how to achieve mdr compliance for medical apps · check if your software meets the medical device...

Thorsten Prinz

MedtecLIVE

Nürnberg, May 21, 2019

How to achieve MDR Compliance for Medical Apps

5/20/2019 © VDE Association for Electrical, Electronic & Information Technologies 2

I want to place a medical app

on the European market.

What are the main steps?*

Let us look at a real-life

example of a medical app

looking for EU market access!

* Example taken from „Manual on borderline and classification in the community regulatory framework for medical devices” Version 1.20 (10-2018)

Road to Market Access for Medical Software


STOP

NO

YESMedical Device?

Art. 2 EU MDR

Medical Device Risk

Classification (I-III)

Art. 51, Annex VIII EU MDR Annex II EU MDR

Preparation

Technical

Documentation

Selection Conformity

Assessment

ProcedureArt. 52 EU MDR, Annexes

Conformity

Assessment by

Notified BodyAnnexes IX-XI EU MDR

Issue of Certificates

and Declaration of

ConformityAnnexes XII, IV EU MDR

Affixing CE Mark and

Market Launch

Annex V EU MDR

Post-Market

Activities

Annex III EU MDR


Tell us more about your app.

What is the intended

purpose? Then we go to the

first step…

OK, that‘s an good overview.

Can you go in more details?

Check whether your App is a Medical Device


More information on VDE Medical Software!

1. Specify the intended purpose

2. Check if your software meets the medical device definition in Art. 2

Intended

medical benefit

Functional

principle

Intended use

contextIntended user

• Are the software output data used for a medical purpose?

• Have you used keywords as “alert, analyze, calculate, control, detect,

diagnose, interpret, convert, measure, control, monitor, or amplify”?

• Does the software change or interpret its input data?

• Is the software intended to be used for or on humans?

Your app is

definitely a

medical

device!

The intended purpose encompasses the

initial assessment (analysis) by the patient

and not just data storage.

https://meso.vde.com/stand-alone-software-medical-device/

Check whether your App is a Medical Device



1. Specify the intended purpose

2. Check if your software meets the medical device definition in Art. 2

• Are the software output data used for a medical purpose?

• Have you used keywords as “alert, analyze, calculate, control, detect,

diagnose, interpret, convert, measure, control, monitor, or amplify”?

• Does the software change or interpret its input data?

• Is the software intended to be used for or on humans?

Your app is

definitely a

medical

device!

The intended purpose encompasses the

initial assessment (analysis) by the patient

and not just data storage.

Mobile software application for the initial visual analysis of moles

by the patient using a computer image processing technology.

It is not suitable for a definitive diagnosis of skin cancer.

https://meso.vde.com/stand-alone-software-medical-device/

What Risk Class does my App belong to?



1. Check the criteria of rule 11 in Annex VIII 6.3 for stand-alone software

Does the software provide information to be used to take

decisions with diagnosis or therapeutic purposes?

Yes, the “app assesses the probability that the

scanned mole is a melanoma in order to support early

diagnose of skin cancer”.

May decisions cause death or irreversible deterioration of a

person's state of health? May decisions cause serious

deterioration of a person's state of health or a surgical

intervention?

No, although skin cancer is a serious disease, this

particular app is used for an initial assessment by the

patient only.

We suggest

class IIa!

https://meso.vde.com/medical-device-classification-software/

What‘s the right Conformity Assessment Procedure?


Assessment of quality management

and of technical documentation

Chapter I and III including assessment of

technical documentation as specified in Chapter II, Section 4

IX

Product conformity

verification

Section 10 or 18

XI

App as class IIa medical device

Technical documentation

II III

+

ORRoute 1 Route 2

Requirements on Technical Documentation tell you what to do


1. Device description and specification

4. General safety and performance requirements

2. Information to be supplied by manufacturer

3. Design and manufacturing information

5. Benefit-risk analysis and risk management

6. Product verification and validationAnnex II EU MDR

What kind of medical

device do you have?

What information are

you providing?

How is it designed and

manufactured?

How did you meet the

requirements?

How did you manage

the risks?

How did you demon-

strate conformity by

tests and studies?


https://meso.vde.com/technical-documentation-medical-devices

Anything Software-specific in Technical Documentation?


6. Product verification and validation

6.1. Pre-clinical and clinical data

Test design

Test or study

protocols

Methods of data

analysis

Data summaries

Test conclusions

Software verification and

validation

− Tests performed in both in-house

and in a simulated or actual user

environment

− shall also address all different

hardware configurations and,

where applicable, operating

systems Annex II EU MDR


First, you identify general

requirements for all

manufacturers and products.

Second, you identify

requirements specific for your

software!

How do I establish the link

between the requirements for

my software and standards?

Clinical Evaluation,

Quality Managem.

System,

Ergonomic Feat.


Hardware, IT

Networks Char.,

IT Security Meas.,

Instructions

Mobile Platforms:

Specific Features,

External Factors

Compatibility /

Interoperability

Annex I 13.5., 14.2.(d) MDR

Validat./Verific.,

Software Life

Cycle, Risk

Management,

Inf. SecurityAnnex I 17.2. MDR

Repeatability,

Reliability,

Performance

Annex I 17.1. MDR

Annex I 17.3. MDR Annex I 17.4., 23.4. (ab) MDR Art. 10 (3, 9) , Annex I 14.2. (a) MDR

Identify the relevant* Requirements* examples

Apply the respective Standards


Risk

Management

Quality

Management

Software

Development

Life Cycle

UsabilityClinical

Investigation

EU Legislation (EU MDD / EU MDR)

EN ISO 14971 EN ISO 13485 EN 62304

(EN 82304-1 new)

EN 62366 EN ISO 14155

requests

specifies

recommendsMore information on VDE Medical Software!

Information

Security

(TR → EN 62443

series / Process)

https://meso.vde.com/harmonized-standards-software/


Of course, we show you three

examples in a risk matrix!

Risk management is a key

requirement, isn’t it? Can you

give me some examples of

typical risks and how to

control them?

Possible identified Risks


Lik

eli

ho

od

Severity

marginal minor major severe catastrophic

regula

rlyfre

quently

occasio

nally

rare

lyunlik

ely

False-positive resultsDiagnostic algorithm failure

Software failure

False-negative resultsDiagnostic algorithm failure

Software failure

Operator failureBad image quality


https://meso.vde.com/risk-management-medical-devices/

How you could deal with the identified Risks


Risk Control

Ver

ifica

tion

Clin

ical

Tria

l

Hum

an F

acto

rs

Val

idat

ion T

estin

g

Label

ing

Trainin

g

False positive results X X X

False negative results X X X X

User failure X X


That depends on the

conformity assessment

procedure you have chosen…

Coming back to the

conformity assessment: what

is the role of the notified

body?

The Notified Body’s Role in Conformity Assessment


Route 2 „Full QMS Review“

We have chosen to establish a quality management

system according to ISO 13485.

The QMS and the technical documentation are

assessed by the Notified Body. If everything is alright

you receive an “EU quality management system

certificate” and an “EU technical documentation

assessment certificate”.

Now, you may go ahead with issuing the EU

declaration of conformity and affixing CE mark !


What we do

Get Knowledge

Get relevant expertise by reading our

Blog, using the Q/A and browsing

through the medical software

Glossary.

Connect with Experts

Connect with international medical

software experts in our Community

and benefit from the experience of

others.

Receive Guidance

Receive customized training and

guidance from our Partners to

implement all regulatory requirements

for your project.

Go beyond theory

of market access!

meso.vde.com

Upcoming Events


11. September 2019, Frankfurt am Main

Software Lebenszyklus: Wie erfülle ich die regulatorischen

Anforderungen?

meso.vde.com/software-lebenszyklus/


Sichere Cloud-Nutzung im Gesundheitswesen

meso.vde.com/sichere-cloud-nutzung-gesundheitswesen


Medizinprodukte klinisch bewerten: Von MEDDEV zu MDR

meso.vde.com/klinisch-bewerten

Thank you

for your attention!

Your contact:

Dr. Thorsten Prinz

VDE Medical Software

Phone +49 69 6308-349

[email protected]

meso.vde.com

We are building the e-dialistic future.

Please join us.


how to achieve mdr compliance for medical apps · check if your software meets the medical device...

Documents