The new article describes in detail the regulatory approach to be applied with respect to middleware used for healthcare purposes.
Table of content
The Therapeutic Goods Administration (TGA), an Australian regulating authority in the sphere of healthcare products, has published a guidance document dedicated to the interpretation of software exclusion criteria. The document provides an overview of the applicable regulatory requirements, as well as additional clarifications and recommendations to be taken into consideration by medical device manufacturers (software developers) and other parties involved in order to ensure compliance.
At the same time, provisions of the guidance are non-binding in their legal nature, and could be subject to changes, should such changes be reasonably necessary to reflect corresponding amendments to the underlying legislation.
Overview of Exclusion 14K
According to the guidance, exclusion 14K pertains specifically to middleware software that is designed to connect or interface applications to an underlying operating system or other applications. This software, which facilitates communication or transmission of information between various software components, is excluded from being classified as a medical device under the existing TGA regulations.
This exclusion applies only if the middleware is not intended to control medical devices, perform analysis or computation related to the purpose of a medical device, or make any claims related to medical conditions.
Understanding Middleware
As further explained by the authority, in the context of healthcare, middleware refers to software that acts as a bridge between user-facing applications and underlying systems, such as an operating system. Its primary role is to enable communication and integration between these different layers, ensuring that data and commands can be passed between them effectively.
Despite being used in healthcare settings, such middleware is not classified as a medical device under TGA regulations, as long as it does not perform functions directly related to the control or operation of medical devices.
Key Questions for Middleware Classification
In order to determine whether middleware falls under the exclusion criteria, four critical questions must be addressed:
- Is the software intended to connect or interface applications with an underlying operating system or another application, including facilitating communication or data transmission? This question ensures that the software’s primary function aligns with the definition of middleware, which is to serve as an intermediary facilitating communication between different software components.
- Does the software control medical devices? If the middleware is used to control medical devices, such as passing instructions from one application to a medical device, it would not qualify for the exclusion and would be subject to TGA regulations.
- Does the software perform analysis, computation, or logic related to the intended purpose of a medical device? Middleware that performs these functions is considered an accessory to a medical device and, therefore, cannot be excluded from TGA regulation.
- Does the software make claims regarding a disease, condition, ailment, or defect If the software makes any such claims, including diagnosing, screening, preventing, monitoring, predicting, prognosing, alleviating, treating, or making recommendations regarding treatment, it does not qualify for exclusion.
Terms and Definitions
The document further provides definitions of the key terms and concepts used in the context of middleware and regulations associated. The guidance defines, inter alia, the following terms:
- Middleware generally serves the same function in healthcare as it does in broader IT contexts – it acts as an intermediary between different software applications and the operating system. However, in healthcare, certain types of middleware, particularly those involved in pathology, can have additional functions that may classify them as medical devices.
- Pathology middleware is a specific type of software used in healthcare laboratories. It typically sits between laboratory instruments and Laboratory Information Systems (LIS), managing data collected from these instruments. While it primarily performs a communication function, pathology middleware can also verify and analyze medical test results, assist in diagnosis, and influence clinical decisions. If the middleware performs these functions, it is considered a medical device and does not qualify for the exclusion.
- Middleware can sometimes control medical devices by transmitting instructions from one software application to a medical device. In such cases, the middleware is directly involved in the operation of the medical device, disqualifying it from the exclusion.
Analysis, Computation, or Logic Related to Medical Devices
According to the guidance, if middleware software is required for a medical device to function as intended, meaning it performs analysis, computation, or logic essential to the device’s purpose, it is considered an accessory to the medical device. As a result, this type of middleware is not excluded from TGA regulation.
Making Claims about Medical Conditions
Under the general rule, middleware that makes claims regarding medical conditions, such as diagnosis, screening, prevention, monitoring, prediction, prognosis, alleviation, or treatment, does not qualify for the exclusion. This includes software that influences clinical decisions or provides recommendations related to the treatment of diseases, conditions, or defects.
Excluded and Non-Excluded Examples
In order to assist the parties involved with interpreting the relevant regulatory requirements, the document also provides a few examples of software products that would either be subject to regulation under the existing legislation for healthcare products or fall outside its scope.
Excluded Middleware Example: Generic Hospital Middleware
A middleware software used in a hospital that facilitates communication between user-facing applications and the hospital’s mainframe but does not perform any analysis, control medical devices, or make medical claims is excluded from TGA regulations. This software is generic and not designed for a specific medical purpose, thus it does not meet the criteria to be classified as a medical device.
Excluded Middleware Example: API for Secure Payment Processing
An API that enables secure access to patient bank details to facilitate the payment of Medicare benefits is also excluded. The API does not control medical devices, perform any logic related to the purpose of a medical device, or make claims about medical conditions, hence it qualifies for the exclusion.
Non-Excluded Middleware Example: Web Server Supporting Medical Device
A web server that supports content delivery for a software-based medical device requiring information to be uploaded through a web-based portal is not excluded. This server is essential for the medical device to achieve its intended purpose, making it an integral part of the device’s operation and subject to TGA regulation.
Non-Excluded Middleware Example: Pathology Middleware Driving an Analyzer
Pathology middleware that drives or influences an analyzer is not excluded because the analyzer itself is a medical device. Since the middleware directly impacts the operation of the analyzer, it must be classified with the medical device and cannot be excluded.
Non-Excluded Middleware Example: Diagnostic Pathology Software
Pathology middleware used to analyze biopsy samples and provide diagnostic output is not excluded because it performs functions directly related to the diagnosis or prognosis of a patient’s medical condition. Such software is classified as a medical device and is subject to TGA regulations.
Conclusion
In summary, exclusion 14K provides clear criteria for determining whether middleware software is classified as a medical device under TGA regulations. The exclusion applies to middleware intended solely for communication or integration between software applications and operating systems, provided it does not control medical devices, perform essential analysis for a medical device, or make medical claims. However, middleware that is involved in controlling medical devices, performing diagnostic functions, or influencing clinical decisions does not qualify for this exclusion and is subject to regulatory oversight.
How Can RegDesk Help?
RegDesk is an AI-powered Regulatory Information Management System that provides medical device companies with regulatory intelligence for over 120 markets worldwide. It can help you prepare and publish global applications, manage standards, run change assessments, and obtain real-time alerts on regulatory changes through a centralized platform. Global expansion has never been this simple.