If ‘ignorance of the law is no excuse’ telehealth commissioners and providers have a responsibility to make sure that in matters of medical devices all regulations – many of them legal requirements – are being adhered to. Failure to do so on one side or the other implies a willingness to be complicit in their breaking and it unfairly tilts the market against those companies that abide by the rules.
This Soapbox item is timely given that there is due to be a big push for telehealth in the UK on the back of the WSD programme results. It is written by an experienced professional in the telehealth field who, because of his or her position cannot reveal his or her identity. It will also become obvious to readers why he or she cannot name the ‘guilty parties’. However, there are questions at the end which service commissioners should now use to identify whether they are dealing with a company that is breaking the regulations.
There is now no excuse for either the companies involved not to correct the situation or for commissioners to continue to put their investment of public money at risk.
Steve Hards, Editor
Readers who prefer to read this long item as a PDF can download it here.
While the world holds its breath waiting for the imminent final revelation of the Department of Health’s Whole System Demonstrators (WSD) results, the global mass of telecare and telehealth manufacturers, distributors, resellers and newcomers are revving up their trucks full of boxes and briefing their marketing departments – all believing that a ‘tsunami of sales’ are just around the corner!
Storm brewing…
Potentially there is a storm brewing in the UK with the policing of Quality Assurance and Regulatory Affairs (QA-RA) of the technologies and software used in the remote monitoring of a person with a long-term or other health care condition, wherever this person is located.
To highlight this point:
- The legal responsibility of QA-RA lies with the manufacturer, the distributor and reseller, but who in the UK is responsible for monitoring the Commissioners of Telehealth and Telecare?
- Commissioners are not asking pertinent QA-RA questions on tenders (and often not aware that some of the kit they are buying could be illegal, i.e. not in compliance with EU medical device directives. Some manufacturers are confused as to whether the technology is a medical device or not (and if so, which Class of device it is!) and patient safety is potentially put at risk if a non-compliant product is used.
- The Government Procurement Service, The Telecare, Telehealth and Telecoaching framework agreement (previously PASA/Buying Solutions) appear not to be asking for copies of evidence of CE marking for telehealth and telecare medical devices for products and services used within the Telecare Framework!
- Medical devices sold in the UK need to be CE marked either by a Notified Body or be registered with the MHRA if a low risk Class I device. It is illegal to sell a medical device without an appropriate CE marking in the UK but this does not appear to stop the NHS or other providers from buying such devices!
- Customs and Excise unknowingly allow these devices to be imported!
- Trading Standards Officers are unaware that such devices are sold in their area!
- Trade bodies and associations are often not aware that European Directives, regulations and national laws exist and are not educating and/or reinforcing such issues with their members.
- UK centres of excellence for Telehealth, Telecare and Telemedicine do not appear to be monitoring this issue or addressing this locally either!
Key regulations
The MHRA publication Guidance Note 20: Borderlines with Medical Devices, Updated March 2011, advises the following useful information:
- The word ‘manufacturer’ in the context of the medical device directive means the person or company who is placing the product on the market or into service in their own name. It does not necessarily mean the physical manufacturer of the devices concerned. If a company is an ‘own brand labeller’ then they take on full legal responsibility as the manufacturer of the product as defined in the Regulations.
- Software may be considered to be medical devices provided that the purpose fits the definition of a medical device. The revised definition of a medical device includes standalone software in the definition of a medical device and includes the fact that when software is used in combination with a device which is ‘intended by its manufacturer to be used specifically for diagnostic and/or therapeutic purposes’ that it will be considered to be a medical device.
Other published advisory information:
- Software that performs a medical intended purpose today as given in the MDD 93/42/EEC should be treated as an active medical device. This is not a change in regulation on software but merely a clarification and reinforcement of an existing requirement to treat stand-alone software as an active medical device. Any stand alone custom software must be MDD CE marked.
- Clinical Trial requirements:
– For software that qualifies as a medical device but is not yet CE-marked or is a new version that is not covered by the previous CE mark (for example, because it is an update to remedy a flaw that caused an incident), a manufacturer is prohibited from running that software in human tests outside of an approved clinical trial setting. This rule may appear obvious, but it is, in practice, a frequent source of confusion and mistake on the part of manufacturers.
The definition of a medical device as defined by Article 2(2) of Directive 2001/83/EC is:
any instrument, apparatus, appliance, material or other article, whether used alone or in combination, including the software necessary for its proper application intended by the manufacturer to be used for human beings for the purpose of:
- diagnosis, prevention, monitoring, treatment or alleviation of disease,
- diagnosis, monitoring, treatment, alleviation of or compensation for an injury or handicap,
- investigation, replacement or modification of the anatomy or of a physiological process,
- control of conception,
and which does not achieve its principal intended action in or on the human body by pharmacological, immunological or metabolic means, but which may be assisted in its function by such means.
With regard to mHealth and mobile phone telehealth solutions one medical device consultant advised:
“With respect to hardware, I suggest it is acceptable in this application for the tablet PC or Smartphone to be compliant with electrical safety standards other than IEC 60601-1, given there is no direct wired connection with the peripheral devices. However, the use of wireless Bluetooth comms raises the issue of any interference with data collection and transmission from each peripheral medical device, particularly when all the intended peripherals are connected wirelessly to the nearby communications unit at the same time (if that is possible)”.
On asking about a specific mobile solution he said:
“I believe this product should be medical EMC (emissions and immunity) tested as a medical device system as part of the software CE process, as it is probably unrealistic to apply a CE mark to a standard tablet PC or Smartphone. There could also be a need to test for any cross-talk between adjacent peripheral devices effecting their operation.”
NHS encouraged to use telehealth
In the recent publication NHS Operating Framework for the NHS in England 2012/13, Sir David Nicholson KCB DCE, NHS Chief Executive states: “Rapidly spreading changes that improve quality and productivity to all parts of the NHS will be crucial: a clear example is the use of telehealth to improve services for patients with long term conditions.”
Section 2.22 of this report states:
Telehealth and telecare offer opportunities for delivering care differently but also more efficiently. Use of both of these technologies in a transformed service can lead to significant reductions in hospital admissions and lead to better outcomes for patients. Using the emerging evidence base from the Whole System Demonstrator programme, PCT clusters working with local authorities and the emerging CCGs should spread the benefits of innovations such as telehealth and telecare as part of their ongoing transformation of NHS services. They should also take full consideration of the use of telehealth and telecare as part of any local reconfiguration plans.
The move to a new NHS Commissioning Board (a special health authority) that will have the responsibility to provide leadership and to hold Clinical Commissioning Groups (CCGs) to account (from April 2013) is most welcome.
No policing
In the meantime, however, we are experiencing a wide range of commissioning of Telecare and Telehealth, procurement of such technologies and services by PCT’s, FT’s, NHS Direct, Social Care Organisations, Charities, Housing Associations, Local Authorities, Councils, Call Centres, Government Procurement Frameworks, Private Health Care Providers et al. This commissioning goes unabated, unchecked and perhaps unseen by higher authorities – in short, there appears to be no real policing of Telecare and Telehealth QA-RA compliance in UK procurement of such devices today!
The UK Telecare market is one of the world’s largest in devices sold per head of population (but not necessarily implemented and installed in homes) – the traditional Telecare market is now worryingly migrating towards Telehealth as an area of potential growth and Social Care organisations are commissioning the procurement of Telehealth. Local Authorities, Councils and Housing Associations are commencing Telehealth programmes (often in partnership with a device manufacturer and their neighbouring PCT) and often without the awareness of EU CE marking directives, national laws and registration concerning the use of medical devices. The MHRA, as the UK’s Competent Authority, needs to ensure that enforcement actions are taken and it must work with all stakeholders, especially the Department of Health and NHS to ensure that patient safety is protected and that only compliant products are placed on the rapidly increasing market.
In a Medtech Business publication, Issue 19 June 2011 (link at end), Trevor Lewis BSc(Hons), CEng, CPhys, MIEE, MInstP, MCIM, MInstD, medical device regulatory expert and Principal Consultant at Medical Device Consultancy (MDC) stated:
“If the regulatory system in Europe is to improve, a number of factors are needed. There has to be a mindset among all manufacturers to fully comply with or exceed the essential requirements of the directives. There is a need for more clinical investigations (both pre-and post-market), especially for higher-risk devices; and for greater transparency about the classification and presence on the market of all devices, especially higher-risk ones. The regulations should be enforced in an appropriate and proportionate way, with due regard to economic cost and the public health interest. Finally, all medtech industry representatives and other stakeholders need to work at improving the medical device directives…The current position that the medical device regulatory world finds itself in causes me much concern. The focus should be on making the current system more productive and more rigorously used and enforced, not reinventing it.”
From the same publication, an article titled Benefits of the European regulatory system from the ABHI states:
“ABHI has for many years operated a Code of Business Practice, which was comprehensively revised in 2008 in conjunction with the revision of a similar Code of Practice operated by Eucomed. These codes lay down, in strict terms, the way in which manufacturers and suppliers should interact with health professionals and purchasers of medical technology.”
It is a condition of membership of both ABHI and Eucomed that members adhere to these Codes, which are aimed at establishing and maintaining high standards of business ethics.
NHS and Social Care Commissioners and UK trade bodies and associations representing the telecare, telehealth and telemedicine industries should take note of the ABHI Code of Practice!
The DALLAS police?
The Technology Strategy Board (TSB) are in the process of evaluating DALLAS bids that could see over the next three years, the deployment of ‘tens of thousands’ of devices and solutions starting April 2012, the question should be asked: ‘who is policing the various TSB Community Seeds submitting these plans to ensure their trade partners have legitimate and legal CE marked medical devices/products’? – In addition: are there any existing funded ALIP projects that fall foul of QA-RA and EU laws/CE issues?
With devolved Governments in Scotland, Wales and Northern Ireland all serious about telehealth implementation in 2012, there is the issue over the existing legacy telehealth and telecare systems already sold throughout the UK to Health and Care organisations and programmes and used by patients that are not CE marked as a medical device! Will an audit be undertaken regionally or nationally of such solutions already deployed in the market place? And if found to be illegal – what will these organisations actually do about the kit in daily use in patient’s homes? Who would the policeman be in this scenario – the MHRA?
Existing illegal devices
With respect to the CE marking of a medical device, the question arises where illegal and legacy telehealth systems/devices are found to exist in the UK market place, as to whether these devices will be officially recalled under an MHRA ruling? Strictly speaking, you cannot retrospectively CE mark a product.
From a commercial perspective, companies that are compliant and follow EU legislation together the significant time and investment associated with the CE marking of medical devices are facing competition in tenders and potentially being disadvantaged by suppliers winning contracts with non CE compliant solutions. There is also the very British reticence it would seem, that ‘whistle blowing isn’t the done thing’ so as not to be ostracised and or ‘blackballed’ by Commissioners!
Finally, if such an organisation were found to have sold product(s) and or services that included non-compliant solutions that potentially put a healthcare organisation, their patients and healthcare professionals at risk, what sanctions would be applied to that provider or supplier – locally and/or nationally – and would the embarrassed commissioning body, having potentially spent tax payers’ money unwisely, ‘sweep the issue under the carpet’ so as not to be exposed for incompetence? Again, who would be the policeman be ‘issuing the ticket’?
‘Dr Concerned’
6 December 2011
Questions Telehealth Commissioners should ask their suppliers
Is the product CE marked to Article 12 of the Medical Device Directive 93/42/EC?
If ‘yes’, please provide evidence.
If ‘yes’, is the Medical Device registered with the MHRA?
If ‘no’, is the telehealth system software CE marked independently?
If ‘yes’, please provide evidence as to what classification.
If the software is CE marked independently, are the medical peripherals also CE marked independently and to what classification?
Please provide a list of, and evidence of, all medical devices’ CE certificates
Have you sold products and/or services using the product, in the UK market prior to CE marking of the product by a Notified Body?
Is the product (or service using the product) registered on the Government Procurement Service’s Telecare Framework RM 748?
If yes, in which Lots?
Supporting documentation (PDF downloads)
The pre-market clinical evaluation of innovative high-risk medical devices. KCE reports 158C
Medtech Business Issue19 June 2011
Electrical and Electronic Safety in Medical Devices – Human Factors, Software and Electromagnetic Compatibility. Lewis and Armstrong Medical Device Manufacturing And Technology 2006
Other links
http://www.medicaldeviceconsultancy.co.uk/?id=4
http://www.cherryclough.com
http://www.clinica.co.uk
UPDATE 16 Dec: There is discussion triggered by this item happening on the LinkedIn Connected Health Community Group: Should we be concerned if Telehealth devices do not comply with EU medical device legislation?
UPDATE MARCH 2012: For further comments on this topic, please see the item When is a telecare/telehealth device a ‘medical device’?
Ed. Steve for Anon 1
This article is going to send some shivers through the market, but I sense there are some aspects that are unduly scary.
Firstly – I will say that it is hard to argue against than the need for all equipment, and the services that use it, to be safe. A CE mark is a basic requirement, but in calling for better policing is there actually a problem with the way responsibilities are defined? If the author has a genuine concern about a medical device is it not simply possible to write to MHRA?
Of course, there are wider issues at stake which means that the answer set out in the article is not straightforward. Firstly, the idea that something is safe requires some definition of what acceptable risk is. I don’t think there is a good definition of risk that allows telehealth ‘systems’ – and I use that word advisedly – to be appropriately classified. One of the reasons why is the second conundrum.
When I once asked someone in MHRA whether a telephone handset used by an out-of-hours doctor was a medical device if they used it for diagnostic purposes, they said that their view was that the phone was simply infrastructure. A similar logic applies to broadband networks used to transmit digital x-rays. So where do you separate out the infrastructure from the medical device in telehealth – and are separate components separate devices? Is a ‘hub’ a medical device, or simply the infrastructure used to communicate. This is not straightforward. I recall one system using smartphones created a plug-in adapter to talk to medical devices on the understanding (and it is CE marked under MDD) that the smartphone would not be a medical device. But why did they need to develop a separate adapter, and introduce additional user and technical risks, simply to communicate.
Clearly the regulations are throwing up some apparent absurdities. They may also effectively serve to deny apparently beneficial services to people because the controls applied are completely disproportionate to the risk. M-health is already cutting a swathe through this – partly because ‘wellness’ is considered outside health in the way regulations are applied – by making low cost health apps abundantly available. It is time for the way regulations in this area to be revisited.
Telehealth and telecare are not necessarily cutting a new trail in this field. These very issues are faced by mainstream health IT systems. So, is the monitoring centre software a medical device or simply a data display? Is it actually taking responsibility for making decisions on patients away from clinicians, or is it presenting data for a clinician to be able to arrive at exercise their own clinical judgement? There is no clear consensus on the answers to these questions across Europe, but there appears to be a majority view in the UK that treating these systems as medical devices is not appropriate and there is a need to ensure that health software is not unnecessarily over-classified.
So this is a regulatory minefield in which there is uncertainty and a diversity of practice that has been allowed to go on with the apparent knowledge of the Regulators. While the Regulators work out how they want to manage this, and a resolution is unlikely to be quick, there are some simple steps for providers to follow. The Information Standards Board published a notice in 2009 called “DSCN 18/2009 Patient Safety Risk Management System – Deployment and Use of Health Software”. This standard offers the health organisation a framework within which the patient safety hazards associated with the deployment and implementation of new eHealth systems can be managed. It will prompt a question from vendors about whether they have implemented their equivalent process, defined in DSCN14/2009, which if you follow, you would discover not only whether something was CE marked but also the steps you would need to take to implement the system safely.
A wake up call on regulation is probably need, but for all the reasons I have set out above it would be wrong to consider policing of CE marking as the answer to safety. The patient safety risk management approach provides a more holistic approach to managing patient safety, recognising that many issues will be emergent.
Ed. Steve for Anon 2
I wholly agree regarding CE marking of hardware – it is essential that all hardware is appropriately tested and marked for compliance with whichever standards are appropriate. However if a computer – or for that matter a mobile phone – is being used as a ‘hub’ for the onward transmission of data received from medical devices on to a clinician, that does not make that ‘hub’ a medical device per se.
A few months back, just to check my understanding, I spoke to a senior member of the MHRA on this who explained the critical distinction between ‘decision support’ and ‘decision making’. Most – if not all – current telehealth devices merely provide decision support, just gathering, and perhaps displaying, clinical information conveniently for clinicians to decide on whether – and if so how – to intervene. He explained that mere transmission of information from peripherals (that are of course CE marked as medical devices) did not make the transmitting equipment a medical device.
I also took the matter up with NICE to see if I could encourage them to test the equipment as part of their Medical Technologies Evaluation Programme. After some time spent considering the matter and after much discussion, they declined as “it is not CE marked as a medical device”.
Ed. Steve
There is discussion triggered by this item happening on the LinkedIn Connected Health Community Group: [i]Should we be concerned if Telehealth devices do not comply with EU medical device legislation?[/i][url]http://www.linkedin.com/groupItem?view=&gid=1216427&type=member&item=83993881&qid=4815f79a-82b4-4de9-9977-03d055f161bd&goback=%2Egde_1216427_member_83993881%2Egna_1216427[/url]
Steve Hards, Editor
MARCH 2012: For further comments on this topic, please see the item ‘When is a telecare/telehealth device a “medical device’?”
[url]https://www.telecareaware.com/index.php/when-is-a-device-a-medical-device[/url]