Heart Rate Monitoring Apps: Information for Engineers and Researchers About the New European Medical Devices Regulation 2017/745

Introduction

We live in interesting times. In fact, in the last 10 years or so, our already technology-driven lives became even more reliant on modern technology. Gradually and subtly we have witnessed not only our mobile phones but everyday objects become “smart.” That is, they increased in terms of functionality, connectivity, and interoperability as they evolved from common appliances to entities of what is now commonly referred to as the “Internet of Things”. Modern mobile phones harness tremendous computational power and a whole plethora of advanced sensors in the palm of a hand. Arguably, nowhere is this technological revolution more evident than in the healthcare sector where mHealth is increasingly gaining momentum [1-3]. On the other hand, it has become increasingly challenging to accurately differentiate between apps for lifestyle and well-being purposes and actual medical apps [4] (ie, apps which by virtue of their intended purpose are to be considered medical devices). While there certainly exists a risk of stifling innovation, especially in a relatively young and dynamic field such as mHealth with its many start-up companies, certainty pertaining to legal requirements and product safety classification is paramount to succeed in this highly innovative and competitive arena. Acknowledging the fast pace of innovation, it becomes increasingly important to remain up to date with the entire spectrum of legal requirements, keeping in mind that a failure to do so may likely spell the untimely demise of otherwise viable and innovative manufacturers.

This paper begins with a brief summary of the existing European Directive on medical devices, namely 93/42/EEC, its relevant amendments, and the classification of software under the Medical Device Directive (MDD). The paper then proceeds to provide an overview of the newly adopted Medical Devices Regulation (MDR) and discusses changes with respect to the MDD. The paper concludes with an assessment of the impact the new regulatory framework is likely to have on the health app sector.

The Existing European Medical Device Directive 93/42/EEC

General Background

Medical devices legislation in the European Union has been fully harmonized under Directive 93/42/EEC [5], last amended by Directive 2007/47/EC [6] in September 2007.

Classification of Software as Medical Device Under the Medical Device Directive

Article 1(2)(a) MDD, as amended by 2007/47/EC, defines a medical device as:

any instrument, apparatus, appliance, software, material or other article, whether used alone or in combination, including the software intended by its manufacturer to be used specifically for diagnostic and/or therapeutic purposes and necessary for its proper application, intended by the manufacturer to be used for human beings for the purpose of:
• diagnosis, prevention, monitoring, treatment or alleviation of disease,
• diagnosis, monitoring, treatment, alleviation of or compensation for an injury or handicap,
• investigation, replacement or modification of the anatomy or of a physiological process,
• control of conception,
and which does not achieve its principal intended action in or on the human body by pharmacological, immunological or metabolic means, but which may be assisted in its function by such means.

Accordingly, the MDD already provides for software to be classified as a medical device if said software is intended to be used for one of the above listed medical purposes (eg, diagnosis, treatment). This is emphasized by Recital 5 in 2007/47/EC [6], which states:

It is necessary to clarify that software in its own right, when specifically intended by the manufacturer to be used for one or more of the medical purposes set out in the definition of a medical device, is a medical device. Software for general purposes when used in a healthcare setting is not a medical device.

Thus, given the intended medical purpose, standalone software such as (but not limited to) mobile phone apps constitutes an active medical device according to Definition 1.4 Annex IX MDD, as amended by [6], which further provides classification criteria to determine the adequate risk category within an incremental system of four classes, namely I, IIa, IIb, and III with I being the lowest and III being the highest risk class.

In particular, having established standalone software to be a medical device, Rule 10 MDD becomes fully applicable and provides that:

active devices intended for diagnosis are in Class IIa:
[...]
• if they are intended to allow direct diagnosis or monitoring of vital physiological processes, unless they are specifically intended for monitoring of vital physiological parameters, where the nature of variations is such that it could result in immediate danger to the patient, for instance variations in cardiac performance, respiration, activity of CNS in which case they are in Class IIb.

Accordingly, apps for the mobile phone‒based detection of atrial fibrillation have already been classified as Class IIa under MDD, since atrial fibrillation is generally not an acutely life-threatening condition. If the above does not apply, apps are generally classified as Class I devices (Rule 12 MDD), assuming they are medical devices in the first place.

Note that classification as a Class I device is particularly attractive because the manufacturer can self-certify (see Annex VII MDD), avoiding the additional burden of certification through a Notified Body.

Current Situation

With the rare exception of a few Class IIa apps (eg, “FibriCheck” [7] for the detection of atrial fibrillation), fitness and healthcare-related apps on the market to date are almost entirely not labeled as medical devices due to their intended purpose, as stipulated to by the manufacturer, not being one of the medical purposes listed in Article 1(2)(a) MDD. Whether or not this will hold under MDR as well is examined in the following section.

The New Medical Devices Regulation (EU) 2017/745

Background

As the identifier 93/42/EEC implies, the MDD regulatory framework is a couple of decades old, with the respective first drafts actually dating back to the mid-80s. The proposal for a new Medical Devices Regulation was first published in September 2012 [8], setting in motion a lengthy negotiation, review, and amendment process. The MDR was eventually adopted on April 5, 2017, published in the Official Journal of the European Union on May 5, 2017 [9], and entered into force on the 20th day following its publication (ie, May 26, 2017). However, there is a transitional period of approximately 3 years (Article 120 MDR).

Regulation Versus Directive

Note that as opposed to the MDD, the new MDR is a regulation rather than a directive. The two differ in that a regulation is directly enforceable in all member states, whereas a directive first requires an implementation into national law. The German Medical Devices Act (Medizinproduktegesetz, MPG) can be seen as Germany’s implementation of the MDD.

Broader Definitions

While similar at first glance, the new MDR in fact substantially differs from the MDD it repealed. The following appraisal will be limited to selected changes relevant to the discussion at hand since an analysis of further aspects would be beyond the scope of this paper.

A first (and arguably easily overlooked) important difference arises in the very definition of “medical device”, defined in Article 2(1) MDR as:

any instrument, apparatus, appliance, software, implant, reagent, material or other article intended by the manufacturer to be used, alone or in combination, for human beings for one or more of the following specific medical purposes:
• diagnosis, prevention, monitoring, prediction, prognosis, treatment or alleviation of disease

Note the expansion of the definition of medical device (further expansions of the definition by Article 2(1) MDR will be disregarded here) to devices engaging in the prediction and/or prognosis of diseases. Accordingly, an app that collects and possibly aggregates data from various sensors and the subject’s input (think of big data and analytics) to assess a subject’s risk of developing a specific disease or condition or the likelihood of worsening or improvement of an existing disease or condition may have to be classified as a medical device under Article 2(1) MDR. However, this would require said device to be explicitly intended for the prediction and/or prognosis of disease. As discussed in more detail below, the MDR provides for an exemption for devices whose intended use lies in nonclinical arenas such as lifestyle or general well-being. However, a manufacturer is obliged to accurately and unambiguously indicate the device’s intended use without acting arbitrarily for the sole purpose of circumventing the (perhaps unfavorable) medical device classification.

Classification of Software as Medical Device Under the Medical Devices Regulation

Similar to MDD, MDR provides an extensive list of classification criteria (Annex VIII MDR). The significant change lies in the adoption of a specific classification rule for software not encountered previously in either the original MDD or its amendments. Rule 11, Annex XIII MDR states:

Software intended to provide information which is used to take decisions with diagnosis or therapeutic purposes is classified as class IIa, except if such decisions have an impact that may cause:
• death or an irreversible deterioration of a person’s state of health, in which case it is in class III; or
• a serious deterioration of a person’s state of health or a surgical intervention, in which case it is classified as class IIb.
Software intended to monitor physiological processes is classified as class IIa, except if it is intended for monitoring of vital physiological parameters, where the nature of variations of those parameters is such that it could result in immediate danger to the patient, in which case it is classified as class IIb.
All other software is classified as class I.

While the classification criteria of MDD and MDR as previously discussed are virtually identical, the broadening of the definition of “medical purpose” in Article 2(1) MDR in combination with Rule 11 MDR has far-reaching implications. While under MDD (among others) an emphasis on diagnosis or monitoring of treatment of disease is required to fall into the scope of the Directive’s definition of medical device, under the new MDR (as previously discussed) the scope has been broadened by the addition of “prediction and prognosis” of disease. This means that many apps, which did not constitute medical devices under MDD, now become medical devices, most likely Class IIa.

Conclusions

With the adoption of the new European regulation, health apps are now more likely to fall under the definition of medical device and thus become subject to the provisions of MDR.

With the inclusion of “prediction and prognosis of disease” in Article 2(1) MDR, a heart rate monitoring app for instance may now be subject to MDR as soon as the heart rate monitoring functionality itself is enhanced by health assessments (ie, inferring the subject’s cardiovascular health on the basis of heart rate or heart rate variability measurements) and the like, which would have to be interpreted as a prediction and/or prognosis of disease.

However, the applicability of the new regulatory framework still hinges on whether the intended purpose of the app, as stipulated to by the manufacturer, is medical or not. Apps solely intended for lifestyle or well-being purposes represent an important exception, for they do not constitute medical devices (see Recital 19 MDR). However, it has arguably become much easier to cross from being a lifestyle product to being a Class IIa medical device, a fact that engineers and researchers must recognize.