Introduction to Sports Injuries by- Dr. Anjali Rai
From Servers to Medical Devices
1. From Servers to Medical Devices
Elisabethann Wright
Hogan & Hartson LLP, Belgium
Prof.Dr.med. Björn Berg
Director of Information Technology & Medical Engineering
University Hospital Heidelberg, Germany
Anne-Sophie Bricca
Director EMEA Legal Affairs, CaridianBCT, Belgium
Petra Wilson
Director, Internet Business Solutions Group
Cisco Systems
2. The legal landscape of medical
devices – the needs
Point-of-care diagnostic device for:
• Seamless integration of data at ward level
• Data integration to national summary EHR
• Anonymous data aggregated locally for
research purposes
• Routine automated device testing
Home monitoring device for:
• Patient clinical data collection
• Routine remote follow-up of patients
• Automated alert of the treating
physician
3. The legal landscape of medical
devices – legal issues
Medical Device Certification for physical medical
devices
Medical Device Certification for software which
supports devices
Local modifications of the devices - hardware and
software
Data processing of data from devices
Liability for use of on-site and off-site devices
4. What is a Medical Device?
The current Medical Device Directive defines a medical
device as:
• “any instrument, apparatus, appliance, software, material or other
article, whether used alone or in combination, including the
software intended by its manufacturer to be used specifically for
diagnostic and/or therapeutic purposes and necessary for its
proper application, intended by the manufacturer to be used for
human beings for the purpose of:
• diagnosis, prevention, monitoring, treatment or alleviation of disease;
• diagnosis, monitoring, treatment, alleviation of or compensation for an
injury or handicap;
• investigation, replacement or modification of the anatomy or of a
physiological process;
• control of conception;
• and which does not achieve its principal intended action in or on
the human body by pharmacological, immunological or metabolic
means, but which may be assisted in its function by such means”.
5. What is an accessory?
An accessory is defined in the Directive as:
• “an article which whilst not being a device is intended specifically by its
manufacturer to be used together with a device to enable it to be used
in accordance with the use of the device intended by the manufacturer
of the device”.
• The European Commission Guideline (MEDDEV 2.1/1 April 1994),
provides:
• “the definition of "accessory" requires that the accessory is specifically
intended by the manufacturer of the accessory to be used together
with a device. The intended use of the accessory must be such as to
enable a device to be used in accordance with its intended use.
Therefore a product can only become an accessory to a medical
device if the manufacturer of such a product establishes an intended
use in conjunction with one or several medical devices.”
• The Directive provides that “accessories shall be treated as
medical devices in their own right”.
6. Software as a Medical Device
• No specific definition of “software” in either regulation or
guidance at present. However the Medical Devices
Directive provides some direction:
• “For devices which incorporate software or which are medical
software in themselves, the software must be validated
according to the state of the art taking into account the
principles of development lifecycle, risk management, validation
and verification” (Annex 1 Essential Requirements, point 12.1a)
• “Stand alone software is considered to be an active medical
device” (Annex IX Classification criteria, point 1.4)
• “Software, which drives a device or influences the use of a
device, falls automatically in the same class” (Annex IX
Classification criteria, point 2.3)
• Harmonised international standards provide guidance:
• EN 62304:2006 Medical device software - Software life-cycle
processes (IEC 62304:2006).
7. Data Flows
Pers. Data Tech. Data
academic
nephrologists
Scientific Data
Tech. Data
home Point of care
monitoring Diagnostic
devices US Vendor
Device
Technical
Pers. Data support
Patient
Care
Pers. Data Providers
8. Directive 95/46/EC
Scope: protection of individuals with regards to the processing of
personal data and on the free movement of such data.
Appllicability: to data processed by automated means and data
contained in or intended to be part of non automated filing systems.
Content: strict limits on the collection and use of personal data and
demands that each Member State set up an independent national
body responsible for the protection of these data.
9. Personal Data
Definition:
Chapter I – Article 2 (a)
“Any information relating to an identifiable
natural person (“data subject”); an identifiable
person is one who can be identified, directly or
indirectly, in particular by reference to an
identification number or to one or more factors
specific to his physical, physiological, mental,
economic, cultural or social identity”.
10. Derogation
Article 8.3: “processing of data concerning
health is (authorized when) required for the
purposes of preventive medicine, medical
diagnosis, the provision of care or treatment or
the management of health-care services, and
where those data are processed by a health
professional subject under national law or rules
established by national competent bodies to the
obligation of professional secrecy or by another
person also subject to an equivalent obligation of
secrecy.”
11. Data Controller’s obligations
Controller’s obligations:
• Collection of the data subject's consent (Article 2(h))
• To give information to the data subject (Article 10) :
• the identity of the controller and of his representative, if any;
• the purposes of the processing
• the recipient(s)
• To provide a right of access to and a right to rectify
(Article 12)
• To ensure the confidentiality of processing (Article 16)
• To ensure the security of processing (Article 17)
• To notify the supervisory authority (Article 18)
• To act as a Data exporter in case of
transfer to a third country.
12. Liability Flows
Vendor
Hospital / care Health care
Patient institution professional
13. Questions of Liability:
Key actors
5 potentially groups of people have
liability issues:
• The device manufacturer(s)
• The Hospital
• The Healthcare Professionals
• The Internet Service Provider
• The patient
14. Questions of Liability
Relevant EU level Legislation
Liability for defective products
(Dir. 85/374/EC & Directive 1999/34/EC)
General product safety
(Dir. 2001/95/EC)
Sale of consumer goods
(Dir. 1999/44/EC)
Information society services and
eCommerce
(Dir. 2000/31/EC)
15. Questions of Liability
Key Concepts
• Professional liability for good healthcare services
• Institutional and Vicarious Liability of hospital
• No-fault Liability
• Special liability of Information Society Services
providers
• Contributory Liability of Patients