C5 certificates are relevant for service providers and, where applicable, for medical device manufacturers. The German Digital Act (DigiG), which came into force at the beginning of 2024, redefines the requirements for cloud services in the healthcare sector. This article explains the most important aspects of C5 certification for medical device manufacturers and service providers…
DetailsMedical device and IVD manufacturers must distinguish the concepts of “abnormal use,” “foreseeable misuse,” “errors in normal use,” and “misuse.” This is a prerequisite for understanding and complying with ISO 14971 and IEC 62366 requirements. Even the measures that manufacturers must take depend on the type of use.
DetailsMedical device manufacturers must determine the severity of possible harm to assess the risks posed by their devices. What sounds simple is very challenging in practice. This article assists in determining and documenting the severity of harm in accordance with ISO 14971.
DetailsISO 14971 defines the terms “hazard” and “hazardous situation.” Nevertheless, medical device manufacturers often find it difficult to assign concrete cases to either of the two categories. This article provides help.
PDMS stands for patient data management system. These clinical information systems are typically used in hospitals, especially in departments that treat patients in intensive care. PMDS are experiencing a new boom in Germany as a result of the funding provided by the Hospital Future Act (Krankenhaus-Zukunftsgesetz, KHZG). This article provides
DetailsLaws require risk management in hospitals, especially in order to improve patient safety. Nevertheless, many hospitals find this difficult. This article presents the most important regulatory requirements and provides tips for implementation.
DetailsMedical device cybersecurity is a focus not only for the FDA but also for other legislators and authorities, both in the US and other markets. This is understandable The USA has added requirements for cyber devices to the Food, Drug & Cosmetic Act (FD&C), and the FDA has published several guidance documents on cybersecurity, which…
DetailsOutsourcing risk management to service providers. Wouldn’t that be convenient? But is that allowed? And how much sense does it make anyway? Conversely, what should you as a service provider not be burdened with under any circumstances? This article provides the answers. It suggests how manufacturers and service providers can divide their activities and gives…
DetailsLaws and standards require medical device manufacturers to compile a Software Bill of Materials, the SBOM. However, standardized SBOM formats are not always sufficient to meet these requirements. In particular, medical device manufacturers who do not supply and use SBOMs for their software are no longer accepted in the market. Here are the reasons.
DetailsUnderstandably, laws and standards also require IT security for legacy devices. However, the way in which these requirements are formulated often leads to confusion. For example, legislators and standard committees have been unable to agree on common definitions. One definition refers to the IT security of legacy devices, another to the IT security of old…
Details