Navigating Regulatory Debt in SaMD
Alan Parkinson
Technical Director
Medical Device startups have long been seen as innovators, often with a promise of revolutionizing patient care and transforming healthcare delivery. However, beneath the glossy facade of sleek gadgets and groundbreaking apps, lies a ubiquitous challenge that frequently seems to impede the speed and agility of such innovation – regulations. Regulations are necessary for patient safety and ignore them at your peril. Without compliance, your startup journey could be short-lived or costly.
In this blog post, we will dissect the important issue of regulatory debt within the Health tech and Medical device startup landscape, and how understanding and addressing this hurdle is tantamount to success in the industry. We will explore the origins of regulatory debt, its unassailable impact on startups, and ultimately, strategies to surmount this significant barrier to growth and market entry.
Understanding Regulatory Debt
In the realm of Health apps and Software as a Medical Device (SaMD), regulatory debt can be defined as ' the cumulative impact of unforeseen and unaddressed regulatory requirements over the life cycle of a product'. But what does this mean?
Regulations and compliance can be boiled down to 'tell me the process you will follow to develop the medical device and show me the evidence that you followed this process'. Individual regulations or standards will state what should be included in your process but the high-level principle 'tell me and show me' is the same.
Within SaMD, regulatory debt commonly stems from not defining and following your development process from the very start, not gathering the necessary evidence that you followed the stated process, or not including the relevant regulations in your processes.
The most common causes of not including the relevant regulations are:
- Assuming that you are building a Health App and not a medical device. When building a health app it is very easy to stray into functionality which means your app is now classed as a medical device and now needs to comply with the regulations for each market it is used within.
- Assuming your medical device is Class I when it is Class IIa, IIb or III. Each class has a different risk profile and has different requirements to be included in your processes.
Another common cause of regulatory debt is the itch to 'start development straight away', to build a proof of concept without even considering compliance. Many proofs of concept never get rewritten and without a well-defined development process being documented and followed from the start a large amount of regulatory debt will be created. This situation is often very hard to recover from.
The importance of avoiding Regulatory Debt
The significance of compliance in MedTech cannot be overstated. Regulatory frameworks are the gatekeepers for market access and patient safety – such as the FDA's 510(k) clearance and MDR in the European Union. Compliance failures can lead to significant setbacks, both financially and the long-term success of your device.
Hindered Market Entry and Delays in Product Launches
Regulatory approval can take a significant amount of time, and startups plan their finances accordingly. Any delays in approval due to regulatory debt can stretch these finances to breaking point and even block funding rounds until approval has been granted.
While a delay in regulatory approval may not be financially fatal to all startups the delay could allow a competitor to beat you to the market, and that can have long-term consequences on your success when first-mover advantage can be key.
In severe cases of regulatory debt significant rework may be required before submission to the notified body but in the worst cases, it may not be possible for the app to gain approval at all and software development has to start again following the correct development process.
Reputational Risks and Legal Implications
Misclassify your medical device (assume Class I instead of Class IIa or IIb) and then don't seek pre-market approval from the appropriate notified body will likely end up in a situation of a product recall, a tarnished reputation and severe legal implications (Criminal or Civil). This could be the final nail in the coffin for many promising startups.
How to avoid Regulatory Debt as a startup
Recognising the signs of regulatory debt is just the first step; startups must also prepare for and proactively avoid it where possible.
- Don't rush into software development straight away, I know it's tempting but put a basic process in place and follow it from the start. This development process doesn't have to be complicated. Within SaMD you will need to comply with at least IEC 62304, ISO 14971 and ISO 13485, but in the first few weeks IEC 62304 will be the priority.
- Know what markets you want to enter first and in the future. While there are common international standards such as ISO 13485, IEC 62304 and ISO 14971 which are recognised by the key regulatory bodies, each market has variations in regulations. Understanding your markets will allow you to include these variations early in your process.
- Consult with a Quality Assurance and Regulatory Affairs (QARA) professional at the start of development to determine if your Health app might be a Medical device, and if you are building a Medical Device what class is the device. Understanding the class of the medical device will determine what needs to be included in your development process and documentation. Many QARA consultants will give an initial 30-minute consult without charge.
- Not all regulations will be applicable from the start of development if you are building a Proof of Concept. Plan what is required and when so when your proof of concept is successful, you can proceed without a rewrite.
Conclusion
For MedTech startups, regulatory debt is not a question of 'if' but 'when'. By recognizing the issues and adopting the strategies outlined in this post, entrepreneurs can begin to tackle this considerable challenge head-on, thereby increasing the chances of their medical device getting to market.