SaMD Best Practices Orthopedic Companies Need to Follow for Success

Artificial intelligence (AI)- and machine learning (ML)-based technologies have the potential to transform orthopedics by deriving insights from data. AI/ML software can learn from real-world feedback and improve performance, making these technologies uniquely situated among software as a medical device (SaMD) and a rapidly expanding area of orthopedic research and development. The FDA’s vision is that with appropriately tailored regulatory oversight, AI/ML-based SaMD will deliver safe and effective software functionality that improves patients’ quality of care.

However, the traditional paradigm of medical device regulation was not designed for adaptive AI/ML technologies, which can confuse software providers seeking regulatory clearance. After spending nearly two decades working with large orthopedic companies, Monica Burt founded Tennessee-based MB&A to help small and medium-sized medical device manufacturers obtain regulatory approval and solve other quality and commercialization problems. Through her practice, she’s seen startups and established SaMD companies experience confusion as regulatory guidelines catch up.

“Larger companies are trying to figure out how to commercialize software as a medical device product, and many have no clue how to do it,” she said. “All of their systems and processes are built to support hardware such as devices, implants and instruments. They’re not set up to support software design, development and commercialization, so we’re helping them figure it out.”

FDA and SaMD

The highly iterative, autonomous and adaptive nature of software requires a new, total product lifecycle regulatory approach that facilitates rapid product improvement and allows SaMD to continually improve while providing effective safeguards.

FDA started down this journey in 2019 by publishing a paper to the industry and asking for feedback. It followed by releasing an action plan in January of 2021. Then, on October 27, 2021, FDA issued a brief about its recent collaboration on guiding principles with Health Canada and the UK’s MHRA. FDA will continue to work with other global regulators and watch the industry’s response to the European Union’s draft Artificial Intelligence Act and its own action plan to determine future oversight of AI/ML and SaMD products.

For now, Burt thinks that FDA’s action plan is relatively robust and well laid out. “It provides companies with a good understanding of how the FDA is thinking about its control and regulation of AI and software as medical devices,” she said. “They don’t want to inhibit progress in the space. They want to enable companies to continue to drive this remarkable technology forward while providing an appropriate level of oversight.”

SaMD Regulatory Clearance Challenges

Still, Burt sees her clients face regulatory hurdles. One of the biggest challenges is the lack of 510(k) clearances, making it harder for orthopedic companies to establish substantial equivalence and requiring them to choose De Novo or another pathway for regulatory approval.

Another challenge is FDA’s inexperience. “They’re working to figure out the regulatory oversight for SaMD,” Burt said. “Last year’s huge CDER reorganization is helping to ease some of the pain. This year, I’ve been a part of three FDA submissions for software and only received one round of questions, which is unheard of in the hardware space. If you follow available guidance and do a robust job documenting the exact product specifications and its intended use, FDA will likely provide approval.”

A third issue is that today’s hardware quality management systems (QMS) will not support a software product. Burt said that these systems are often built without the input of important software regulatory components like IEC 62304, FDA’s standard for design controls for software products. Brand new startups must build a QMS to meet all the standard medical device regulations plus the software standards.

Ongoing maintenance is also an obstacle. The change control process and postmarket surveillance for a software product is much different from that for hardware. “I think the key message here is that hardware-based quality systems are not going to enable your business to quickly, effectively and safely launch software products,” Burt said. “You’ll need to invest time on the front end to upgrade your quality systems to accommodate software. The whole idea is to launch a product that meets a market need as quickly as possible. If companies try to use their old hardware quality systems to do that, quality is going to become a massive bottleneck and huge frustration for the rest of the business.”

Advice and Best Practices for Commercialization

Burt shared other advice for companies developing a SaMD product, starting with monitoring regulatory briefs and educating themselves on the recently published guiding principles and the action plan. Of course, a successful SaMD product requires unique processes and talent throughout its entire lifecycle. A hardware commercialization approach will not support a compliant and timely launch of a SaMD product. It must include agile software development practices. Here are seven best practices to consider:

• Upgrade your regulatory and quality knowledge. Design controls, project management, risk management, document control and postmarket surveillance are areas where QMS’s currently compliant with FDA and ISO medical device regulations will require substantial upgrades.
• Develop a Cybersecurity Strategy. “If your company does not have a cybersecurity strategy, you need to stop what you’re doing and get started now,” Burt said. As the orthopedic industry evolves from devices into a significant data-driven, software-enabled world, cybercrime will only become more prevalent and impactful. “Imagine having an entire network of users that you’ve invested countless hours and dollars into converting to your products, all staring at a screen while you negotiate a ransom with cybercriminals,” Burt said. is a huge new challenge for medical device companies with culture roots in hardware and implants. Companies that successfully navigate this will have focused task forces actively engaged in understanding the latest tech used by cybercriminals and how to protect their products against it.
• Seek expert guidance. SaMD is new territory for most companies. Bringing in an expert to assess current quality systems and provide recommendations on development launch and maintenance can help reduce risk and increase launch success.
• Plan for multiple iterations of user needs. Like with traditional hardware projects, software products involve determining user needs to create a list of design inputs and outputs. However, the software may necessitate four or five iterations of user needs that continue to evolve throughout the process. “You may have one set of user needs and design inputs/outputs in January only to find three more in February, so expect that it will take time to get to a full launch if you do not have a design and development process built to manage the iterative nature of software development,” Burt said.
• Do a limited launch first. Commercializing software products also is very different in deployment. Planning for a limited launch to fine-tune and work out software bugs and tactical deployment challenges will result in a more successful full launch later. “I’ve seen companies build up hundreds of users only to find issues immediately after launch that weren’t caught in development,” Burt said. “They had to learn the hard way.”
• Rethink customer support. A typical customer service call center with a predefined issues list that reps can tease out over the phone will not work with software. Software customer service reps need to understand how the software works to facilitate real-time support. Burt has seen software companies with sales reps that double as technical support. However, salespeople may not have the proper technical aptitude to address issues and field support can take away from time spent selling. “You need a strategy to support your users in the field,” she said. “It’s not just a phone call. You need remote access if possible and a technical field service team that goes out to do the work and creates a relationship with the surgeon and staff.”
• Understand the hospital closing process. Selling a piece of technology to a hospital is different than gaining one surgeon’s interest in an implant. A variety of key stakeholders must be involved and grant approval before the deal can be done. According to KPMG, 81% of healthcare organizations have been compromised by cyberattacks in the last two years. IT can be a significant barrier to deal close if not appropriately managed.

Moving Forward

While SaMD technologies present unique considerations due to their complexity and the iterative and data-driven nature of their development, manufacturers, consultants and government agencies can be excited about opportunities as things evolve.

“With artificial intelligence and machine learning progressing so rapidly, our three regulatory agencies, together, see a global opportunity to help foster good machine learning practice by providing guiding principles that we believe will support the development and maturation of good machine learning practice,” Bakul Patel, director of FDA’s Digital Health Center of Excellence in the Center for Devices and Radiological Health, said in an FDA brief. “This will help stakeholders to advance device development, which has the potential to significantly improve the quality of patient care and transform health care.”

Kathie Zipp is a BONEZONE Contributor. Save Supplier