Healthcare providers such as hospitals, clinics, practices, and laboratories are subject to extensive regulatory requirements, just like medical device manufacturers.

Content

This page provides important articles for these users and operators.

  1. Regulatory requirements
  2. IT in hospitals and practices
  3. How hospitals deal with medical devices
  4. Support for hospitals

1. Regulatory requirements

a) Regulatory requirements for operators

The EU medical device regulations MDR and IVDR form the overarching legal framework. One article highlights their impact on health institutions such as hospitals.

In Germany, these requirements are specified by

  • the Medizinproduktedurchführungsgesetz (Medical Devices Implementation Act – MPDG),
  • the Medizinprodukte-Betreiberverordnung (Medical Device Operator Ordinance – MPBetreibV) and
  • the Medizinprodukte-Anwendermelde- und Informationsverordnung (Medical Device User Notification and Information Ordinance -MPAMIV).

All three explicitly concern hospitals and other operators.

The MPBetreibV stipulates the obligation to keep a medical device book.

A central legal requirement is the risk management of hospitals.

b) Special requirements for medical laboratories

The EU regulates medical laboratories. They should, therefore, familiarize themselves with the requirements for in-house IVD (LDT) and laboratory products “For Research Use Only” (RUO).

2. IT of hospitals, laboratories, and practices

The digitalization of hospitals is progressing (too) slowly and poses significant tasks for the IT of hospitals and practices.

a) Hospital IT from a regulatory perspective

From a regulatory perspective, hospital IT should pay particular attention to these points:

  • (Accidental) in-house manufacturing of medical devices
  • Parameterization of software
  • Hospital information systems that are considered systems and procedure packs
  • Medical IT, which must not be confused with medical devices

b) IT security requirements

The article IT security in the healthcare sector provides an introduction.

IEC 80001-1 lists requirements for risk management in hospital IT.

Manufacturers must report security problems. They can classify their severity using the Common Vulnerability Scoring System (CVSS).

They should apply security patches and be aware of the regulatory implications.

c) Requirements for data protection in hospitals

IT security is a basis for data protection. The article on data protection in healthcare for medical data provides an introduction.

One way to meet data protection requirements is to anonymize and pseudonymize personal data.

A data protection officer must monitor all of this in the healthcare sector.

d) Special systems

Hospital IT staff have to select, install, and administer many different systems:

  • Clinical information systems
  • Communication server
  • IT-networks (special features for hospitals)
  • The medical cloud
  • Telematics infrastructure: 5 requirements that software manufacturers must observe

The interoperability of these devices is a particular challenge.

3. How hospitals deal with medical devices

a) Requirements for specific activities

Laws and standards place requirements on all phases of the product life cycle:

  • In-house manufacture of medical devices
  • ISO 17664 – Reprocessing of medical devices
  • Maintenance / servicing of medical devices
  • Recycling and disposal of medical devices

In this context, determining the service life of medical devices is crucial.

b) Requirements for special (medical) devices

There are also requirements for special types of devices:

  • Medical devices as aids
  • Multiple socket-outlets for medical devices
  • Medical device PC

4. Support for hospitals and other operators

Do you have questions about the selection, use, and operation of medical devices in hospitals, laboratories, practices, and other healthcare providers? You can get answers in our free micro-consulting.

The Johner Institute’s seminars provide healthcare provider employees with a helpful introduction to topics such as


Products for general laboratory use: What manufacturers and laboratories need to know to avoid problems and unnecessary expense

One assumption persists: Products for general laboratory use such as PCR cyclers, NGS devices, fragment analyzers, centrifuges, pipetting robots, and extraction kits must bear a CE-IVD marking. Is this correct? There is often a lack of clarity about Hence, there are uncertainties, in order not to make themselves liable to prosecution. This article provides clarity…

Details

Sampling kits from a regulatory perspective

The term “sampling kit” is not defined by the IVDR or any other regulation. Nevertheless, there are (indirect) regulatory requirements that IVD manufacturers and medical laboratories must be aware of and consider. The requirements depend on the particular constellation. This article presents five constellations. It provides clarity and helps to avoid regulatory hassles and minimize…

Details

PDMS (Patient Data Management System): What you should consider from a regulatory perspective

PDMS stands for patient data management system. These clinical information systems are typically used in hospitals, especially in departments that treat patients in intensive care. PMDS are experiencing a new boom in Germany as a result of the funding provided by the Hospital Future Act (Krankenhaus-Zukunftsgesetz, KHZG). This article provides 1. PMDS: Functionalities and requirements Patient data management systems (PDMS)…

Details

Clinical evidence: How to prove it

Only through clinical evidence – real evidence – can manufacturers prove their medical devices’ safety, performance, and benefit. But when is proof valid enough? In other words, when is there sufficient clinical evidence for authorities and notified bodies to accept? This article answers the questions and provides a compact introduction to the topic of “clinical…

Details

DIN EN IEC 80001-1:2023

IEC 80001-1 has the long title “Application of risk management for IT-networks containing medical devices – Part 1: Tasks, responsibilities and activities“. This article reveals what the standard requires and why manufacturers should also consider it. 1. About DIN EN IEC 80001-1 a) Objectives of DIN EN IEC 80001-1 The standard aims to help minimize…

Details