Healthcare providers such as hospitals, clinics, practices, and laboratories are subject to extensive regulatory requirements, just like medical device manufacturers.
Content
This page provides important articles for these users and operators.
- Regulatory requirements
- IT in hospitals and practices
- How hospitals deal with medical devices
- Support for hospitals
1. Regulatory requirements
a) Regulatory requirements for operators
The EU medical device regulations MDR and IVDR form the overarching legal framework. One article highlights their impact on health institutions such as hospitals.
In Germany, these requirements are specified by
- the Medizinproduktedurchführungsgesetz (Medical Devices Implementation Act – MPDG),
- the Medizinprodukte-Betreiberverordnung (Medical Device Operator Ordinance – MPBetreibV) and
- the Medizinprodukte-Anwendermelde- und Informationsverordnung (Medical Device User Notification and Information Ordinance -MPAMIV).
All three explicitly concern hospitals and other operators.
The MPBetreibV stipulates the obligation to keep a medical device book.
A central legal requirement is the risk management of hospitals.
b) Special requirements for medical laboratories
The EU regulates medical laboratories. They should, therefore, familiarize themselves with the requirements for in-house IVD (LDT) and laboratory products “For Research Use Only” (RUO).
2. IT of hospitals, laboratories, and practices
The digitalization of hospitals is progressing (too) slowly and poses significant tasks for the IT of hospitals and practices.
a) Hospital IT from a regulatory perspective
From a regulatory perspective, hospital IT should pay particular attention to these points:
- (Accidental) in-house manufacturing of medical devices
- Parameterization of software
- Hospital information systems that are considered systems and procedure packs
- Medical IT, which must not be confused with medical devices
b) IT security requirements
The article IT security in the healthcare sector provides an introduction.
IEC 80001-1 lists requirements for risk management in hospital IT.
Manufacturers must report security problems. They can classify their severity using the Common Vulnerability Scoring System (CVSS).
They should apply security patches and be aware of the regulatory implications.
c) Requirements for data protection in hospitals
IT security is a basis for data protection. The article on data protection in healthcare for medical data provides an introduction.
One way to meet data protection requirements is to anonymize and pseudonymize personal data.
A data protection officer must monitor all of this in the healthcare sector.
d) Special systems
Hospital IT staff have to select, install, and administer many different systems:
- Clinical information systems
- Communication server
- IT-networks (special features for hospitals)
- The medical cloud
- Telematics infrastructure: 5 requirements that software manufacturers must observe
The interoperability of these devices is a particular challenge.
3. How hospitals deal with medical devices
a) Requirements for specific activities
Laws and standards place requirements on all phases of the product life cycle:
- In-house manufacture of medical devices
- ISO 17664 – Reprocessing of medical devices
- Maintenance / servicing of medical devices
- Recycling and disposal of medical devices
In this context, determining the service life of medical devices is crucial.
b) Requirements for special (medical) devices
There are also requirements for special types of devices:
- Medical devices as aids
- Multiple socket-outlets for medical devices
- Medical device PC
4. Support for hospitals and other operators
Do you have questions about the selection, use, and operation of medical devices in hospitals, laboratories, practices, and other healthcare providers? You can get answers in our free micro-consulting.
The Johner Institute’s seminars provide healthcare provider employees with a helpful introduction to topics such as