At All Med Pro, we know that insurance is more than just policies and paperwork—it’s about protecting what matters most. As a specialist Life Sciences insurance broker, we’re here to go beyond the basics, offering expertise that truly adds value to your business. From identifying liability risks to reviewing your commercial insurance needs, our team prides itself on delivering proactive, professional advice tailored to your unique challenges. Because for us, it’s not just about insurance—it’s about empowering your success with confidence and clarity.
Along with our insurance service offerings, we assist our clients by making introductions to professionals within our commercial network. Often, our Life Sciences customers (particularly early-stage Medical Device/Tech organisations) find it helpful for All Med Pro to make introductions to other service providers within our network, such as:
- Intellectual Property Lawyers
- Cyber Security Experts
- Regulatory Consultants
- Quality Management System Experts (QMS)
- Product Design Consultants
- Market Access Consultants
- Medical Writers
- Venture Capitalists
- R&D finance specialists (including Grant writers and Accountants)
To enable us to understand the sector and signpost our clients to other professional service providers, we need to stay abreast of Medical Device market conditions. One aspect of the sector that we regularly update ourselves upon is regulatory frameworks, both domestically and internationally, particularly considering the EU and US.
One of the key areas of rapid growth worldwide is the use of AI software in Medical Devices. As such, we wanted to write an informative piece to provide an overview of the regulatory framework in the UK, some of which is similar to EU directives.
In the UK, the regulation of AI medical device software falls under the Medicines and Healthcare products Regulatory Agency (MHRA). Here are some key points:
- Classification and Regulation: AI used for medical purposes is classified as a medical device under the UK Medical Device Regulations 2002. This includes software used alone or in conjunction with other medical devices.
- Safety and Performance: Manufacturers must ensure their AI medical devices meet safety and performance standards throughout the product lifecycle. This includes pre-market assessments, post-market surveillance, and continuous monitoring.
- Transparency and Explainability: AI systems must be transparent and explainable. This means manufacturers need to provide clear information on how the AI works and its intended use.
- Regulatory Reforms: The MHRA is actively working on regulatory reforms to address the unique challenges posed by AI in medical devices. This includes the Software and AI as a Medical Device Change Programme, which aims to ensure regulations are clear and protect patients.
- International Collaboration: The MHRA collaborates with international bodies like the FDA and Health Canada to harmonize regulations and ensure best practices are followed globally.
The MHRA assesses AI medical devices through a comprehensive process to ensure their safety, performance, and effectiveness. Below are the key steps involved:
- Pre-Market Assessment:
- Qualification and Classification: AI devices are classified based on their intended use and risk level. This determines the regulatory requirements they must meet.
- Technical File Review: Manufacturers must submit a technical file that includes detailed information about the device, its design, and its intended use. The MHRA reviews this file to ensure compliance with regulatory standards.
- Clinical Evaluation:
- Clinical Investigations: For higher-risk AI devices, clinical investigations may be required to demonstrate safety and performance. The MHRA reviews the clinical data to ensure it supports the intended use of the device.
- Exceptional Use Authorisations: In certain cases, the MHRA may grant exceptional use authorisations for AI devices that address unmet medical needs.
- Post-Market Surveillance:
- Vigilance Reporting: Manufacturers must report any adverse incidents or field safety corrective actions related to their AI devices. The MHRA monitors these reports to identify and mitigate potential risks.
- Post-Market Surveillance Activities: The MHRA conducts ongoing surveillance to ensure AI devices continue to meet safety and performance standards after they are on the market.
- Transparency and Explainability:
- Transparency Requirements: AI systems must be transparent and explainable. Manufacturers need to provide clear information on how the AI works and its intended use.
- Adaptivity and Retraining: The MHRA assesses how AI models are updated and retrained to ensure they remain safe and effective over time.
- International Collaboration:
- The MHRA collaborates with international regulatory bodies like the FDA and Health Canada to harmonize regulations and share best practices.
This thorough assessment process helps ensure that AI medical devices are safe, effective, and reliable for use in healthcare settings.
References:
Considering the above information, there are certain standards relevant to assist in regulatory compliance. A regulatory consultancy or QMS consultant might advise a MedTech business to consider:
- ISO 13485: An international standard that specifies the requirements for a quality management system (QMS) specific to the medical device industry. It ensures that organizations involved in the design, production, installation, and servicing of medical devices consistently meet regulatory and customer requirements for safety and efficacy. The standard covers the entire life cycle of a medical device, from design and development to production, installation, and servicing. Compliance with ISO 13485 is often required for regulatory approval of medical devices in many countries.
- ISO 14971: An international standard that outlines the process for risk management of medical devices. It provides a framework for identifying hazards, evaluating and controlling risks, and monitoring the effectiveness of these controls throughout the lifecycle of a medical device. The standard is crucial for ensuring the safety of medical devices by helping manufacturers systematically manage risks associated with their products. It covers various aspects, including biocompatibility, data security, and usability.
- ISO 14155: An international standard that outlines good clinical practices for the design, conduct, recording, and reporting of clinical investigations involving human subjects to assess the safety and performance of medical devices. The main objectives of ISO 14155 are to:
- Protect the rights, safety, and well-being of human subjects.
- Ensure the scientific conduct and credibility of clinical investigations.
- Define the responsibilities of sponsors and principal investigators. This standard is crucial for regulatory purposes and helps ensure that clinical investigations are conducted ethically and scientifically.
- IEC 82304-1: An international standard that specifies the requirements for the safety and security of health software products. This standard applies to software designed to operate on general computing platforms and intended to be marketed without dedicated hardware. Key aspects of IEC 82304-1 include:
- Design and Development: Ensuring that health software is designed and developed to meet safety and performance requirements.
- Validation: Validating the software to ensure it meets user needs and intended uses.
- Maintenance and Disposal: Providing guidelines for the maintenance and safe disposal of health software. This standard is crucial for manufacturers of health software to ensure their products are safe and effective throughout their lifecycle.
- IEC 62304: An international standard published by the International Electrotechnical Commission (IEC) that defines the software life cycle processes for medical device software. It provides a framework for the development, maintenance, and support of medical software throughout its entire lifecycle. The standard covers several key areas:
- Software Development Process: This includes planning, requirements analysis, architectural design, detailed design, implementation, verification, integration, and system testing.
- Software Maintenance Process: Establishes procedures for maintaining the software, including problem and modification analysis.
- Software Risk Management: Focuses on identifying and mitigating risks associated with the software.
- Software Configuration Management: Involves managing changes to the software and maintaining records of its configuration.
- Software Problem Resolution: Addresses how to handle and resolve issues that arise during the software’s lifecycle. IEC 62304 is essential for ensuring the safety and effectiveness of medical device software, helping manufacturers comply with regulatory requirements and maintain high-quality standards.
- IEC 62366: An international standard that focuses on the application of usability engineering to medical devices. It provides a framework for manufacturers to analyse, specify, develop, and evaluate the usability of medical devices, ensuring they are safe and effective for users. Key aspects of IEC 62366 include:
- Usability Engineering Process: This involves identifying and mitigating risks associated with the use of medical devices, particularly those related to user errors.
- Risk Management: The standard emphasizes the importance of integrating usability engineering with risk management processes to enhance device safety.
- User Interface Design: It guides manufacturers in designing user interfaces that are intuitive and reduce the likelihood of use errors. IEC 62366 helps ensure that medical devices are user-friendly and meet regulatory requirements, ultimately improving patient safety and device effectiveness.
References:
