Your SlideShare is downloading. ×
Software and Smartphone Applications By E. Vollebregt - Axon Lawers (Qserve Conference 2013)
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Software and Smartphone Applications By E. Vollebregt - Axon Lawers (Qserve Conference 2013)

667
views

Published on

Published in: Business, Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
667
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
22
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. DEVELOPMENTS IN EU MDD & IVDD SOFTWARE REGULATION Qserve conference 18 November 2013 Erik Vollebregt www.axonlawyers.com
  • 2. Objectives • • • • Some brief remarks on data protection Current regulation of medical devices software Overview of EU medical devices directives revision process Developments in enforcement in the Netherlands
  • 3. EU political background eHealth Action Plan 2012 – 2020 • Struggles with Lisbon competences (“EU action shall respect the responsibilities of the Member States for the definition of their health policy and for the organisation and delivery of health services and medical care.”) Pretty big changes in • Regulation of medicinal products and medical devices / IVDs • Regulation of collection and processing of health data 3
  • 4. Health data protection • Currently in flux with General Data Protection Regulation proposal • Horizontal approach to all data causes excessive collateral damage in healthcare sector • What we hate in marketing and social media, we actually want in healthcare (e.g. monitoring, profiling, further processing, traceability) • Privacy-by-design requirements • Privacy impact assessments • Consent requirements that make it very difficult to rely on consent as basis for processing 4
  • 5. General Data Protection Regulation • Privacy by design • Prior approval of impact assessment of each act of processing • Literally – Parliament proposes that software and devices have to be designed and built as to enable GDPR and data subject’s rights by default • Intelligible explanation of automated processing logic • Exemptions for processing of health data without consent • With uncertainties around concept of ‘consent’ derogations for “public health” and “scientific purposes” become crucial • Exemptions not suited for outsourced processing in eHealth / mHealth services and not drafted for regulatory clinical data obligations • Technical standards • Commission can issue technical standards related to implementation of GDPR requirements 5
  • 6. General Data Protection Regulation • Data subject’s rights • Right to correct, information, be forgotten and of erasure problematic in clinical context • Right to request interoperable and open source format copy of processed data • Company burden • Mandatory privacy officer • Large fines • Many open ends still that are subject to implementation by implementing act or regulation by delegated act • Commission is not obliged to use these powers and EU legislator may change the scope or revoke power, which increases uncertainty 6
  • 7. Regulation of software as MD / IVD • MEDDEV 2.1/6 on standalone software, currently under revision • Differences in interpretation of what software constitutes a medical device • New essential requirements for mobile computing platform • EN 62304 standard FAQ by Team NB • Lack of harmonised interoperability standards 7
  • 8. MEDDEV 2.1/6 medical devices simple version 1. Computer program? 2. Stand alone? 3. What action does it perform on data? [beyond storage, archival, lossless compression, simple search] 4. For benefit of individual patients? 5. Intended purpose in scope of MDD? 6. Accessory?
  • 9. MEDDEV 2.1/6 IVDs simple version 1. In scope MDD? 2. In scope IVDD? 3. Data obtained only from IVD? 4. Data obtained from medical device? 5. Accessory? 6. Accessory?
  • 10. Proposal to redefine “medical device” 10
  • 11. Accessories New accessory definition • Includes devices that “assist” 11
  • 12. Essential requirements New essential requirements re software in MDR 11.2. Devices shall be designed and manufactured in such a way as to remove or reduce as far as possible and appropriate: • (e) the risk associated with the possible negative interaction between software and the environment within which it operates and interacts; 12
  • 13. Essential requirements and mobile computing platform 13
  • 14. Software clinical 6.1. Pre-clinical and clinical data (b) detailed information regarding test design, complete test or study protocols, methods of data analysis, in addition to data summaries and test conclusions regarding: • software verification and validation (describing the software design and development process and evidence of the validation of the software, as used in the finished device. This information should typically include the summary results of all verification, validation and testing performed both in-house and in a simulated or actual user environment prior to final release. It should also address all of the different hardware configurations and, where applicable, operating systems identified in the information supplied by the manufacturer); 14
  • 15. Recommendation on unannounced audits • Requires manufacturers to amend agreement with NoBo to accommodate all aspects of unannounced audits (visa, security etc) • Requires manufacturers to better manage agreements with • Critical subcontractors • Critical suppliers • Critical suppliers and subcontractors must be able to accommodate an unannounced audits • Manufacturers must • integrate the quality system of critical subcontractors and of crucial suppliers with their quality system; • control the quality of services provided and of components supplied and the quality of production thereof regardless of the length of the contractual chain between the manufacturer and the subcontractor or supplier.
  • 16. Enforcement 2013: • 5 June and 2 October: invitational conferences held by Dutch Health Inspectorate (IGZ): • As of 1 January 2014 IGZ will enforce medical devices law against medical software that they consider a medical device • IGZ started collecting information from the market • Enforcement capacity expansion with 25 inspectors • Revision of enforcement policy
  • 17. IGZ has new toolbox for fines
  • 18. IGZ will impose fines without warning as of 1 January 2014 For example: making a non-CE marked app or software available – could lead to an immediate fine of € 450.000
  • 19. THANKS FOR YOUR ATTENTION Erik Vollebregt Axon Lawyers Piet Heinkade 183 1019 HC Amsterdam T +31 88 650 6500 F +31 88 650 6555 M +31 6 47 180 683 E erik.vollebregt@axonlawyers.com @meddevlegal B http://medicaldeviceslegal.com READ MY BLOG: http://medicaldeviceslegal.com Qserve conference 18 November 2013 www.axonlawyers.com
  • 20. Legal stuff • The information in this presentation is provided for information purposes only. • The information is not exhaustive. While every endeavour is made to ensure that the information is correct at the time of publication, the legal position may change as a result of matters including new legislative developments, new case law, local implementation variations or other developments. • The information does not take into account the specifics of any person's position and may be wholly inappropriate for your particular circumstances. • The information is not intended to be legal advice, cannot be relied on as legal advice and should not be a substitute for legal advice.