Update May 2020: In regards to Covid-19, the European Parliament adopted the European Commission proposal, allowing the application of the Medical Devices Regulation to be postponed by one year until 26 May 2021
In May 2021, all companies providing healthcare solutions recognized as “medical devices” under the new EU “Medical Devices Regulation” (MDR) will have to comply with newer, stricter requirements, for which they may not be prepared.
A number of discussions around MDR and how it might affect our customers and digital health innovators inspired us to write this article: summarizing the “must-knows” of MDR for those of you who are still in doubt about the Regulation, or will have to face it in the future. We hope it will help you get confidence on where to get started, and provide you with the keys to get your MDR compliance done right in a simple yet effective way.
*The tags below will outline the specific areas of the Regulation where we could provide you with further assistance if needed. But first, let’s get into it.
- Are you a medical (eHealth) device provider?
- Do you operate on the European market?
- Still not ready for MDR yet?
If all your answers above are “YES”: then now is the time to take action. So what is MDR exactly and how will you prepare for compliance?
MDR is the new European “Medical Devices Regulation”. Applying to all companies placing “medical devices” on the European market, it came into force in May 2017 with a 3-year transition period (which is soon to expire) and sets out the new EU rules to ensure safety and performance of med devices within the Union.
Specifically, it was designed to bring the EU market to newer safer, higher standards, align with digital health innovation, and put patients safety and transparency at the heart of the EU healthcare industry.
Simply explained, MDR works like this: it classifies “medical devices” according to risks and then defines the appropriate legal requirements for each class.
By “medical devices”, MDR means: any instrument or software that is intended to be used for some specific predefined medical purposes, such as health diagnosis, treatment or monitoring, including digital health and eHealth diagnostic devices. All targeted “devices” and ”intents” are listed in the regulation. If in doubt about yours, refer to art. 1 & 2 MDR.
To successfully achieve compliance, you will have to understand MDR objectives and how they will impact the affected businesses. Among the main objectives of MDR are:
- To improve safety, quality and reliability over medical devices: thus, most devices – maybe yours? – have been reclassified to higher risks class and will thus need to comply with further requirements in order to stay/be in the EU market.
- To strengthen transparency of information for consumers: every product placed, put into service or made available on the market will be registered in the EU Database for Medical Devices (EUDAMED) with a “unique device identifier” to keep track of it.
- To enhance vigilance and market surveillance: pre- and post-market data collection will be mandatory to prove products efficiency. For that one, we strongly advise to review for GDPR-compliance, and watch for any other applying regulation.
The time is now:
As of the date 26 May 2020, MDR will fully apply and replace the existing Medical Devices Directive (MDD) and Active Implantable Medical Devices Directive (AIMDD). All affected companies will have to meet with the new requirements by then.
The 6 steps to compliance:
Once you’ve established that you fall under MDR (see MDR flowchart above), here are the 6 steps to achieve compliance:
#1 Product (re)classification:
First, check MDR classification rules to determine the right conformity route to follow: should your device be (re)classified in Class I, IIa, IIb or III?
For software devices (Rule 11, Annex VIII MDR), it works like this:
- Software for diagnosis or therapeutic intent are Class IIa, except if involving possible death or irreversible deterioration: then Class III, or a serious deterioration or surgical intervention: then Class IIb.
- Software for physiological processes monitoring intent are Class IIa, except if involving vital physiological parameters and possible immediate danger for the patient: then Class IIb.
- All other software is Class I.
#2 Notified Bodies?
If not Class I, a third-party auditor (known in the industry as a “Notified Body”) will be required to assess product’s conformity. You can choose one from that list.
#3 Technical file:
Set up and update a technical file that describes your product & reflects on its ability to meet with MDR requirements (that should include clinical evaluation reports, as well as code documentation for “software-devices”).
- Tip: get your clinical data ready, you’ll probably need them before you know it!
#4 Management Systems:
Get a QMS, RMS & PMSS* in place or upgrade to meet with the new requirements. Better be safe than sorry: always be ready to be fully audited!
- Tip: For digital health solutions: emphasize on code documentation & software security.
#5 EU Declaration of Conformity:
Fill up a document in which you declare that the product satisfies MDR requirements. YOU are responsible for the compliance of your product.
#6 CE marking:
Get your product “CE marked”, that is, certified with a specific mark that indicates EU conformity. Once done, you’ll be ready to launch your product on the market!
Ready to comply yet? Now having read this, we hope you will be.
Get this job done and let us know about your success!
Stephanie & Evelina
Pryv makes compliance software for personal and health data. We help healthcare innovators preserve data privacy and rigorously manage personally identifiable information from creation, to use, sharing and disposal. Our software accelerates patient-centric innovation and helps to reduce up to 80% of the resources required to achieve compliance with Data Protection and Medical-grade Regulations. Get in touch and let us turn your compliance investment into a competitive advantage.
*QMS: Quality Management System,
*RMS: Risk Management System,
*PMSS: Post Market Surveillance System.