In the medical industry, regulation has not previously deemed software as a medical device, meaning thousands of health devices and apps using software, such as insulin pumps, are offered within the market without rigorous authorisations. Fortunately, Medical Devices Regulation 2020 (MDR) is expected in May to improve industry standards.

This updated set of guidelines declares that some medical devices will require re-assessment to guarantee that they conform to the new regulatory documentation. For example, some equipment previously self-certified must go through requirement re-submission, as well as their clinical information, documentation and labelling updates.

Besides the re-class of several medical devices, the MDR also introduces some changes on the European Database on Medical Devices (EUDAMED), which will now contain more medical device data on certificates and investigations, conformity assessments, and post-market surveillance and vigilance and will be available to everyone, not only public authorities and manufacturers. This data should be delivered and remain up-to-date by manufacturers, even after the device enters the market. Another MDR novelty is the device traceability system based on Unique Device Identification, which allows for the unambiguous identification of a specific device on the market.

The case for Medical Devices Regulation 2020

Technology has advanced enormously over the last decade. Naturally, it has had a significant impact on medical devices and healthcare, improving diagnosis accuracy and treatment times. An example is the increasing number of apps and software used within the healthcare industry. However, technological evolution has also posed new safety challenges.

As technology evolves, so should regulations, achieved in a manner that avoids unnecessary constraint on the use of technology but, ultimately, prioritises and ensures safety when using these devices.

A principal concern now, and an example of an issue raised by technological evolution that MDR has started to address, is cybersecurity. Critical Software business development manager, Ana Rita Silva asks: “How can we guarantee that patients are safe, their data can’t be compromised and the devices they use cannot be hacked?”

Challenges posed by Medical Devices Regulation 2020

Although MDR aims to guarantee an increase in safety and transparency, implemented modifications can still pose a challenge for all concerned with the medical devices industry. New classification guidelines will boost the number of devices presented to the evaluation process, which could mean that certification procedures will be more time-consuming, leading to delays in introducing any latest device.

These new challenges will be especially noticeable for manufacturers and certification entities, as more devices require certification from the Notified Bodies to enter the market. Businesses now need to provide more documentation, and added information will be available, even for patients, as everyone will be able to search for their personal and medical details online on EUDAMED. A uniform evaluation of high-risk devices will also be a significant step for the medical devices industry, as it will require conformity from every manufacturer.

Silva comments: “Not everything will change – some regulation will still be applicable, for example, the International Electrotechnical Commission (IEC) 62304: 2006 / 1: 2015 for medical devices software, IEC 62443 for cybersecurity and International Organisation for Standardization (ISO) 13485: 2016 / 14971: 2007, among others.
“So, we can see MDR as an all-inclusive regulation that will encompass standards that already exist, as well as incorporate new ones, with the purpose of answering the challenges that technological evolution has created.”

The importance of partnerships

MDR will significantly increase what is demanded of manufacturers. Examples include changes in technical and clinical documentation, quality management system improvements, the implementation of Unique Device Identification, and post-market surveillance. Some of these changes will have a direct impact on software design and development processes, and manufacturers may need support to adapt their practices to comply with MDR, as well as achieve certification for their devices.

Silva adds: “From risk analysis, to process modelling, requirements engineering, and product certification, we have more than 20 years’ experience in some of the most demanding industries with the strictest standards, such as aerospace, railway, and space. We are a CMMI level 5 certified company, which allows us to develop safety-critical software with high-quality standards.”

Critical Software also works in verification and validation of software for medical devices, adapting its approach to meet individual customer requirements and preferences.

This background information is useful for manufacturers who need to implement changes in their development processes to be compliant with MDR, coming into effect on 26 May 2020.