4 digital health / SaMD assessments open this week — 24h Quick Score turnaroundReserve →

Digital Health & SaMD Risk Assessment

Software risk scored like the medical device it is

Physician and engineer-led assessment for Software-as-a-Medical-Device, AI/ML clinical decision support, and remote patient monitoring. SaMD classification, predetermined change control, CPT reimbursement, and interoperability — in 24–48 hours.

24hQuick Score
SaMD I–IVAll classes
PCCPAI/ML change control
MD + BMEEvery review
A·A
Every Vantage Score is personally reviewed by Arvind Ravinutala, MD (physician executive, P&T Committee Chair, Clinical Informatics) and Aswini Ravinutala, BME (biomedical engineer, ex-Axonics through Boston Scientific's $4.1B acquisition). Dual-discipline cross-validation on every deliverable.

The Problem

Digital health is the vertical where diligence falls furthest behind the tech

Software gets shipped weekly. Clinical validation happens once. AI/ML models drift silently. Reimbursement codes depend on who touches the patient. Cybersecurity is a submission gate, not a deliverable. Diligence that treats SaMD like SaaS misses all of it.

SaMD misclassification

Founders routinely mis-self-classify — calling a Class II SaMD a "wellness app" or putting a CDSS in a non-device bucket. An enforcement letter post-close is not a small problem.

AI/ML validation drift

Training cohort not representative, subgroup performance undocumented, no predetermined change control plan, no post-market performance monitoring. FDA now enforces this, not aspires to.

Cybersecurity 524B gate

Connected SaMD submissions post-Oct 2023 require SBOM + threat model + postmarket update plan. Refuse-to-accept is the default for gaps.

RPM / CPT reimbursement

Revenue models built on 99453/99454/99457 without reading the fine print: time requirements, auto-capture exclusions, and setup-code one-shot limits. The margin is much thinner than the pitch shows.

Interoperability debt

FHIR R4, HL7v2 compatibility, Epic App Orchard / Cerner Code status, SMART on FHIR. IDN procurement stalls on integration, not clinical value.

Clinical evidence thinness

Pilot sites aren't representative cohorts. RCT-free evidence still has FDA pathways, but payers and IDNs increasingly want comparative-effectiveness data. Most digital health decks don't have it.

SaMD Classes & Digital Health Pathways

Every SaMD class, scored differently

IMDRF SaMD framework classifies software by how it's used and by the severity of the underlying clinical condition. Risk is nonlinear across classes. Our model weights evidence depth accordingly.

SaMD I

Inform management

Lowest-risk tier. Low-severity conditions, informational role. Often unregulated or 510(k)-exempt. Risk sits in scope creep — slipping toward a higher class without notice.

LowFDA riskWatchscope creep
SaMD II

Drive management

Directs clinical management in non-serious conditions. Typically 510(k) territory. Clinical validation, cybersecurity, and usability testing dominate the submission.

ModerateFDA risk510(k)most common
SaMD III

Drive critical decisions

Drives management in serious or critical conditions. Usually De Novo or 510(k) with heavy clinical evidence. AI/ML validation and PCCP are table stakes.

HighFDA riskDe Novo/510(k)common
SaMD IV

Diagnose critical conditions

Highest-risk tier. Diagnosing or treating critical conditions. PMA-level evidence, clinical trials, ongoing performance monitoring, and predetermined change control required.

HighestFDA riskPMA-levelevidence

Digital Health-Specific Score Weights

How the Vantage Score weights a SaMD or digital health asset

Same 20-category taxonomy as every vertical. AI/ML validation, cybersecurity, and reimbursement get more room for digital health. Manufacturing gets less. Percentage is relative contribution to the composite score.

DomainWeightWhat we're looking at
AI/ML Validation & Monitoring22%Training/validation cohort representativeness, subgroup performance, locked vs adaptive, predetermined change control plan (PCCP), drift detection, post-market performance monitoring
Regulatory Pathway & SaMD Class18%SaMD classification rigor, intended-use statement precision, CDSS enforcement-discretion status, 510(k)/De Novo/PMA fit, labeling-to-feature alignment
Cybersecurity & Postmarket15%524B readiness, SBOM completeness, threat modeling, vulnerability disclosure, postmarket patching cadence, HIPAA + state privacy compliance
Clinical Evidence & Adoption13%Validation cohort vs training cohort, RCT/pragmatic-trial evidence, usability testing, KOL adoption, clinician-workflow integration
Reimbursement & Coding11%CPT codes (RPM/RTM/99453-99458), CMS reimbursement trend, payer PDT policy, pay-for-performance models, employer direct contracting
Interoperability & Integration9%FHIR R4 readiness, Epic/Cerner marketplace status, SMART on FHIR, HL7v2 fallbacks, single-sign-on, data-export compliance
Commercial & Market Access7%Channel strategy (provider / payer / employer / D2C), IDN contracts, health-system security-review timeline, ROI evidence
Financial & Operational5%Burn, LTV/CAC, enterprise contract duration, infrastructure cost per user — provided by buy-side

Pricing Ladder

Same deliverable format across every tier

Start with a Quick Score to triage. Scale up to a full report when the deal moves. Every tier returns in 24–72 hours with named physician + engineer reviewers.

Quick Score

24 hours
$2,500
Triage-grade
  • Go/no-go read
  • SaMD class check
  • AI/ML validation gap
  • PDF deliverable
Start Quick Score

Investor Score

48-72 hours
$15,000
Deal diligence
  • All above, deeper depth
  • PCCP rigor check
  • IC-ready exhibits
  • Memo with term-sheet flags
Order Investor Score

Corporate Score

5-7 days
$25,000
Enterprise M&A
  • All above + EU AI Act
  • Integration risk view
  • Engineering team interview
  • Post-close 100-day plan
Order Corporate Score

Want continuous monitoring post-close? Surveillance from $1,500/mo →

Digital Health Intelligence Library

What we've been writing about

Deep dives on SaMD, AI/ML, and RPM risks diligence teams still get wrong. Written by Arvind and Aswini.

Put a SaMD or digital health asset through Vantage this week

Send us the target and a data-room link (or just the intended-use statement and the 510(k) number if cleared). We return a Quick Score in 24 hours — including SaMD-class and AI/ML validation reads.