Hong Kong Healthcare Artificial Intelligence SocietyHong Kong Healthcare Artificial Intelligence Society

GMLP Principles 1–2: Intended Use & Engineering Foundations

Define clinically meaningful intended use with multidisciplinary teams, and implement robust software engineering, security, and quality practices across the device lifecycle.

All articlesSource document
Multidisciplinary team defining AI medical device intended use in clinical workflow

Principle 1: Intended use and multidisciplinary expertise

The intended use / intended purpose of a device must be well understood. This includes the context of use within the clinical workflow, the desired benefits, and associated patient risks. In-depth understanding helps ensure AI-enabled devices address clinically meaningful needs across the total product lifecycle.

Multidisciplinary expertise — spanning clinicians, biomedical engineers, data scientists, informatics specialists, and quality professionals — provides context-specific insight. It informs intended use, enhances safety and effectiveness, and should be leveraged throughout development, evaluation, deployment, and maintenance.

For Hong Kong healthcare professionals

Before adopting an AI tool, ask:

  • What clinical question is it designed to answer?
  • Where does it sit in the workflow (screening, triage, diagnosis support, documentation)?
  • What patient risks remain if the model is wrong or misused?
  • Who was involved in defining its intended use — clinicians who match your setting, or developers alone?

Principle 2: Software engineering, design, and security

Model design must be implemented and maintained with attention to fundamentals:

  • Robust software engineering and medical device design
  • Usability and human factors
  • Data quality assurance and data management
  • Cybersecurity (including legacy devices and software bill of materials where applicable)
  • Quality management practices

These practices include methodical risk management and design processes that record decisions and rationale, ensure traceability and reproducibility, and protect data authenticity, confidentiality, integrity, and availability.

Infrastructure for model deployment, monitoring, and maintenance must be carefully considered. Together, these practices support patient rights, safety, and welfare — including the ethical use of patient data.

Practical takeaway

When evaluating vendor documentation, look for evidence of QMS integration, cybersecurity controls, and traceable design decisions — not only headline accuracy metrics.

Source: IMDRF — Good Machine Learning Practice for Medical Device Development: Guiding Principles (January 2025)

Ready to test your knowledge?

Take a short quiz based on this article to check your understanding.

Take the quiz