Doctors and surgeons are constantly discovering clinical uses for technology such as Google Glass and smartphones, while patients are increasingly empowered to diagnose and treat themselves. When do consumer gadgets become medical devices, and what are the regulatory consequences? Julian Hitchcock, counsel, Lawford Davies Denoon, investigates.
Intelligent cycle jackets, fabrics that become transparent when the wearer is aroused and programmable t-shirts are hardly catwalk stuff, but wearable tech is hot right now in healthcare.
Even if you’d rather stick needles in your eyes than strap on a wristband, smartwatch or augmented reality specs, you may be wearing, or even unwittingly marketing, a medical device. Your smartphone, with its accelerometers, cameras, microphones, processors, internet connection and GPS, and even the software upon which it runs, is considered ‘wearable’ technology and as such may qualify as an ‘in-vitro medical device’ or an ‘accessory’ under European law therefore potentially subject to EU medical regulations.
The blurring of the boundaries between the clinical and sport/leisure spheres is a result of advances in technology. Google Glass is suited to a range of surgical applications, while doctors can use their mobiles as stethoscopes, to calculate doses, and to examine or monitor patients remotely, while people are now increasingly able to diagnose and treat themselves.
The scope of regulation, already broad, is likely to expand in order to encompass medicine and health. The marketing around wearable tech might focus on well-being and fitness, but regulators may increasingly understand that to include diagnosis and treatment. The legal issue concerns the point at which a consumer gadget becomes a medical device.
Medical device law
In the UK, 2002’s Medical Devices Regulations legislation effectively enforces three EU directives: the first covers ‘active implantable’ medical products, the second ‘in-vitro diagnostic medical’ equipment and the third general medical devices.
Because all EU member states are obliged to implement directives in their domestic law, the same regime should apply across the union.
In practice, small differences exist between the approaches of national ‘competent authorities’ and the ‘notified bodies’ responsible for ensuring compliance in each country.
Prompted by the PIP breast implant scandal and concerns about metal-on-metal hip replacements, the European Commission proposed revised medical device and IVD legislation in January 2012. The proposals take the form of regulations, rather than directives. This apparently subtle distinction means that the new legislation will be applied uniformly across the union, rather being left to each state to decide how to implement it.
A new European Parliament, and a new commissioner for regulation, Frans Timmermans, who is preparing a list of regulations to be withdrawn, leaves the fate of the Medical Devices Regulation and its half-sister, the proposed In Vitro Medical Devices (IVD) Regulation in the balance.
Is it a medical device?
Currently, a medical device is defined as any instrument, apparatus, appliance, software, material or other article, whether used alone or in combination, including the software intended by its manufacturer to be used specifically for diagnostic and/or therapeutic purposes and necessary for its proper application, intended by the manufacturer to be used for human beings for the purpose of:
- diagnosis, prevention, monitoring, treatment or alleviation of disease
- diagnosis, monitoring, treatment, alleviation of or compensation for an injury or handicap
- investigation, replacement or modification of the anatomy or
- of a physiological process
- control of conception.
It must not achieve its principal intended action in or on the human body by pharmacological, immunological or metabolic means, but may be assisted in its function by such means.
Two elements stand out. The first is the inclusion of software per se, and of software that the manufacturer intends to be used in combination with something else, and how this is intended to be used. The second is how manufacturers intend the subject matter to be used.
On this basis, a tattoo that detects spikes in body temperature is little more than a thermometer, whether or not it uses embedded software. If, however, the same thing is marketed by the manufacturer as a means of controlling conception, it becomes a medical device.
While this seems to suggest that careful positioning of devices (as an ‘entertainment’ item, for example) might enable regulations to be sidestepped, the reality is that the MHRA invariably looks for manufacturers’ actual intentions for their products.
The European Parliament’s revised definition of what constitutes a ‘medical device’ aims to account for the scope of the manufacturer’s intention, in order to capture any non-obvious, or secondary medical purposes, including the indirect prediction of disease.
Wearable heartbeat monitors are currently able to display incidents of tachycardia simply as data, or graphics, but under the new law, such bangles might require CE marks. In the case of the amended IVD Regulation, examining human biological specimens is required, but the scope is widened beyond the merely medical to include "providing information concerning direct or indirect impacts on health". Manufacturers of smart sweatbands and underwear should take note.
A wearable that doesn’t qualify as a medical device or IVDs outright may still be regulated under laws as an ‘accessory’ to either category (if it is "intended specifically by its manufacturer to be used with a device [which could be another ‘accessory’] to enable it to be used in accordance with the use of the device intended by the manufacturer of the device"). If, for example, your heart-monitoring wristband is connected to something that is deemed to be a medical device, such as a diagnostic programme on a laptop, then it will be considered an accessory.
IVD legislation, meanwhile, is more relevant to wearable tech than you might expect. Although few wearables examine bodily specimens, some may work as part of systems that do. As DNA sequencing costs collapse and more biometric data is digitised, the access and use of that data in wearable devices could render it susceptible to the IVD Regulation.
There is nothing diagnostic or therapeutic about sequencing machines. These simply transcribe nucleotide sequences into typographical sequences, from which any genetic meaning must be painstakingly extracted by a person or computer program.
When such a machine is used with the intention that bioinformatic software (such as homology, pattern or motif search engines) will be employed to interrogate it, it may acquire the ‘indirect medical purpose’ criterion of predicting disease (if not necessarily accurately). This would make the bioinformatics system an accessory.
However, any other system that is intended by its manufacturer to be used with the bioinformatics accessory (by, for example, using its data outputs) may itself also be considered an accessory. Genomic data could, after all, be critical. For example, if the bioinformatics source linked to a wristband or app disclosed that the subject had a high risk of sudden cardiac arrest, it might advise against performing star jumps after eating bacon sandwiches. It feels odd, but as sequencing or partial sequencing becomes normalised and bioinformatic systems more pervasive, this is likely to become a more regular occurrence if the IVD Regulation is passed in its present form.
New technology invariably challenges regulatory frontiers. If wearable hardware or apps are accessories to actual medical equipment, IVDs or active implantable medical devices, they will be subject to the same regulatory requirements, but classification may be challenging in other circumstances.
European Commission MEDDEV guidance on qualifying and classifying stand-alone software (that which, at the time of being placed on the market, is not incorporated into a medical device) raises the question as to whether such software is "performing an action on data different from storage, archival, lossless compression, communication or simple search?"
If it is, and if it does so for the benefit of an individual, it is likely to be identified as a medical device. The MHRA has also produced guidance on medical device stand-alone software. It lists words that it says are likely to contribute to the determination that the subject matter is a medical device: "amplify", "analysis", "interpret", "alarms", "calculates", "controls", " converts", "detects", "diagnose", "measures" and "monitors".
The MHRA also suggests that software that applies automated reasoning to support decision-making, such as symptom tracking and dose calculation, is likely to be classified as a medical device. Similarly, software that monitors a patient and collects information entered by the user, measured by the software or collected by point-of-care equipment, may be classified as a medical device if its output affects an individual’s treatment.
On the other hand, software that provides general information targeted to a particular group will not be a medical device. Context may be critical; items that interpret, or interpolate, raw data may be deemed to be medical devices if a clinician does not review that data. Similarly, a falls detector is likely to be a medical device when used for epileptic patients, but not when used to monitor elderly people in social care.
Of course, the primary requirement for a medical device is that it meets the essential requirements relevant to its intended purpose, including claims in promotional materials such as brochures and web pages. The requirements, in turn, depend upon the class of the product. If the software drives, or influences, the use of a device of which it is part, it will fall into the same class as that item.
If, however, the device is a stand-alone product, such as an app intended for diagnosis or therapeutic purposes, it will fall under class IIa (or, if potentially hazardous, IIb) or, for other purposes, class I. If the device is a class I product, the manufacturer has a duty to self-certify compliance and register it with the MHRA.
Other devices require the intervention of a notified body to assess compliance. Besides manufacturer’s duties as regards clinical data requirements, instructions for use, validation and adverse incident reporting, suppliers of wearables and apps that are classified as medical devices have particular obligations under UK law.