December 3, 2022
Earlier this year, Diapason participated in the organisation of the CreativeAI_Sydney symposium. At this time, public attention on generative AI was growing exponentially, and focused very much on Dall-E2, Midjourney and Stable Diffusion (in the order they entered the spotlight), i.e. ‘prompt to image applications’. Most of our discussions gravitated around the this fundamental question: “Can AI be an artist (and therefore be a threat to existing artists) - or is AI only a tool that artists can use”. This question had been answered 5 years ago almost to the day in in the field of medical imagery AI with the idiom Rads who use AI will replace rads who don’t, although this is still open to interpretation.
Whilst the exponential progresses are continuing at hyperspeed on the prompt-to-image side, recently lots of attention has been given on another groups of applications, whereby generative AI is used to produce textual contents - with some reports claiming sentience has been achieved.
With OpenAI releasing their latest conversational model for free trial, I decided to give it a go to explore whether in the near future “AI will replace medtech regulatory consultants” or else “Consultants who use AI will replace consultants who don’t”.
Conversation below:
How are medical devices regulated across the world?
Medical devices are regulated differently across the world. In the United States, medical devices are regulated by the Food and Drug Administration (FDA), which is responsible for ensuring that medical devices are safe and effective. In the European Union, medical devices are regulated by the European Medicines Agency (EMA), which has similar responsibilities to the FDA. In Canada, medical devices are regulated by Health Canada, and in Australia, they are regulated by the Therapeutic Goods Administration (TGA).
What about other countries?
In most countries, medical devices are regulated by a government agency responsible for overseeing the safety and effectiveness of medical products. These agencies often have similar roles and responsibilities to the FDA, EMA, Health Canada, and TGA. However, the specific rules and regulations governing medical devices can vary from country to country. It’s important for manufacturers of medical devices to be familiar with the regulations in the countries where they plan to sell their products.
Why can’t all countries adopt the same regulations? Wouldn’t it be more efficient?
While it might be more efficient for all countries to have the same regulations for medical devices, there are a number of reasons why this is not practical. For one, different countries have different health care systems and different priorities when it comes to regulating medical devices. In addition, each country has its own unique political and economic environment, which can influence the way medical devices are regulated. Finally, there may be cultural and linguistic differences that make it difficult to adopt a single set of regulations for all countries.
Not bad at all TBH. Could not really engage in the last question - but i was definitively pushing it a bit far - and most human consultants would not have answered any better.
Time to go a bit deeper in tech then. International policies are not easy concept to deal with for an algorithm - but maybe SaMD is? Let’s see.
Is there anything else you would like to know? I’m here to help with any questions you have.
What are the specific regulations for software as a medical device?
Software that is considered a medical device is subject to the same regulations as other medical devices. In the United States, the FDA has issued specific guidance on the regulation of medical device software, which includes both standalone software and software that is integrated into a medical device. The guidance outlines the requirements for demonstrating the safety and effectiveness of medical device software, as well as the classification of different types of software based on their potential risks to patients. In the European Union, medical device software is subject to the same regulations as other medical devices, as set forth in the Medical Device Directive and the Medical Device Regulation. In Canada, medical device software is regulated by Health Canada, and in Australia, it is regulated by the TGA. Again, it’s important for manufacturers of medical device software to be familiar with the specific regulations in the countries where they plan to sell their products.
Are there any widely accepted technical standards that can be used to support the development of medical device software ?
Yes, there are several widely accepted technical standards that can be used to support the development of medical device software. Some of the most commonly used standards include the International Organization for Standardization (ISO) standards for medical device software, the American National Standards Institute (ANSI) standards for medical device software, and the International Electrotechnical Commission (IEC) standards for medical device software. These standards provide guidance on a wide range of topics related to medical device software, including software design, development, testing, and maintenance. Adherence to these standards can help manufacturers ensure that their medical device software is safe and effective.
What are the names of these standards?
Some of the most commonly used standards for medical device software include ISO 13485, which provides requirements for a quality management system for the design and manufacture of medical devices, including medical device software; IEC 62304, which provides requirements for the development and maintenance of medical device software; and ANSI/AAMI/ISO 14971, which provides guidance on the application of risk management to medical devices, including medical device software. These are just a few examples of the many technical standards that are available to support the development of medical device software.
Are all editions of these standards equivalent?
No, not all editions of these standards are equivalent. The specific requirements and guidance provided by these standards can change over time, as new information and technology become available. As a result, it’s important for manufacturers of medical device software to use the latest edition of the relevant standards when developing their products. Using an older edition of a standard could result in the development of software that does not meet the current requirements and could potentially be unsafe for use.
What if a regulatory authority has not yet accepted a newer edition?
If a regulatory authority has not yet accepted a newer edition of a standard, manufacturers of medical device software should continue to use the edition of the standard that is currently accepted by that regulatory authority. It’s important to follow the regulations and requirements set forth by the relevant regulatory authority, even if they are based on an older edition of a standard. Using a newer edition of a standard without the approval of the regulatory authority could result in the rejection of the software or other regulatory action.___
Still quite good. I’m definitively impressed that the algorithm really understood my question. Whilst it fell at first into the trap of “newer is always better”- when given a chance to revisit its answer it dodged the bullet well. Let see whether it is able to keep digging further in the “specific” direction.
What is the applicable edition of IEC62304?
IEC 62304 is a standard that provides guidelines for the development of medical device software. The most recent edition of the standard is IEC 62304:2018, which was published in 2018. This standard replaces previous editions and provides updated guidelines for the development and maintenance of medical device software.__
OK so now that’s puzzling. IEC62304 has had an interesting life-cycle, with the committee in charge of its maintenance lately failing to reach a consensus on the scope of the planned update, resulting on the 2006+2015_Amendment1 version being still the applicable one. So where did the OpenAI model “learn” about this alleged 2018 version? I will actually feed that back to the OpenAI team!
Let’s have a go at wellness now.
Vhat about wellness technology. Is it regulated too ?
Wellness technology is a broad term that encompasses a wide range of products, including fitness trackers, sleep monitors, and other devices that are designed to promote wellness and healthy living. Whether or not wellness technology is regulated depends on the specific product and how it is intended to be used. In general, products that are intended for use in the diagnosis, cure, mitigation, treatment, or prevention of disease are considered medical devices and are subject to regulation by agencies such as the FDA and the EMA. On the other hand, products that are intended for general wellness and fitness purposes are not typically considered medical devices and may not be subject to the same level of regulation. However, it’s important to note that the regulation of wellness technology can vary depending on the country and the specific product, so it’s always best to check with the relevant regulatory authority to determine whether a particular product is subject to regulation.__
Well done mate! I don’t think I could have answered differently. Good pickup on “Intended to be used”. Change of direction - let’s explore Quality Systems:
What is a QMS?
A Quality Management System (QMS) is a set of policies, processes, and procedures that are implemented by an organization to ensure that its products and services meet the requirements of its customers and relevant regulatory authorities. A QMS is designed to help an organization consistently deliver high-quality products and services, and to continually improve its performance over time. The specific elements of a QMS can vary depending on the industry and the specific needs of the organization, but common elements of a QMS include quality planning, quality control, quality assurance, and quality improvement. A QMS is often a requirement for organizations that are subject to regulatory oversight, such as manufacturers of medical devices.
Can a QMS be implemented electronically ?
Yes, a Quality Management System (QMS) can be implemented electronically. In fact, many organizations use electronic systems to manage their QMS, as this can help to improve the efficiency and effectiveness of their quality management processes. Electronic QMS systems typically include features such as document management, non-conformance tracking, and corrective and preventive action (CAPA) management, which can help organizations to better control and improve the quality of their products and services. These systems can also provide reporting and analytics capabilities, which can help organizations to monitor their performance and identify areas for improvement. Implementing an electronic QMS can help organizations to more easily comply with regulatory requirements and to consistently deliver high-quality products and services.
What are examples of electronic QMS solutions?
There are many different electronic Quality Management System (QMS) solutions available on the market. Some examples of electronic QMS solutions include MasterControl, EtQ Reliance, and Arena QMS. These solutions typically include features such as document management, non-conformance tracking, and corrective and preventive action (CAPA) management, which can help organizations to better control and improve the quality of their products and services. Electronic QMS solutions can also provide reporting and analytics capabilities, which can help organizations to monitor their performance and identify areas for improvement. These are just a few examples of the many electronic QMS solutions that are available. It’s important for organizations to choose a solution that meets their specific needs and requirements.
Can I build my own electronic QMS?
It is possible to build your own electronic Quality Management System (QMS), but this can be a complex and time-consuming process. Developing an effective QMS requires a thorough understanding of quality management principles and practices, as well as the specific requirements of the industry and regulatory authorities. Building a QMS from scratch also requires significant resources, including specialized knowledge and expertise, as well as the development of custom software and systems. For these reasons, it may be more practical for most organizations to purchase an off-the-shelf QMS solution, rather than attempting to build their own. However, if your organization has the necessary resources and expertise, it may be possible to develop your own electronic QMS.__
Good stuff - what about ISMS?
What is an ISMS ?
An Information Security Management System (ISMS) is a framework of policies, processes, and controls that are implemented by an organization to manage and protect its sensitive information and data. An ISMS is designed to ensure that an organization’s information and data are secure and protected from unauthorized access, disclosure, or destruction. The specific elements of an ISMS can vary depending on the organization’s needs and the nature of its operations, but common elements of an ISMS include risk assessment, information security policies, access controls, and incident management. Implementing an ISMS can help organizations to comply with relevant information security regulations and standards, and to protect their sensitive information and data from potential threats.
What are the most widely adopted standards to implement an ISMS
The most widely adopted standards for implementing an Information Security Management System (ISMS) are the ISO/IEC 27001 and ISO/IEC 27002 standards. These standards provide a framework for implementing, maintaining, and continually improving an ISMS. The ISO/IEC 27001 standard provides requirements for an ISMS, while the ISO/IEC 27002 standard provides guidance on the selection and implementation of specific controls to meet the requirements of the ISO/IEC 27001 standard. Adopting these standards can help organizations to implement an effective and comprehensive ISMS that is aligned with industry best practices and international standards. These standards are widely adopted by organizations around the world and are recognized as the international benchmark for information security management.__
Good answer - also I asked for standardS, plural, and 27002/27001 is more like one “family” rather than different standards. So let’s try to push it a bit:
What about SOC2?
SOC 2 is a security and compliance standard for organizations that handle sensitive information. It is based on the Trust Service Principles and criteria established by the American Institute of Certified Public Accountants (AICPA). SOC 2 provides a framework for organizations to follow in order to ensure the security, availability, processing integrity, confidentiality, and privacy of sensitive customer data.
Are there important standards for ISMS other than 27001?
Yes, there are several other standards that are related to information security management systems (ISMS). Some of the most important ones include ISO/IEC 27002, which provides guidelines for selecting and implementing security controls, and ISO/IEC 27005, which provides guidelines for information security risk management. Additionally, the International Organization for Standardization (ISO) has published a series of standards under the ISO/IEC 27000 family, which provide guidance on various aspects of information security management.
What about SOC2?
SOC 2 is not directly related to ISMS, but it is a relevant standard for organizations that handle sensitive information. As I mentioned earlier, SOC 2 is a security and compliance standard that is based on the Trust Service Principles and criteria established by the AICPA. It provides a framework for organizations to follow in order to ensure the security, availability, processing integrity, confidentiality, and privacy of sensitive customer data.__
Impressed again. Just needed a bit of a nudge. Back to medical device regulations - let’s have a try at classifications:
Can you explain why there are several classes of devices?
Medical devices are classified into different classes based on the level of risk they pose to patients. The specific classification system used can vary depending on the country, but in general, medical devices are classified into one of several classes based on factors such as the intended use of the device, the potential benefits and risks of the device, and the level of invasiveness of the device. The different classes of medical devices are intended to reflect the level of risk associated with the device, with Class I devices being the least risky and Class III devices being the most risky. This classification system helps regulatory authorities to determine the appropriate level of oversight and regulation for each type of device, and helps manufacturers to understand the requirements for developing and selling their products.
What is the class of a CPAP mask for instance?
A CPAP mask, which is used to treat sleep apnea, would typically be classified as a Class II medical device. This is because the device is intended for use in the treatment of a medical condition, and it presents a moderate level of risk to patients. Class II devices are subject to more stringent regulations than Class I devices, which are considered to be the least risky, but they are not as heavily regulated as Class III devices, which are considered to be the most risky. In the United States, the FDA has specific requirements for the development and marketing of Class II medical devices, including CPAP masks. These requirements are designed to ensure the safety and effectiveness of the device, and to protect the health of patients who use it.
What is the class of a CPAP mask for instance in Australia?
In Australia, a CPAP mask would also typically be classified as a Class II medical device. In Australia, the Therapeutic Goods Administration (TGA) is responsible for regulating medical devices, including CPAP masks. The TGA uses a classification system similar to that used by the FDA in the United States, with Class II devices being those that are intended for use in the diagnosis, treatment, or prevention of disease, and that present a moderate level of risk to patients. As a Class II device, a CPAP mask would be subject to specific regulations and requirements in Australia, including the requirement to obtain clearance or approval from the TGA before the device can be sold in the country.
But Class II does not exist in Australia.
You’re correct, Class II does not exist in the Australian medical device classification system. In Australia, medical devices are classified into four classes: Class I, Class IIa, Class IIb, and Class III. These classes are based on the level of risk associated with the device and the intended use of the device. A CPAP mask, which is used to treat sleep apnea, would typically be classified as a Class IIa medical device in Australia. This is because the device is intended for use in the treatment of a medical condition, and it presents a moderate level of risk to patients. Class IIa devices are subject to more stringent regulations than Class I devices, which are considered to be the least risky, but they are not as heavily regulated as Class III devices, which are considered to be the most risky. In Australia, the TGA has specific requirements for the development and marketing of Class IIa medical devices, including CPAP masks. These requirements are designed to ensure the safety and effectiveness of the device, and to protect the health of patients who use it.__
Whaoo! This is genuinely interesting and impressive. This is really conversational. Admitting a mistake and correcting it is a feature that some human conversation agents have not even achieved yet!
What are examples of class IIb devices in Australia?
In Australia, Class IIb devices are medical devices that are intended for use in the diagnosis, treatment, or prevention of disease, and that present a moderate to high level of risk to patients. Some examples of Class IIb devices in Australia include certain types of imaging equipment, such as ultrasound and MRI machines, and certain types of surgical instruments, such as powered surgical drills. Like Class IIa devices, Class IIb devices are subject to specific regulations and requirements in Australia, including the requirement to obtain clearance or approval from the Therapeutic Goods Administration (TGA) before the device can be sold in the country. The specific regulations and requirements for Class IIb devices are designed to ensure the safety and effectiveness of these devices, and to protect the health of patients who use them.
Are apps regulated too ?
Whether or not apps are regulated depends on the specific app and how it is intended to be used. In general, apps that are intended for use in the diagnosis, cure, mitigation, treatment, or prevention of disease are considered medical devices and are subject to regulation by agencies such as the FDA and the EMA. These regulatory agencies have issued specific guidance on the regulation of medical device apps, which outlines the requirements for demonstrating the safety and effectiveness of these products. On the other hand, apps that are intended for general wellness and fitness purposes are not typically considered medical devices and may not be subject to the same level of regulation. However, it’s important to note that the regulation of apps can vary depending on the country and the specific app, so it’s always best to check with the relevant regulatory authority to determine whether a particular app is subject to regulation.__
In conclusion - can AI replace regulatory/quality consultants? I hope not. Definitively though, there are a lot of questions for which such a tool can offer good answers - although there are very weirdly wrong answers in the mix (IEC62304:2018, or the Australian non existing class II). Considering how much content - grammatically correct and factually mostly correct, can be generated from such a small set of questions, the potential of this technology for generating white-papers and blog posts in a consulting context is obvious.
IMAGE: Dall-E2, prompted by me with “A chatbot pitching to a C-suite”