Regulatory Open Forum

This message was posted by a user wishing to remain anonymous

Hi, 

In the EU context, a software to be used at home that aggregates data (e.g. vital signs) from different sources (not from the same manufacturer) and processes that information to provide real-time warnings to a healthcare professional if those data are outside the normal threshold is considered a medical device, as the data processing is not limited to storage, archival, communication or simple search. 

A) Concerning the data collected and used for a real-time warning to a healthcare professional, if it is collected from a non-medical device (e.g. wearable not certified as a medical device for no medical purpose), how to deal with it? Would the manufacturer of the software need to validate that the data collected complies with certain requirements? Or would an indication that the data collected is coming from a device not certified be enough mitigation?
B) What if the data is coming from Google Fit or Healthkit, where no indication of the provenance of the data or its precision?

C) What if the data collected is coming from a manual insertion?  

Would love to hear your thoughts for this situation.

Thank you!

The source of data is irrelevant if the actions your device performs meets the definition of a medical device; it's your responsibility to ensure that the data you use is accurate and reliable.
For manually entered data you should also make an effort (e.g., through human factors engineering) that it was interred correctly, for example by restricting entry to certain ranges, confirmation messages, etc. But even then, you may not want to really too heavily on user entered data, unless it's a professional user.

A risk assessment should also drive your decision whether to use certain data and/or what controls to implement to ensure accuracy.

------------------------------
Michael Zagorski RAC
Director of Regulatory Affairs
Pittsburgh PA
------------------------------

Original Message:
Sent: 29-Jun-2022 03:52
From: Anonymous Member
Subject: Telemonitoring with signals processing (SaMD)

This message was posted by a user wishing to remain anonymous

Hi, 

In the EU context, a software to be used at home that aggregates data (e.g. vital signs) from different sources (not from the same manufacturer) and processes that information to provide real-time warnings to a healthcare professional if those data are outside the normal threshold is considered a medical device, as the data processing is not limited to storage, archival, communication or simple search. 

A) Concerning the data collected and used for a real-time warning to a healthcare professional, if it is collected from a non-medical device (e.g. wearable not certified as a medical device for no medical purpose), how to deal with it? Would the manufacturer of the software need to validate that the data collected complies with certain requirements? Or would an indication that the data collected is coming from a device not certified be enough mitigation?
B) What if the data is coming from Google Fit or Healthkit, where no indication of the provenance of the data or its precision?

C) What if the data collected is coming from a manual insertion?  

Would love to hear your thoughts for this situation.

Thank you!