The DHT-Ready QMS: Integrating Device, Data, and Clinical Quality into One System (Part 2/8)
Why Yesterday’s Quality Systems Can’t Handle Tomorrow’s Digital Trials
Introduction
Most life-science organizations already have a Quality Management System (QMS).
They have validated processes, CAPA records, and GCP alignment down to an art form.
But in the age of Digital Health Technologies (DHTs)—wearables, sensors, apps, and AI platforms—traditional QMS frameworks are showing their limits.
The FDA’s 2023 Digital Health Technologies Guidance and Framework for DHT Use in Drug and Biological Product Development make one thing clear: digital health oversight is no longer an IT or vendor problem. It’s a quality system problem.
And unless your QMS can demonstrate control over devices, data, and algorithms as seamlessly as it manages SOPs and audits, you are operating under a false sense of compliance.
1.The New Definition of Quality
Regulators have expanded the definition of “quality” beyond manufacturing and data management to encompass the entire DHT lifecycle.
A compliant system must now control:
Device design and validation (ISO 13485).
Software lifecycle processes (IEC 62304).
Risk management for digital endpoints (ISO 14971).
Human-factors engineering (IEC 62366).
Data integrity under ALCOA++.
This means sponsors, CROs, and vendors share collective responsibility for ensuring that every DHT used in a trial is:
Fit for purpose.
Validated in context.
Version controlled and traceable.
Operated under documented procedures.
A GCP-compliant QMS alone is no longer enough.
2. The Regulatory Convergence
The FDA, EMA, and MHRA now interpret “quality management” for DHTs as a hybrid ecosystem, combining elements of clinical, device, and data regulation.
| Domain | Regulatory Basis | Expectation |
|---|---|---|
| Device quality | ISO 13485 / 21 CFR 820 | Design history, validation, supplier control |
| Software lifecycle | IEC 62304 | Documented development and maintenance |
| Risk management | ISO 14971 | Hazard analysis for device, data, and usability |
| Clinical data | ICH E6(R3) | Oversight of digital endpoints under GCP |
| Data integrity | Part 11 + ALCOA++ | Traceable, validated audit trails |
The FDA’s proposed Quality Management System Regulation (QMSR) will soon align its device-quality requirements directly with ISO 13485—removing any excuse for fragmented systems.
3 Where Traditional QMS Frameworks Fail
A typical GCP-centric QMS ensures protocol adherence and data accuracy, but lacks controls specific to DHT risk profiles.
| Traditional Focus | DHT Reality |
|---|---|
| Software = eCRF or EDC validation | Now includes firmware, mobile apps, APIs, and AI |
| Vendor qualification = SOP review | Must include design control and ISO certifications |
| CAPA = process deviations | Must capture device malfunctions and usability errors |
| Document control = SOPs | Must include device specifications, algorithms, and training materials |
The result: organizations that appear audit-ready on paper but cannot prove how firmware updates, algorithm changes, or usability failures were governed during a trial.
4 The FDA’s Warning Signs
FDA inspection trends in 2024 revealed recurring DHT-related deficiencies:
No validation evidence for commercially sourced devices used in endpoint data collection.
Missing documentation of firmware version and performance verification.
Uncontrolled algorithm updates altering endpoint outputs.
Lack of usability and layperson training records.
In every case, sponsors and vendors had robust QMS frameworks—but none included device-specific modules.
5 Building a DHT-Ready QMS
A DHT-ready QMS doesn’t replace your existing system; it extends and connects it.
It bridges device validation, data governance, and clinical oversight.
Five pillars of a DHT-Ready QMS:
Design & Development Control
Maintain design-history files for each DHT configuration.
Document analytical and clinical validation per ISO 13485 § 7.3.
Risk & Change Management
Integrate ISO 14971 hazard logs and risk mitigations.
Treat firmware and algorithm updates as regulated changes.
Supplier & Vendor Oversight
Audit DHT manufacturers for ISO 13485 and IEC 62304 compliance.
Extend quality agreements to cover device performance and data handling.
Human Factors & Usability Validation
Apply IEC 62366 testing to ensure layperson usability.
Capture participant training records as part of quality evidence.
Data Integrity & Audit Control
Enforce ALCOA++ across all digital data flows.
Centralize audit trails from device to cloud to database.
This integrated model connects quality with evidence credibility.
6 Beyond U.S. Borders: Global Deployment Risks
Operating globally adds complexity.
A DHT-ready QMS must demonstrate compliance across multiple frameworks
| Region | Required Alignment |
|---|---|
| US | QMSR (ISO 13485 alignment) + Part 11 |
| EU | MDR Annex IX + ISO 13485 + ISO 14971 |
| UK | UK MDR + UKCA + UKRP post-market oversight |
| Japan | QMS Ordinance + SaMD guidance |
| Australia / Canada | MDSAP certification acceptance |
Organizations that can show one harmonized quality architecture gain inspection resilience and faster regulatory acceptance across jurisdictions.
7 QMS as Strategic Infrastructure
The shift from compliance to capability is already underway.
Regulators no longer separate device quality from clinical reliability—they see both as expressions of the same maturity.
A DHT-ready QMS isn’t a cost center.
It’s the infrastructure for digital credibility—the foundation upon which sponsors prove their data are valid, traceable, and reproducible.
Companies investing early in integrated quality will accelerate approvals and build sponsor trust.
Those who don’t will spend that time (and more) repairing inspection findings.
Conclusion
The digital health revolution didn’t remove quality burdens—it multiplied them.
The FDA and global regulators now expect proof of control from hardware to algorithm, from usability to data submission.
Sponsors, CROs, and vendors that evolve their QMS frameworks into DHT-ready ecosystems will lead the new compliance economy.
Because in digital trials, quality is no longer about how well you follow procedure.
It’s about how convincingly you can prove your devices, data, and decisions are trustworthy.
References
FDA. Digital health technologies for remote data acquisition in clinical investigations. Silver Spring, MD: FDA; 2023.
FDA. Framework for the use of digital health technologies in drug and biological product development. Silver Spring, MD: FDA; 2023.
ISO 13485:2016. Medical devices – Quality management systems. Geneva: ISO; 2016.
FDA. Proposed rule: Quality Management System Regulation (QMSR). Silver Spring, MD: FDA; 2024.
MHRA. DCT inspection readiness and GCP observations summary. London: MHRA; 2024.
ICH. E6(R3) Good Clinical Practice draft guideline. International Council for Harmonisation; 2023.
