In my first six months at BrightInsight as director of business development for the medtech sector, some common digital health challenges for medtech companies have made themselves as clear as day. The top three are global regulatory compliance, security and privacy, and scalability.
While I am relatively new to BrightInsight, I’ve had a long career as a director and VP of an independent medical device evaluation program that thousands of hospitals rely on to support their technology decisions. As a lead evaluator, it was essential to monitor the most impactful technology trends and issues affecting healthcare delivery. I’ve also made it an essential function to recognize what companies need to plan for and get right in order to effectively serve their healthcare provider clients and their patients.
In my opinion, there are no challenges more pressing for medtech companies providing digital health solutions to get right than these three.
Whether it’s a smart phone-based insulin therapy application or a service for global over-the-air updates of clinical laboratory instruments, nailing down regulatory compliance for any digital health technology is job one. Managing regulatory compliance of digital health products as they expand beyond an initial market or use case can be quite complex. Digital health product developers need to establish a formal regulatory roadmap that lays out the country-by-country regulatory requirements that the product will need to comply with.
Digital health product developers also need to be aware that market pressures may eventually drive initial product designs into higher regulatory categories. A health and wellness application that does not initially require regulatory oversight in the US may evolve into the more highly regulated software as medical device (SaMD) category as client expectations or competition pressure the product to support clinicians with diagnoses.
It’s likely that product upgrades over time—and the associated regulatory implications—will also need to be incorporated into initial product regulatory roadmaps.
Working with a digital health solution provider—like BrightInsight—that has the experience to help tackle regulatory compliance challenges across the globe for even the highest product risk categories can significantly speed time to market and overall development costs.
One of the most important aspects of medical device regulatory compliance is the assessment and management of risk. For digital health products, the security aspects of risk management are right at the top of the list—and they present a huge challenge.
Due to the massive increase in security-related threats over the last several years, regulators across the globe have significantly ramped up their scrutiny and expectations around privacy and security. Regulators expect device companies to incorporate security-by-design processes, including risk assessment and threat modeling, over the full expected life cycle of their products. This also includes developing and managing a complete and up-to-date software bill of materials (SBOM) and having full traceability of any outsourced software used as part of their products.
In my experience, developers of many commercial off-the-shelf (COTS) software applications are not able or willing to share sufficiently detailed security-related information to satisfy medical device regulators. From a cloud computing perspective, partnering with a solution provider like BrightInsight that has built compliance with medical device security requirements into its DNA is critical.
As digital health products expand from their initial deployment, which is often done in one geographic market or region, scalability becomes a huge challenge. Just from a privacy perspective, for example, expanding into new states in the US, or from the US to the EU or other global markets, brings many new requirements and new associated compliance processes. This can often require new software functionality, which can be challenging to retrofit into a digital health product designed for just one market.
Digital health development ideally needs to incorporate a fully scaled roadmap into the formative stage of its design to, as much as possible, avoid costly and time-consuming later-stage retrofitting. Developers also need to consider technical capacity, like handling of larger and larger data sets or unique geographic instances of the product where regional security and privacy rules prohibit out-of-region data transfer. This level of scalability is a key benefit of BrightInsight’s solutions.
Feel free to reach out to BrightInsight if you would like to learn about how we are working with our medical device and pharmaceutical company clients to support their digital health development and address challenges like those addressed above. You can also read more on my these and other challenges in BrightInsight’s white paper on How BrightInsight Solves Your Top IT Challenges.