eHealth is booming, hospitals, doctors, clinics, SMEs, big companies, everybody seems to be developing an app nowadays. It is great to see how many people are throwing their weight behind eHealth initiatives in every possible way: remote monitoring of demented senior citizens by means of image interpreting software, decision support systems, …, you name it.
I am however constantly baffled by the fact that no one ever considers that this type of software, which has either an important role within a medical process or has a medical function in itself (treatment or diagnosis), should be validated on another level than the purely functional one (the “does it work?” level). This seems to be part of a bigger problem, because physicians have recently repeatedly demonstrated that they are not that familiar with medical technology rules (but still criticise them).
A case in point is the recently launched online “Health risk test” from the Dutch Bronovo hospital. For a mere € 19,95 (for the expert test, there’s a free version too) you can fill in a host of information about your yourself, your medical history and your lifestyle after which you receive back an overview outlining a number of highly prevalent diseases and the risk of you contracting them. A lot of doctors seem to have cooperated on this software and have lent their name to it, given the number of pictures of people in white coats on the website.
In my view, we are talking about a medical device here: there is a piece of software running on a server which applies a model or decision tree, the software produces a result based on this decision tree, the application serves up the information for medical purposes (diagnosis of health risks). In other words, the application fits the definition of software as standalone medical device.
Realising that we are dealing with a medical device, I started looking for the CE sign on the website of this application. No CE sign to be found. So I decided to take the test, hoping that somewhere during the process the CE sign would appear. Still no CE sign. So how can I be sure that the manufacturer of the test has properly tested the software (which includes compiling a technical file supporting the way the software reaches its conclusions and presents them)? Soon after, I heard a radio broadcast on Dutch radio channel BNR Nieuwsradio in which it became clear that the Dutch Healthcare Inspectorate (IGZ) also had its doubts about the test as it had not been properly validated and might therefore be in violation of the Dutch Act on Population Investigation (Wet op het Bevolkingsonderzoek). Apparently the possibility of other infringements, like the Act on Medical Devices, has not occurred even to the Inspectorate yet, or the press has not picked up on it but I couldn’t locate an official statement of IGZ on the subject.
Another case which underlines my point is an app from a Dutch public clinic which claims to support treatment of anxiety disorders. The app shows movies of frightening situations after which viewers are asked to describe how they felt when watching these movies. At a congress, I asked a representative of the company developing the app (a psychiatrist) if it was clinically validated and whether medical devices risk management processes had been applied. What if a patient saw the wrong movie, got an anxiety attack and decided to jump off a building? After all, the goal of the app was therapy, one of the intended purposes that makes software a medical device covered by medical devices rules. The company representative reacted very annoyed with my “irrelevant questions” and decided to avoid me for the remainder of the congress.
These are just examples from the Dutch market that I ran into myself but I am sure these cases occur in other markets too.
It is strange to see how clinicians that are working on eHealth solutions outside a medical devices company seem to have a tendency to completely overlook the possibility that they are putting medical devices on the market and risk being charged with illegal behaviour. In this particular case they may also have contravened some other rules in the process. Maybe I have met the wrong clinicians who have clouded my judgement. However, as mentioned before, clinicians sometimes do turn out to be very unfamiliar with the medical devices regulatory framework. Therefore, it seems to me that for eHealth to truly take off in a legally compliant fashion, the medical profession has some serious catching up to do.
– Erik Vollebregt, Life Sciences and Medical Technology lawyer at Greenberg Traurig in Amsterdam, the Netherlands