Should You Do a BfArM Classification Request? The Answer Is No.

The classification of software as a medical device (SaMD) under the MDR is currently quite unclear. The situation is especially bad when it comes to MDR class I software, because no one on this planet currently has a clear idea what it really looks like. This has lead to different states in Germany coming up with different “tolerance levels” for MDR class I software – Hamburg and Bavaria have multiple MDR class I software devices on the market while Berlin has none at all. Crazy!

But, arguably, this is not their fault because the MDR is vague and there’s no useful guidance around. So they’re just doing their best, I suppose. Wait, so don’t we have a solution to this – an entity or a process which could make final classification decisions for real medical devices?

Luckily we do (or so we think). A so-called BfArM classification request (“Antrag auf Klassifizierung”). The concept itself sounds really cool and like a perfect solution to this problem: You submit some documentation about your product to the BfArM, e.g. your intended use, user manual, (draft) classification, etc., and the BfArM will get back to you with a final decision on what the “real” MDR class is. This decision is final, in other words, notified bodies can’t argue against it.

Okay, so that’s the concept. Now, how does it work? Or rather.. does it work at all?

The answer is no, it doesn’t work, you shouldn’t do it, and the mere idea of thinking that this process is helpful to anyone is wrong. I’m trying to become more tolerant towards state institutions because I feel that they often contain friendly people with good intentions, so I’ll stop the ranting here and show you a timeline of a BfArM classification request we’ve submitted for one of our clients. Feel free to make your own judgements while reading along:

BfArM Classification Request Timeline

Quick joke: How do you identify a programmer? By the fact that they start counting from zero, including bathroom stalls. So let’s start with Day 0.

• Day 0: Submission of BfArM request via email. This included the intended use, product description, user manual, our draft classification and some research we did for that classification, mainly competitor devices and their classification. Like, stuff you would present to any sensible person when making your case that your device is class X.
• Day 3: The BfArM responds that they need a letter for power of attorney. This makes sense because we as consultants were representing our client and communicating with the BfArM on their behalf, so we needed a letter to state that we’re actually allowed to do that.
• Day 5: We send the letter of power of attorney to the BfArM.
• Day 6: The BfArM confirms that the request is now being processed.

Quick intermission!

(Imagine a quick break during an Ice Hockey match in which cheerful music starts playing)

So far, so good! We’ve submitted the appropriate documents to the BfArM. We forgot to send the power of attorney stuff and they told us about that. Emails were sent, replies were received, communication was facilitated. All signs are looking good for The Fellowship of the Ring to throw the Ring of Power into Mount Doom in a reasonable time frame. No need to lose time walking through Mordor.

Let’s see how the journey progressed.

• Day 55: Okay, let’s stop here for a second. 49 days have passed. 49 days! We hadn’t heard anything from the BfArM for almost two months. So I thought it was reasonable to follow up.
• Day 61: The BfArM replies that it’s still processing our request and it will take “many months”. Okay, this raises so many questions. Why not set these expectations at the start? Why not mention it on the BfArM website? The website sells this as a rather useful process. Why only mention this after I follow up? So many questions and no answers. But it’s too late for us anyway, we have already commenced our journey to Mordor and all we can do now is wait. Or, to quote Gandalf, “All we have to decide is what to do with the time that is given us”. The BfArM gives us a lot of time, and we decide to do nothing and wait.
• Day 123: Another two months have passed. I send another follow-up. As there’s nothing to talk about here, a quick side note instead! It’s probably noteworthy that I’m always very polite in my follow-up emails. You never know what sort of problems those people might be dealing with internally and it’s probably not their intention to be evil and drag this out on purpose, right? This is very similar to phoning the call center of your internet provider when the internet is down (which happens from time to time in Germany, a developed country): The person on the other end of the line is just doing their job and probably has nothing to do with your broken internet or unprocessed BfArM request. They’re just trying to get through their day. So don’t make it unnecessarily hard on them, be polite, and see if there’s anything you can learn or do right now to change the situation. End of side note!
• Day 147: 24 days later, the BfArM hasn’t responsed to my follow-up. So I follow up again. I send them a follow-up on my last follow-up (cue the Inception theme) in which I remind them about my past follow up (cue the Inception theme again) which I sent them 24 days ago.
• Day 154: The BfArM replies and sends us a list of questions. Okay, so this is the first indication that they’re actually looking into the content of our submission, almost half a year after we submitted it. They sent us a list of questions to better understand the device. Those aside, there are so many thoughts which come to mind here: Did our submission only move forward because of my past two follow-ups? How long would if have taken if I hadn’t followed up at all? The same time? Longer? Shorter (gasp)? In any case, I don’t think anyone should have to send out these annoying follow-ups like I did. Couldn’t we just get an automatic weekly status update? Like “Hello! There’s been absolutely no progress this week, like in the past 21 weeks. Thanks for waiting and being a customer of BfArM. Enjoy the rest of your day.”
• Day 160: We reply to the BfArM’s questions.
• Day 203: We haven’t heard back for 43 days after our reply. I follow up with the BfArM on what the hell is happening (politely). I mean, we sent them our reply 1.5 months ago and haven’t heard back. Wouldn’t it be reasonable to expect some sort of response? Even just a response with “thanks for your response, we’ll now read this during the next upcoming 6 months” would have been okay. But no response at all?
• Day 210: The BfArM replies that the draft decision is being reviewed internally. This sounds like great news. Even though the language is a vague and hard to understand (“der Bescheidentwurf zum o. g. Fall befindet sich bereits in der internen Abstimmungsphase.” – literally: the draft response for the aforementioned case is already in the internal reviewing phase), this still sounds like they’ve made a decision and only need to sign off on it. So we’re almost done? I’m imagining a person pushing a tray cart with folders down a long hallway. The hallway has bright light at the end of it, not unlike the black hole in Inception.
• Day 251: More than another month has passed and we haven’t heard back. I follow up again. So much for the hope of this being nearly done. I kindly remind them that I may have misunderstood (?) their last email as I thought this was nearly done and it was already in the internal reviewing phase. I ask how much longer it’ll take now.
• Day 270: A Kafkaesque bureaucracy escalation: The BfArM replies that our power of attorney document has expired. This is where the process starts getting ridiculous. I mean, firstly, they didn’t respond to my question on how much longer this would take. Instead, they note that our power of attorney letter has expired. Some context: Our client included a sensible time limitation in it so that we wouldn’t be able to represent them forever – very good thinking. That expiry date was set to some crazy date in the future. Turns out, if you select some crazy date in the future and don’t select it carefully, you might actually see it pass by while waiting for your BfArM response. Note that the BfArM didn’t mention the status of our request, or rather, the draft decision which was already in the internal reviewing phase. How long do these draft decisions get pushed around on tray carts? Does the BfArM really have so many hallways? Did the tray cart get lost in the black hole?
• Day 270 (same day): I send them an updated power of attorney letter. By now, both our client and us have lost all hope in this BfArM process. The client has moved on with their product development strategy because the decision has become irrelevant to them.
• Day 312: I follow up again.

Okay, time for the next intermission!

(Tragic music starts playing while the Ice Hockey players curiously look at the speakers, wondering who the hell selected this music)

You’re surely now expecting me to conclude this post with the final BfArM response containing a classification decision, after which we end up having a constructive discussion with them, and everyone congratulated each other on another day’s productive work in the world of medical device regulation, bringing safe medical devices to market and helping patients.

Nope, that didn’t happen. Are you ready for the real outcome?

The process is still ongoing. I haven’t heard back from them. It’s been significantly more than 312 days which have passed now – we’re actually getting close to our one-year anniversary of our BfArM classification submission. I’m not sure whether this is an anniversary we should celebrate. Probably not.

So far, we got nothing except a list of questions and a request for an updated letter for power of attorney.

That’s it.

Before we get all depressed and conclude that our bureaucratic system of medical device regulation is completely broken, let’s try to analyze this from different perspectives and see what we can do better.

Conclusion

First off, are we having the wrong expectations? Are we those crazy startup people who want to rush things which should not be rushed? Is it better if these decisions take at least one year?

Let’s look at this process from the perspective of a startup. Startups are often unsure whether their software is MDR class I or IIa (see: the MDR class I fiasco situation). This is especially tricky if you think you’re class I because you don’t have anyone to confirm this for you. If you made the wrong call for class I while your “real” class was actually class IIa, you might have to take your product off the market until you’ve gone through a notified body audit. So being “maybe class I” is a risky place to be in.

The idea of a BfArM classification request sounds like an elegant solution to this problem – an independent entity which makes final classification decisions. This could be so cool! However, the usefulness of this process is determined by how well it works. And receiving a response in a reasonable time frame is probably one of the most important factors for that.

What would a reasonable time frame be? 1-2 months maybe? I mean, any amount of time a company could survive while literally doing nothing at all and waiting for a reply. Wait, why would the company be doing nothing? That’s because many small companies revolve around one (or very few) products, and a timely classification decision is essential because it determines their entire product and regulatory strategy, e.g. whether to select a notified body for class IIa or bring it to market as class I.

But what if this takes one year or more? Then it’s completely useless for small companies.

If it’s useless for small companies, is it still useful for large companies? I’m not the right person to assess that as we mostly work with small companies. All I can say is that large companies tend to have many more products and more revenue. They also tend to have (many) more meetings, political infighting, and ridiculous overhead (those stories probably deserve another website). Productivity-wise, they are very inefficient – which makes sense as productivity doesn’t scale linearly with employee count for knowledge workers.

But that may actually be very beneficial if you’re making a BfArM classification request. If you have 99 other products out there generating revenue and 50% of your people are stuck in useless meetings most of their time, why not task some of those with a BfArM classification request?

If the response of the classification request is positive, that’s cool, because you can maybe incorporate that into your future product strategy – that is, if your CEO is still the same 5 years from now and your product strategy hasn’t changed in the meantime.

If the response is negative, that’s also cool because it can be used as bargaining chip in internal politics – like “hey, remember Joe who did the BfArM classification request? It seems like he really has experience dealing with authorities. We should make him Head of Regulatory!”

Okay, trying to reduce the level of sarcasm here. I would love to see the BfArM classification process work out. I think that, at its inception (heh), it was created with good intentions and I agree with those! It would be really, really cool to have a working version of this process to clear up the confusion around MDR device classification, especially around software. So, trying to be constructive here, which improvements might we need?

• Fast response times: A mandatory response time within which a decision is reached. The DiGA certification process actually has this (3 months), so why not apply a similar time limit here?
• More transparency and better communication: Manufacturers should be informed about the status of their request and when a decision can be expected. This could be solved through regular email communication or a simple status page (similar to how you track an Amazon order).
• Publish classification decisions publicly: The FDA is light years ahead when it comes to sharing data openly on websites that don’t suck. It would be really helpful to publish a list of all past BfArM classification decisions. Maybe that would even reduce the workload in the future (gasp) because people could simply browse past decisions and find a similar device instead of submitting yet another request?

So those things would help. Until then we’re unfortunately left with a process which is rather useless due to being opaque and, worst of all, very slow. Why has everyone been accepting this, and why are we the first people to speak up?

In our Healthcare system, when we get hurt, we expect someone to have our back: We can call an ambulance and it will arrive soon. We can also walk into a hospital and get treated soon. In many ways, Healthcare is about delivering treatment to patients within a reasonable time frame.

This concept of a reasonable time frame does not seem to extend to the regulation of medical devices. Currently, notified bodies decline new customers or don’t even respond to emails, and, as we’ve seen here, BfArM classification requests drag on for almost a year or even longer. This way, everyone loses – not only manufacturers, but also doctors and patients. If we want to continue delivering treatment to patients in a reasonable time frame, this has to change.