REGULATORY UPDATE | Artificial Intelligence (AI) Software Registration in Singapore

In December 2019, the Health Sciences Authority (HSA) of Singapore's Ministry of Health released guidelines concerning software registration, with a significant focus on AI software. The HSA emphasizes that these guidelines serve as recommendations rather than official regulatory mandates.

The guidelines categorize software into four distinct groups:

1. Software embedded in medical devices
2. Standalone software
3. Standalone mobile applications
4. Web-based software

Registration applications must be submitted in accordance with the ASEAN Common Submission Dossier Template (CSDT) format, which can be prepared using the International Medical Device Regulators Forum’s (IMDRF) Non-In Vitro Diagnostic Medical Device Market Authorization Table of Contents (nIVD MA ToC).

TOTAL PRODUCT LIFE CYCLE (TPLC) AND CONTINUOUS LEARNING AI

The HSA recommends that manufacturers of medical device software adopt a Total Product Life Cycle (TPLC) approach. This involves comprehensive oversight of requirement management, risk assessment, software verification/validation, change management, and traceability throughout the software's lifecycle. While validating the effectiveness of claims is critical, the HSA will pay particular attention to post-market surveillance and ongoing model monitoring activities, especially concerning "continuous learning" AI Medical Devices (AI-MDs).

UNDERSTANDING ARTIFICIAL INTELLIGENCE (AI) IN MEDICAL DEVICES

Artificial Intelligence (AI) refers to technology that simulates human intelligence and is designed to solve cognitive problems such as learning, problem-solving, and pattern recognition. AI Medical Devices (AI-MDs) utilize this technology to assist in the investigation, detection, diagnosis, monitoring, treatment, or management of medical conditions, diseases, anatomy, or physiological processes.

QUALITY ASSURANCE IN MEDICAL DEVICE MANUFACTURING

Manufacturers of medical devices and software must implement a robust Quality Management System (QMS) to ensure safety and performance throughout the product life cycle. It is essential that a designated person is responsible for the implementation and development of AI-MDs. Compliance with various laws and guidelines, such as the Personal Data Protection Act, Human Biomedical Sciences Act, and Private Hospitals and Medical Clinics Act, is necessary. The HSA's GN-16 guide, which provides guidance on essential principles for the safety and performance of medical devices, can be a reference for AI-MD development.

AI-MDs must be designed to ensure accuracy, reliability, precision, safety, and performance while fulfilling their intended use. Special regulatory considerations for AI-MDs include capabilities for continuous learning, human intervention, and model training. Once deployed, these devices require active monitoring, assessment, and tuning to ensure optimal performance.

MEDICAL SOFTWARE SECURITY

Medical software requires robust security measures akin to cybersecurity strategies, given that cyberattacks can severely disrupt medical facilities and equipment functionality, delay patient care, and compromise hospital networks. Effective cybersecurity is crucial to protecting the functionality and security of medical devices.

Achieving this requires collaboration among various stakeholders, including government agencies, manufacturers, healthcare institutions, and medical device users. A comprehensive cybersecurity strategy involves monitoring, assessment, mitigation, and risk communication, necessitating active participation from all ecosystem stakeholders. Manufacturers must identify potential cybersecurity risks and incorporate design inputs that secure devices against foreseeable cyber threats.

In addition to regular software operations, Field Safety Corrective Actions (FSCA) may be necessary when risks are identified through post-market monitoring. The product owner is responsible for communicating risks to affected parties and detailing steps taken to mitigate these risks, ensuring that corrections are made promptly without undue delays in software upgrades or bug fixes.

CHALLENGES IN MEDICAL SOFTWARE DEVELOPMENT

Software bugs may arise during the design and development phases. Common causes of software errors include failure to assess the impact of changes during updates, incompatibility with third-party applications, inadequate software validation before release, and incorrect configuration for operating system upgrades. Typical issues encountered in medical software include inaccurate test results, clinical diagnostic errors, calibration errors affecting patient positioning, algorithm calculation mistakes leading to incorrect radiation therapy dosages, and erroneous alarms that may trigger false alerts.

REGULATORY COMPLIANCE FOR MEDICAL SOFTWARE ACTIVITIES

All manufacturers, importers, and wholesalers of medical software must obtain licenses for medical devices. License holders are required to implement a quality management system (QMS) as a condition of their licensing. Key aspects include ensuring that software is developed and produced under an effective QMS, maintaining traceability of medical device software, establishing appropriate post-market monitoring and response procedures, and ensuring proper maintenance and handling of device-related data and information.