Digital Health Technologies

There are three general categories of medical technologies:

• Medical devices (MD) – used to prevent, diagnose, monitor, treat and care for human beings by physical means. 
• In-vitro diagnostic medical devices (IVDs) – non-invasive tests used on biological samples (blood, urine, tissues or extracts from tissues etc) to determine the status of a person’s health.
• Digital health tools and services that use information and communication technologies (ICTs) to improve prevention, diagnosis, treatment, monitoring and management of health and lifestyle. 

It is the intended use, as defined by the manufacturer, that determines if a product is a medical device.

There are regulations that apply to both MD & IVD that manufacturers need to meet before placing on the market. European Regulation EU 2017/745 applies to MD and Regulation EU 2017/746 applies to IVDs. Outside of Europe there are other regulatory requirements that apply depending on the market area for example for USA, Australia, Asia, Canada however this article will focus on European regulations. 

The European regulations provide definitions that specify what is a MD or IVD, which revolves around the diagnosis, treatment and prevention of disease or injury.  These regulations are extensive in the information that manufacturers must provide to demonstrate the safety and performance of the medical device. This includes specific general safety and performance requirements that cover product testing, clinical evaluation, production quality control, labelling requirements and post-production performance & monitoring.  

Manufacturers need to demonstrate how they address these requirements before they can apply the CE Mark to their device. This mark, which usually appears on the product labelling and information for use, is an indication that the device complies with the relevant European regulations and that the manufacturer has technical information showing that all the specific safety requirements applicable to their products have been met.  

The European regulations apply a risk-based approach with higher risk devices requiring conformity assessment by a Notified body (NB).  Devices are classified based on risk with rules set out in both the MDR & IVDR on classification of devices. 

The list of designated Notified Bodies is available on the NANDO (New Approach Notified and Designated Organizations) website EUROPA – European Commission – Growth – Regulatory policy - SMCS

The Health Regulatory Products Authority or HPRA is the Competent Authority for both MDR & IVDR in Ireland, and is the body responsible for enforcement of both regulations in Ireland see Medical Devices (hpra.ie) for more information. 

NSAI is a notified body for both MDR & IVDR and provide certification services to ISO 13485 – see link for more information Medical Device Certification | NSAI

The manufacturer, in designing and developing healthcare technology and devices, determines the intended use of the product and it is this that will determine if the device falls under the definition of MD, IVD in the relevant regulations. There are useful guidance documents developed by The Medical Device Coordinate Group (MDCG), a group established by the European Commission to develop documents to assist stakeholder in applying the MDR & IVDR.  

For more information see the Guidance MDCG Endorsed Documents. Under the “New Technologies” section there are useful documents addressing qualification and classification of software under the MDR & IVDR regulation.

If the intended use falls outside of the definitions specified in the MDR or IVDR regulations, then the product may be a tool for digital health and other safety considerations and possible regulations need to be considered. 

Currently there is no specific regulation to address personal health devices however developers do need to assess the safety and performance of such devices.  Depending on the technology used there may be other relevant European regulation and it is the manufacturers responsibility to identify the regulations apply. Other relevant regulations could include Electromagnetic compatibility (EMC), Low Voltage (LVD), Radio Equipment etc. 

With increasing demands on national and regional health services innovative, low-cost technology has the potential to provide efficiencies and support citizens in self-management. However, it is important to have clarity around the use and interpretation of data from wearable health technology and to minimise any potential clinical risk or unnecessary worry. 

For example, wearable health technology may help people manage their own health better and empower the health system providers to individually tailor scarce resources to targeted patient-specific needs. So digital health tools have a role to play in supporting health professionals meet their patient needs and determine the right treatment.

The following link provides a table for examples of wearable health technology home monitoring product features and the relevance of the information for users and healthcare service providers.

Standards are a useful tool to show performance, quality and safety of products. They can also be used to ensure the systems used design and manufacture products are set up to ensure quality and customer requirements are met.

There are many different types of standards that can apply such as product standards, testing standards, labelling and instructions for use, quality system management etc.

Many standards for Medical devices, health informatics and software are developed by the following International Standards Organization (ISO) Technical Committees (TC).

• ISO TC 210 – Quality management and corresponding general aspects for medical devices
• ISO TC 215 – Health informatics
• IEC TC 62 – Electrical equipment in Medical practice

The following European Technical committees are involved in European standard development working in co-operation with the ISO committees listed above:

• CEN/CLC JTC 3 – Quality management and corresponding general aspects for medical devices.
• CEN TC 251 – Health Informatics
• CENELEC TC 62 – Electrical equipment in medical practice.

Many of the software standards for medical devices are developed by IEC TC 62.

NSAI has several national standards committees monitoring the work of the above committees.  For more information see the NSAI Health and lifescience Standards section on the website.  Being a member of NSAI standard committees is a good way to keep up to date on development of new standards in healthcare and new national experts are always welcome.  Details of how to apply is also on the website: Register Your Interest

Standards are a tool that manufacturers can use to demonstrate safety and performance of products, but the use of standards is generally voluntary. However, there is a specific set of European standards that are used to demonstrate compliance with European regulations. These standards are called "Harmonised standards" and give manufacturers a "presumption of conformity" with European Regulations.

A “Harmonised standard” is developed by a recognised European Standards Organization and is created following a request or Mandate from the European Commission. Manufacturers, other economic operators, or conformity assessment bodies can use harmonised standards to demonstrate that products, services, or process comply with relevant EU legislation.

See the EU Commission Website for more information on Harmonised standards supporting European legislation.

For most medical device products manufacturers quality management and risk management are very important and they must demonstrate that suitable systems are in place to manage quality and risk during design, development, and production of the product. The evaluation of risk during post- production is also a key requirement. Two standards that are widely used in the development and manufacture of medical devices include: 

• I.S. EN ISO 13485:2016/A11:2021 – Medical Devices – Quality management systems – requirements for regulatory purposes
• I.S. EN ISO 14971:2019/A11:2021 – Medical devices – Application of risk management to medical devices.

Quality and Risk standard as considered Horizontal standard as they apply irrespective of the type of product developed. Other horizontal standards include: 

• I.S. EN ISO 20417:2021 – Medical devices – Information supplied by the manufacturer.
• I.S. EN ISO 15223-1:2021 – Medical devices – Symbols to be used with information to be supplied by the manufacturer – Part 1: General requirements. 
• I.S. EN ISO 10993-1:2020 – Biological evaluation of medical devices – Part 1 Evaluation and testing within a risk management process.
• I.S. EN 14155:2020 – Clinical investigation of medical devices for human subjects – Good clinical practice.

The IEC 60601 series of standards address safety and essential performance for medical electrical equipment and covers hardware, components and software used in healthcare facilities, homes and emergency situations.  Some specific standards addressing software and health and wellness apps and security are listed below. 

• I.S. EN 82304-1:2016 – Health software – Part 1: General requirements for product safety
• I.S. EN 62304:2006/A1:2015 – Medical device software – software life cycle processes
• S.R. CEN/ISO TS 82304-2:2021 – Health software – Part 2: Health and wellness apps – quality and reliability

IT Security and safety are also issues to consider when looking at digital healthcare and the IEC 81001 series addresses this.

The work programmes of the technical committees developing medical device standards are continually being updated with new proposals for standard and revision of existing standards. There is recognition that the area of health devices and Artificial Intelligence are new topics where standards are required. For example, the IEC TC 62 Committee is proposing the development of several new standard looking at Testing of Artificial intelligence/machine learning enabled medical devices. Contact NSAI find out more about new standard developments in the healthcare area info@nsai.ie

The use of Artificial intelligence in the healthcare sector has huge potential for introducing efficiencies and improving health care services. The European Commission is proposing a regulation for Artificial Intelligence which will take a horizontal approach and apply to all AI systems placed in the market. The aim is to ensure that AI systems are safe and respect existing EU law. The approach is to have a technology neutral definition of AI systems and to adopt a risk-based approach. See European Commission for the proposed categories of risk or pyramid of risks. 

Under this proposed new regulation AI technology that could affect the life and health of citizens is viewed as high risk. Most medical devices incorporating AI are likely to be considered high risk. High risk AI systems will be subject to strict obligations such as: 

• Adequately address risk and mitigation systems.
• Use of high-quality data sets feeding the system to minimise risk, and discriminatory and outcomes.
• High levels of robustness, security and accuracy.
• Detailed documentation providing all information necessary on the system and its purpose for authorities to assess its compliance. 

As the medical device sector is already regulated the need for further assessment under the AI act may add to conformity assessment burdens for the sector.  For AI application in the health sector the issue of reasonably foreseeable risk and misuse may require greater focus. 

The new AI regulation is still under negotiation, with a transitional period for application.  Standards have already been mandated by the European Commission to support the EU AI Act implementation and development of these standards is ongoing.

• Designers and developers of health device tools should determine what European regulations may apply. 
• If the device is not considered a medical device there may be other regulations that could are relevant. 
• Standards can be used to demonstrate safety and performance of products and services.
• Use of management system standards such as quality and risk management should be considered as part of the design, development, and production of new health technologies.
• AI in healthcare is evolving with application in healthcare considered as high risk. 
• If AI is involved, then it may be necessary to look at risk beyond the intended purpose but look at reasonably foreseeable misuse.

Contact NSAI on info@nsai.ie for further information on standard developments in the healthcare sector.