Medical Device Regulations come into force May 2021. Are you compliant?

Medical Device Regulations (MDR) – What Do They Mean to Manufacturers?

Protecting Your Medical Device Software

Time is running out to become compliant with Medical Device Regulations. In recent years, the healthcare market has evolved rapidly, innovating to improve patient health and increase efficiency. Much of this improvement is thanks to the use of technology and the software that plays a crucial role. The rapid advances made have led to the EU’s new guidance on the Qualification and Classification of Software in Medical Device Regulation 2017/745.

As with all new regulations of this nature, the market is given time to adjust. In the case of the Medical Device Regulations, the new rules come into force in May 2021. (The rules that apply to medical software are rules 9,10,11,12,13, 15, and 22 of Annex VIII EU-MDR 2017/745.) Time is now short to make the adjustments you need to, to ensure that you comply with the Medical Device Regulations. Already, we have experienced a large increase in demand for talent from companies hiring for MDR specialists. This demand is across various disciplines, and includes for independent contractors, fixed term, and permanent MDR specialists.

Regulating to Improve Safety and Performance

Software is now an essential element in many healthcare products and is integrated into digital platforms in healthcare settings and medical care. The regulations have extended the reach of the rules to place restrictions and requirements on manufacturers to improve safety and performance, and to technologies and applications in health and medical applications that may be considered as medical device software.

What Is Medical Device Software?

Under the regulations, medical device software is a set of instructions that processes human-delivered input data and delivers output data created by software. This output influences the use of a medical device, or combination of devices. In short, if the software has a medical purpose on its own, it is captured under the new regulations. However, to complicate matters a little further, rules 3.3 and 3.5 assert that the regulation also applies when the software is intended as an accessory to a medical device.

To qualify if your software comes under the Medical Device Regulation, ask these questions:
• Does it directly control a medical device?
• Does it provide information that is intended to direct decisions made by healthcare professionals or patients?
• Does it support healthcare professionals?
• Is it intended to process, analyse, or modify information and is governed by a medical purpose?

If the answer is yes to any or all these questions, the Medical Device Regulations must be applied. Examples may include:
• Blood glucose meter
• ECG interpretation software
• Image searching software

It’s also important to note that to be considered as medical device software, the software can be located anywhere – for example, on a mobile phone, directly attached to the medical device, on a computer, or in the cloud.

Data Must Be Secured

A major concern is ensuring that data that is stored or processed by medical device software is made secure. Manufacturers must address potential breaches or attacks by malware, detect compromises, and can recover from any such incidents. This requirement extends not only to the manufacturer, but also to maintenance of the software. Therefore, measures that must be taken should include:
• Patent protection and copyright registrations
• Cybersecurity
• Frequent integrity checks

Such measures should help to provide the level of protection required to protect against unauthorized access and manipulation.

You Must Ensure Regulatory Compliance

The potential breach of medical device software is a risk that this regulation seeks to mitigate. By defining what qualifies as medical device software, these guidelines help manufacturers and regulatory agencies to adopt adequate and continuing data protection measures. To ensure that you comply with this regulation, you must become compliant before the regulation kicks in. Regulators will get tough with rule breaches.

Now is the time to assess your staffing needs to avoid breaches – will you need to hire on a project basis to deal with existing and future shortfalls, or hire permanent employees such as MDR specialists to manage your continuing obligations under the MDR?

We’re already helping our clients source and hire the talent they need to be ready for this new directive. Whether it is single contractors or project teams needed, to learn how we can help you hire the people you need, contact HERO today.