FEATURE MEDICAL EQUIPMENT & DEVICES Addressing the wellbeing of health software apps

course not medical device experts. They are people who have great ideas and can turn them into something that the general public will find useful. They are not necessarily aware of the restrictions relating to what they perceive as healthcare or wellness apps, when what they design might actually step into the realm of a medical device. The Medical Device Regulation (MDR)

Richard Poate, senior manager at TÜV SÜD, a global product testing and certification organisation


s well as medical device apps becoming a growth area in

healthcare management in hospital and community settings, the role of apps used as part of fitness regimes and for social care situations is also expanding. IEC 82304-1:2016 – Health software –

Part 1: General requirements for product safety - applies to the safety and security of health software products designed to operate on general computing platforms and intended to be placed on the market without dedicated hardware. To be used by manufacturers, it covers the entire lifecycle including design, development, validation, installation, maintenance, and disposal of health software products. However, now more than four years old,

this standard does not completely cover the significant rise of health and wellbeing apps. Currently under development, future technical specification ISO/TS 82304-2 – Health software – Part 2: Health and wellness apps – Quality and reliability – is intended be used alongside Part1 to provide confidence in health software products such as apps. This is expected to be published next year. In the EU, standalone software and

apps that meet the definition of a medical device are still required to be CE marked in line with the EU medical device Regulation. This is intended to ensure they are regulated as being


acceptably safe to use and perform in the way the manufacturer or developer intends them to. As the healthcare app industry grows,

so too will the potential risks and when health is involved, the risks become much more personal – ranging from a slight inconvenience to having to call the emergency services. For example, if an app for medication dosage gets it wrong by putting the decimal point in the wrong place the effect can be fatal. The Regulatory landscape can be very

confusing for digital health providers as ‘old’ regulations and standards are being ‘adapted’ to meet the very different scenarios that these solutions throw up. Healthcare regulators globally are wrestling with how to provide a suitable regulatory regime for these innovative products and services. Consequently, software developers and users are struggling to understand whether apps qualify as medical devices. As the healthcare app market develops

and manufacturers tussle to get products to the market, there is real industry concern about how these apps will be controlled. There is a fine line between a medical/wellness app and a medical device. Consequently, manufacturers and developers are not classing some apps as medical devices when they should be. This is often because software developers are of

As the healthcare app market develops and manufacturers tussle to get products to the market, there is real industry concern about how these apps will be controlled

defines a medical device as “any instrument, apparatus, appliance, software, implant, reagent, material or other article intended by the manufacturer to be used, alone or in combination, for human beings”. Quite an all-encompassing definition and one that would probably pretty much catch- all healthcare apps. If your app does fall within the jurisdiction of the MDR, that involves significant time and money. Also, beware - if at first your health app doesn’t fall within the MDR’s scope, as it is improved and later iterations released, it may then apply. Beyond the MDR there are issues to

consider relating to data privacy as health apps can have access to highly detailed, personally identifiable and clinical information about the user. In the EU, apps are now largely governed by GDPR. However, emerging standards around the additional requirements to support system interoperability will undoubtedly add more layers on top of the base GDPR position. Security is also a major concern. For

example, NHS Digital has focused its Digital Assessment around security on compliance with OWASP best practice guidelines for apps and web-based solutions. Whilst existing accreditation regimes such as Cyber Essentials and ISO27001 are relevant, the need to demonstrate ‘security by design’ and suitable vulnerability testing is also becoming key. When ISO/TS 82304-2 is published

next year, it will provide requirements for the development of health and wellness apps designed to meet the needs of healthcare professionals, patients, caregivers and the wider public. It will contain a set of quality criteria and cover the app project’s life cycle through the development, testing, release and updating of an app, including native, hybrid and web-based apps, apps associated with wearable and other health equipment and apps that are linked to other apps.



Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36