Medical software

1. Definitions

Medical software includes all software used for healthcare, particularly for medical devices or medical devices (embedded software), and software that is itself a medical device (standalone software).

IEC/CD1 82304-1 (Health Software – Part 1: General requirements for product safety) distinguishes between the following terms:

HEALTH SOFTWARE
Software intended to be used specifically for maintaining or improving health of individual persons, or the delivery of care
MEDICAL SOFTWARE
Software intended to be used specifically for incorporation into a physical medical device or intended to be a SOFTWARE MEDICAL DEVICE
SOFTWARE MEDICAL DEVICE
Software intended to be a medical device in its own right
MEDICAL DEVICE SOFTWARE
Software intended to be used specifically for incorporation into a physical medical device

This clarifies that medical software can be a medical device but does not have to be.

Medical software also includes medical device software and software as a medical device.

Fig. 1: Medical software includes medical device software and software as a medical device (click to enlarge).

2. Regulatory requirements

a) Medical software – a medical device?

The question often arises as to when medical software meets the definition of a medical device. You can find a further discussion on this topic in the article on the classification of software as a medical device and in the article on the qualification and classification of IVD medical device software.

b) Regulations, laws, standards

Software that is a medical device or part of a medical device must meet the regulatory requirements:

In Europe, the medical device regulations (MDR, IVDR) are relevant. However, these only contain relatively general regulations for software, which this article presents.
IEC 62304 defines the life cycle processes for medical device software.
IEC 82304-1 applies to all “health software”. IEC 82304-1 also requires conformity with the requirements of IEC 62304.
There are also MDCG guidelines, e.g., MDCG 2019-11 and MDCG 2023-4.
The FDA sets out specific requirements in its guidance documents, including specific requirements for medical software. It also answered many questions specifically about software as a medical device in this FAQ.

Further information

3. Support for medical device manufacturers

Benefit from the support of the Johner Institute:

Do you have questions about developing and approving medical devices that contain or are software? Our free micro-consulting will provide you with answers.
In the medical software compact seminar, you will acquire the prescribed competencies. You will learn about and fulfill the legal requirements for software development.
The Medical Device University’s video training will help you to create a lean and IEC 62304-compliant “software file” step by step. In addition, a complete set of templates takes a lot of work off your hands.
You can also benefit from the support of our experts. They will help you to document your software briefly, precisely, and in compliance with the laws and standards and prepare you for audits and tech file reviews.
Have the IT security of your software evaluated using penetration tests.

Contact us right away so that we can discuss the next steps. This will ensure that the “approval” is a success and that your software or devices are quickly launched on the market.

Regulatory requirements for medical devices with machine learning

By Dr. Tina Priewasser January 16, 2025 Leave a comment

The incorporation of AI in medical devices has made great strides, for example, in the diagnosis of disease. Manufacturers of devices with machine learning face the challenge of having to demonstrate compliance of their devices with the regulations. Even if you know the law – what are the standards and best practices to consider in…

Details

Artificial intelligence in medicine

By Dr. Tina Priewasser January 15, 2025 Leave a comment

More and more medical devices are using artificial intelligence e.g., to diagnose patients more precisely and to treat them more effectively.

Closed-loop systems in medical devices

By Mario Klessascheck January 14, 2025 Leave a comment

Medical devices are increasingly based on closed-loop systems. These “closed-loop systems” are already mentioned in the Medical Device Regulation (MDR). One example is a system consisting of an insulin pump controlled by a device with a glucose sensor. In this article, you will learn what closed-loop systems are, where they are used in medicine, and what…

Details

What the AI Act means for medical device and IVD manufacturers

By Prof. Dr. Christian Johner October 28, 2024 Leave a comment

The EU AI Act has been published. Many manufacturers of medical devices and IVD, as well as other healthcare players, are faced with the major task of understanding the 140+ pages of legal text and complying with the requirements. Note: Infringements/violations of the AI Act are punishable by a fine of up to 7% of…

Details

Accessibility

By Prof. Dr. Christian Johner October 10, 2024 Leave a comment

Accessibility refers to the design of products and services that can also be used by people with physical limitations. The term “products and services” encompasses both physical and digital products and services. This also includes medical devices (physical devices, apps, other standalone software). This article explains which accessibility requirements manufacturers of medical devices should be…

Details

Electronic and digital signatures

By Urs Müller July 29, 2024 Leave a comment

Electronic and digital signatures should be considered on an equal level to handwritten signatures (“wet ink”). The requirements that need to be fulfilled depend on the extent of the binding force that is to be achieved and so depend on the document that is to be signed. This article explains 1. When is a signature…

Details

PDMS (Patient Data Management System): What you should consider from a regulatory perspective

By Christian Rosenzweig April 30, 2024 Leave a comment

PDMS stands for patient data management system. These clinical information systems are typically used in hospitals, especially in departments that treat patients in intensive care. PMDS are experiencing a new boom in Germany as a result of the funding provided by the Hospital Future Act (Krankenhaus-Zukunftsgesetz, KHZG). This article provides 1. PMDS: Functionalities and requirements Patient data management systems (PDMS)…

Details

Verification and validation: Differences and definitions

By Prof. Dr. Christian Johner April 14, 2024 Leave a comment

What is the difference between verification and validation, and how are these terms defined? Even standards and regulations use the terms incorrectly or misleadingly. This article 1. Verification a) Definition This definition does not explain what type of “requirements” need to be confirmed by verification. Limiting these requirements to product or component requirements is recommended to avoid…

Details

Risk management in hospitals and at other operators

By Christian Rosenzweig March 26, 2024 Leave a comment

Laws require risk management in hospitals, especially in order to improve patient safety. Nevertheless, many hospitals find this difficult. This article presents the most important regulatory requirements and provides tips for implementation. 1. Typical risks in a hospital a) Risks for patients The most important risks for patients include: b) Risks for all people in…

Details

Qualification and classification of IVD software

By Dr. Tina Priewasser March 26, 2024 Leave a comment

The qualification and classification of IVD software determine how and how quickly IVD manufacturers can bring their software to market and what costs arise for “approval.” This article will help you correctly qualify and classify IVD software, thereby avoiding regulatory problems and the resulting costs and delays. 1. Definition of terms 1.1 Qualification Qualification is…

Details

Name	Borlabs Cookie
Provider	Owner of this website, Imprint
Purpose	Saves the visitors preferences selected in the Cookie Box of Borlabs Cookie.
Cookie Name	borlabs-cookie
Cookie Expiry	1 Year

Name	Google Tag Manager
Provider	Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Purpose	Cookie by Google used to control advanced script and event handling.
Privacy Policy	https://policies.google.com/privacy?hl=en
Cookie Name	_ga,_gat,_gid
Cookie Expiry	2 Years

Accept	Google Analytics
Name	Google Analytics
Provider	Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Purpose	Cookie by Google used for website analytics. Generates statistical data on how the visitor uses the website.
Privacy Policy	https://policies.google.com/privacy?hl=en
Cookie Name	_ga,_gat,_gid
Cookie Expiry	2 Months

Accept	YouTube
Name	YouTube
Provider	Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Purpose	Used to unblock YouTube content.
Privacy Policy	https://policies.google.com/privacy?hl=en&gl=en
Host(s)	google.com
Cookie Name	NID
Cookie Expiry	6 Month