Copy to clipboard 
Orthopedic companies continue to usher in a technological revolution with the commercialization of robots, navigation and surgical planning — many of which leverage digital health applications like artificial intelligence (AI), machine learning (ML), augmented reality (AR) and virtual reality (VR). The Orthopaedic Surgical Manufacturers Association (OSMA) dedicated its Spring Meeting — which was held last month in Washington, D.C. — to discussions about the digital health regulatory landscape, hosting conversations among representatives from orthopedic companies, FDA, notified bodies and software companies.
The promise of digital health is well documented. Technology can empower surgeons and patients to make better-informed decisions, lead to efficiency in the O.R. and advance monitoring post-procedure. Further, technology is being leveraged to personalize orthopedic care.
Norbert Johnson, CTO of Imaging, Navigation and Robotics at Globus Medical, spoke about ways that robotic assistance and navigation systems are improving accuracy in spine surgery and pointed out that long-term spinal fusion outcomes remain lower than in other orthopedic procedures. “I think digital health is the answer to closing that gap,” he said.
Orthopedics is at an early stage of the development and commercialization or total product life cycle (TPLC) of these technologies. The market clearance of technologies that utilize digital health requires an evolving conversation between companies developing the products and regulatory bodies seeking to confirm that the technologies are safe and effective.
Several of orthopedics’ largest players — Stryker, Johnson & Johnson MedTech, Medtronic and Globus Medical — spoke on the importance of engaging with regulators early and often when bringing these technologies to market. Not only is technology quickly evolving, so too is regulatory thinking and guidance on the technology. Building relationships and collaborating with reviewers will ensure that companies have performed the proper validations and assembled the correct information that regulators want to see in a product submission for a digital health tool.
It was noted multiple times throughout the two-day OSMA meeting that FDA is more advanced in its thinking and guidance around these technologies than OUS countries. In 2020, FDA launched the Center of Digital Excellence within the Center for Devices and Radiological Health. The agency has issued 23 guidance documents that state its position on products from Software as a Medical Device (SaMD), AI/ML, cybersecurity, medical device interoperability and wireless devices.
AI/ML, cybersecurity and extended reality were among the topics discussed at the OSMA meeting. We will cover these topics at greater length in future articles. For now, here are highlights from the presentations.
AI/ML
AI and ML have the potential to transform orthopedic care. Companies are implementing technology to derive new insights from the vast amount of data generated during orthopedic surgeries. Much of the conversation at the OSMA meeting centered on the Predetermined Change Control Plan (PCCP), which is a document that describes what modifications will be made to the software using ML and how a company will assess the modifications.
The PCCP is included in a market submission. A benefit of a PCCP is that it allows manufacturers to make specific postmarket modifications without seeking new market authorization from FDA. However, significant consideration from R&D, marketing, new product development and regulatory assurance is required to develop a multi-year plan that outlines the modifications that will take place to the software in the future.
“It’s a tacit recognition by FDA that the way it regulates medical devices is not applicable to software,” said Manan Hathi, Senior Manager, Regulatory Advocacy Digital at Stryker. “Software is fast-paced, iterative and changes rapidly. FDA expects software products to be updated on a regular and frequent basis, so it is providing a pathway for specific machine learning device software functions that continually learn.”
In 2023, FDA, Health Canada and the U.K.’s Medicine and Healthcare products Regulatory Agency jointly identified five guiding principles for PCCPs. The guidance recommends that PCCP is focused and bounded, risk-based, evidence-based, transparent and accounts for a TPLC perspective. Hathi noted that FDA is working to expand guidance around PCCPs.
Cybersecurity
Cybersecurity plays a growing role in our everyday lives as more of our tasks are connected to the internet and susceptible to cyberattack. Industry and FDA spoke about recent guidance documents issued by the agency that pertain to quality system considerations and premarket submissions of cyber devices.
A product is considered a cyber device if it includes software validated, installed or authorized by the sponsor as a device or in a device; has the ability to connect to the internet; and contains technological characteristics validated, installed or authorized by the sponsor that could be vulnerable to cybersecurity threats.
“We’ve seen companies go through mental gymnastics to say that their device is not a cyber device,” said Jessica Wilkerson, Senior Cyber Policy Advisor and Medical Device Cybersecurity Team Lead at FDA. Devices with a USB port or computing software are two examples of cyber devices that she provided.
The word “connected” is often defined differently by commercial, sales and engineering teams, said Jenn Talley, Director of MedTech Cybersecurity Strategy & Governance at J&J MedTech. “Connect capable” is the terminology J&J MedTech has adopted internally to help all roles understand if a product is considered a cyber device.
Wilkerson and Tann spoke about legacy devices, which are technologies that cannot be updated and, therefore, cannot be protected against cybersecurity threats. Legacy devices carry a high risk of vulnerability to cybersecurity threats and are of particular concern for regulators, medtech companies and hospitals. Wilkerson said numerous recent cyberattacks have halted patient care and bricked medical devices.
The Health Sector Coordinating Council Cybersecurity Working Group developed a strategic plan for 2024-2029 and a guide, Health Industry Cybersecurity – Managing Legacy Technology Security (HIC-MaLTS), meant to provide valuable resources for industry as it manages current and future legacy devices.
“The future legacy recommendations talk about how to design a secure device,” Wilkerson said. “How do you make a device that can be deployed and maintained securely with the goal that legacy determination becomes your choice rather than something that’s done to you?”
Extended Reality
VR and AR applications are experiencing significant growth in orthopedics, as device and software companies develop new ways to train clinical teams on procedures and provide surgeons with a greater view of patient anatomy intraoperatively. Fifteen of the 38 AR/VR devices FDA highlights on its extended reality webpage have orthopedic applications, primarily for surgical navigation.
Companies must respect hardware and software considerations when bringing this technology to market, said Ryan Beams, Ph.D., a Physicist and Office of Science and Engineering Laboratories MXR Program Coordinator at FDA.
On the hardware side, companies may choose to use universal headsets that have wide-ranging applications outside of healthcare. Because technology is rapidly advancing, the headset on which the company validates its software might not be available once a company gets through the regulatory submission process, Dr. Beams said. On the software side, he talked at length about the challenges companies face with imaging overlay and contrast, depth perception and motion tracking latency.
Dr. Beams noted that the agency has formed public/private partnerships to deepen its research and work to provide answers to challenges with AR and VR medtech applications. “If companies are thinking about entering this space,” he said, “I highly encourage them to come talk to us with a Q-Submission. We can provide them with information before they get too far into the design cycle.”
Throughout the meeting, FDA staff touted Medical Device Development Tools (MDDTs) and Regulatory Science Tools and the role these programs can play in the rapidly evolving digital healthcare space. The MDDT program is a way for FDA to qualify tools that companies can use in the development and evaluation of medical devices. Regulatory Science Tools provide peer-reviewed resources for companies to use when standards and qualified MDDTs do not exist.
“We start out with a research question and then develop a test method and try to release Regulatory Science Tools,” Dr. Beams said. “This is particularly important in this space because many medical device companies are not developing the hardware. We want to have maximum impact, and we want our test methods to track back to the hardware manufacturers that are designing these products.”
