Katerina Spranger, CEO and founder of Accelerator SME of the Week Oxford Heartbeat, shares the company’s experience of acquiring CE marking for medical device software and advice for others hoping to do the same.
Minimally invasive cardiovascular surgeries often bear a high amount of risk, with uncertain patient outcomes. For instance, 20% of aneurysm surgeries in the UK are unsuccessful because of a poorly fitted stent in the blood vessel or other complications, which require a second surgery. At Oxford Heartbeat, we recognise the huge power technology can have in improving the accuracy and reducing the high risks that come with these surgical procedures, making them safer and more efficient.
Through several years of hard work, we have developed an innovative, AI-powered software, PreSize Neurovascular, which has the potential to improve the speed and accuracy of stent surgery planning, while reducing the propensity for ill-fitting stents and wastage of time and resources.
One of the key achievements that our team is most proud of is obtaining the CE marking regulatory approval, which means that now hospitals across the European region can use it to make brain surgeries safer for their patients. Although the process of acquiring our CE mark was not an entirely straightforward one, the application process taught us a lot. Here, I am sharing some of the lessons we learnt, and hope they will be useful to other digital health companies who also wish to get their CE mark.
Navigating the early challenges of a regulatory strategy
One of the first questions that arose when we began planning for CE certification was around the classification of PreSize. The technology that we are developing is very unusual in that it sits across different categories. Although it functions as a medical device, which might conjure up images of a hardware product, it takes the form of a software programme. As what we do is very innovative and therefore unprecedented, we found ourselves having to grapple with lots of uncertain issues and grey areas on our regulatory path. Even classifying PreSize correctly from the outset was a challenge: we received three different opinions from experienced professionals on which category our product should belong in.
In order to resolve these uncertainties, we turned to the executive bodies that would be the ones ultimately checking up on us, namely the MHRA, the HRA and the BSI. Things were less than straightforward there too: because of the potential legal implications, those bodies are not able to offer a definite advice. In the end, we realised that we just needed to make an executive decision. Often, there is no definite right or wrong answer when it comes to the classification of your product. What is more important is how you explain the position you are taking when you select a specific category. In addition, the regulatory strategy you choose eventually has to tie in with your business and product strategy, and we made every effort to streamline both.
In addition, time was of essence for us as we still wanted to catch the last train of the MDD certification. For those who don’t know, the EU switches from administration of the Medical Device Directive (MDD) to the Medical Device Regulation (MDR), which was introduced in 2017 and will replace the MDD fully on 26 May 2021 (initially May 2020).
Because of this transition, there were severe delays on the side of the notified bodies that are designated to assess the conformity of products before they can be placed on the market. This was because they, too, needed to re-certify themselves. On several occasions, it seemed that we might not make the deadline, as our audit dates kept being postponed. We had to push back on those suggestions and managed to go through a regulatory audit in time – it taught us that you don’t need to accept everything your notified body is suggesting.
Key learning points
We picked up a number of useful learning points on our journey to becoming a CE-marked medical device and feel that these two have been particularly significant:
First, if you are a digital or software company, it makes a lot of sense to ensure that your Quality Management System (QMS) is online and fully integrated into your code management system. This enables you to tie both systems together seamlessly, so that you don’t have to flit between your software development process and progress on the regulatory front. Running a paper-based QMS can be unnecessarily cumbersome, on top of wasting time and paper.
Another learning point that we thought was really valuable, was to break down our regulatory route into manageable steps, especially since we were doing it for the first time and everything about the process was entirely new to us. We divided our certification into three parts: first ISO13485 as a medical device company with limited scope, followed by CE certification, and then the full ISO13485. By the last audit, we had become experts at steering this entire process. Our auditor even said our QMS was “elegant” – perhaps the best regulatory compliment that one could hope for! The next step for us is to pursue a higher risk class, in order to provide wider clinical support and really change the face of minimally invasive surgeries.