From Servers to Medical Devices
Upcoming SlideShare
Loading in...5

From Servers to Medical Devices



From Servers to Medical Devices. Wright E. eHealth week 2010 (Barcelona: CCIB Convention Centre; 2010)

From Servers to Medical Devices. Wright E. eHealth week 2010 (Barcelona: CCIB Convention Centre; 2010)



Total Views
Views on SlideShare
Embed Views



1 Embed 1 1



Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

From Servers to Medical Devices From Servers to Medical Devices Presentation Transcript

  • From Servers to Medical Devices Elisabethann Wright Hogan & Hartson LLP, Belgium Björn Berg Director of Information Technology & Medical Engineering University Hospital Heidelberg, Germany Anne-Sophie Bricca Director EMEA Legal Affairs, CaridianBCT, Belgium Petra Wilson Director, Internet Business Solutions Group Cisco Systems
  • The legal landscape of medical devices – the needs Point-of-care diagnostic device for: • Seamless integration of data at ward level • Data integration to national summary EHR • Anonymous data aggregated locally for research purposes • Routine automated device testing Home monitoring device for: • Patient clinical data collection • Routine remote follow-up of patients • Automated alert of the treating physician
  • The legal landscape of medical devices – legal issues  Medical Device Certification for physical medical devices  Medical Device Certification for software which supports devices  Local modifications of the devices - hardware and software  Data processing of data from devices  Liability for use of on-site and off-site devices
  • What is a Medical Device? The current Medical Device Directive defines a medical device as: • “any instrument, apparatus, appliance, software, material or other article, whether used alone or in combination, including the software intended by its manufacturer to be used specifically for diagnostic and/or therapeutic purposes and necessary for its proper application, intended by the manufacturer to be used for human beings for the purpose of: • diagnosis, prevention, monitoring, treatment or alleviation of disease; • diagnosis, monitoring, treatment, alleviation of or compensation for an injury or handicap; • investigation, replacement or modification of the anatomy or of a physiological process; • control of conception; • and which does not achieve its principal intended action in or on the human body by pharmacological, immunological or metabolic means, but which may be assisted in its function by such means”.
  • What is an accessory? An accessory is defined in the Directive as: • “an article which whilst not being a device is intended specifically by its manufacturer to be used together with a device to enable it to be used in accordance with the use of the device intended by the manufacturer of the device”. • The European Commission Guideline (MEDDEV 2.1/1 April 1994), provides: • “the definition of "accessory" requires that the accessory is specifically intended by the manufacturer of the accessory to be used together with a device. The intended use of the accessory must be such as to enable a device to be used in accordance with its intended use. Therefore a product can only become an accessory to a medical device if the manufacturer of such a product establishes an intended use in conjunction with one or several medical devices.” • The Directive provides that “accessories shall be treated as medical devices in their own right”.
  • Software as a Medical Device • No specific definition of “software” in either regulation or guidance at present. However the Medical Devices Directive provides some direction: • “For devices which incorporate software or which are medical software in themselves, the software must be validated according to the state of the art taking into account the principles of development lifecycle, risk management, validation and verification” (Annex 1 Essential Requirements, point 12.1a) • “Stand alone software is considered to be an active medical device” (Annex IX Classification criteria, point 1.4) • “Software, which drives a device or influences the use of a device, falls automatically in the same class” (Annex IX Classification criteria, point 2.3) • Harmonised international standards provide guidance: • EN 62304:2006 Medical device software - Software life-cycle processes (IEC 62304:2006).
  • Data Flows Pers. Data Tech. Data academic nephrologists Scientific Data Tech. Data home Point of care monitoring Diagnostic devices US Vendor Device Technical Pers. Data support Patient Care Pers. Data Providers
  • Directive 95/46/EC Scope: protection of individuals with regards to the processing of personal data and on the free movement of such data. Appllicability: to data processed by automated means and data contained in or intended to be part of non automated filing systems. Content: strict limits on the collection and use of personal data and demands that each Member State set up an independent national body responsible for the protection of these data.
  • Personal Data Definition: Chapter I – Article 2 (a) “Any information relating to an identifiable natural person (“data subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity”.
  • Derogation Article 8.3: “processing of data concerning health is (authorized when) required for the purposes of preventive medicine, medical diagnosis, the provision of care or treatment or the management of health-care services, and where those data are processed by a health professional subject under national law or rules established by national competent bodies to the obligation of professional secrecy or by another person also subject to an equivalent obligation of secrecy.”
  • Data Controller’s obligations Controller’s obligations: • Collection of the data subject's consent (Article 2(h)) • To give information to the data subject (Article 10) : • the identity of the controller and of his representative, if any; • the purposes of the processing • the recipient(s) • To provide a right of access to and a right to rectify (Article 12) • To ensure the confidentiality of processing (Article 16) • To ensure the security of processing (Article 17) • To notify the supervisory authority (Article 18) • To act as a Data exporter in case of transfer to a third country.
  • Liability Flows Vendor Hospital / care Health care Patient institution professional
  • Questions of Liability: Key actors 5 potentially groups of people have liability issues: • The device manufacturer(s) • The Hospital • The Healthcare Professionals • The Internet Service Provider • The patient
  • Questions of Liability Relevant EU level Legislation Liability for defective products (Dir. 85/374/EC & Directive 1999/34/EC) General product safety (Dir. 2001/95/EC) Sale of consumer goods (Dir. 1999/44/EC) Information society services and eCommerce (Dir. 2000/31/EC)
  • Questions of Liability Key Concepts • Professional liability for good healthcare services • Institutional and Vicarious Liability of hospital • No-fault Liability • Special liability of Information Society Services providers • Contributory Liability of Patients