Regulatory Pathways for Medical Software

Why India needs to regulate medical software

Medical software is a rapidly evolving field that has the potential to transform healthcare delivery and improve patient outcomes. Medical software can be defined as any software that is intended for medical purposes, such as diagnosis, treatment, prevention, monitoring, or management of diseases or conditions. Examples of medical software include electronic health records, clinical decision support systems, telemedicine platforms, mobile health apps, artificial intelligence tools, and wearable devices.

However, medical software also poses significant challenges and risks for patients, healthcare providers, and regulators. Medical software can have direct or indirect impact on the health and safety of users, and can cause harm if it is not designed, developed, tested, and maintained properly. Some of the potential harms include incorrect diagnosis, inappropriate treatment, data breaches, privacy violations, cyberattacks, and adverse events.

Therefore, it is essential that medical software is regulated by competent authorities to ensure its quality, safety, effectiveness, and reliability. Regulation can also foster innovation and trust in the medical software industry by providing clear and consistent standards and guidelines for developers and users.

How other countries regulate medical software

Several countries have already established regulatory frameworks for medical software, such as the United States (US), the European Union (EU), and Australia. These frameworks are based on the principle of risk-based classification, which means that different levels of regulatory oversight are applied depending on the potential harm that the medical software can cause to users.

For example, in the US, the Food and Drug Administration (FDA) regulates medical software as a type of medical device under the Federal Food, Drug, and Cosmetic Act. The FDA classifies medical software into three classes: Class I (low risk), Class II (moderate risk), and Class III (high risk). The FDA also provides guidance documents and policies to clarify the scope and requirements of regulation for different types of medical software.

Similarly, in the EU, the Medical Device Regulation (MDR) regulates medical software as a type of medical device under the EU law. The MDR classifies medical software into four classes: Class I (low risk), Class IIa (low-medium risk), Class IIb (medium-high risk), and Class III (high risk). The MDR also provides rules and criteria for conformity assessment, clinical evaluation, post-market surveillance, and vigilance for medical software.

In Australia, the Therapeutic Goods Administration (TGA) regulates medical software as a type of medical device under the Therapeutic Goods Act. The TGA classifies medical software into four classes: Class I (low risk), Class IIa (low-medium risk), Class IIb (medium-high risk), and Class III (high risk). The TGA also provides guidance documents and standards to help developers and users understand the regulatory requirements for medical software.

What India can learn from other countries

India is one of the largest and fastest-growing markets for medical software in the world. According to a report by Nasscom, the Indian healthcare IT market is expected to reach $8.5 billion by 2023. However, India does not have a comprehensive and coherent regulatory framework for medical software yet.

Currently, medical software in India is regulated by various authorities under different laws and regulations. For example, some types of medical software are regulated by the Central Drugs Standard Control Organization (CDSCO) under the Drugs and Cosmetics Act; some types of medical software are regulated by the Ministry of Electronics and Information Technology (MeitY) under the Information Technology Act; some types of medical software are regulated by the Ministry of Health and Family Welfare (MoHFW) under the National Digital Health Mission; and some types of medical software are not regulated at all.

This situation creates confusion, inconsistency, ambiguity, and uncertainty for developers and users of medical software in India. It also hampers innovation and adoption of medical software in India by creating barriers to entry, increasing costs and risks, and reducing competitiveness.

Therefore, India needs to learn from other countries and develop a harmonized and streamlined regulatory framework for medical software that is based on the following principles:

• Risk-based classification: Medical software should be classified into different classes based on the potential harm that it can cause to users. The level of regulatory oversight should be proportional to the level of risk.
• Conformity assessment: Medical software should undergo a process of verification and validation to demonstrate its compliance with the applicable standards and regulations. The process should be transparent, efficient, and consistent.
• Clinical evaluation: Medical software should provide evidence of its clinical performance and safety based on scientific data from clinical trials or real-world studies. The evidence should be relevant, reliable, and robust.
• Post-market surveillance: Medical software should be monitored after its deployment to identify any problems or issues that may arise during its use. The problems or issues should be reported, analyzed, and resolved in a timely manner.
• Vigilance: Medical software should have a system of reporting and managing any adverse events or incidents that may occur during its use. The adverse events or incidents should be investigated, mitigated, and prevented from recurring.

How India can implement a regulatory framework for medical software

To implement a regulatory framework for medical software in India, the following steps are recommended:

• Revise the Drugs and Cosmetics Act: The Drugs and Cosmetics Act should be revised to include medical software as a type of medical device and to define its scope and criteria. The CDSCO should be empowered to regulate medical software as a central authority under the Act.
• Align with NDHB and ABDM: The CDSCO should align its regulatory framework with the National Digital Health Blueprint (NDHB) and the Ayushman Bharat Digital Mission (ABDM), which are the national initiatives to create a digital health ecosystem in India. The CDSCO should recognize the NDHB and the ABDM as the digital health standards bodies in India and adopt their specifications and protocols for medical software regulation.
• Collaborate with MeitY and STQC: The CDSCO should collaborate with MeitY and the Standardization Testing and Quality Certification (STQC) Directorate to leverage their expertise and resources in the field of information technology and quality assurance. The CDSCO, ABDM, MeitY, and STQC should work together to develop and implement standards, guidelines, and procedures for medical software regulation.
• Engage with Ecosystem: The CDSCO should engage with various healthcare ecosystem stakeholders, such as software developers, end-users, healthcare providers, payers, pharma, researchers, academia, industry associations, civil society organizations, and international agencies, to solicit their feedback and inputs on the regulatory framework for medical software. The CDSCO should also conduct awareness and education campaigns to inform and educate the stakeholders about the benefits and obligations of medical software regulation.

Conclusion

Medical software is a promising and challenging field that can revolutionize healthcare delivery and improve patient outcomes in India. However, medical software also requires proper regulation to ensure its quality, safety, effectiveness, and reliability. India can learn from other countries that have established regulatory frameworks for medical software based on risk-based classification, conformity assessment, clinical evaluation, post-market surveillance, and vigilance. India can also implement a regulatory framework for medical software by revising the Drugs and Cosmetics Act, collaborating between CDSCO, ABDM, MeitY and STQC, aligning with NDHB Standards, and engaging with healthcare ecosystem. By doing so, India can create a conducive environment for innovation and trust in the medical software industry.

----------

Here is a summary of the lecture by Dr Pankaj Gupta on the topic Regulatory pathways for medical software:

Dr Gupta begins by discussing the different categories of medical software, including standalone software, software inside a medical device, software associated with a medical device, and software as a medical device.

Dr Gupta then moves on to discuss the risk classification of medical software. They explain that most regulatory bodies treat medical software as a medical device and that medical devices are classified into three classes based on their risk: Class I, Class II, and Class III.

Dr Gupta then discusses the regulatory pathways for medical software in the United States, the European Union, and Canada. They explain that the regulatory pathway for medical software depends on the risk classification of the software.

Dr Gupta concludes by discussing the future of the regulatory framework for medical software. They argue that the regulatory framework needs to be strengthened to keep up with the rapid pace of technological advancement.

Here are some of the key points from the presentation:

• Medical software is a broad category that includes a variety of different types of software.
• Medical software is regulated as a medical device in most countries.
• The risk classification of medical software determines the regulatory pathway that the software must follow.
• The regulatory framework for medical software is evolving to keep up with the rapid pace of technological advancement.