Regulations for digital health products: are they ready?

3 April 2018 (Last Updated April 3rd, 2018 14:37)

In light of the recent data breach allegations in social media, it is natural to question whether technological advancements in social media have outpaced the rate at which regulations to oversee the activities of these products have developed.

Regulations for digital health products: are they ready?
Innovations in digital health technology have empowered customers to make better informed decisions about their health. Image: Forth With Life.

In light of the recent data breach allegations in social media, it is natural to question whether technological advancements in social media have outpaced the rate at which regulations to oversee the activities of these products have developed.

While there seem to be a lot of questions rather than answers at the moment, it also seems to be the right time to pause and consider how well-versed regulatory systems are to handle advancements in digital health products and their usage.

Innovations in digital health technology have empowered customers to make better-informed decisions about their health. With an increasing market potential and opportunities for companies to reap the benefits of this potential, regulators are working to establish regulatory standards for a market that is fairly new, primarily driven by software, and one that is rapidly expanding compared to hardware-driven markets.

An interesting approach adopted by the FDA to regulate this market has been to focus on organisational excellence of companies who develop these products, rather than the product itself. The Precertification pilot programme for software-based medical devices is part of the FDA’s action plan to address innovations in the digital health space, and in particular, to develop a regulatory pathway for products that fall within this space. The expectation is that, by creating a flexible regulatory framework, changes to the digital health products, such as software iterations and changes, can be better controlled from a regulatory perspective. The program involves a close collaboration between the FDA and the industry, with the original list of companies including Apple, Samsung, Verily, Pear Therapeutics, Tidepool, Phosphorus, Fitbit, Roche, and Johnson & Johnson. While this process is still a work in progress, it is encouraging to see the collaboration between the regulatory body and industry participants to develop a robust regulatory system that will help, not just with having safer digital products in the market, but also ensuring innovation within the market space. This sort of partnership is one which is expected to create a win-win situation for all stakeholders in the digital health marketplace.

In contrast, the scenario in Europe seems to be slightly different. Currently, the Medical Devices Directive (MDD) of the EU requires that software or apps that meet the definition of a medical device be CE marked before they can be made commercially available in the European market. Many of the medical devices software products are regulated as Class I devices in the EU. However, new rules were laid down through the recent Medical Devices Regulation (MDR) in 2017. While there is a transition period of three years to comply with the updated rules, a closer analysis of the new regulations reveals a more stringent effort to regulate digital health products. The new regulations are meant to ensure the safety of medical products used within Europe. However, it is also expected to stifle the market entry of new products within the digital health space. Countries in Asia-Pacific (APAC), such as Australia and Japan, also regulate software products as medical devices that use a risk-based approach. Adoptions of similar regulatory framework in other APAC countries have been slower compared to the countries aforementioned.

Most of these new regulations also go hand in hand with another aspect that is becoming increasingly important with the availability of digital health products: protection of patient data. One particular risk associated with this type of product is the vulnerability of these systems to cyberattacks. So, while existing regulations are aimed at managing these types of risks, the onus is on manufacturers to ensure protection of patient data. For example, the European MDR is supported by the General Data Protection Regulation (GDPR), which is expected to come into effect in May 2018; this is primarily aimed at data protection and increasing the accountability of manufacturers whose products are expected to work in liaison with patient data.

Establishing directives and robust regulatory frameworks for an evolving market in healthcare is often seen as a process that is long and intensive. In the case of digital health, it is also seen as one that involves a deeper degree of participation from multiple stakeholders. Maybe the rate at which some of these products advanced was not something that was anticipated by regulatory authorities; nonetheless, the latter’s efforts to address the need for such frameworks signals an acknowledgement. At the end of the day, doctors feel confident about using such products when they know that the product has been approved after a thorough regulatory process. And manufacturers must ensure they continue meeting the evolving regulatory standards for market acceptance of their products.