Virtual Care Guide v1.0

By Henrik L. Ibsen, E-HealthBrains

[email protected]

+45 30701155 (WA)

Introduction

The purpose of this Reference Guide is to provide a comprehensive overview for institutions to implement a system for virtual care of patients and citizens, limited in time and scope.

The Reference Guide covers all subjects necessary for any institution to build the project from scratch, but essentially this Reference Guide aims to provide project owners and participants a complete overview of all aspects of a Virtual Care or Remote patient Monitoring project(VC/RPM).?

The subjects covered in the Reference Guide are intended to be used as a starting point and a checklist for projects. IT covers all relevant major subjects, gives some initial guidance, but as any projects will soon find - the area of VC/RPM falls under MDR’s Software As a Medical Device (SAMD) which is inherently complicated. ?

Build or buy?

Building a project for VC/RPM from scratch is a daunting task, but if owning IP is a crucial requirement, then this may be necessary - and this Reference Guide covers all the essential subjects that need to be processed in order for the project to be able to succeed.

It cannot be recommended for any project where time is a critical factor, as even the simplest VC/RPM pilot projects takes at least 2 years to complete (not counting FDA/CE approval).

Buying or sourcing an already existing system, will hugely improve the project's ability to start having an impact, as implementation times of 8-12 weeks are not unusual, after the tender has been completed, assuming no major changes are required. The challenge with this, is of course the burden of License cost, and the risk of an inferior product-market fit.

In a procurement scenario the procurers biggest risk is that they, more often than not, are inexperienced and do not have operational experience. In short - “they do not know what they do not know”

In such a situation, this Reference Guide provides an illustrative and complete background for the procurer, that will allow the procurer to assess the bidders with a high probability of making sound choices.

It can be tempting to outsource the entire operation to an existing Virtual Hospital, but as it happens, these are very country specific, and as of summer 2024, not widely available in the market for most countries.?

So whether this Reference Guide is a project guide or a procurement checklist, will depend on political decision, but in either case the subjects covered are the same for any VC/RPM project no matter its character, and can serve as a reference for both the experienced and the inexperienced.

Strategic Planning

Vision and Objectives

It is important to define a clear long term vision, and clear strategic objectives for implementing Virtual Care, addressing the healthcare outcomes expected to improve through this initiative.

The vision should be aimed to achieve permanent and substantial improvements of the healthcare system, and the accompanying strategy to achieve the vision, must be scoped to facilitate a phased approach, that allow start focused and increasing scope through a number of iterations, that allow gradual buildup of experience and knowledge in dedicated competence centres. ?

The complexity of the initial phase will affect the complexity, cost and timeframe of the implementation, and subsequently the point where outcomes can be successfully measured. Since validation of the vision is extremely important to sustain support for any initiative, it is recommended to assess the existing operational experience and choose a level of ambition for the initial phase accordingly, or acquire experience from a 3rd party.

Assuming no existing foundation to build on in such an implementation - the designated project owners will be challenged on all aspects of a project, which calls for a rather limited scope initially to increase the likelihood of a successful implementation and a quick validation of initial objectives.

Example:

A vision and high level strategy based on the Global Health Standards report?

The lack of available human resources in the Healthcare system is rapidly becoming one of the biggest problems in modern day healthcare. It is rapidly becoming a substantial challenge to find sufficient Healthcare Professionals to uphold an adequate level of Healthcare.?

Vision

Implement Virtual Care to achieve increased capacity, increased patient satisfaction and increased utilisation of physical resources, while maintaining or improving the quality of healthcare.

Strategy

Select 2 diagnostic conditions and setup 2 separate projects in a designated virtual healthcare organisations that can be used to implement and assess a VC solution of a minimum throughput of 500 patients over a period of at least 6 months - while cooperating with a designated physical or virtual hospital.?

Verify that the solution in fact results in increased capacity, increased patient satisfaction and increased utilisation of physical resources, while maintaining or improving the quality of healthcare.

Adjust, redesign and re-implement in 3 months cycles, until KPI are reached, as the learning curve will be steep, and setbacks are inevitable.

Upon verification - scale up by:

• Expand scope to include more diagnoses, chronic conditions, episodic conditions and eventually preventive screening. ?
• Gradually expand capacity (call centre and service organisation) in each diagnose/area, spawn separate call centres for Virtual Hospitals in one end of the spectrum to a dedicated call center/organisation for addressing preventive care citizens.
• Expand geographically by spawning multiple Care Centres using the established functioning template

Scoping Virtual Care

The continuum of virtual care ranges from (near ICU) Continuous Monitoring with expensive and regulatory compliant medical devices, to Preventive Screening, where even unregulated wellness devices can be applied.? Obviously continuous monitoring will be high complexity/cost whereas preventive care will be the opposite.?

Selecting appropriate conditions for a pilot project should be centred around the “middle ground” where the current experience and documented results are most prevalent, and once proof of the business case, had been validated - the scope of activities can be expanded with more “middle ground” chronic conditions, and from that point onwards, also to cover continuous monitoring of episodic patients (Virtual Hospitals) as well as preventive screening of citizens, that have been identified to be at risk (Age, BMI etc.).

From a practical point of view - the initial 2 conditions selected for a pilot project, should be selected with the following recommendation in mind, to reduce complexity and increase chances of success:

Max 2 types of measurements required?

• Devices commonly available, preferable virtual devices to avoid hardware issues and logistics operations.
• Both conditions require the same devices/measurements.

This should minimise logistics- and availability issues in most projects.

Example conditions that overlap this could be:

• Congestive Heart Failure
• Hypertension
• Pregnancy monitoring?

Ideally a project would utilise virtual devices to eliminate the logistics component, as it’s extremely costly and complicated. Where weight-scales are needed, this would have to be addressed with household weight scales to retain a lightweight project. Although scales are not medical devices in households, the upside with avoiding distribution and logistics challenges, more than warrants compromises in the protocol.?

Lifelight.ai is one such device that is distributed as an (CE Marked Medical Device) APP.??

Governance, resources and funding

Governance?

Establish dedicated organisations and/or agencies empowered to execute projects, and allocate necessary resources to fund the workforce through a tendering process and allocate a budget for the actual project sufficient to accommodate a successful realisation of the objectives.?

Due to the political nature of projects in the public sphere, it can be recommended to institute a trans-governmental agency (or body) that can be mandated by all stakeholders to own the initiative. This allows the establishment of “neutral ground” where all the stakeholders can participate on equal footing in a constructive and progressive manner. Besides the government bodies that are stakeholders,? the board should include representatives for all relevant NGO organisations like Patient associations, Doctors and Nurse associations etc. to create a wide foundation of acceptance and commitment.

Ideally the pilot project is delegated to a single hospital, in order to bypass political challenges and slowing down the pilot, but a broad stakeholder representation is recommended in the steering committee/board.

Skills required

In order to secure a competent team for such a project, it is necessary to ensure key personnel that are highly motivated and have working experience in Healthcare and public administration. The team should be able to cover areas as:

• Leadership
• Sales
• Regulatory expertise (ISO13485, CE, FDA)
• Quality Management
• Legal counsel
• Procurement
• Process management
• Economic control
• Technical management
• Backend development
• Systems integration
• Frontend and App development
• Logistics operations
• Healthcare competences
• Project and Risk management
• Communication
• Customer Relationship Management
• Call Center

Funding

Initial funding must be secured centrally in order to ascertain successful implementation of the initial phase, and while this most likely will end up in a tendered process, the budget must be allocated with some flexibility, as unexpected expenses and challenges will arise that can be impossible to plan for when establishing a new team.

Continued funding is very important to secure, and since this cannot be granted permanently without a substantial documented business case - those economic KPIs must be tracked in the project.

In many countries, legislation can be required to legalise Virtual Hospital in order to promote a project from clinical evaluation to clinical production - this is especially important also for the funding effort, as continued funding is required to create an incentive for scaling up the expected success. Such funding has to be arranged with healthcare Insurance organisations, which is why such organisations are important to include in the stakeholder circle. The negotiation with various partners to create an incentivising structure, must take place very early in order for legislation to take place in time for the vision to gain traction over time. If no such structure is in place, then the project is likely to fail, even if the hospitals can see the practical benefits, they will be bound to operate inside the reimbursement framework of the country, so this should be a high priority issue to address for the seated government.

Architecture and System Requirements checklist

Ideally any implementation should be TRL9 and based best-practise principles of Cloud Computing as?illustrated below.

Virtual Care ECO-System Blueprint

?

Organisational requirements?

The following units is required to implement a full virtual hospital:

• RAQA Team (QMS and regulatory)
• Systems Integration team?
• Backend Dev. team
• App Team
• Portal Team (Call center Portal and referral systems)
• Call-center team
• Logistics team
• Clinical team
• GitOps/DevOps team

Management and Sales team are obviously also needed in a commercial setting.

In terms of resources for the initial operation the follow FTEs are needed to provide a minimal cover of the above roles: (ball park)

• 4-6 developers (Backend, App, Portal, Integration, DevOps Automation)
• 1 product Owner/project manager
• 1 tech lead
• 1 dev ops
• 1-2 RAQA people
• 3-5 call center nurses
• 3-5 logistics staff

Systems required?

Call Centre systems

Operating a call centre for virtual care and remote patient monitoring requires robust software that can handle multiple functionalities essential to healthcare delivery. Key software requirements (The call-centre specific components.)

1. Customer Relationship Management (CRM) System: A CRM system is vital for managing patient interactions and data. It helps in scheduling appointments, managing patient records, and providing service agents with quick access to necessary patient information to assist them efficiently.
2. Workflow and Queue Management Systems: To manage the flow of calls and ensure patients are served efficiently, software that supports task management, queue management, and resource allocation is necessary.
3. Reporting and Analytics Tools: Software that can generate detailed reports and analytics is important for tracking performance, patient outcomes, and other metrics to improve service quality and operational efficiency.

Mobile Device Management requirements?

To establish and run a Mobile Device Management (MDM) system effectively, especially one that includes both mobile phones and medical devices, several software requirements need to be met. Here’s a detailed description based on the typical needs of such a system:

1. MDM Software Platform:

• Core MDM Solution: The central piece of software that provides administrators the ability to manage, monitor, secure, and support mobile devices deployed across an organisation. Examples include SOTI Mobile Control, VMware AirWatch, Microsoft Intune, or MobileIron.
• Compatibility: Must support various operating systems such as iOS, Android, Windows, and possibly custom OS used by specific medical devices.

2. Security and Compliance Management:

• Encryption Tools: Software to encrypt data both at rest on the device and in transit to ensure security and privacy compliance.
• Data Loss Prevention (DLP): Tools to monitor, detect, and block data breaches or unauthorised information transmission outside the corporate network.
• Remote Wipe and Lock: Capability to remotely lock a device or erase its data in case of theft or loss.

3. Application Management:

• Enterprise App Store: A platform for managing and distributing enterprise-approved applications to mobile devices.
• App Licensing Management: Tools to manage and enforce licensing policies for installed applications.
• App Configuration and Updates: Software to push and manage updates to apps, ensuring all devices run the latest, most secure versions.

4. Device Enrollment and Provisioning:

• Automated Enrollment: Tools for easy enrollment of devices into the MDM system, using methods like QR codes, NFC, or a custom URL.
• Configuration Profiles: Software to create and deploy device configuration profiles that define Wi-Fi, VPN, email settings, and other necessary configurations.

5. Monitoring and Reporting:

• Device Monitoring: Tools to monitor device health, usage statistics, and compliance status.
• Alerting Systems: Automated alerts for any non-compliance or abnormal device activity.
• Reporting Dashboard: A centralised dashboard to provide insights into device inventory, usage patterns, security incidents, and compliance.

6. Network Management:

• VPN Management: Tools to manage and deploy VPN settings to devices to secure all communications.
• Wi-Fi Management: Capability to configure and manage Wi-Fi settings and policies across all devices.

7. Integration Capabilities:

• EHR and Healthcare Systems Integration: Software must integrate seamlessly with existing Electronic Health Record (EHR) systems and other healthcare management systems for medical devices.
• API Support: Robust API access to integrate with other systems such as IT security infrastructure and enterprise resource planning (ERP) systems.

8. User Support and Training:

• Helpdesk Tools: Integrated tools within the MDM platform to provide support to device users.
• Training Modules: Online training modules accessible from the devices for user training and support.

9. Compliance and Policy Enforcement:

• Policy Management: Tools to create, manage, and enforce security policies at the device level.
• Regulatory Compliance: Software that ensures compliance with healthcare regulations such as HIPAA in the US or GDPR in Europe, particularly relevant when managing medical devices.

Device logistics

When establishing and running a logistics operation for smartphones and medical devices, where distribution is not a primary concern, the focus shifts towards optimising the storage, handling, and management aspects. Necessary physical, practical, and software requirements:

Physical Requirements

1. Storage Facilities:

• Climate-Controlled Warehousing: Proper climate control to maintain optimal conditions for sensitive devices such as smartphones and medical devices, preventing damage from humidity or temperature fluctuations.
• Security Systems: Advanced security measures including CCTV cameras, biometric access controls, and 24/7 security personnel to prevent theft and unauthorised access.
• Fire Prevention and Safety: Installation of smoke detectors, fire extinguishers, and sprinkler systems to mitigate the risk of fire, which is crucial for storing electronic devices.

2. Handling Equipment:

• Anti-Static Handling Gear: Use of anti-static wrist straps, mats, and tools to prevent electrostatic discharge (ESD) which can damage electronic components.
• Custom Storage Units: Shelving and storage units designed to hold devices securely and minimise the risk of damage during handling.

Practical Requirements

1. Staffing:

• Specialised Training: Staff trained in the specific handling requirements of electronic and medical devices, including the handling of potentially hazardous batteries and electronic waste.
• Quality Control: Personnel dedicated to quality assurance to regularly inspect inventory and ensure devices meet required standards before they are shipped or allocated.

2. Compliance and Security:

• Regulatory Compliance: Ensuring compliance with healthcare and electronic device regulations such as HIPAA for medical devices or CE for European market compliance. This includes data privacy considerations if devices store or transmit personal data.
• Insurance: Adequate insurance coverage for high-value medical and electronic devices against damage, theft, or loss.

3. Sustainability Practices:

• Recycling Programs: Implementation of sustainable practices, including recycling or refurbishing older or defective devices.
• E-Waste Management: Proper disposal protocols for electronic waste to minimise environmental impact.

Software Requirements

1. Inventory Management System:

• Detailed Tracking: Software capable of tracking inventory levels, locations, and conditions in real-time.
• Barcoding and Scanning: Use of barcoding and RFID technologies for easy tracking and management of stock movements.

2. Asset Management Software:

• Maintenance Scheduling: Software to schedule and track maintenance for medical devices that require regular calibration and servicing.
• Depreciation Tracking: Tools to manage the depreciation of devices, useful for accounting and replacement planning.

3. Security and Monitoring Software:

• Access Control Systems: Integration with physical security systems to manage access to storage areas.
• Network Security Solutions: Cybersecurity solutions to protect any networked storage systems or devices that communicate data for logistics purposes.

4. Data Management and Reporting:

• Reporting Tools: Comprehensive reporting capabilities to provide insights into inventory levels, turnover rates, and logistic bottlenecks.
• Integration Capabilities: Ability to integrate with other systems such as CRM or ERP platforms to streamline operations and improve efficiency.

Regulatory Requirements?

To operate a logistics centre for the distribution of medical devices in the European Union, several regulatory requirements must be met under the EU Medical Devices Regulation (MDR) 2017/745. These requirements ensure the safety, traceability, and compliance of medical devices distributed within the EU. Here are the key regulatory aspects to consider:

1. CE Marking and EU Declaration of Conformity: Distributors must verify that all medical devices have been CE marked, indicating conformity with health, safety, and environmental protection standards. Additionally, they must ensure that an EU Declaration of Conformity accompanies the devices.
2. Storage and Transport Conditions: Distributors are responsible for ensuring that storage and transportation conditions comply with the manufacturer's specifications to maintain the quality and safety of medical devices.
3. Traceability and UDI System: The EU MDR requires a robust traceability system. Distributors must be able to trace and provide Unique Device Identification (UDI) codes for devices, particularly for higher-risk Class III devices, and ensure these are registered in the UDI database.
4. Post-Market Surveillance: Distributors must engage in post-market surveillance activities. This includes keeping a register of complaints, non-conforming devices, and any recalls or withdrawals. They must also forward any reports of incidents related to the devices to the manufacturer and, if necessary, to the competent authorities.
5. Reporting Obligations: If a distributor becomes aware that a device may not conform to the regulations or poses a serious risk, they must inform the manufacturer, the manufacturer’s representative, and the relevant competent authorities. This is critical for initiating any necessary corrective actions, including recalls.
6. Cooperation with Authorities: Distributors must cooperate with competent authorities, providing all necessary documentation and information to demonstrate the conformity of the devices. They might also be required to supply device samples to authorities upon request.
7. Quality Management System (QMS): Although not legally mandated for distributors under the MDR, implementing an ISO13485-2016 compliant QMS is recommended to manage regulatory processes effectively and ensure compliance with the EU MDR. This system helps manage internal processes and documentation, ensuring that non-compliant or defective devices are identified and managed appropriately.?

Data collection & Clinical trials

Clinical Investigations are actual Clinical Trials designed for the purpose to document that a certain implementation a protocol for a specific condition is tried and validated, so that the IT-system behind the implementation can add the condition to their CE-Mark, OR to generate evidence for a brand new VC/RPM system that can be submitted as evidence of function and efficacy, so the CE Mark can be grated.

There is most likely not any VC/RPM system that can cover all conditions without additional Clinical Investigations/Trials over time.

It would be prudent to consult experienced Quality Assurance/Regulatory Affairs officers about the detailed requirements, as this is in itself a comprehensive and somewhat bureaucratic process.

Setting up a clinical trial to assess the efficacy of implementing virtual care involves a systematic approach to design and execution. This type of trial typically measures the effectiveness of virtual healthcare delivery compared to traditional face-to-face interactions. Here's a detailed breakdown of the requirements, focusing on the specified Key Performance Indicators (KPIs):

Study Design

• Randomised Controlled Trial (RCT): This is the gold standard for clinical trials. Participants are randomly assigned to either the virtual care group or the control group, which would receive traditional care.
• Crossover Design: Alternatively, a crossover design can be employed where participants receive both interventions sequentially, allowing for direct comparison within the same individuals over time.
• Blinding: While blinding participants in a virtual care study may be challenging, efforts should be made to blind the assessors to reduce bias in outcome evaluation.

Ethical Considerations

• Institutional Review Board (IRB) Approval: Essential for all clinical trials to ensure that the study meets ethical standards and that participants' rights are protected.
• Informed Consent: Participants must be fully informed about the trial's purpose, the interventions they will receive, and any potential risks.

Recruitment of Patients

• Inclusion/Exclusion Criteria: Define who is eligible to participate based on factors like age, medical history, geographic location (for internet connectivity concerns), and technological literacy.
• Recruitment Methods: Strategies to attract participants could include using patient registries, social media, and healthcare provider referrals.

Intervention

• Virtual Care Platform: Specify the technology and software to be used, ensuring it meets security standards and is user-friendly.
• Training: Both participants and healthcare providers should receive training on how to use the virtual care platform effectively.

Data Collection and Analysis (KPI’s)

• Resource Optimization: Measure the allocation and usage of healthcare resources, including staffing and technological resources, in virtual vs. traditional care settings.
• Healthcare Delivery Capacity: Evaluate the number of patients served, the frequency of visits, and the ability to manage patient care remotely.
• Cost Efficiency: Analyse the direct and indirect costs associated with virtual care, including technology investment, maintenance, and healthcare savings.
• Patient Experience and Quality of Life: Use validated surveys to assess patient satisfaction, quality of life, and any changes in health outcomes due to the mode of care delivery.

Follow-up

• Duration: Determine the length of follow-up necessary to observe meaningful outcomes, which may depend on the conditions being managed.
• Assessments: Schedule regular assessments to collect data on KPIs and monitor any adverse events or technical issues.

Data Security and Privacy

• Compliance: Ensure that all data collection and storage methods comply with relevant laws and regulations, such as HIPAA in the U.S and GDPR in the EU (GDPR trivially covers HIPAA).
• Data Integrity: Implement robust data management protocols to protect the integrity and confidentiality of participant data.

Reporting and Dissemination

• Analysis: Use statistical methods to analyse the data collected. Techniques should account for any missing data and potential confounders.
• Reporting: Prepare to publish the findings in peer-reviewed journals and present at conferences to share insights with the broader medical and scientific community.

Pilot Implementation Steps

To design a pilot project for a virtual care solution using a double-blind clinical trial for 2 different conditions, we need to carefully structure the trial to ensure it meets rigorous scientific standards while also targeting the specified KPIs. Below is a detailed project plan:

Project Overview

• Objective: To evaluate the efficacy of a virtual care solution for 2 conditions. Monitoring in increasing healthcare capacity, optimising resource utilisation, improving patient satisfaction, and maintaining or enhancing healthcare quality through a double-blind clinical trial.
• Duration: At least 6 months with continuous evaluation and iterative redesign every 2 months.
• Patient Throughput: At least 500 patients for each of the 2 conditions.
• Setting: Collaboration between a virtual healthcare organisation and a designated physical hospital.

Project Phases (Ideally)

Phase 1: Pre-trial Preparation

• Months 1-2
• Tasks: Ethical Approval: Obtain approval from relevant ethical boards. Recruitment: Develop inclusion/exclusion criteria and recruit patients, ensuring that neither the patients nor the evaluators know which treatment (virtual vs. traditional) the patient receives. Randomization: Randomly assign participants to either virtual care or traditional care. Technology Setup: Implement and test the virtual care technology, ensuring all data security measures are in place. Training: Train healthcare providers on both virtual care delivery and the specific requirements of a double-blind trial.

Phase 2: Trial Launch and Initial Data Collection

• Months 3-6
• Tasks: Trial Initiation: Begin the trial by delivering care through designated mediums as per the randomization. Monitoring and Support: Regularly monitor the technology and provide support as needed to both healthcare providers and patients. Data Collection: Collect data continuously on KPIs using blinded methods to ensure trial integrity.

Phase 3: First Evaluation and Adjustment

• Months 7-9
• Tasks: Data Analysis: Analyse the collected data to assess initial results concerning KPIs. Adjustment: Identify any issues in the virtual care delivery or trial procedures and adjust the protocols accordingly. Re-implementation: Launch the next cycle of the trial with any necessary modifications to enhance outcomes.

Phase 4: Second Implementation and Data Collection

• Months 10-12
• Tasks: Continue Trial: Implement the refined trial processes and continue data collection. Further Adjustments: Make additional adjustments as necessary based on ongoing data analysis and feedback.

Iterative Cycles

• Every 3 Months Post-Phase 4
• Tasks: Evaluate and refine the trial based on KPIs. Prepare reports for stakeholders and refine strategies for potential expansion based on trial outcomes.

Expansion Phase

• Upon Verification of KPIs
• Tasks: Expand the virtual care model to include more diagnoses and chronic conditions. Gradually introduce preventive screenings. Scale the verified and functional aspects of the program to other geographical areas.

KPIs for Measurement (suggested)

• Resource Optimization: Evaluate how effectively resources are utilised in virtual vs. traditional care settings.
• Healthcare Delivery Capacity: Assess the number of patients managed, the frequency of virtual visits, and overall management effectiveness.
• Cost Efficiency: Analyse cost implications of virtual versus traditional care.
• Patient Experience and Quality of Life: Measure through surveys and health outcome assessments to determine the impact on patient satisfaction and quality of life.

Reporting

• Regular Updates: Provide stakeholders with regular updates through reports and meetings.
• Data Transparency: Ensure data from the trial is appropriately blinded and later unblinded for analysis while maintaining patient confidentiality.

Note:

• Pilot Phase: Plan a pilot test to evaluate the feasibility and refine the approach before a full rollout.
• Resource Allocation: Ensure adequate resource allocation, including funding, personnel, and technology.
• Risk Management: Identify potential risks and barriers to implementation with strategies to mitigate them.

Quality management?

If the project requires bespoke development that falls under MDR to be CE marked, then it is required that such development is done in accordance with ISO13486:2016, in which case such a system must be established.

It is recommended to establish a development environment where all processes from the QMS are enacted and documented through tightly configured processes? (in a Jira-like environment), designed to conform to and deliver required ISO13485 documentation.

The actual QMS should be developed in Hypertext repository (i.e Confluence like) with the add-ons that provide part 11 compliant document control and workflow management.

Alternatively, it is possible to purchase QMS frameworks with a lot of automation in various forms and shapes.

It is extremely important that the production system for the development works IN the QMS and experience? it as an integral part of their work, as opposed to having it imposed from the outside of the development team and maintain the QMS as a separate project from the development. This will lead to non-compliance and bad quality.

Should the project owner decide to purchase a pre existing system that is already CE marked, then the intended use? must be reviewed to ascertain that it in fact does cover the project needs for current and future needs, and an actual Due Diligence with a 3rd party expert is highly recommended.

It is has been seen to happen that suppliers sell systems that have features and functionalities beyond their intended use and regulatory permissions. The responsibility to verify this falls on the purchaser.

This area is extremely important, and also very complicated, so it is highly recommended to add staff with experience in this area from the outset.

ISO13486:2016

ISO 13485:2016 specifies requirements for a quality management system (QMS) where an organisation needs to demonstrate its ability to provide medical devices and related services that consistently meet customer and applicable regulatory requirements. Here’s a summary of the key requirements for a QMS that is compliant with ISO 13485:2016:

Scope and Application

• Establish the scope of the QMS, focusing specifically on medical devices and related services, aligned with the organisation’s purpose and context.

Management Responsibility

• Top Management Involvement: Ensure active involvement of top management in the development, implementation, and maintenance of the QMS.
• Quality Policy and Objectives: Define and document a quality policy and quality objectives that are specific to the medical device industry.
• Organisational Roles and Responsibilities: Clearly define and document roles, responsibilities, and authorities within the organisation.

Resource Management

• Human Resources: Ensure personnel involved in quality management are competent based on education, training, and experience.
• Infrastructure and Work Environment: Maintain the infrastructure and work environment needed to comply with product safety and performance.

Product Realisation

• Planning: Plan and develop the processes needed for product realisation, including setting quality objectives and requirements for the product.
• Customer Requirements: Determine and meet requirements related to the product, including customer and regulatory demands.
• Design and Development: Implement a controlled design and development process.
• Purchasing and Outsourcing: Control purchasing processes and ensure that externally provided processes, products, and services conform to requirements.
• Production and Service Provision: Control production and service provision under controlled conditions, ensure product traceability, and handle contaminated or potentially contaminated products appropriately.

Measurement, Analysis, and Improvement

• Monitoring and Measuring: Apply suitable methods for monitoring and measurement of the QMS and the medical devices.
• Control of Nonconforming Product: Address the nonconformities related to the product, prevent its unintended use or delivery.
• Data Analysis: Analyse data to demonstrate suitability and effectiveness of the QMS, and to identify areas needing improvement.
• Improvement: Continually improve the effectiveness of the QMS through the use of quality policy, quality objectives, audit results, data analysis, corrective actions, and management review.

Documentation Requirements

• General Documentation: Maintain a documented QMS with a quality manual, documented procedures, and records.
• Control of Documents: Ensure that documents required by the QMS are controlled. Review and update as necessary and re-approve documents.
• Control of Records: Establish a documented procedure to define the controls needed for the identification, storage, protection, retrieval, retention time, and disposition of records.

Risk Management

• Throughout product realisation, identify product and QMS related risks, and manage these risks using appropriate risk management methods.

Regulatory Compliance

• Ensure that the QMS conforms to applicable regulatory requirements.

Internal Audit

• Conduct internal audits at planned intervals to determine whether the QMS is effectively implemented and maintained.

Management Review

• Top management MUST review the QMS periodically to ensure its continuing suitability, adequacy, and effectiveness. THIS CAN NOT BE DELEGATED, unless you purposfyllt intend to dilute the value of the QA functions work.

Compliance with ISO 13485:2016 is crucial for organisations involved in the design, production, installation, and servicing of medical devices and related services, providing a framework to ensure consistent design, development, production, and delivery of medical devices that are safe for their intended purpose.

Regulatory and Compliance Concerns

If the technology solution for the project is purchased from a 3rd party as a bespoke development project, then the below activities will be performed by the supplier, which in turn will be reflected in the project costs.

Should the project owner decide to purchase a pre existing product for the Virtual Care product, then i befalls the buyer to validate the below points through a Due Diligence process, where external consultant(s) which are knowledgeable about CE marking and ISO13485, will be required to assess the compliance and validity of the supplied product and it’s regulatory approval for the scoped project.

Medical Device Regulations (MDR)

The Medical Device Regulation (MDR) (EU) 2017/745, which came into full application on May 26, 2021, is a key regulatory framework for medical devices sold within the European Union. It was designed to ensure a higher level of safety and performance for medical devices being produced in or supplied into Europe. For a project involving the implementation and assessment of a virtual care solution for 2 different conditions , several aspects of the MDR are particularly relevant:

Device Classification

• Depending on how the virtual care solution is designed (software, application, etc.), it may be classified as a medical device. Most software intended to provide information which is used to make decisions with diagnostic or therapeutic purposes is classified as a Class IIa or higher under the MDR. The classification will influence the level of scrutiny the device undergoes before it can be placed on the market.

Conformity Assessment

• Risk Class: Based on the classification, a conformity assessment must be conducted. For most Class IIa and above devices, this involves a Notified Body.
• Quality Management System: The manufacturer must implement and maintain a comprehensive quality management system appropriate for the specific class of the device.

Technical Documentation

• All devices must have detailed technical documentation that covers aspects from the design, manufacture, and performance of the device, including any clinical evaluations, risk management, and post-market surveillance plans.

Clinical Evaluation

• Clinical Evaluation Report (CER): A critical component, this report must be drawn up in accordance with Annex XIV of the MDR. It involves a thorough analysis of clinical data pertaining to the device to assess its safety and performance.
• Clinical Trials: If clinical trials are needed (as would likely be the case in your project), these must adhere to strict standards similar to those for pharmaceuticals. Trials must be pre-registered in a European database and conducted according to Good Clinical Practice (GCP).

General Safety and Performance Requirements (GSPR)

• The device must meet specific safety and performance requirements set out in Annex I of the MDR. This includes requirements on chemical, physical, and biological properties, infection and microbial contamination, construction and environmental properties, devices incorporating a medicinal substance, and more.

Post-Market Surveillance

• A system for ongoing surveillance after the product has been introduced to the market must be established. This involves the systematic collection and analysis of data on the use of the device once it is on the market to ensure continued safety and effectiveness.

Labelling and Information

• Devices must come with appropriate labelling and information, which includes safety information, instructions for use, and any warnings or precautions to consider.

Registration of Devices and Economic Operators

• Devices, manufacturers, authorised representatives, and importers must be registered in the European Database on Medical Devices (EUDAMED).

Incident Reporting

• There are strict requirements for reporting any serious incidents involving medical devices under the MDR, including specific time frames for reporting different types of incidents.

Compliance with EU Data Protection Regulations

• Since a virtual care solution will involve handling personal health data, compliance with the General Data Protection Regulation (GDPR) is essential. This includes ensuring data privacy and security from design to the actual operation and handling of data.

Notified Bodies

• Engage a Notified Body early in the process if the device falls under a class requiring Notified Body review. The Notified Body will conduct audits, assess conformity, and issue CE certification if the device meets all requirements.
• Notified bodies in the EU are a huge bottleneck (as of early 2025) , and it can be quite a challenge to get ap product CE Marked, so when an NB is approached, it is important to ascertain their capacity to deliver on the CE Mark certifications. The ISO13485-2016 certification is usually not a problem, but as the CE Mark has additional requirements to proce specific afficacy (I.e. the Clinical Evaluation Report) - this process requires resources with the NB that are very scarce.
• Projects CAN be implemented under the label “Clinical Investigation” legally, and this is a perfectly legitimate and normal way of accumulating the required data in a live setting, but it requires all users and participants to be informed about the status.

For a project such as this, careful attention to MDR compliance from the initial planning stages is crucial to ensure smooth development, approval, and deployment phases, ultimately leading to successful market entry in the EU.

Business Continuity

The hard part about Virtual Care is not bringing a system online - it is to make it work flawlessly with an availability in excess of 99.9%.

Keeping a system alive and functioning well, through updates, changes, integrations and expansions is extremely arduous and taxing. Projects will often experience reintroduction of bugs that already have been fixed, and obvious errors and flaws that should have been found during tests.

Many of the frustrating characteristics of project is caused by the supplier NOT having implemented an effective QMS that complies to ISO13485, and even so immature projects WILL have lots and lots of shortcomings and suboptimal functionalities, and even errors.?

No matter if the project is mature or not, it is required to demonstrate the presence of a Business Continuity Plan.?

A Business Continuity Plan (BCP) for a virtual care project that uses remote patient monitoring systems is essential to ensure that healthcare delivery remains stable and effective, even during disruptions. The plan outlines procedures for maintaining business operations and patient care with minimal impact.

BCP Overview

• Purpose: To provide continuous virtual healthcare services to patients with various conditions, monitoring them in their homes using remote patient monitoring systems.
• Scope: The plan covers all aspects of virtual healthcare delivery, including patient data management, technology infrastructure, healthcare personnel, and support services.

Risk Assessment

• Identify Risks: Assess potential risks that could disrupt the virtual care services, such as power outages, technology failures, data breaches, pandemics, and natural disasters.
• Risk Impact Analysis: Determine the impact of each risk on operations, prioritising them based on their likelihood and severity.

Critical Functions

• Patient Monitoring: Ensure continuous operation of remote patient monitoring systems.
• Data Communication: Maintain secure and efficient data transmission between patients and healthcare providers.
• Patient Support: Provide uninterrupted access to medical consultation and emergency response services.

Roles and Responsibilities

• Incident Response Team: Composed of project managers, IT specialists, healthcare providers, and support staff.
• Communications Coordinator: Responsible for managing communications during a disruption, including updates to patients, staff, and external partners.
• IT Support Team: Tasked with restoring IT functions and securing data.

Business Continuity Strategies

• Redundant Systems: Implement redundant power supplies, server backups, and alternative communication channels.
• Data Backup: Regularly back up patient data off-site in secure, geographically diverse locations.
• Telecommunication Flexibility: Utilise cloud-based platforms that allow healthcare providers to deliver care from any location.

Emergency Response Procedures

• Immediate Actions: Outline initial steps for the incident response team during various scenarios (e.g., data breach, power failure).
• Patient Communication: Establish protocols for informing patients about the status of their care and any changes due to system disruptions.
• Resource Allocation: Prioritise resources to ensure that critical functions are maintained.

Recovery

• Recovery Time Objectives (RTOs): Define acceptable downtime for each critical function and plan to meet these objectives.
• Restoration Procedures: Detail steps to restore full service after a disruption, including technology recovery and verification processes.
• Testing and Drills: Regularly test the recovery plan and conduct drills to ensure all team members know their roles and responsibilities.

Maintenance

• Regular Review: Schedule periodic reviews of the BCP to ensure it remains up-to-date with technological advancements and changes in the business environment.
• Training and Awareness: Conduct training sessions to familiarise new employees with the plan and refresh existing employees’ knowledge.
• Documentation: Keep comprehensive and accessible records of all plan versions and changes.

Communication

• Internal Communication: Use reliable communication tools to keep staff informed during a disruption.
• External Communication: Maintain lines of communication with external entities such as technology vendors, emergency services, and regulatory bodies.
• Patient Notification System: Implement an automated system to notify patients of important updates via SMS, email, or voice calls.

By following this business continuity plan, the virtual care project can minimise the impact of disruptions on patient care and maintain high standards of service during emergencies.?

The plan should ensure that both patients and healthcare providers are supported and that critical healthcare delivery systems are robust and resilient.

finish

Good job making it through ??