable for the accuracy and completeness of the information published. Any reliance placed on such information is therefore strictly at the User’s risk.