Singapore Medical Device Regulations and Cybersecurity Update 2024

Singapore has the second best healthcare system in Asia after Japan. Thus, as a healthcare leader, Singapore constantly updates its regulations to adapt to new technologies. Singapore is working towards enhancing the cybersecurity and regulatory compliance of medical devices. With the increasing integration of technology in healthcare, the city-state’s health authorities are implementing trials and updating guidelines to safeguard against cybersecurity risks and ensure rigorous clinical evaluation of medical devices.

Regulatory Updates

Singapore has been updating its regulatory framework to keep pace with technological advancements in medical devices. A notable development is the release of a draft document on GN-14 for In Vitro Diagnostic (IVD) medical devices in May 2023. This revision expands the risk classification to include derivatives of blood, organs, or cell tissues, ensuring a broader spectrum of IVD devices is adequately regulated. Furthermore, the document delineates classification criteria for software, either as an integral part of an IVD device or as standalone software.

Moreover, the Singapore Health Sciences Authority (HSA) has sought feedback on its draft Guidance for Device Clinical Evaluation. This draft emphasizes the importance of real-world data in clinical evaluation of medical devices. By incorporating data from post-marketing experiences, such as adverse events and recalls, into clinical evaluations, the HSA aims to provide a more comprehensive assessment of a device’s safety and efficacy. This approach is particularly pertinent for Software as a Medical Device (SaMD), which must undergo rigorous evaluations to ensure its performance aligns with its intended clinical use.

A Step Towards Cybersecure Medical Devices

Starting in October 2023, Singapore embarked on a pioneering 90-day trial aimed at assessing the cybersecurity risks associated with medical devices. This initiative, a collaborative effort among the Ministry of Health (MOH), the Cyber Security Agency, and the National Health Technology Agency (Synapxe), highlights the need to secure devices that are integral to patient care, such as pacemakers, defibrillators, respiratory ventilators, and diagnostic tools.

The trial introduces a four-tier cybersecurity rating system for medical devices, ranging from basic cybersecurity standards at Level 1 to advanced requirements, including third-party software security evaluations and binary analysis at Levels 3 and 4. This rating system aims to guide healthcare providers and patients towards selecting more secure medical devices. In addition, the Cyber Security Agency plans to roll out a comprehensive training program.

These initiatives not only enhance patient safety but also promote trust in the healthcare system, ensuring that Singapore remains at the forefront of medical innovation and security in the digital era.