SaMD

Software as a Medical Device (SaMD) is defined by the International Medical Device Regulators Forum (IMDRF) as software intended to be used for one or more medical purposes that perform these purposes without being part of a hardware medical device.

Key characteristics of SaMD:
- Standalone software with medical purpose
- Not required to be part of hardware device
- Can run on general computing platforms
- May be marketed independently of hardware
- Subject to medical device regulations

IMDRF SaMD classification framework:
The IMDRF categorizes SaMD based on two dimensions:
- Healthcare situation/condition (Critical, Serious, Non-Serious)
- Significance of information (Treat/Diagnose, Drive Clinical Management, Inform Clinical Management)

This creates four risk categories:
- Category I - Low risk (e.g., wellness apps)
- Category II - Moderate risk (e.g., clinical decision support)
- Category III - Moderate-high risk (e.g., diagnostic imaging analysis)
- Category IV - High risk (e.g., software for critical treatment decisions)

IEC 62304 software lifecycle requirements:
SaMD must comply with IEC 62304, which defines software development lifecycle processes:
- Software development planning
- Requirements analysis and specification
- Architectural and detailed design
- Unit implementation and verification
- Integration and testing
- Release and maintenance
- Risk management throughout lifecycle

Common SaMD examples:
- Mobile diagnostic applications
- Clinical decision support systems
- Medical imaging analysis software
- Patient monitoring algorithms
- Radiation therapy planning systems
- Laboratory information systems with clinical functionality

Regulatory pathways:
- USA (FDA) - 510(k), De Novo, or PMA depending on risk
- EU (MDR) - Class I, IIa, IIb, or III classification
- Canada - Class I-IV classification
- Japan (PMDA) - Class I-IV classification

Cybersecurity and data privacy: SaMD requires special attention to cybersecurity, data protection (GDPR, HIPAA), and regular software updates for security vulnerabilities.