MDR, Cloud Health Technologies, Data Protection

MDR: innovation killer or life saver?

The motivations behind MDR and its impact on the EU eHealth market

We look in more detail at the background to the new MDR and ask if it poses a challenge to regulatory authorities and startups. Read on to find out if MDR will be an innovation killer or life saver.

MDR – a medical device regulation for the 21st Century

In 1992, when the previous version of EU medical regulation, MDD, came into force, software and apps were not covered. Quite simply, these technologies were not yet used to monitor patients health. But that has changed dramatically. The rapid increase of smartphone use and advances in high-speed 4G and 5G networks are driving a vibrant eHealth market. The digital health market is expected to grow at a compound annual growth rate of 21.4% between the years 2017 and 2025.

The EU realised that there was a need for new regulations to reflect the changing world. The result was the Medical Device Regulation, enacted in 2017 and mandatory from May 26, 2020. A key aspect of the MDR is better regulation of medical devices that incorporate software. For instance, the MDR introduces requirements that companies test and understand the limitations of the platforms they are working on. Variables such as size and contrast ratio of the screen must be tested before being released.

"Software referred to in this Section that is intended to be used in  combination with mobile computing platforms shall be designed and  manufactured taking into account the specific features of the mobile  platform (e.g. size and contrast ratio of the screen) and the external  factors related to their use (varying environment as regards level of  light or noise)." General safety and performance requirements (Annex I, MDR 17.3)

Another motivation for the MDR was changing public opinion. People demand better care and transparency from the industry. So, the EU needed a new regulation like the MDR, to ensure patients safety. A key aspect of MDR is ensuring hardware and IT network security.  The EU works on a number of fronts to promote cyber resilience, including GDPR, and other major initiatives.

"For devices that incorporate electronic programmable systems,  including software, or software that are devices in themselves, minimum requirements concerning hardware, IT networks  characteristics and IT security measures, including protection against  unauthorised access, necessary to run the software as intended configurations and, where applicable, operating systems identified in  the information supplied by the manufacturer)." GSPR (MDR Annex I, 23.4(ab))

MDR is more holistic regulation that incorporates various stages and components of medical device development. The MDR promotes a life-cycle approach to medical device regulation. It focusses on regulation of the software and network as well as the physical device hardware. Importantly, the MDR will be applicable to all medical devices including ones that are already in the market.

"MDR will kill innovation in the EU!"

Despite the clear need for regulation, the MDR poses a huge threat to the businesses. Some observers argue that it will create insurmountable barriers for startups and significantly increase the cost of medical device manufacturing. "MDR will kill innovation!"

Certainly, the Medical Device Regulation imposes new requirements, including documenting the clinical effectiveness of products. After 2020, all Medical Devices in the EU market will be required to provide the clinical documentation with clinical studies for all their devices. As engineer Christoph R. Manegold, Partner at AC Controls, and an initiator of the federal network MDR Competence stated:

‘What we used to refer to as risk management initially only related to the device [...] will now have to be extended with studies to cover clinical data collection on product effectivity, and not only when the product first becomes licensed but continuously.’

It means that all (new and preexisting) medical device manufacturers are required to continuously perform clinical studies. This is equally true for hardware and software. The costs of these clinical studies will increase the production costs. According to Christoph R. Manegold, additional costs will run to around 10-15% for medical devices, dependent on risk category and quantity.

What MDR class is my software?

MDR is a challenge for notified bodies


The EU delegates responsibility for the MDR to so-called Notified Bodies in each member state. These notified bodies also face a challenge as they prepare for the new regulation. Notified bodies themselves have to be checked and re-authorised for MDR. As a result, the number of notified bodies is shrinking, and they are hardly taking on any new customers.

As the demand for their service increases, notified bodies are unable to cope. Devices are now classified into four risk classes, and  about 90% of devices will need review, in comparison with a the current 10%. It is clear that manufacturers needing to obtain a CE mark for their medical device could find themselves caught out by this. Probably, it will result in delays for manufacturers going to market. Medical device manufacturers that are not ready by 2020 face a huge loss of revenues.  

Be ready for the MDR

If you are going to be ready for May 2020, it's important you start to think about MDR right away.

  1. Use our free tool to determine if your app or software is classed as a medical device under MDR. Class I devices are allowed to "self certify", but all others need to go through the formal certification process.
  2. Find a consultant or start doing research on your own to understand the implications. If your software fall into Class IIa or above, you will need to complete a Clinical Evaluation Report among other critical documentation.
  3. Put in place a suitable quality management system. The MDR requires you to prove that you and all your suppliers have suitable quality management systems in place. Effectively, that means needing to be certified to ISO 13485.
  4. Select suppliers that are ISO 13485 certified.  If your suppliers are not ISO 13485 certified, before going to the market you must ensure put in place necessary procedures, tests, monitoring activities and documentation to demonstrate their compliance.
  5. Find a suitable EU Notified Body and start the CE mark application process. Note what we mentioned above – many notified bodies are already struggling to cope with the increased load caused by MDR.

How Chino.io can help

Chino.io can be your trusted supplier for storing sensitive health data. GDPR compliance is an inherent requirement of the MDR. Here are Chino.io, we are acknowledged experts in GDPR and our system makes it simple to meet the necessary requirements. Also, as the only ISO 13485 certified medical-grade DBaaS, we will save you time, effort and money as you seek to achieve MDR certification.

Summary

MDR is the largest change to medical device regulations in EU since CE Marking was introduced in 1993. From May 2020, this regulation will become mandatory in all EU member states .This will have a huge impact on EU innovators. The regulation will completely change how digital health innovators operate and price their medical devices in the EU market. Be ready for MDR and choose trusted suppliers to make your life easier.

MDR and eHealth: How to build MDR compliant applications

Download here
Author image

About Ruta Naujokaite

  • Berlin, Germany