MetaDAMA - Data Management in the Nordics

3#16 - Elisabeth M.J. Klaussen - Navigating the Regulatory Landscape for AI in Healthcare (Eng)

Elisabeth M.J. Klaussen - DoMore Diagnostics Season 3 Episode 16

Share episode

Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.

0:00 | 34:25

«AI will be so important in transforming health care as we know it today."

Join us as we sit down with Elisabeth M.J. Klaussen from DoMore Diagnostics, who are on a mission to transform cancer diagnostics with artificial intelligence to improve patient care and make drug development more effective. With a rich background in quality assurance and R&D within Pharma, Biotech, and MedTech, Elisabeth shares how AI is revolutionizing patient care and the pathway to personalized medicine.

Navigating the complexities of starting a healthcare venture can be as intricate as the regulations that govern it. In this episode, we discuss the maze of regulations across continents, the implications of the European AI Act for innovators, and the non-negotiable necessity of protecting patient data.

Wrapping up our dialogue, we emphasize the importance of a Quality Management System (QMS), especially when developing AI models. As we delve into the EU's AI Act and its potential to harmonize standards, Elisabeth offers invaluable advice to health startups: the development of a robust QMS is not just a regulatory tick box but a foundational pillar for market readiness.

Here are my key takeaways:
AI in Health Care:

  • Personalized medicine requires to analyze a lot of data and set it in a personalized context.
  • To create value with AI in health care is challenging, due to the high density of regulations, yet benefits can be huge.
  • AI can enable us to use investments in pharmaceuticals, biotech as well as patient care more effectively.
  • You need to ensure you can constrain AI models, not only on the data input, but also through use of parameters or model-architecture.
  • The product from DoMore Diagnostics is i.e. a static model, not generative, that gives an output on leanings only.
  • There is a need to apply for a new CE marking, if model would change.

Regulations in Health Care:

  • You need to understand both your product and its intended purpose to understand what regulation will apply to you.
  • You need to set up a team with the right people and competency.
  • Try to find generalists - People that have a core competency, but are really good at adopting and learning new surrounding competencies at a more generalist level to complement each other.
  • Laws and regulations in the industry are getting more and more globally standardized.
  • If you adhere to the area with the most stringent rules, you can basically introduce your product to any market you like.
  • If you set up your organization for regulatory compliance, you have two perspectives to keep in mind:
     
    • Internally - how do you set up your principles, polices and processes internally?
    • How do you act towards your sector and market?
  • The regulation on EU level provides a framework, within you can find national regulations and laws that go beyond. One example is product labeling that can vary between EU countries.

The EU AI Act:

  • The EU AI Act introduces requirements that the heavily regulated industry is following already. (E.g. quality systems, documented design and development of your product, validations, performance studies)
  • EU regulations are political documents, that are build on compromise.
  • There is a huge constraint within the EU commission as well as on the authority side to take on the workload that results from the AI Act and other new regulations.
  • The more cumbersome regulations are and the more regulations you build in, the more expensive will products get.
  • Standards and regulations can help to structure your ways of working, ensuring efficiency, not wasting time and money in doing things over and over again.
  • «You can be more creative, if you have a structured way of working.»

Healthcare AI Impact and Regulations

Speaker 1

This is MetaDemo, a holistic view on data management in the Nordics. Welcome, my name is Winfried and thanks for joining me for this episode of MetaDemo. Our vision is to promote data management as a profession in the Nordics, show the competencies that we have, and that is the reason I invite Nordic experts in data and information management for a talk. Welcome to Metadema. Today I have the possibility to talk with Elisabeth Clausen, and Elisabeth is working in a health startup, which is really interesting because this is actually we are already in the middle of season three.

Speaker 1

This is the first episode on healthcare and the podcast, and I don't know if it was me that was a bit hesitant to talk with healthcare, because I feel like healthcare is such a highly regulated sector which has such an enormous complexity, and talk about GDPR or the AI Act on the one side, but you also talk about HIPAA, you talk about pharmaceutical regulation and so much more, so the complexity is really high. That's why I wanted to talk to someone in the sector that works in this complexity and has been a really interesting talk. We already had earlier with Elizabeth and she has a background in both quality assurance, in R&D operations in pharma, in biotech and medtech companies, so I think she's the right person to talk to, so welcome, thank you. Elizabeth works for a health startup called Do More Diagnostics, and the mission of Do More Diagnostics is to transform cancer diagnostics with artificial intelligence to improve patients' care and make drug development more effective, and we're going to hear much more about this, but before that, I would love to have you introduce yourself a little bit.

Speaker 2

Thank you. So I'm the head of quality and regulatory and do more diagnostics. As you mentioned, I've done work within both the pharmaceutical, biotech and medtech industry. I started out after my master in biology at University of Oslo in NICOMED imaging. That was not my intention, but I was basically so excited about everything going on and the possibilities to get experience so I actually ended up working for NICOMED imaging, or now GE Healthcare, for more than 10 years in different roles, both within R&D etc. And it's a very sort of changing environment because you work with regulation so you're sort of become very open to changes. And so I moved on to biotech, which I worked in the Dynal family, which is now Thermo Fisher, and yeah, I've had a great journey within the various health care.

Speaker 2

On my free time, I enjoy working with Horset, so that's my really big thing at the moment. That's my really big thing at the moment. After many years as a handball player, I realized I had to change the scene for doing sports, so I took up riding again. So I live on a farm 40 minutes out of Oslo where I have my two horses. I try to spend as much time with them and it's a really good way to unwind and, you know, get away from the regulated scene for, uh, for a while and and and stay focused.

Speaker 2

And with regard to interest for data, that actually started very early. Um, I, at high school, I started working for commodore computers, so I've always been sort of a bit of a nerdy kid and curious, and I very soon got intrigued by the possibilities of computing and especially the possibilities of an ability to analyze data. And so when I was doing my master's at University of Oslo, I had to analyze a really huge data set, to create multivariate models, and to be able to do that at a time it was necessary to learn some more programming, and that was fun. It took far too long time, but it was really great, was really great. And looking back, I mean it's amazing where we were in the 90s trying to analyze all these huge statistical models, and seeing what is possible today is just amazing. So that's something I'm really excited about, and being back, in a way I feel at home and do more diagnostics, because it's, in a way, where I started out.

Speaker 1

What an interesting journey. And just a fun fact on the side, you are the second one I talked to that has a bit of a quality role and quality background. The last episode I talked to Valentina from Volvo Penta and she also has horses, so maybe there's a connection there. Thank you for the introduction. We talked about the mission for Do More Diagnostics, which is really interesting, but maybe you can tell us a bit more about what Do More Diagnostics is about.

Speaker 2

So Do More Diagnostics is a spin-off company from the Do More Lighthouse project at the Institute for Cancer Genetics and Informatics at the University Hospital of Oslo, in collaboration with Oxford University and University College of London. So that was a huge project that went on for about five years and basically now we're working to commercialize what came out of the Do More project. So, as you mentioned, our mission is to transform cancer diagnostics with artificial intelligence, and the main take is to improve patient care. Our current CMARC product, histotype PX colorectal, can actually help oncologists identify patients that will not benefit from chemotherapy and thereby avoid unnecessary treatment and improve quality of life.

Speaker 1

Really interesting and you can see that direct effect of AI in the research, which is fantastic. What I wanted to ask you about and, as you said, you've been working on this for quite some time but do you see an impact of the current since November 2022 with Gen AI, the current AI summer? Do you see an impact on the sector of healthcare?

Speaker 2

Yes, absolutely, and I think, first of all, ai will be so important in transforming the current healthcare as we know it today. It will make us, in my mind, truly deliver on the personalized medicine. It's been a buzzword for many, many, many years, but obviously doing it truly personalized requires some with the power of an AI to actually be able to analyze a lot of data and put it into a very personalized content. And, with regard to this, I think the important here is that the healthcare sector is already very highly regulated and obviously getting into the AI scene is going to be a challenge. But at the same time, it's got so much potential, but not only within the pharmaceutical and medtech, biotech industry side of healthcare, but it's going to be so important with regard to patient care as well, whether it's home-based patient care or any type of healthcare organization or organizing how healthcare is being delivered, and I think it's going to transform the healthcare, all sides of healthcare, because it's going to enable us and the taxpayers' money to be used more effectively.

Startup Regulations and Team Building Discussion

Speaker 1

You already mentioned it, there is quite some regulatory challenges, but a setup that you have to adhere to, and then you see an emerging regulatory setup on the AI side as well. So what is really the reality of a health startup that wants to work with AI in Norway?

Speaker 2

For a startup, it's really important to basically identify in what segment, in what modality, because there is no one set of regulations for a given type of product. So what is really important is to start out early by identifying what type of product do you have, what is the intended purpose for that product and, by that, identifying exactly what laws and regulations apply. So that's really important. And secondly, it's all to do with your team. So identifying the right people to be that part of that startup is really essential, and also identifying you know what's the need for competency, what type of people should you bring in? And a startup has limited resources, so actually doing a good job on setting up a good and strong team is essential to be able to deliver is essential to be able to deliver.

Speaker 1

I really enjoy that, because this is something that is important for data, data work in general, right, finding the right people and the right competency. And you need to not just forecast it in a planning motion, but you actually have to strategically plan for what people you need at what point. And I think maybe in a startup, the need is just bigger, right, because you you're not really sure, uh, what your uh financial budgets are on the one side as much as in a large company and, um, you have a certain uncertainty about the future. So it's becoming a more of a pressing matter, and I think that's really really good that you put the right people and the competency in focus here.

Speaker 2

Yeah, and it doesn't necessarily have to be, you know, very, very strong competency within one field. What we see in our team is that we've been lucky enough to collate a set of people that are like potatoes a set of people that are like potatoes. Obviously, we have our very special knowledge base. That, basically, is our main sort of responsibility, but the fact that we're all very sort of dynamic plastic people that wants to learn new stuff and deliver in the team makes life so much easier.

Speaker 1

Would you say there is a difference in startup in healthcare and the health sector in Norway versus other parts of Europe or versus the US?

Speaker 2

No, not really, because much of the laws and regulations within this industry is getting more and more standard, and even more so now in Europe, where I mean Norway being part of the EEA. So basically any EU law is being enforced in Norway anyway, and the work with regard to regulatory requirements is based on the use of international standards. So now the differences between Europe and the US on these issues are getting more and more aligned, so it's basically the same requirements for your quality management systems, the way you set up your technical files for conformity assessment. Obviously, now we have the AI Act coming on in Europe, which is going to be one of the first in the world. So there, europe in fact is in the forefront.

Speaker 2

It looks now like the FDA, food and Drug Administration, will basically introduce something that is very similar to the AI Act, although maybe not as strict like they did with the GDPR. The same sort of rules apply in the US, but in a different form, maybe not as strict as in Europe, but at least so. And the common way of doing this within both pharmaceutical way of doing this, within both pharmaceutical, medtech, biotech industry, is that we basically adhere to the strictest rules, because in that way, if you can identify which geography has the most stringent rules and you make sure you comply with them, then basically you can go anywhere you like in the world and you're welcome.

Speaker 1

Yeah, I really like that. We basically adhere to most stringent rules and then the possibilities are much broader for you. But you said something that also stuck with me, and this is you talked about how you set yourself up. It's really important, and there are two perspectives on this regulatory setup that we already talked about in our pre-session, and one is the internal so how do you set yourself up for success and the other one is the external, so what field and environment are you working within? So I would like to talk about the first part. It's about your internal setup, and one question that always comes quite early in this is what about the patient, right? How do we put the patient in focus and how do we ensure security and privacy while, at the same time, exploring our possibilities with data and AI?

Speaker 2

So maybe you can talk a bit about how you have set by us, because all the patient data used to train and validate our models are data that resides with the University of Oslo, so they have all the control of patient data security, safety, etc. And obviously the data is used under the consent of the patients anyway. As for our commercial product, we've had to develop both GDPR and HIPAA compliant procedural policy system to make sure that we have an effective way of assuring that we are taking data privacy and security into consideration. But it's really important, and it's important on many levels, obviously not only for the safety and security of data related to a patient, but any other people that we're in contact with.

Regulatory Compliance in the MedTech Industry

Speaker 1

So that would you know. It applies to get any technical here, but try to dig a bit more into the actual model and how it's set up and how you can ensure that the output and learnings you get with the work you are doing are in relation to the input. Have you looked at, for example, constraining the model in a certain way, or constraining more than just the data input, or constraining more than?

Speaker 2

just the data input, yeah. So again, it's a very heavy regulated industry, which basically means that our current product, that we have CE Mark, it's locked in a way, so it's a non-generative AI, so it's a static model and it has to stay that way. We have to apply for a new CE Mark if we do any significant changes to that model. So if we want to base a new version on new data, both for learning and training and validation, then we have to apply for a new CE mark because it will be a major upgrade to the model. So, again, our current model is non-generative, so it's very static and very easy to control in that sense. Obviously, there are some cybersecurity issues and stuff that we need to have in place so that it can't be corrupted.

Speaker 1

You already mentioned the CE marking, which I think is a really interesting topic, but we will get back to that a bit later. There's one more question I have on the internal perspective and this is more about and I come from a data governance background, so more about the roles and responsibilities when handling the data. How do you think about the roles and responsibilities you have towards the data you're handling?

Speaker 2

Yeah, so obviously we have to make sure that we comply with all the data privacy requirements. So, again, identifying who within our company is responsible for assuring that systems are up to date and we're actually operational with regard to making sure we have the right processes in place and follow up on them. So obviously we've identified DPO, making sure that we all keep up to speed with regard to continue building our competency within this field, because it's quite a huge field and a lot of it boils down to very detailed tests that you need to perform, et cetera, et cetera. So it's like a never-ending story with regard to learning new stuff.

Speaker 1

I think this is really good, because you had at the end of the first section we talked about. We talked about people and competency and now we are back to people and competency and I think we should stay there a bit, Also when we look at the on the authority side of it. So who do you meet on your authority side in Norway and how is that authority structured towards you?

Speaker 2

If we start from the top, it is the competent authority within our geography. So in Norway we have Stadens Legemiddelverk. That is now Direktoratet for Medicinske Produkter they just changed it there. So that's the overseeing competent authority for Norway. And then it is the EU Commission that basically sets out the rules, so the medical device regulative or the in vitro diagnostics regulation, and within the MedTech in vitro diagnostics field there are notified bodies that will basically perform conformity assessment on behalf of competent authority and EU. So that's the three sort of regulatory authorities and bodies that you meet on your journey from design and development to a so now the big question is how good do you think they are aligned?

Speaker 1

Do you see a general alignment between them, or do you have to meet them on different terms?

Speaker 2

No, so they're all working under the same regulation, obviously in Norway. So the way it's set up is that on top you have the regulation and then each country within EEA might have some additional requirements, some within some areas. One example is labeling product labeling that varies between the countries of Europe. So some countries will give you consent to have labels in English. The majority of countries will have a requirement for local language. So for each geography you have to basically identify what rules apply in Norway, what rules apply in Sweden, germany, etc. And then set up your labeling accordingly. But for the majority of requirements they're very aligned. But obviously you can be audited both by your notified body and also your competent authority. So in an audit situation the focus of the audit might be slightly different, whether it be a notified body conformity assessment audit or whether it's the authorities that come to visit you to see that everything is in place. So in a way you have that competent authority that is overseeing the notified body which is overseeing you. So yeah, Very interesting.

Speaker 1

Thank you, and I think we should talk a bit about the European Union's Artificial Intelligence Act as well, and how do you see the AI Act will influence the work you are doing?

Speaker 2

So, specifically for our company we are probably because we're within the very regulated in vitro diagnostic landscape it will have an impact, but not such a big impact as it will for companies outside their regulated environment.

Speaker 2

Because the AI Act introduces a lot of requirements for having a quality management system, having documented design and development of your product, that you have verifications and validations, that you have performance studies, that you have data that supports the output of your AI. This is common knowledge within the medical device industry. This is what we do to basically make sure that product and its intended purpose is safe and effective with regard to. So in that respect, the AI Act doesn't really introduce anything new as such. So what we're doing currently is identifying okay, we know what we have to under the regulations for diagnostics and medical devices and identifying the additional stuff we need to have. But the challenge here is also that the commission, when setting up this AI Act it's a very political document and we're welcoming it, but practically it's maybe not so easy to basically perform on those requirements. So that's what we're working on now. You know exactly how can we justify what we're doing and how we're doing it, because there's no precedence, obviously, because this is new.

Speaker 1

Yeah, and this is kind of the same situation, and I know a lot of people have tried to compare it to the introduction of GDPR in 2018. They're definitely different, but if there's something that is comparable, then this is the political part of the document and that it actually is a compromise rather than the best setup, and maybe this is also one of the reasons why some countries in the European Union opted for or going on on an own structure when it comes to AI regulation.

Speaker 2

Yeah, absolutely, and I think this is going to be a challenge for many industries, whether it's automotive or medical whatsoever. It's trying to align those requirements and expectations and one very good thing is that, uh, the standards committee international standards committee is already on it, so there's actually a lot of new guidelines and also standards coming out as we speak, which is going to be a great help in navigating this changing landscape and also be able to have a discussion within the industry on best ways to actually attack tests and how do we prove that we've performed tests or designed the product so that it actually meets the requirements of the AI. But, obviously and I think it's really important with any new type of regulation that the industry actually joins up and identifies, you know, what are good ways of doing this. How can we improve our ways of doing things but also give feedback, and we've seen a lot of this over the past eight years. Over the past eight years, because the medical device regulations and in vitro diagnostic regulations were introduced some eight years ago and have been implemented. And one example is the IVDR, the in vitro diagnostic regulation. It was meant to be effective in May 2022? No, originally May 2021, because not only COVID, but because it was not a very practical document.

Speaker 2

The industry has been struggling in how do we implement? How do we do this practically? Is it possible to meet all these requirements? Are they necessary? So it's been an ongoing debate with the commission and it actually just in January 2024, it resulted in another postponement because it's not feasible. It's not. We will see that for the AI Act as well. There's a huge constraint in people within the commission and the authority side to actually take on the workload that introducing all these new regulations do. And not only do we need to build our competency and probably staffing because of these new regulations, but it's the same side for the authorities as well, and they're struggling more than the industry to actually build that competence and find those people. And we're all on the hunt for the same people. So there's a race to find the best people, yeah.

Speaker 1

Oh, yes, I really like that, because you're basically talking about this political compromise document that needs to be translated into a tangible regulation, and I really like that. You talked about the importance of including the industry, but I think also the national regulatory bodies have a vital role to play here, especially in remembering what actually the intent is of the regulation in the first place during that implementation phase.

Speaker 2

Absolutely, and especially within our industry. The whole intention is making sure we design and develop and deliver products that are safe and effective. I mean, that's the absolute core of the regulation and that can never be compromised, and there's many ways to reach that goal. That can never be compromised and there's many ways to reach that goal and that's basically why we need these discussions is how can we actually facilitate the requirement for safe and effective products? Because keep also in mind that the more regulation you build in that are cumbersome, the more expensive everything gets. So it has to make sense, because if not, it's going to be too expensive to have all these products that are useful to people, and that's what we see within the IVD industry now, and one of the reasons why it's been postponed again is that a lot of products had to be taken off the market and they're crucial to the patients, but it was not because the products weren't safe. It was just that they didn't truly meet the new standard, but they were just as safe and effective.

Importance of Quality Management Systems

Speaker 1

Exactly and you said something important here as well that there are many ways to meet the goal, and I think one of the main arguments I heard during the entire debate around the EU AI Act was maybe an argument that comes from more from the US side that regulation is slowing down innovation and that Europe is basically slowing down their innovative potential, especially in the global market. Do you see it the same way?

Speaker 2

potential, especially in the global market. Do you see it the same way? Yes and no. I think it's important that regulation doesn't build fences between the authorities and the industry. But at the same time and this is something I realized while at university if you have a structured way of working, if you make sure that everything you do you plan it, if you make sure that everything you do you plan it, you will be a lot more efficient. And obviously, if the industry has some very good standards and regulations on how to do stuff, then you don't waste time and money doing things over and over and over again.

Speaker 2

So in my career I've had a lot of sort of comments and oh quality, oh quality's here again, and that kind of. But the thing is that it's just meant as a structured way of working and obviously if we do things in a similar way, in a similar order, it's going to be a lot more efficient on the authority side to actually assess what we've done. So in that sense, I think it's very important that we sort of standardize the way we're working. It's efficient for the company, it's efficient for the authorities, but you have to, and if you do have good quality systems and ways of working. You have freedom to operate. So in that respect, I would argue that you can be more creative if you have a structured way of working, because then you do all the stuff you need to do and document and then it's got to be a lot easier to to do it and document and that gives you time to be creative rather than having to go back and rewrite everything you do many times.

Speaker 1

There is like. The difference is basically, if you're out running on the street, where the street is, even you have some guardrails, so you know exactly your route to run. It makes it much more quicker, much more effective than if you run off trail and trying to find a new route.

Speaker 2

Yeah, absolutely. That's a very good way of looking at it.

Speaker 1

I've had one more question on the European Union's AI Act, because you mentioned it already earlier the CE marking and to have some certification system for AI systems. I think this is a notion that has been there for a while. I think also it's a good notion we talked about it in a previous episode but what I find really interesting is who will be responsible to verify and certify the systems and then, in addition to that, who will certify the certifying body.

Speaker 2

Yeah, so we're back to the EU Commission, competent authorities and notified body. So notified bodies need to have a sort of certification from the competent authority and the EU Commission, so they have a so-called designation. As far as I know, they're still debating whether the notified bodies need designation for the AI Act. Notified bodies do need designation for conformity assessment and C-marking of medical devices and in vitro diagnostics and it's the competent authorities, as I said, an EU commission that basically grants that. So what will happen? For in our case we are classified in vitro diagnostics software as a medical device. So we have a notified body that has been designated to C-mark that kind of product.

Speaker 2

Because the AI Act is a so-called horizontal act, it means that our notified body can do both AI Act conformity assessment and IVDR conformity assessment at the same time, because the intention is that, because it's horizontal, there shall be one technical file document for a given product. So both assessments are done at the same time. So there's only one conformity assessment. So in our case we will get a C mark according to the IVDR and AI Act in one. So when the conformity assessment that's typically a six to eight month assessment period the notified body will conclude and send their report to the competent authority, which will inform the EU Commission of their conclusion, and then the notified body can issue a certificate of conformance, and that's when the company can apply the C mark to the product.

Speaker 1

And this was a perfect example for the complexity we are working within. So thank you so much for a fantastic conversation. We're already at the end, but before I let you go, do you have any key takeaways or call to act? But before I, let you go.

Speaker 2

do you have any key takeaways or call to act? Yeah, so for health startups, I would really recommend starting early building a team, identify competence needs and also start as early as possible on building that quality management system and relation with a notified body. That is really important and it's time consuming, so it's really very important to start daily.

Speaker 1

Fantastic. Thank you so much.

Speaker 2

Thank you.

Head Shot

Winfried Adalbert Etzel

Host