This document summarizes a presentation given on developments in EU medical device software regulation. It discusses the current regulation of medical device and in vitro diagnostic software under the EU Medical Devices Directives. It outlines proposals to revise these directives, including redefining medical devices and establishing new essential requirements for software. It also notes enforcement developments in the Netherlands, such as the health authority indicating it will impose fines without warning for non-compliant software beginning in 2014.
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
Developments in EU MDD & IVDD Software Regulation
1. DEVELOPMENTS IN
EU MDD & IVDD
SOFTWARE
REGULATION
Qserve conference
18 November 2013
Erik Vollebregt
www.axonlawyers.com
2. Objectives
•
•
•
•
Some brief remarks on data protection
Current regulation of medical devices software
Overview of EU medical devices directives revision process
Developments in enforcement in the Netherlands
3. EU political background
eHealth Action Plan 2012 – 2020
• Struggles with Lisbon competences (“EU action shall respect the
responsibilities of the Member States for the definition of their health
policy and for the organisation and delivery of health services and
medical care.”)
Pretty big changes in
• Regulation of medicinal products and medical devices / IVDs
• Regulation of collection and processing of health data
3
4. Health data protection
• Currently in flux with General Data Protection Regulation proposal
• Horizontal approach to all data causes excessive collateral damage in
healthcare sector
• What we hate in marketing and social media, we actually want in
healthcare (e.g. monitoring, profiling, further processing, traceability)
• Privacy-by-design requirements
• Privacy impact assessments
• Consent requirements that make it very difficult to rely on consent as
basis for processing
4
5. General Data Protection
Regulation
• Privacy by design
• Prior approval of impact assessment of each act of processing
• Literally – Parliament proposes that software and devices have to be
designed and built as to enable GDPR and data subject’s rights by
default
• Intelligible explanation of automated processing logic
• Exemptions for processing of health data without consent
• With uncertainties around concept of ‘consent’ derogations for “public
health” and “scientific purposes” become crucial
• Exemptions not suited for outsourced processing in eHealth / mHealth
services and not drafted for regulatory clinical data obligations
• Technical standards
• Commission can issue technical standards related to implementation
of GDPR requirements
5
6. General Data Protection
Regulation
• Data subject’s rights
• Right to correct, information, be forgotten and of erasure problematic
in clinical context
• Right to request interoperable and open source format copy of
processed data
• Company burden
• Mandatory privacy officer
• Large fines
• Many open ends still that are subject to implementation by implementing
act or regulation by delegated act
• Commission is not obliged to use these powers and EU legislator may
change the scope or revoke power, which increases uncertainty
6
7. Regulation of software as MD / IVD
• MEDDEV 2.1/6 on standalone software, currently under revision
• Differences in interpretation of what software constitutes a medical
device
• New essential requirements for mobile computing platform
• EN 62304 standard FAQ by Team NB
• Lack of harmonised interoperability standards
7
8. MEDDEV 2.1/6
medical devices
simple version
1. Computer program?
2. Stand alone?
3. What action does it perform on
data? [beyond storage, archival,
lossless compression, simple
search]
4. For benefit of individual
patients?
5. Intended purpose in scope of
MDD?
6. Accessory?
9. MEDDEV 2.1/6 IVDs
simple version
1. In scope MDD?
2. In scope IVDD?
3. Data obtained only from
IVD?
4. Data obtained from
medical device?
5. Accessory?
6. Accessory?
12. Essential requirements
New essential requirements re software in MDR
11.2. Devices shall be designed and manufactured in such a way as to
remove or reduce as far as possible and appropriate:
• (e) the risk associated with the possible negative interaction between
software and the environment within which it operates and interacts;
12
14. Software clinical
6.1. Pre-clinical and clinical data
(b) detailed information regarding test design, complete test or study
protocols, methods of data analysis, in addition to data summaries and test
conclusions regarding:
• software verification and validation (describing the software design and
development process and evidence of the validation of the software, as
used in the finished device. This information should typically include the
summary results of all verification, validation and testing performed both
in-house and in a simulated or actual user environment prior to final
release. It should also address all of the different hardware
configurations and, where applicable, operating systems identified in the
information supplied by the manufacturer);
14
15. Recommendation on
unannounced audits
• Requires manufacturers to amend agreement with NoBo to
accommodate all aspects of unannounced audits (visa, security etc)
• Requires manufacturers to better manage agreements with
• Critical subcontractors
• Critical suppliers
• Critical suppliers and subcontractors must be able to accommodate an
unannounced audits
• Manufacturers must
• integrate the quality system of critical subcontractors and of crucial
suppliers with their quality system;
• control the quality of services provided and of components supplied
and the quality of production thereof regardless of the length of the
contractual chain between the manufacturer and the subcontractor or
supplier.
16. Enforcement
2013:
• 5 June and 2 October: invitational conferences held
by Dutch Health Inspectorate (IGZ):
• As of 1 January 2014 IGZ will enforce medical
devices law against medical software that they
consider a medical device
• IGZ started collecting information from the market
• Enforcement capacity expansion with 25 inspectors
• Revision of enforcement policy
18. IGZ will impose fines without
warning as of 1 January 2014
For example: making a non-CE marked app or software available – could
lead to an immediate fine of € 450.000
19. THANKS FOR YOUR ATTENTION
Erik Vollebregt
Axon Lawyers
Piet Heinkade 183
1019 HC Amsterdam
T +31 88 650 6500
F +31 88 650 6555
M +31 6 47 180 683
E erik.vollebregt@axonlawyers.com
@meddevlegal
B http://medicaldeviceslegal.com
READ MY BLOG:
http://medicaldeviceslegal.com
Qserve conference
18 November 2013
www.axonlawyers.com
20. Legal stuff
• The information in this presentation is provided for information purposes only.
• The information is not exhaustive. While every endeavour is made to ensure
that the information is correct at the time of publication, the legal position may
change as a result of matters including new legislative developments, new
case law, local implementation variations or other developments.
• The information does not take into account the specifics of any person's
position and may be wholly inappropriate for your particular circumstances.
• The information is not intended to be legal advice, cannot be relied on as
legal advice and should not be a substitute for legal advice.