A word about healthcare, technology, and medical device regulations

Healthcare & technology: then and now

Healthcare and technology have gone hand in hand for centuries. Prostheses are as old as time, microscopes have been around since the 1600s, and the 19th century saw the introduction of the stethoscope and x-ray images. Looking at more recent times, we could write a volume as thick as your high-school dictionary about the advent of the internet and its impact on healthcare, but we’ll spare you of that.

Still, going digital is one of the most steady and impactful evolutions that happened during the last decades in healthcare. And that brings along both opportunities and challenges.

Healthcare & technology: now and in future

Today, we’re at a turning point. Many medical organizations have embraced innovations such as electronic records and administration, digital operating rooms and radiology through medical displays.

On the other hand, a second wave of technological innovation is coming up quickly, with artificial intelligence, blockchain, voice search, and virtual reality being some hot terms that raise lots of heated discussions today. These are counted on to streamline operations even further, reduce costs, and offer better and more personalized care – both physical and mental.

Regulations for medical equipment

Many governments have installed regulatory frameworks for medical products. Their reasons for doing this can be boiled down to the following two:

• Guaranteeing a well-functioning market of qualitative medical products
• Ensuring safety for users and patients who come into contact in any way with these products

Two of the best-known authorities regulating medical devices are the American Food and Drug Administration (FDA) and the European Commission (EC). Their regulations often serve as standards for other countries. This last one, the European Commission, is now applying a thorough revision of its existing legislation regarding medical devices. Let’s take a look at what that means!

Europe: from MDD to MDR

For the last 25 years, Europe’s medical devices market has been regulated by the Medical Device Directives (MDD). Even though they have been updated a few times to stay in tune with new developments, they have now been replaced by a new Medical Device Regulation (MDR). Here are some short takeaways about the MDR:

1. The MDR is not a complete overhaul of the MDD. Both share the same regulatory basis, but the MDR has some changes and a wider scope. For example, it now explicitly covers all devices for cleaning, sterilizing or disinfecting other medical devices, and also medical devices sold via internet or used for remote diagnostics or treatment.
2. “In contrast to directives, regulations do not need to be transposed into national law.”¹ The choice for a regulation was made in order to reduce risks of discrepancies in interpretation across the EU.
3. Existing, registered medical devices need to be re-certified and re-classified, as there are stricter rules, for example regarding quality and risk management.
4. Manufacturing companies now must generally collect more clinical data if they want to place medical products on the market. There are stricter rules for substances in medical devices, technical documentation and package labeling as well.
5. Companies also need to assign at least one person responsible for regulatory compliance. There will be more rigorous surveillance by notified bodies.
6. All individual medical devices will now get a ‘Unique Device Identifier’, which makes it easier to track them.

You can read the full MDR here. A summary for manufacturing companies can be found here.

A word about cybersecurity & privacy compliance

Safety runs like a thread through the EU’s Medical Device Regulation. Of course, a medical device must be physically safe: it cannot be toxic or dangerous – or this must at least be known to those getting into contact with it.

With medical devices getting connected and software solutions being developed and used for medical use, ‘security’ has become an increasingly important term to consider as well. Security refers to protecting data that is stored, ensuring patients’ and employees’ privacy rights. For example, systems collecting personal information should already be complying with the General Data Protection Regulation (GDPR). In addition to this, the MDR states that cybersecurity should be taken into account from early development of a device and throughout its entire lifecycle. It cannot be stated enough that connected medical devices must be digitally secure.