Cautionary tale: How digital health companies can protect themselves from regulatory trouble

How Digital Health Companies Can Protect Themselves from Regulatory Trouble 690x345px 080423 2x

Digital tech is bringing incredible medical technologies into our homes and smartphones. These include prescription digital therapeutics, connected devices and companion apps. Some apps incorporate AI to synthesize volumes of data. The benefits can be huge, but guardrails are important to protect patients–and the reputation of companies building the tech.

The U.S. Food and Drug Administration recently issued a warning letter to cardiac monitoring company iRhythm that serves as a cautionary tale for digital health firms on the necessity of establishing and following a Quality Management System (QMS).

In short, the FDA cited iRhythm for a number of violations, concerning changes to hardware, software, and labeling that should have triggered new 510(k) submissions to the FDA; and for improperly tracking reports of problems and then failing to properly address the issues, among other things.

Included in those violations were adjustments to the algorithm used by the company’s Zio remote cardiac monitoring device, according to the agency. Beyond the specifics of the iRhythm case, it shows that companies that integrate software medical devices must establish and adhere to a robust QMS to identify regulatory requirements early on, and suggest paths to compliance—doing so could have prevented a giant headache for iRhythm.

Tracking the changes

FDA regulations covering QMS are extensive and exacting, governing controls for subjects ranging from initial design, documentation and purchasing all the way through to handling, storage and distribution. A well-crafted QMS addresses all of the elements required by the FDA, maintaining documentation, tracking changes and assessing whether those changes warrant a new FDA 510(K) submission.

In iRhythm’s case, a strong QMS would have identified that the hardware, software and labeling changes being made required new FDA 510(k) submissions, prompting the company to begin that process.

Capitalizing on CAPA

Importantly, FDA regulations also require manufacturers to “establish and maintain procedures for implementing corrective and preventive actions,” or CAPA, that are triggered by reports of problems with the device.

Once a problem trend is detected by the QMS, it can then generate CAPA protocols to address the problem and monitor the solution going forward. But it’s not enough just to create a compliant QMS. Digital health companies also need to act on its assessments, initiating the process of filing a new submission covering those changes, or begin corrective action once a problematic trend has been identified by the QMS.

Choosing the right partner

Building a secure and compliant digital health platform falls outside the core competencies of most medtech and biopharma companies, making it crucial to select the right partner to help develop a digital solution. A key consideration in making that choice is ensuring that the platform is built under a robust and proven QMS that address the FDA’s quality management regulations.

For example, as the leading global platform for biopharma and medtech regulated digital health products, the BrightInsight Platform was purpose-built to securely manage regulated medical device data and personal health information, up to Class III medical devices. As part of our managed service, we maintain all of the required documentation and processes to ensure regulatory compliance worldwide.

In fact, we’ve helped our partners build 18 complex Software as a Medical Device (SaMD) solutions and companion apps on our platform, all built under our thorough and robust ISO 13485-certified QMS capabilities. We have undergone 46 audits for products built under our QMS.

Digital capabilities like iRyhthm’s have the potential to revolutionize medicine—and we’d bet on sooner than later. But the financial and reputational risks of a regulatory failure can be huge. So it’s important to team up with partners that set regulatory compliance at the highest priority.


Back to Blog