Dismiss Notice
You must be a registered member in order to post messages and view/download attached files in this forum.
Click here to register.

Is a software platform a medical device???

Discussion in 'ISO 13485 and ISO 14969 – Medical Devices QMS' started by AdaTW22, Mar 9, 2020.

  1. AdaTW22

    AdaTW22 New Member

    Mar 9, 2020
    Likes Received:
    Trophy Points:
    Trying to determine the scope of medical device regulation and whether it applies to a given software platform.

    • The platform provides tools for building chatbots
    • The platform is targeting the Healthcare Domain (providers and payers)
    • The organizations using the platform could build chatbots which answer medical questions or try to perform an initial assessment of their patient's symptoms.
    • The platform has some built-in skills that make this relatively easy to build.
    • Alternatively, the organization could build a chatbot that does nothing medical at all such as looking up opening hours of clinics.

    Since the intended use for the platform could greatly vary on the organizations use case for the platform I have two questions:
    • Is the creator of the platform within the scope of medical device regulation? EU/US?
    • Is the healthcare organization responsible for complying with medical device regulations also?

    Some clarity on this would be greatly appreciated.
  2. yodon

    yodon Well-Known Member

    Aug 3, 2015
    Likes Received:
    Trophy Points:
    This is just my perspective so don't take it to be gospel.

    The platform, in and of itself, does not meet the definition of a medical device so it cannot be classified as such.

    An application running on the platform that does meet the definition of a medical device would have to comply with all the applicable regulations.

    The platform, then, becomes part of that system. It would need to either be handled as COTS / SOUP or adopted as part of the system and then assigned a software safety class, have all the required documentation available, etc. As you describe it, probably most likely it would be handled as SOUP.

    Assuming the platform would be managed as SOUP, there's plenty you can do to facilitate the regulatory pathway for your clients; i.e., follow IEC 62304 (the standard for medical device software - and since you don't know what applications would run on top, probably best to go with Class A), demonstrate cybersecurity, assure proper management of protected health info (HIPAA / GDPR), etc. (Depending on the situation, there may be more / different standards that would be applicable so 62304 may be just a start.)

    The application you describe (chatbot to answer medical questions or do an initial assessment) would be extremely difficult, I would think, to get regulatory clearance. The other application (looking up operating hours of clinics) would not be a medical device and so wouldn't require any clearance.

Share This Page