Daria Onitiu,Sandra Wachter,Brent Mittelstadt

DOI: https://doi.org/10.1093/jlb/lsae007

IF: 3.4

2024-04-09

Journal of Law and the Biosciences

Abstract:Abstract This article examines whether the EU Medical Device Regulation (MDR) adequately addresses the novel risks of AI-based medical devices (AIaMDs), focusing on AI medical imaging tools. It examines two questions: first, does the MDR effectively deal with issues of adaptability, autonomy, bias, opacity, and the need of trustworthiness of AIaMD? Second, does the manufacturer’s translation of the MDR’s requirements close a discrepancy between an AIaMDs’ expected benefit and the actual clinical utility of assessing device safety and effectiveness beyond the narrow performance of algorithms? While the first question has previously received attention in scholarly literature on regulatory and policy tensions on AIaMD generally, and work on future technical standard setting, the second has been comparatively overlooked. We argue that effective regulation of AIaMD requires framing notions of patient safety and benefit within the manufacturer’s articulation of the device’s intended use, as well as reconciling tensions. These tensions are on (i) patient safety and knowledge gaps surrounding fairness, (ii) trustworthiness and device effectiveness, (iii) the assessment of clinical performance, and (iv) performance updates. Future guidance needs to focus on the importance of translated benefits, including nuanced risk framing and looking at how the limitations of AIaMD inform the intended purpose statement in the MDR.

ethics,law,medicine, legal,medical ethics

S P Yamini Kanti,Ildikó Csóka,Lívia Adalbert,Orsolya Jójárt-Laczkovich

DOI: https://doi.org/10.1016/j.xphs.2022.07.011

Abstract:The term "Medical devices" includes technology-based devices or articles, both basic and complex. Due to these types of variations, a strict, robust, transparent, and sustainable regulatory framework is required. In recent clinical practice, incidents including the breast implant and the hip replacement crisis have made it necessary to improve the regulatory and compliance approaches for the industry to ensure the manufacturing and distribution of safe and innovative MDs within the EU. In response to this, the EU revised the laws governing medical devices and in vitro diagnostics to align with the developments of the sector, address critical safety issues and support innovation. The new regulation (EU) 2017/745 on Medical Devices (MDR) is now applicable from May 26 2021 and the In Vitro Diagnostic Medical Devices Regulation (EU) 2017/746 will take effect from May 2022.In this review, we aim to provide an update on the new Medical Device Regulations in the context of the current medical needs of the world, and also to give a glimpse at the non-EU regulatory landscape. Finally, we take a look at the closed-system transfer devices (CSTD) and COVID facilitated changes promoting demand for continuous improvement and trends in the pharmaceutical and medical industry related areas.

Lina Keutzer,Ulrika SH Simonsson

DOI: https://doi.org/10.2196/17567

2020-06-26

JMIR mhealth and uhealth

Abstract:The Poly Implant Prothèse (PIP) scandal in France prompted a revision of the regulations regarding the marketing of medical devices. The new Medical Device Regulation (MDR [EU]) 2017/745 was developed and entered into force on May 25, 2017. After a transition period of 3 years, the regulations must be implemented in all EU and European Economic Area member states. The implementation of this regulation bears many changes for medical device development and marketing, including medical device software and mobile apps. Medical device development and marketing is a complex process by which manufacturers must keep many regulatory requirements and obligations in mind. The objective of this paper is to provide an introduction and overview of regulatory affairs for manufacturers that are new to the field of medical device software and apps with a specific focus on the new MDR, accompanying harmonized standards, and guidance documents from the European Commission. This work provides a concise overview of the qualification and classification of medical device software and apps, conformity assessment routes, technical documentation, clinical evaluation, the involvement of notified bodies, and the unique device identifier. Compared to the previous Medical Device Directive (MDD) 93/42/EEC, the MDR provides greater detail about the requirements for software qualification and classification. In particular, rule 11 sets specific rules for the classification of medical device software and will be described in this paper. In comparison to the previous MDD, the MDR is more stringent, especially regarding the classification of health apps and software. The implementation of the MDR in May 2020 and its interpretation by the authorities will demonstrate how app and software manufacturers as well as patients will be affected by the regulation.

health care sciences & services,medical informatics

Dariusz Kloza,Niels van Dijk,Raphaël Gellert,István Böröcz,Alessia Tanas,Eugenio Mantovani,Paul Quinn

DOI: https://doi.org/10.31228/osf.io/b68em

2020-10-09

Abstract:This paper provides recommendations for the European Union (EU) to complement the requirement for data protection impact assessment (DPIA), as set forth in the General Data Protection Regulation (GDPR), with a view of achieving a more robust protection of personal data. In April 2016 the EU concluded the core part of the reform of its legal framework for personal data protection. The Union is currently preparing implementing measures and guidelines to give full effect to the new legal provisions before their applicability from May 2018. This reform introduces, among other ‘novelties’, a legal requirement to conduct a DPIA. However, this requirement bears a few weak points. In order to inform this on-going policy-making process, the present policy brief attempts to draft a best practice for a generic type of impact assessment, i.e. recommended for different areas (section II). Section III makes an early evaluation of how this best practice relates to the specific impact assessment requirement set forth in the GDPR, i.e. DPIA. These sections are preceded by succinct background information on impact assessments as such: definition, historical overview, and their merits and drawbacks (section I). Section IV concludes this paper by offering recommendations for complementing the DPIA requirement in the GDPR: (1) to expand the scope of the DPIA requirement in the GDPR; (2) to develop methods for conducting such an assessment; (3) to establish ‘reference centres’ on DPIA at data protection authorities (DPAs). This policy brief is addressed predominantly to policy-makers at the EU- and Member State-level, notwithstanding the potential interest it might gain from their counterparts elsewhere in the world.

Federica Zanca,Caterina Brusasco,Filippo Pesapane,Zuzanna Kwade,Ruth Beckers,Michele Avanzo

DOI: https://doi.org/10.1016/j.semradonc.2022.06.012

Abstract:The rapidly evolving scenario of Artificial intelligence (AI) in medicine comes with new regulatory challenges, including certification, ownership, and control of data sharing, privacy protection, and accountability. The Medical Physicists (MPs) are traditionally responsible for ensuring the safety and quality of technology implementation in diagnostic and therapeutic settings. As such, they are also expected to contribute to the introduction of AI medical devices in routine clinical practice. Specifically, the MPs will play a stakeholder role for AI tools procurement, acceptance testing, commissioning, and quality assurance to confirm the claimed performances in relation to the medical device's intended use. Moreover, MPs who act as co-creators of such AI tools, will play a pivotal role in product requirements definition, data collection and annotation, clinical evaluation, support for regulatory pathways and marketing through scientific congresses and scientific publications. As AI software differs from the traditional (hardware) medical device that the MP is used to introduce in clinical settings, there is a need to acquire new competencies in the field of AI and its regulatory aspects. The purpose of this paper is to provide MPs with practical guidelines on regulatory aspects of AI medical devices, in the European and in the US landscape.

Liga Svempe

DOI: https://doi.org/10.2196/58080

2024-09-05

Abstract:In light of rapid technological advancements, the health care sector is undergoing significant transformation with the continuous emergence of novel digital solutions. Consequently, regulatory frameworks must continuously adapt to ensure their main goal to protect patients. In 2017, the new Medical Device Regulation (EU) 2017/745 (MDR) came into force, bringing more complex requirements for development, launch, and postmarket surveillance. However, the updated regulation considerably impacts the manufacturers, especially small- and medium-sized enterprises, and consequently, the accessibility of medical devices in the European Union market, as many manufacturers decide to either discontinue their products, postpone the launch of new innovative solutions, or leave the European Union market in favor of other regions such as the United States. This could lead to reduced health care quality and slower industry innovation efforts. Effective policy calibration and collaborative efforts are essential to mitigate these effects and promote ongoing advancements in health care technologies in the European Union market. This paper is a narrative review with the objective of exploring hindering factors to software as a medical device development, launch, and marketing brought by the new regulation. It exclusively focuses on the factors that engender obstacles. Related regulations, directives, and proposals were discussed for comparison and further analysis.

Klaudia M. Jurczak,Torben A. B. van der Boon,Raul Devia‐Rodriguez,Richte C. L. Schuurmann,Jelmer Sjollema,Lidia van Huizen,Jean‐Paul P. M. De Vries,Patrick van Rijn

DOI: https://doi.org/10.1002/btm2.10721

2024-10-18

Bioengineering & Translational Medicine

Abstract:We envision this work to assist researchers and medical device developers (beside other stakeholders) to better understand biomaterial‐based medical device development and its approval process proposed by the new MDR and IVDR in the European Union, as more complex biomaterials emerge, with the MDR reflecting the progress in biomaterial discoveries. Additionally, insufficient international harmonization in regulatory laws and poor‐quality data reporting contribute to the problem. This review describes the possible reasons for a slowing biomaterials translational trend observed over the past decades, focusing on the European Market, and suggests a feasible approach for biomaterials‐based medical device translation into the clinic. Suitable solutions to upgrade biomaterial translation to the clinic have not yet been provided by the field: no additional hurdles should be imposed for researchers, clinicians, the medical device industry, and insurance companies, which all should collaborate on bringing innovative solutions to patients. The new MDR and IVDR represent a substantial advancement in ensuring patient safety and reflect a major step forward in healthcare. However, they should not constrain innovation in biomaterials‐based medical device development. Incorporating reverse engineering from patient safety and a 'safe by design' (SbD) strategy early into medical device development might lead to a smoother and successful approval process. A solid R&D phase, with an emphasis on device safety and performance assessment, is fundamental to ensure an effective transition into the clinic. We offer an overview of the recently implemented regulations on medical devices and in vitro diagnostics across the EU, describing a shifting paradigm in the field of biomaterials discovery. As more complex biomaterials emerge, suitable regulations will be necessary to keep bringing safe and well‐performing medical solutions to patients.

engineering, biomedical

Tom Melvin

DOI: https://doi.org/10.1109/jtehm.2022.3194415

2022-08-06

IEEE Journal of Translational Engineering in Health and Medicine

Abstract:The Medical Device Regulation (EU) 745/2017 (MDR) has replaced the medical device directives which were in place since the early 1990s. MDR introduces a number of changes of relevance to biomedical engineers who work in healthcare institutions or with medical devices. This includes changes relating to devices produced in healthcare institutions, custom-made devices, single use devices, devices without an intended medical purpose, clinical investigations and device traceability. There are also challenges in implementation of the MDR, with a shortage of available notified bodies needed to conduct conformity assessment, with a consequent risk of product unavailability. Understanding these changes is important as implementing new requirements in practice may require additional resources or the introduction of new processes or systems.

Concetta Tania Di Iorio,Fabrizio Carinci,Jillian Oderkirk,David Smith,Manuela Siano,Dorotea Alessandra de Marco,Simon de Lusignan,Paivi Hamalainen,Massimo Massi Benedetti

DOI: https://doi.org/10.1136/medethics-2019-105948

2020-03-27

Journal of Medical Ethics

Abstract:Background Data processing of health research databases often requires a Data Protection Impact Assessment to evaluate the severity of the risk and the appropriateness of measures taken to comply with the European Union (EU) General Data Protection Regulation (GDPR). We aimed to define and apply a comprehensive method for the evaluation of privacy, data governance and ethics among research networks involved in the EU Project Bridge Health. Methods Computerised survey among associated partners of main EU Consortia, using a targeted instrument designed by the principal investigator and progressively refined in collaboration with an international advisory panel. Descriptive measures using the percentage of adoption of privacy, data governance and ethical principles as main endpoints were used for the analysis and interpretation of the results. Results A total of 15 centres provided relevant information on the processing of sensitive data from 10 European countries. Major areas of concern were noted for: data linkage (median, range of adoption: 45%, 30%–80%), access and accuracy of personal data (50%, 0%–100%) and anonymisation procedures (56%, 11%–100%). A high variability was noted in the application of privacy principles. Conclusions A comprehensive methodology of Privacy and Ethics Impact and Performance Assessment was successfully applied at international level. The method can help implementing the GDPR and expanding the scope of Data Protection Impact Assessment, so that the public benefit of the secondary use of health data could be well balanced with the respect of personal privacy.

ethics,medical ethics,social issues,social sciences, biomedical

Manita,Aakash Deep,Vikram,Avtar C. Rana,Prabodh C. Sharma

DOI: https://doi.org/10.2174/2213476x06666190821095407

2019-11-13

Applied Clinical Research, Clinical Trials and Regulatory Affairs

Abstract:Background:: Medical devices are the machine, tool, instrument, apparatus, implant, calibrator in vitro, software, the similar or related object intended for use by the manufacturer alone or in combination becoming increasingly important in the healthcare sector as these are used to diagnosis, control, prevention or treatment of an illness. Safety of the world population is the highest priority in order to launch new medical devices for the treatment and diagnostic of several diseases. New innovation in industries and regulations work together to provide devices for different world market and to improve quality and safety of exiting devices in the market. The main key for devices is to classify the determination of actual regulatory pathway which ensures the safety standards and other regulatory requirements in a specific country. We perform clinical trials for medical device which are quite different from the clinical trials performed for drug analysis. For any high-risk devices, the new EU law states that the manufacturer has to prepare a complete summary for their evidence. The clinical trials regulation provides more transparency on clinical trials data. Complete transparency is required for the maximum possibility of informed decisions in order to use new medical devices. Objective:: The current manuscript will provide the information regarding the regulatory framework for the approval of medical devices and clinical investigation of medical device in European Union and comparison of approval process of medical device in USA, EU and India. The aim of this paper is to provide an overview of the most suitable and emerging requirements that manufacturers need for introducing their medical devices in the market in compliance with the MDR regulations. Conclusion:: The proposal for a modified regulation of medical devices aims to ensure more robust clinical data in support of the CE marking applications of the medical device. The clinical investigation requirements will be mandatory, and there will be an obligation to demonstrate the clinical benefits of the device and provide a rigorous equivalence test if the assessment is based on comparison devices. The new European legislation should require the premarket demonstration of clinical efficacy and safety, using a randomized controlled trial if possible, and a transparent clinical review, preferably centralized.

English Else

Sarita Lindstad,Kaspar Rosager Ludvigsen

DOI: https://doi.org/10.1093/medlaw/fwac038

2022-10-25

Medical Law Review

Abstract:Abstract Medicine is one of the biggest use cases for emerging information technologies. Data processing brings huge advantages but forces lawmakers and practitioners to balance between privacy, autonomy, accessibility, and functionality. ICT-connected Implantable Medical Devices plant themselves firmly between traditional medical equipment and software that processes health-related personal data, and these implants face many data management challenges. It is essential that healthcare providers and others can identify and understand the legal grounds they rely on to process data. The European Union is currently updating its framework, and the special provisions in the GDPR, the current ePrivacy Directive, and the coming ePrivacy Regulation all provide enhanced thresholds for processing data. This article provides an overview and explanation of the applicability of the rules and the legal grounds for processing data. We find that only a cumulative application of the GDPR and the ePrivacy rules ensure adequate protection of this data and present the legal grounds for processing in these cases. We discuss the challenges in obtaining and maintaining valid consent and necessity as a legal ground for processing and offer use case-specific discussions of the role of consent long-term and the lack of an adequate ‘vital interest’ exception in the ePrivacy rules.

law,medicine, legal

Akash Sharma,Gaurav Luthra

DOI: https://doi.org/10.9734/jpri/2023/v35i137365

2023-05-20

Journal of Pharmaceutical Research International

Abstract:The European Union Medical Device Regulation (EUMDR 2017/745) requires medical device manufacturers to implement a risk-based approach to quality management system (ISO13485) processes. This article provides an overview of the importance of QMS processes in the medical device industry and explains the need to implement a risk-based approach to comply with EUMDR. Implementing a Risk-Based Approach to Quality Management System ISO-13485 Processes in Compliance with EUMDR 2017/745 for Medical Device Industry discusses the steps involved in implementing a risk-based approach to QMS processes, including identifying potential risks, evaluating and prioritizing risks, developing and implementing risk mitigation strategies, and monitoring and continuously improving QMS processes. Additionally, the article highlights the benefits of adopting a risk-based approach, such as improved product safety and efficacy, enhanced regulatory compliance, improved customer satisfaction, and cost savings. It also addresses the challenges in implementing a risk-based approach, including a lack of resources and expertise, resistance to change, and limited understanding of risk management principles. Overall, this article emphasizes the importance of a risk-based approach to QMS processes in the medical device industry to ensure the safety and effectiveness of medical devices and comply with regulatory requirements.

Oscar Freyer,Fatemeh Jahed,Max Ostermann,Christian Rosenzweig,Pascal Werner,Stephen Gilbert

DOI: https://doi.org/10.2196/65528

2024-12-24

Abstract:Background: The integration of connected medical devices (MDs) into health care brings benefits but also introduces new, often challenging-to-assess risks related to cybersecurity, which have the potential to harm patients. Current regulations in the European Union and the United States mandate the consideration of these risks in the benefit-risk analysis (BRA) required for MD approval. This important step in the approval process weighs all the defined benefits of a device with its anticipated risks to ensure that the product provides a positive argument for use. However, there is limited guidance on how cybersecurity risks should be systematically evaluated and incorporated into the BRA. Objective: This scoping review aimed to identify current legal frameworks, guidelines, and standards in the United States, Canada, South Korea, Singapore, Australia, the United Kingdom, and the European Union on how cybersecurity risks should be considered in the BRA of MDs. Methods: This scoping review followed the PRISMA-ScR (Preferred Reporting Items for Systematic Reviews and Meta-Analyses extension for Scoping Reviews) framework. A systematic literature search of 10 databases was conducted in two phases on July 3, 2024 and September 30, 2024, including the guidance databases of the Food and Drug Administration, the Medical Device Coordination Group, and other International Medical Device Regulators Forum members; the International Medical Device Regulators Forum database; PubMed; and Scopus. Search terms included "cybersecurity," "security," "benefit/risk," "benefit-risk," and "risk-benefit." Additional references were identified via citation searching and expert interviews. Inclusion criteria were met if a document was a guideline or standard in force that provided guidance on the BRA or cybersecurity risks of MDs. Documents were excluded when they were not relevant to MDs, they were limited to a subclass of devices, they were about in vitro diagnostic MDs or investigational devices, and the content of the source was insufficient to undertake a scientific analysis. Data were extracted and analyzed using MAXQDA 2022, and the findings were narratively summarized and visualized in figures and tables. Results: The search identified 150 documents, with 34 (22.7%) meeting the inclusion criteria. These 34 documents included 4 (12%) regulations, 5 (15%) standards, 6 (18%) technical reports, and 19 (56%) guidance documents. While cybersecurity risks were acknowledged in most documents, detailed methods for their integration into the BRA were lacking. Some standards and guidelines provided examples of how to consider cybersecurity risks in the BRA, but a comprehensive and standardized approach was lacking. Conclusions: This review highlights a substantial gap between the recognition of cybersecurity risks in MDs and the guidance on their incorporation into the BRA. Standardized frameworks are needed to provide clear methods for evaluating cybersecurity risks and their impact on the safety and security of MDs.

Atheer Aljeraisy,Masoud Barati,Omer Rana,Charith Perera

DOI: https://doi.org/10.48550/arXiv.2210.03520

2022-10-06

Cryptography and Security

Abstract:Internet of Things (IoT) applications have the potential to derive sensitive information about individuals. Therefore, developers must exercise due diligence to make sure that data are managed according to the privacy regulations and data protection laws. However, doing so can be a difficult and challenging task. Recent research has revealed that developers typically face difficulties when complying with regulations. One key reason is that, at times, regulations are vague, and could be challenging to extract and enact such legal requirements. In our research paper, we have conducted a systematic analysis of the data protection laws that are used across different continents, namely: (i) General Data Protection Regulations (GDPR), (ii) the Personal Information Protection and Electronic Documents Act (PIPEDA), (iii) the California Consumer Privacy Act (CCPA), (iv) Australian Privacy Principles (APPs), and (v) New Zealand's Privacy Act 1993. In this technical report, we presented the detailed results of the conducted framework analysis method to attain a comprehensive view of different data protection laws and highlighted the disparities, in order to assist developers in adhering to the regulations across different regions, along with creating a Combined Privacy Law Framework (CPLF). After that, we gave an overview of various Privacy by Design (PbD) schemes developed previously by different researchers. Then, the key principles and individuals' rights of the CPLF were mapped with the privacy principles, strategies, guidelines, and patterns of the Privacy by Design (PbD) schemes in order to investigate the gaps in existing schemes.

Anca Parmena Olimid

DOI: https://doi.org/10.33327/ajee-18-7.4-a000103

2024-09-02

Access to Justice in Eastern Europe

Abstract:Background: This study correlates the up-to-date ethical, functional and legal evaluations related to the management and governance of artificial intelligence (AI) under European Union (EU) law, particularly impacting the health data sector and medical standards as provided by the Artificial Intelligence Act within the Regulation adopted by the European Council in May 2024. The initial proposal for the management and governance of the AI sector was submitted in April 2021. Three years later, on 13 March 2024, the European Union Artificial Intelligence Act (EU AIA) was adopted by the European Parliament. Subsequently, on 21 May 2024, the Council adopted an innovative legislative framework that harmonises the standards and rules for AI regulation. This framework is set to take effect in May 2026, with the central objective of stimulating and motivating a fair, safe, legal single market that respects the principles of ethics and the fundamental rights of the human person. Methods: The current legal analysis focuses on the European Union’s new institutional governance involving a multistage approach to managing health data, ethical artificial intelligence, generative artificial intelligence and classification of types of AI by considering the degree of risk (e.g. artificial intelligence systems with limited risk and systems with high risk) and medical devices. It outlines the legal framework for AI regulation and governance in the EU by focusing on compliance with the previously adopted legislation in the Medical Devices Regulation (2017) and the In-Vitro Diagnostic Regulation (2017). The paper also examines the application of the newly adopted EU Artificial Intelligence Act in relation to national justice systems, previous EU regulations on medical devices and personal data protection regulation, and its correlation with the European Court of Human Rights jurisprudence. This opens up complex discussions related to judicial reform and access to justice. For this purpose, as a research objective, the legal analysis includes an innovative perspective following an integrative discussion on the latest legal reforms and regulations of the AI sector in Eastern Europe launched in 2024 with a special focus on the latest developments in the EU Candidate Countries namely Ukraine and the Republic of Moldova. Results and conclusions: The present research facilitates the exploration of the real benefits of managing innovative AI systems for medical data, research, and development, as well as within the medical technology industry.

Georgios Georgiadis,Geert Poels

DOI: https://doi.org/10.1016/j.clsr.2021.105640

2022-04-01

Abstract:Big Data Analytics enables today's businesses and organisations to process and utilise the raw data that is generated on a daily basis. While Big Data Analytics has improved efficiency and created many opportunities, it has also increased the risk of personal data being compromised or breached. The General Data Protection Regulation (GDPR) mandates Data Protection Impact Assessment (DPIA) as a means of identifying appropriate controls to mitigate risks associated with the protection of personal data. However, little is currently known about how to conduct such a DPIA in a Big Data Analytics context. To this end, we conducted a systematic literature review with the aim of identifying privacy and data protection risks specific to the Big Data Analytics context that could negatively impact individuals' rights and freedoms when they occur. Based on a sample of 159 articles, we applied a thematic analysis to all identified risks which resulted in the definition of nine Privacy Touch Points that summarise the identified risks. The coverage of these Privacy Touch Points was then analysed for ten Privacy Impact Assessment (PIA) methodologies. The insights gained from our analysis will inform the next phase of our research, in which we aim to develop a comprehensive DPIA methodology that will enable data processors and data controllers to identify, analyse and mitigate privacy and data protection risks when storing and processing data involving Big Data Analytics.

law

George Danezis,Josep Domingo-Ferrer,Marit Hansen,Jaap-Henk Hoepman,Daniel Le Metayer,Rodica Tirtea,Stefan Schiffner

DOI: https://doi.org/10.2824/38623

2015-04-11

Abstract:Privacy and data protection constitute core values of individuals and of democratic societies. There have been decades of debate on how those values -and legal obligations- can be embedded into systems, preferably from the very beginning of the design process. One important element in this endeavour are technical mechanisms, known as privacy-enhancing technologies (PETs). Their effectiveness has been demonstrated by researchers and in pilot implementations. However, apart from a few exceptions, e.g., encryption became widely used, PETs have not become a standard and widely used component in system design. Furthermore, for unfolding their full benefit for privacy and data protection, PETs need to be rooted in a data governance strategy to be applied in practice. This report contributes to bridging the gap between the legal framework and the available technological implementation measures by providing an inventory of existing approaches, privacy design strategies, and technical building blocks of various degrees of maturity from research and development. Starting from the privacy principles of the legislation, important elements are presented as a first step towards a design process for privacy-friendly systems and services. The report sketches a method to map legal obligations to design strategies, which allow the system designer to select appropriate techniques for implementing the identified privacy requirements. Furthermore, the report reflects limitations of the approach. It concludes with recommendations on how to overcome and mitigate these limits.

Cryptography and Security

Phoebe Li,Robin Williams,Stephen Gilbert,Stuart Anderson

DOI: https://doi.org/10.5204/lthj.3073

2023-11-21

Abstract:Recent achievements in respect of Artificial Intelligence (AI) open up opportunities for new tools to assist medical diagnosis and care delivery. However, the typical process for the development of AI is through repeated cycles of learning and implementation, something that poses challenges to our existing system of regulating medical devices. Product developers face tensions between the benefits of continuous improvement/deployment of algorithms and keeping products unchanged. The latter more easily facilitates collecting evidence for safety assurance processes but sacrifices optimisation of performance and adaptation to user needs gained through learning-implementation cycles. The challenge is how to balance potential benefits with the need to assure their safety. Governance and assurance processes are needed that can accommodate real-time or near-real-time machine learning. Such an approach is of great importance in healthcare and other fields of application. AI has stimulated an intense process of learning as this new technology embeds in application contexts. The process is not only about the application of AI in the real world but also about the institutional arrangements for its safe and dependable deployment, including regulatory experimentation involving new market pathways, monitoring and surveillance, and sandbox schemes. We review the key themes, challenges and potential solutions raised at two stakeholder workshops and highlight recent attempts to adapt the laws for AI-enabled medical devices (AIeMD) with a special focus on the regulatory proposals in the UK and internationally. The UK regulatory trajectory shows signs of alignment with the US thinking, and yet the European Union model is still the most closely aligned framework.

Alan G Fraser,Elisabetta Biasin,Bart Bijnens,Nico Bruining,Enrico G Caiani,Koen Cobbaert,Rhodri H Davies,Stephen H Gilbert,Leo Hovestadt,Erik Kamenjasevic,Zuzanna Kwade,Gearóid McGauran,Gearóid O’Connor,Baptiste Vasey,Frank E Rademakers

DOI: https://doi.org/10.1080/17434440.2023.2184685

IF: 3.439

2023-05-10

Expert Review of Medical Devices

Abstract:Artificial intelligence (AI) encompasses a wide range of algorithms with risks when used to support decisions about diagnosis or treatment, so professional and regulatory bodies are recommending how they should be managed. AI systems may qualify as standalone medical device software (MDSW) or be embedded within a medical device. Within the European Union (EU) AI software must undergo a conformity assessment procedure to be approved as a medical device. The draft EU Regulation on AI proposes rules that will apply across industry sectors, while for devices the Medical Device Regulation also applies. In the CORE-MD project (Coordinating Research and Evidence for Medical Devices), we have surveyed definitions and summarize initiatives made by professional consensus groups, regulators, and standardization bodies. The level of clinical evidence required should be determined according to each application and to legal and methodological factors that contribute to risk, including accountability, transparency, and interpretability. EU guidance for MDSW based on international recommendations does not yet describe the clinical evidence needed for medical AI software. Regulators, notified bodies, manufacturers, clinicians and patients would all benefit from common standards for the clinical evaluation of high-risk AI applications and transparency of their evidence and performance.

engineering, biomedical

Olivia McDermott,Breda Kearney

DOI: https://doi.org/10.1108/ijphm-07-2023-0060

2024-05-10

International Journal of Pharmaceutical and Healthcare Marketing

Abstract:Purpose The European Union (EU) Medical Device Regulations (MDR) 2017/745 entered into force on May 2021 with changes related to strengthening the clinical evaluation requirements, particularly for high-risk devices. This study aims to investigate the impact of these strengthened requirements on medical device manufacturers by investigating the challenges they encounter while generating an MDR-compliant clinical evaluation report. Design/methodology/approach A systematic literature review was carried out using the Preferred Reporting Items for Systematic Reviews and Meta-Analyses method of peer-reviewed literature and various government jurisdictional reports and legislation. Findings The findings from the study understanding what constitutes sufficient clinical evidence poses the biggest challenge to the generation of an MDR-compliant clinical evaluation report. Resulting from the challenges they are facing, manufacturers of certain CE-marked medical devices are planning to remove (and have removed) devices from the EU market upon expiration of their certificate, and in the case of new and innovative devices, some manufacturers are planning to launch in other markets ahead of the EU. These challenges will lead to a potential shortage of certain medical devices in the EU and a delay in access to new devices, thereby negatively impacting patients' quality of life. Practical implications This study provides a unique insight into the challenges currently experienced by medical device manufacturers as they transition to the MDR clinical evaluation requirements and the subsequent impact on the continued availability of medical devices in the EU. A limitation is the lack of literature analysing the regulations and their effects. Originality/value This study has both theoretical contributions in that, to the best of the authors' knowledge, it is the first detailed and systematic review of the new MDR Regulations and has implications for practice as manufacturers and policymakers can leverage it alike to understand the challenges of the new MDR.