Balancing Innovation and Regulation in MedTech Development with Karandeep Singh Badwal | Ep. 35 - Full Transcript | The Med Device Cyber Podcast

Hi, welcome back to the Med Device Cyber Podcast. Today we have a guest Karandeep. We're going to be talking about regulatory affairs, quality management systems, and some of the differences that have come out recently across the global regulatory affairs perspective. Karandeep comes to us from the UK. I'm your host Christian Espinosa, and I've got the co-host here today, Trevor Slatterie. I think one of the podcasts we did before, I wasn't here. Trevor handled it by himself, but he did a good job. So, how's it going, Karandeep, today? I think you're coming from the UK today, right? That's correct. Thank you for having me. Awesome. Do you want to give a little bit of background on what you do and your organization does? I know you're also a podcast host. Maybe a little bit about your podcast and how many years you've been working on that, and just a little background on you. Sure, so I'm Karandeep, and I'm founder of QR Medical, a quality and regulatory consultancy working within the medical devices space. In terms of my background, I actually still come from a pharmaceutical background, which was what my education was based in. So I did a bachelor's in pharmaceutical science and a master's in pharmaceutical quality by design. But it just so happened that when I left university, the first job that I had was actually working within medical devices, and I just kind of kept it going from there. I started working in traditional devices with things like pacemakers, defibrillators at St. Jude Medical, which eventually became Abbott. Over the past four to five years, I've been doing a lot more in the software, AI, and machine learning space. That's where it seems that the medical device industry is moving forward, not just in other industries as well. Also, outside of that, as you mentioned, Christian, I'm host of the MedTech podcast, which I started back in 2021, and I interview different MedTech leaders, founders, CEOs, experts, etcetera, in the field, and give them a platform to share their story. I'm also a content creator on LinkedIn as well. For anybody who does follow me on LinkedIn, a lot of people find quality and regulatory often very confusing, and there's a lot of guidance out there. If you were to go out and read the regulations, you probably woke up more confused than when you started. So my point of the content that I make is just trying to make things a little bit more easier to understand, effectively. Awesome. Well, I find quality and regulatory a little bit confusing as well. We had someone on the podcast before that described regulatory as offense and quality as defense. Would you agree with that statement? Yeah, there is some element of truth to that because with quality, it's often about taking a proactive approach. For example, the biggest tool that we use often in quality is often the CAPA, corrective action, preventive action. A lot of companies out there take corrective action; they wait for something to go wrong and then try to fix it. What quality often tries to encourage is taking a preventive approach. Look for something that may potentially go wrong and put something in place to make sure that thing doesn't go wrong in the future. So, yeah, I would somewhat agree with that. Whereas regulatory is more about getting that market approval, getting the product out there, and filling that, whereas quality is more like a process on the whole thing. So regulatory is for your product, where quality itself is on the company as a whole, and quality really is not a department; it's more of a culture. What, I know you mentioned you're doing a lot of work with AI and software as a medical device, which we see as well, the industry shifting that way. What are some of the biggest challenges you've noticed working with your clients from a consulting perspective when they have software and some sort of AI model? The issue that I've often found with companies, so let's, for example, I bring them on as a client, and they're at version 15. When I try to go back in time, it's, okay, what did version one look like? There were never any proper design controls in place. So, realistically, they don't really know the changes that got them from V1 to V15, or in some cases, they were not the high level of it. But how did that affect the code? Can it give false positives? Can it give false negatives? What are the risks that come with it? So, often, just trying to do things like that retrospectively can be difficult. And the second one, Christian, again, timely to the podcast, is of course, called cybersecurity. You know, they all realize that there needs to be some cybersecurity to it. But then, how far do you go? To what extent do you take it? How much cybersecurity is needed? Or in some cases, where companies have done cybersecurity things like penetration testing, but it's probably done like a version that's two to three years old, and now the software has changed so much where they now need to do that level of testing again.