how to achieve mdr compliance for medical apps · check if your software meets the medical device...
TRANSCRIPT
5/20/2019 © VDE Association for Electrical, Electronic & Information Technologies 2
I want to place a medical app
on the European market.
What are the main steps?*
Let us look at a real-life
example of a medical app
looking for EU market access!
* Example taken from „Manual on borderline and classification in the community regulatory framework for medical devices” Version 1.20 (10-2018)
Road to Market Access for Medical Software
5/20/2019 © VDE Association for Electrical, Electronic & Information Technologies 3
STOP
NO
YESMedical Device?
Art. 2 EU MDR
Medical Device Risk
Classification (I-III)
Art. 51, Annex VIII EU MDR Annex II EU MDR
Preparation
Technical
Documentation
Selection Conformity
Assessment
ProcedureArt. 52 EU MDR, Annexes
Conformity
Assessment by
Notified BodyAnnexes IX-XI EU MDR
Issue of Certificates
and Declaration of
ConformityAnnexes XII, IV EU MDR
Affixing CE Mark and
Market Launch
Annex V EU MDR
Post-Market
Activities
Annex III EU MDR
5/20/2019 © VDE Association for Electrical, Electronic & Information Technologies 4
Tell us more about your app.
What is the intended
purpose? Then we go to the
first step…
OK, that‘s an good overview.
Can you go in more details?
Check whether your App is a Medical Device
5/20/2019 © VDE Association for Electrical, Electronic & Information Technologies 5
More information on VDE Medical Software!
1. Specify the intended purpose
2. Check if your software meets the medical device definition in Art. 2
Intended
medical benefit
Functional
principle
Intended use
contextIntended user
• Are the software output data used for a medical purpose?
• Have you used keywords as “alert, analyze, calculate, control, detect,
diagnose, interpret, convert, measure, control, monitor, or amplify”?
• Does the software change or interpret its input data?
• Is the software intended to be used for or on humans?
Your app is
definitely a
medical
device!
The intended purpose encompasses the
initial assessment (analysis) by the patient
and not just data storage.
Check whether your App is a Medical Device
5/20/2019 © VDE Association for Electrical, Electronic & Information Technologies 6
More information on VDE Medical Software!
1. Specify the intended purpose
2. Check if your software meets the medical device definition in Art. 2
• Are the software output data used for a medical purpose?
• Have you used keywords as “alert, analyze, calculate, control, detect,
diagnose, interpret, convert, measure, control, monitor, or amplify”?
• Does the software change or interpret its input data?
• Is the software intended to be used for or on humans?
Your app is
definitely a
medical
device!
The intended purpose encompasses the
initial assessment (analysis) by the patient
and not just data storage.
Mobile software application for the initial visual analysis of moles
by the patient using a computer image processing technology.
It is not suitable for a definitive diagnosis of skin cancer.
What Risk Class does my App belong to?
5/20/2019 © VDE Association for Electrical, Electronic & Information Technologies 7
More information on VDE Medical Software!
1. Check the criteria of rule 11 in Annex VIII 6.3 for stand-alone software
Does the software provide information to be used to take
decisions with diagnosis or therapeutic purposes?
Yes, the “app assesses the probability that the
scanned mole is a melanoma in order to support early
diagnose of skin cancer”.
May decisions cause death or irreversible deterioration of a
person's state of health? May decisions cause serious
deterioration of a person's state of health or a surgical
intervention?
No, although skin cancer is a serious disease, this
particular app is used for an initial assessment by the
patient only.
We suggest
class IIa!
What‘s the right Conformity Assessment Procedure?
5/20/2019 © VDE Association for Electrical, Electronic & Information Technologies 8
Assessment of quality management
and of technical documentation
Chapter I and III including assessment of
technical documentation as specified in Chapter II, Section 4
IX
Product conformity
verification
Section 10 or 18
XI
App as class IIa medical device
Technical documentation
II III
+
ORRoute 1 Route 2
Requirements on Technical Documentation tell you what to do
5/20/2019 © VDE Association for Electrical, Electronic & Information Technologies 9
1. Device description and specification
4. General safety and performance requirements
2. Information to be supplied by manufacturer
3. Design and manufacturing information
5. Benefit-risk analysis and risk management
6. Product verification and validationAnnex II EU MDR
What kind of medical
device do you have?
What information are
you providing?
How is it designed and
manufactured?
How did you meet the
requirements?
How did you manage
the risks?
How did you demon-
strate conformity by
tests and studies?
More information on VDE Medical Software!
Anything Software-specific in Technical Documentation?
5/20/2019 © VDE Association for Electrical, Electronic & Information Technologies 10
6. Product verification and validation
6.1. Pre-clinical and clinical data
Test design
Test or study
protocols
Methods of data
analysis
Data summaries
Test conclusions
Software verification and
validation
− Tests performed in both in-house
and in a simulated or actual user
environment
− shall also address all different
hardware configurations and,
where applicable, operating
systems Annex II EU MDR
5/20/2019 © VDE Association for Electrical, Electronic & Information Technologies 11
First, you identify general
requirements for all
manufacturers and products.
Second, you identify
requirements specific for your
software!
How do I establish the link
between the requirements for
my software and standards?
Clinical Evaluation,
Quality Managem.
System,
Ergonomic Feat.
5/20/2019 © VDE Association for Electrical, Electronic & Information Technologies 12
Hardware, IT
Networks Char.,
IT Security Meas.,
Instructions
Mobile Platforms:
Specific Features,
External Factors
Compatibility /
Interoperability
Annex I 13.5., 14.2.(d) MDR
Validat./Verific.,
Software Life
Cycle, Risk
Management,
Inf. SecurityAnnex I 17.2. MDR
Repeatability,
Reliability,
Performance
Annex I 17.1. MDR
Annex I 17.3. MDR Annex I 17.4., 23.4. (ab) MDR Art. 10 (3, 9) , Annex I 14.2. (a) MDR
Identify the relevant* Requirements* examples
Apply the respective Standards
5/20/2019 © VDE Association for Electrical, Electronic & Information Technologies 13
Risk
Management
Quality
Management
Software
Development
Life Cycle
UsabilityClinical
Investigation
EU Legislation (EU MDD / EU MDR)
EN ISO 14971 EN ISO 13485 EN 62304
(EN 82304-1 new)
EN 62366 EN ISO 14155
requests
specifies
recommendsMore information on VDE Medical Software!
Information
Security
(TR → EN 62443
series / Process)
5/20/2019 © VDE Association for Electrical, Electronic & Information Technologies 14
Of course, we show you three
examples in a risk matrix!
Risk management is a key
requirement, isn’t it? Can you
give me some examples of
typical risks and how to
control them?
Possible identified Risks
5/20/2019 © VDE Association for Electrical, Electronic & Information Technologies 15
Lik
eli
ho
od
Severity
marginal minor major severe catastrophic
regula
rlyfre
quently
occasio
nally
rare
lyunlik
ely
False-positive resultsDiagnostic algorithm failure
Software failure
False-negative resultsDiagnostic algorithm failure
Software failure
Operator failureBad image quality
More information on VDE Medical Software!
How you could deal with the identified Risks
5/20/2019 © VDE Association for Electrical, Electronic & Information Technologies 16
Risk Control
Ver
ifica
tion
Clin
ical
Tria
l
Hum
an F
acto
rs
Val
idat
ion T
estin
g
Label
ing
Trainin
g
False positive results X X X
False negative results X X X X
User failure X X
5/20/2019 © VDE Association for Electrical, Electronic & Information Technologies 17
That depends on the
conformity assessment
procedure you have chosen…
Coming back to the
conformity assessment: what
is the role of the notified
body?
The Notified Body’s Role in Conformity Assessment
5/20/2019 © VDE Association for Electrical, Electronic & Information Technologies 18
Route 2 „Full QMS Review“
We have chosen to establish a quality management
system according to ISO 13485.
The QMS and the technical documentation are
assessed by the Notified Body. If everything is alright
you receive an “EU quality management system
certificate” and an “EU technical documentation
assessment certificate”.
Now, you may go ahead with issuing the EU
declaration of conformity and affixing CE mark !
5/20/2019 © VDE Association for Electrical, Electronic & Information Technologies 19
What we do
Get Knowledge
Get relevant expertise by reading our
Blog, using the Q/A and browsing
through the medical software
Glossary.
Connect with Experts
Connect with international medical
software experts in our Community
and benefit from the experience of
others.
Receive Guidance
Receive customized training and
guidance from our Partners to
implement all regulatory requirements
for your project.
Go beyond theory
of market access!
meso.vde.com
Upcoming Events
5/20/2019 © VDE Association for Electrical, Electronic & Information Technologies 20
11. September 2019, Frankfurt am Main
Software Lebenszyklus: Wie erfülle ich die regulatorischen
Anforderungen?
meso.vde.com/software-lebenszyklus/
17. September 2019, Frankfurt am Main
Sichere Cloud-Nutzung im Gesundheitswesen
meso.vde.com/sichere-cloud-nutzung-gesundheitswesen
23. September 2019, Frankfurt am Main
Medizinprodukte klinisch bewerten: Von MEDDEV zu MDR
meso.vde.com/klinisch-bewerten
Thank you
for your attention!
Your contact:
Dr. Thorsten Prinz
VDE Medical Software
Phone +49 69 6308-349
meso.vde.com
We are building the e-dialistic future.
Please join us.
5/20/2019 © VDE Association for Electrical, Electronic & Information Technologies 21