Needless to say, these innovative technologies must be placed in the European market in a responsible way. Diverging interpretations of earlier directives and a few high-profile scandals (for example, the PIP scandal relating to harmful (defective) breast implants in 2012) forced legislative bodies to intervene. It is thus no surprise that the legislation on medical device or devices and software as medical devices was recently amended.
At EU level, two new regulations were approved:
- the medical devices regulation (“MDR”), which entered into force on 26 May 2021; and
- the in vitro diagnostic medical devices regulation (“IVDR”), which will enter into force on 26 May 2022.
The new rules apply to all medical devices that are sold in the EU regardless of whether they are manufactured in the EU or placed on the EU market directly through import.
Which criteria apply?
It is important to know that the MDR amended and broadened some elements in the definition of medical device. For example, the previous legal definition did not cover “prognosis”, but the new definition now does explicitly. Also, DNA analysis software that assesses the risk of certain diseases would be considered a medical device under the MDR, but this was not so before.
The effect of the amended definition is that from now on more software developers will have to consider the rules governing medical devices.
It is therefore crucial for software developers or distributors to know if their software is classified as a medical device or not. In this respect, the MDR has already offered the some guidance:
- Software that is intended by the manufacturer to be used for one or more medical purposes is regarded as a medical device.
- Software that is intended for general purposes (even relating to healthcare) or for well-being purposes is not considered a medical device.
The classification of medical devices in different categories according to the level of danger they pose for health was preserved in the MDR, and this in accordance with existing international practice. However, new (stricter) classification rules for software were added in
that context. The effect of these new rules is that the majority of existing health and fitness apps (which already qualify as medical devices) will now be belong to a higher risk category. This has significant consequences for the way in which these software can be placed on the European market.
Obligations and points of attention
Let us summarize for you the most important obligations and points of attention for software that are classified as medical device:
- The software must meet the general safety- and performance requirements, as described in the MDR and IVDR.
- The regulations devote a very elaborate appendix to the required technical documentation. This was not so in the past.
- A conformity process and, if appropriate, even certification, must be conducted by a registered body.
- After all the required documentation have been drawn up (before the software is marketed as a medical device), the software must be identified and registered.
- A quality management system that tailored to the risk category and the medical device type must be developed. In addition, monitoring must also be set up after the software has be placed on the market.
- The obligations concerning vigilance (that is, being alert for incidents) were broadened for producers of software that qualify as a medical device.
The market for digital healthcare is growing rapidly, so lawmakers are keeping up with it: the range of legal rules and obligations continues to increase. The ultimate purpose of the legislature is certainly to safeguard patient safety, but for (existing) software manufacturers, this mainly entails a series of (new) obligations.
In addition, the liability framework relating to artificial intelligence in healthcare also appears to be a complicated story. You can read everything about this exciting topic in the article written by my colleague Lisa Opdecam, which will be available on our website in June 2022.