Developers - Post-market surveillance of medical devices- Identifying adverse incidents for Software as a Medical Device

If your technology is Software as a Medical Device (SaMD), indirect harm is the most probable outcome of an adverse incident. It is important you understand types of indirect harm and how it is caused, so you can identify adverse incidents.

Identifying adverse incidents

Indirect harm from using SaMD may be a consequence of:

• the medical decision
• action taken or not taken by healthcare professionals based on information provided by the SaMD
• action taken or not taken by patients or the public based on information provided by the SaMD

Below are some types of adverse incidents from using SaMD, with examples.

Performance issues: a technology remotely monitoring vital signs in a care home fails to correctly detect the assigned parameters (pulse rate, respiratory rate and oxygen saturation). This leads to a delay in diagnosis or treatment

Diagnostic accuracy issue: a dermatology app used for detecting melanoma gives an inaccurate result. As a consequence, the user decides not to seek an expert clinical opinion

Decision support software resulting in harm: a clinical calculator produces an incorrect calculation. A patient is prescribed the wrong amount of medication as a result

Issues with connected hardware or software: antivirus software installed on a device is non-compatible with the SaMD and causes it to malfunction (that is, the device that runs the software causes harm)

User error resulting in harm: a user enters the wrong value into a contraception app. The user relies on an incorrect output and unintentionally becomes pregnant

Inadequate labelling and instructions for use: a tablet‑based SaMD is not labelled with the correct cleaning instructions, which leads to cross contamination between patients

Computer system security problem: a SaMD is the target of a cyber attack, causing corruption of patient data stored on the device. This leads to an incorrect or delayed diagnosis

Read the MHRA’s guidance on reporting adverse incidents for Software as a Medical Device for more information, including examples of indirect harm and its causes.

You should notify the MHRA as soon as you become aware that your SaMD may have caused or contributed to a reportable incident. Report individual incidents on the MORE portal.

This information is not intended to replace formal statutory guidance regarding legal requirements. For an authoritative view of what regulations require beyond this digest, please see the relevant gov.uk web pages pertaining to the MHRA.