Digital Health Alert: 3 New China Regulatory Guidelines Released

On March 9, 2022, the CMDE (Center for Medical Device Evaluation) of the NMPA (National Medical Products Administration) issued the following 3 regulatory guidelines concerning digital health:

Technical review guideline for the registration of medical device software (No.9-2022)

Scope

Class II and III SaMD (Software as Medical Device) or SiMD (Software in Medical Device)

NMPA Registration of Importing Medical Device Software

The dossier submission should include, but not limited to the following:

• Marketing approval certificate granted from the product’s country of origin and any related supporting materials.
• Previous batch of product information submitted before the product-specific change in its country of origin, if any.
• List out any cultural differences such as the differences in language, functionality, scope of application, etc.

Technical review guideline for the registration of artifical intelligence medical device software (No.8-2022)

Scope

Class Class II and III AI-based SaMD or AI-based SiMD

NMPA Registration of Importing AI Medical Device Software

Based on the intended use, use scenarios, and core functions of the product, the applicant should carry out risk management activities to ensure the risks, such as the differences between Chinese and foreigners in terms of ethnicity, epidemiological characteristics, clinical diagnosis and treatment norms, etc., have been reduced to an acceptable level throughout the whole product lifecycle.

Technical review guideline for the registration of medical device software for cyber security (No.7-2022)

Scope

Class II and III SaMD or SiMD with any of the following three functions:

• Electronic data interchange
• Remote access control
• User access control

Cross-Border Medical Data Transfers

Important data, personal information and human genetic resource information collected and generated in China must be stored in China by law. If there is a business need to share these data to outside of China, security assessment should be carried out in accordance to the requirements and measures formulated by the Cyberspace Administration of China (CAC) in conjunction with relevant departments of the State Council.

By Julie Zhang and Jacky Li. Contact Cisema if you would like to learn more.