In a recent article published in Intellectual Property & Technology Law Journal, and expanding on our previous post, we discuss the legal and regulatory implications of applying artificial intelligence (AI) to the EU and US healthcare and life sciences sectors.
AI software, particularly when it involves machine learning, is being increasingly used within the healthcare and life science sectors. Its uses include drug discovery (e.g., software that examines biological data to identify potential drug candidates), diagnostics (e.g., an app that analyses real-time data to predict health issues), disease management (e.g., mobile-based coaching systems for pre- and post- operative care) and post-market analysis (e.g., adverse event data collection systems).
Given the healthcare and life science sectors are highly regulated, the development and use of AI requires careful scrutiny of applicable legal and regulatory obligations and any ongoing policy developments. The article discusses how AI may contribute to the research and development of health products, to the care and treatment of patients, and the corresponding legal and regulatory issues surrounding such technological advances.
In Europe, depending on its functionality and intended purpose, software may fall within the definition of ‘medical device’ under the Medical Devices Directive. However, classification of software is fraught with practical challenges because, unlike classification of general medical devices, it is not immediately apparent how the legal parameters apply. The European Commission has published guidelines to interpret the Directive’s requirements, but these are not legally binding (although were recently endorsed by the Advocate General of the Court of Justice of the European Union, as discussed in our advisory). The new EU Regulations adopted on April 5, 2017, which come into effect on May 26, 2020, will widen the scope of the regulatory regime considerably, and will require all operators to re-assess product classification well in advance of this deadline.
In the United States, the Food and Drug Administration (FDA) has regulatory authority over medical devices. FDA has issued a number of guidance documents to assist in identifying when software or mobile apps are considered to be medical devices. However, there are a variety of legal, regulatory, and compliance issues that may arise for AI developers based on the intended use of the product. Once a product is classified as a medical device, its class will define the applicable regulatory requirements, including the type of premarketing notification/ application that is required for FDA clearance or approval. As the use of AI becomes more central to clinical decision-making, it will be interesting to see whether FDA attempts to take a more active role in its regulation, or if other agencies — such as the U.S. Federal Trade Commission — step up their scrutiny of such systems.
Further important considerations, given the capability of AI to capture various forms of personal data, are data protection and cybersecurity, which will become very important to ensure sustainability of the technology. In the EU, these rules are soon to be overhauled by the General Data Protection Regulation, which applies from May 25, 2018. And in the US, regardless of the product’s classification, AI developers will need to assess whether the HIPAA rules apply, and any design controls and post-manufacture auditing that may also apply in the cybersecurity space.