DEVELOPMENTS IN EU MDD & IVDD SOFTWARE REGULATION

Similar documents
IN VITRO DIAGNOSTICS: CAPITA EXOTICA

Accreditation & Designation of NB

Recast de la législation européenne et impact sur l organisation hospitalière

The General Data Protection Regulation and use of health data: challenges for pharmaceutical regulation

Medical Devices cyber risks and threats

clarification to bring legal certainty to these issues have been voiced in various position papers and statements.

EXIN Privacy and Data Protection Foundation. Preparation Guide. Edition

Article 117 A Notified Body perspective, advice on how and when to engage notified bodies

Preparing for the new Regulations for healthcare providers

CAMD Transition Sub Group FAQ IVDR Transitional provisions

COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT. pursuant to Article 294(6) of the Treaty on the Functioning of the European Union

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

Ministry of Justice: Call for Evidence on EU Data Protection Proposals

What does the revision of the OECD Privacy Guidelines mean for businesses?

Justin McCarthy John Amoore, Paul Blackett, Fran Hegarty, Richard Scott. Regulations, Guidance and Standards

ARTICLE 29 Data Protection Working Party

COUNCIL OF THE EUROPEAN UNION. Brussels, 19 May 2014 (OR. en) 9879/14 Interinstitutional File: 2013/0165 (COD) ENT 123 MI 428 CODEC 1299

GDPR Awareness. Kevin Styles. Certified Information Privacy Professional - Europe Member of International Association of Privacy professionals

The Recast RoHS Directive 2011/65/EU

(Non-legislative acts) DECISIONS

Justice Select Committee: Inquiry on EU Data Protection Framework Proposals

EU MDR: Review of Significant Changes and Timeline for Manufacturers. 12 December 2017 ASQ NEBG RAPS MASSMEDIC Waltham Woods

Machinery ADCO WG on Market Surveillance

Position Paper.

MEDICAL DEVICES : Guidance document

EU-GDPR The General Data Protection Regulation

Having regard to the Treaty establishing the European Community, and in particular its Article 286,

Committee on the Internal Market and Consumer Protection

EN Official Journal of the European Union L 117/176 REGULATION (EU) 2017/746 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL.

Building Quality into Medical Device Documentation and Impact of New Device Regulation (Context: Inhaled Drug Devices) v4

The EFPIA Perspective on the GDPR. Brendan Barnes, EFPIA 2 nd Nordic Real World Data Conference , Helsinki

Assemblies according to the Pressure Equipment Directive - a consideration provided by the PED-AdCo Group 1 -

Ocean Energy Europe Privacy Policy

The GDPR and Upcoming mhealth Code of Conduct. Dr Etain Quigley Postdoctoral Research Fellow (ARCH, UCD)

GDPR Implications for ediscovery from a legal and technical point of view

Robert Bond Partner, Commercial/IP/IT

Co-ordination of the Group of Notified Bodies for the Construction Products Directive 89/106/EEC. GNB-CPD Conference on CPR

An interpretation of NHS England s Primary Care Co-commissioning: Regional Roadshows questions and answers Rachel Lea, Beds & Herts LMC Ltd

COMMISSION DELEGATED DIRECTIVE (EU).../ of XXX

NHS South Kent Coast. Clinical Commissioning Group. Complaints, Comments and Compliments Policy

HL7 Standards and Components to Support Implementation of the European General Data Protection Regulation (GDPR)

UNITED STATES SECURITIES AND EXCHANGE COMMISSION Washington, D.C FORM SD SPECIALIZED DISCLOSURE REPORT FACEBOOK, INC.

PRIVACY ANALYTICS WHITE PAPER

Conformity Assessment and Risk Management under Consideration of Applicable Harmonized Standards. Dipl.-Ing. Sven Wittorf, M.Sc. Lübeck,

EN Official Journal of the European Union L 117/1 REGULATION (EU) 2017/745 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL.

Artificial Intelligence, Business, and the Law

Contents EUROPEAN UNION AGENCY FOR RAILWAYS. Accompanying Report Practical arrangements for safety certification ERA-REC-126/ACR V 1.

ITAC RESPONSE: Modernizing Consent and Privacy in PIPEDA

Council of the European Union Brussels, 8 March 2017 (OR. en)

COMMISSION DELEGATED DIRECTIVE../ /EU. of XXX

COCIR SUSTAINABLE COMPETENCE IN ADVANCING HEALTHCARE

Machinery Directive 2006/42/EC

End-to-End Privacy Accountability

Committee on Legal Affairs WORKING DOCUMENT

Maasvlakte CCS Project - ROAD

Biometric Data, Deidentification. E. Kindt Cost1206 Training school 2017

B) Issues to be Prioritised within the Proposed Global Strategy and Plan of Action:

How to survive the MDR

Council of the European Union Brussels, 15 June 2016 (OR. en)

The EU's new data protection regime Key implications for marketers and adtech service providers Nick Johnson and Stephen Groom 11 February 2016

Official Journal of the European Union L 117. Legislation. Legislative acts. Volume May English edition. Contents REGULATIONS

The European Securitisation Regulation: The Countdown Continues... Draft Regulatory Technical Standards on Content and Format of the STS Notification

EUROPEAN CENTRAL BANK

ANEC-ICT-2014-G-020final April 2014

The RoHS Recast Directive 2011/65/EU

Proposal for a COUNCIL DECISION

Recast of RoHS Directive

Call for expressions of interest

Commonwealth Data Forum. Giovanni Buttarelli

Renewal of EC Design-Examination and Type-Examination Certificates

(Text with EEA relevance)

Privacy Policy SOP-031

COMMISSION DELEGATED DIRECTIVE../ /EU. of XXX

ICC POSITION ON LEGITIMATE INTERESTS

IAB Europe Guidance THE DEFINITION OF PERSONAL DATA. IAB Europe GDPR Implementation Working Group WHITE PAPER

TechAmerica Europe comments for DAPIX on Pseudonymous Data and Profiling as per 19/12/2013 paper on Specific Issues of Chapters I-IV

Ethics Review Data Sharing Bridging Legal Environments

New approach for lighting Regulations

Public consultation for the evaluation of Directive 2006 /42/EC

The Medical Device Regulation: Transitioning between old and new

TGA Discussion Paper 3D Printing Technology in the Medical Device Field Australian Regulatory Considerations

REPORT FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL

Questions and answers on the revised directive on restrictions of certain dangerous substances in electrical and electronic equipment (RoHS)

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 16 thereof,

IoT in Health and Social Care

Privacy Procedure SOP-031. Version: 04.01

COMMISSION IMPLEMENTING DECISION. of XXX

«GUIDE ON APPLICABLE STANDARDS»

Quality Systems, Accreditation and the Food Sector

Seminar on Consultation on. Review of the Personal Data (Privacy) Ordinance. Why the review is being conducted and what this means to you

THE LABORATORY ANIMAL BREEDERS ASSOCIATION OF GREAT BRITAIN

Interaction btw. the GDPR and Clinical Trials Regulation

Technical Documentation - Key pit falls

Safety of Toys Implementing Regulation

Technology transactions and outsourcing deals: a practitioner s perspective. Michel Jaccard

ETSI EN V1.1.1 ( )

Subregional Seminar on the Legal Protection of Biotechnology and Genetic Resources Banska Bystrica, May 2 and 3, Access and Benefit Sharing

(Acts whose publication is obligatory) of 9 March 2005

Pro-Bono Ethics for the In-House Lawyer

MONETARY AGREEMENT between the European Union and the Vatican City State (2010/C 28/05)

Transcription:

Objectives DEVELOPMENTS IN EU MDD & IVDD SOFTWARE REGULATION Some brief remarks on data protection Current regulation of medical devices software Overview of EU medical devices directives revision process Axon seminar 16 October 2013 Erik Vollebregt www.axonlawyers.com EU political background ehealth Action Plan 2012 2020 Struggles with Lisbon competences ( EU action shall respect the responsibilities of the Member States for the definition of their health policy and for the organisation and delivery of health services and medical care. ) Pretty big changes in Health data protection Currently in flux with General Data Protection Regulation proposal Horizontal approach to all data causes excessive collateral damage in healthcare sector What we hate in marketing and social media, we actually want in healthcare (e.g. monitoring, profiling, further processing, traceability) Regulation of medicinal products and medical devices / IVDs Regulation of collection and processing of health data 1

General Data Protection Regulation Data protection as fundamental right EU approaches data protection from the angle of fundamental right this means less attention to pure internal market interests and more to data subject interests Definitions & scope Implementation of Art 29 WP opinions on scope ( singling out, unique identifiers, pseudomisation, reasonably likely means ) Consent requirements New disqualifiers: imbalance and consent to process data and necessary for execution of the contract Impact assessment Mandatory sign-off national authorities prior to processing but no methodology / standards and no deadlines Impact assessment for each individual instance of processing General Data Protection Regulation Privacy by design Prior approval of impact assessment of each act of processing Literally Parliament proposes that software and devices have to be designed and built as to enable GDPR and data subject s rights by default Intelligible explanation of automated processing logic Exemptions for processing of health data without consent With uncertainties around concept of consent derogations for public health and scientific purposes become crucial Exemptions not suited for outsourced processing in ehealth / mhealth services and not drafted for regulatory clinical data obligations Technical standards Commission can issue technical standards related to implementation of GDPR requirements General Data Protection Regulation Data subject s rights How to Right to correct, information, be forgotten and of erasure problematic in clinical context Right to request interoperable and open source format copy of processed data Company burden Mandatory privacy officer Large fines Many open ends still that are subject to implementation by implementing act or regulation by delegated act Commission is not obliged to use these powers and EU legislator may change the scope or revoke power, which increases uncertainty 2

Regulation of software as MD / IVD MEDDEV 2.1/6 on standalone software, currently under revision Differences in interpretation of what software constitutes a medical device New essential requirements for mobile computing platform EN 62304 standard FAQ by Team NB Lack of harmonised interoperability standards MEDDEV 2.1/6 medical devices simple version 1. Computer program? 2. Stand alone? 3. What action does it perform on data? [beyond storage, archival, lossless compression, simple search] 4. For benefit of individual patients? 5. Intended purpose in scope of MDD? 6. Accessory? MEDDEV 2.1/6 IVDs simple version 1. In scope MDD? 2. In scope IVDD? 3. Data obtained only from IVD? 4. Data obtained from medical device? 5. Accessory? 6. Accessory? How to 3

Proposal to redefine medical device Accessories New accessory definition Includes devices that assist Essential requirements Essential requirements and mobile computing platform New essential requirements re software in MDR 11.2. Devices shall be designed and manufactured in such a way as to remove or reduce as far as possible and appropriate: (e) the risk associated with the possible negative interaction between software and the environment within which it operates and interacts; 4

Software clinical IVDs: everything becomes a lot more complex 6.1. Pre-clinical and clinical data (b) detailed information regarding test design, complete test or study protocols, methods of data analysis, in addition to data summaries and test conclusions regarding: software verification and validation (describing the software design and development process and evidence of the validation of the software, as used in the finished device. This information should typically include the summary results of all verification, validation and testing performed both in-house and in a simulated or actual user environment prior to final release. It should also address all of the different hardware configurations and, where applicable, operating systems identified in the information supplied by the manufacturer); Conformity assessment Biggest changes because of implementation of GHTF classes A-D The existing modules established under the 'New Approach do not change see annexes VIII to X, however EC verification module was deleted The concept of batch testing has been clarified Recommendation on unannounced audits Requires manufacturers to amend agreement with NoBo to accommodate all aspects of unannounced audits (visa, security etc) Requires manufacturers to better manage agreements with Critical subcontractors Critical suppliers Critical suppliers and subcontractors must be able to accommodate an unannounced audits Manufacturers must Source: BSi integrate the quality system of critical subcontractors and of crucial suppliers with their quality system; control the quality of services provided and of components supplied and the quality of production thereof regardless of the length of the contractual chain between the manufacturer and the subcontractor or supplier. 5

IGZ enforcement 2013: 5 June: conference for software manufacturers held by Dutch Health Inspectorate (IGZ). As of 1 January 2014 IGZ will enforce medical devices law against medical software that they consider a medical device. August: IGZ starts collecting information from the market. Results will be published in December. 2 October: conference for users of software held by IGZ. IGZ announces to enforce against both manufacturers and users of software. Enforcement capacity expansion with 25 inspectors. Revision of enforcement policy. Scenarios 1. Request for enforcement - will be rejected if there is no violation or the violation can be legalized in foreseeable future 2. Enforcement based on enforcement strategy IGZ Step 1: Inspection and documentation Step 2: Receipt of warning or enforcement decision Elements enforcement decision: Name of offender Violation Amount of the fine or the imposition of a restore in previous condition sanction and the motivation thereof Possible grace period to end the violation Step 3: Execution of sanction Obligation to cooperate? Based on Article 5.16 and 5.20 of the General Administrative Law Act: yes, but think about it Switch from information gathering to enforcement mode Self-incrimination? Sensitive information such as trade secrets and proprietary information Cooperate, but also think about your response to IGZ and the information you provide because it may be used against you! Legal remedies Imposed sanctions must, among others, be proportionate to the gravity of the violation and the intended effect of the sanction Policy IGZ in Beleidsregels bestuurlijke boete Wet op de medische hulpmiddelen, will be amended in view of 1 January 2014 An enforcement decision or a decision to reject a request for enforcement can be challenged in: 1. Administrative appeal 2. Interim injunction 3. Appeal at District Court 4. Appeal at Administrative Supreme Court Beware of various 6-week non-extendable deadlines for appeal! 6

16-10- 13 THANKS FOR YOUR ATTENTION THANKS FOR YOUR ATTENTION Erik Vollebregt Axon Lawyers Piet Heinkade 183 1019 HC Amsterdam T +31 88 650 6500 F +31 88 650 6555 M +31 6 47 180 683 E erik.vollebregt@axonlawyers.com @meddevlegal B http://medicaldeviceslegal.com Sofie van der Meulen Axon Lawyers Piet Heinkade 183 1019 HC Amsterdam T +31 88 650 6500 F +31 88 650 6555 M +31 6 53 440 567 E sofie.vandermeulen@axonlawyers.com READ MY BLOG: http://medicaldeviceslegal.com Axon seminar 16 October 2013 www.axonlawyers.com Axon seminar 16 October 2013 www.axonlawyers.com Legal stuff The information in this presentation is provided for information purposes only. The information is not exhaustive. While every endeavour is made to ensure that the information is correct at the time of publication, the legal position may change as a result of matters including new legislative developments, new case law, local implementation variations or other developments. The information does not take into account the specifics of any person's position and may be wholly inappropriate for your particular circumstances. The information is not intended to be legal advice, cannot be relied on as legal advice and should not be a substitute for legal advice. 7

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback