Medical software

1. Definitions

Medical software includes all software used for healthcare, particularly for medical devices or medical devices (embedded software), and software that is itself a medical device (standalone software).

IEC/CD1 82304-1 (Health Software – Part 1: General requirements for product safety) distinguishes between the following terms:

HEALTH SOFTWARE
Software intended to be used specifically for maintaining or improving health of individual persons, or the delivery of care
MEDICAL SOFTWARE
Software intended to be used specifically for incorporation into a physical medical device or intended to be a SOFTWARE MEDICAL DEVICE
SOFTWARE MEDICAL DEVICE
Software intended to be a medical device in its own right
MEDICAL DEVICE SOFTWARE
Software intended to be used specifically for incorporation into a physical medical device

This clarifies that medical software can be a medical device but does not have to be.

Medical software also includes medical device software and software as a medical device.

Fig. 1: Medical software includes medical device software and software as a medical device (click to enlarge).

2. Regulatory requirements

a) Medical software – a medical device?

The question often arises as to when medical software meets the definition of a medical device. You can find a further discussion on this topic in the article on the classification of software as a medical device and in the article on the qualification and classification of IVD medical device software.

b) Regulations, laws, standards

Software that is a medical device or part of a medical device must meet the regulatory requirements:

In Europe, the medical device regulations (MDR, IVDR) are relevant. However, these only contain relatively general regulations for software, which this article presents.
IEC 62304 defines the life cycle processes for medical device software.
IEC 82304-1 applies to all “health software”. IEC 82304-1 also requires conformity with the requirements of IEC 62304.
There are also MDCG guidelines, e.g., MDCG 2019-11 and MDCG 2023-4.
The FDA sets out specific requirements in its guidance documents, including specific requirements for medical software. It also answered many questions specifically about software as a medical device in this FAQ.

Further information

3. Support for medical device manufacturers

Benefit from the support of the Johner Institute:

Do you have questions about developing and approving medical devices that contain or are software? Our free micro-consulting will provide you with answers.
In the medical software compact seminar, you will acquire the prescribed competencies. You will learn about and fulfill the legal requirements for software development.
The Medical Device University’s video training will help you to create a lean and IEC 62304-compliant “software file” step by step. In addition, a complete set of templates takes a lot of work off your hands.
You can also benefit from the support of our experts. They will help you to document your software briefly, precisely, and in compliance with the laws and standards and prepare you for audits and tech file reviews.
Have the IT security of your software evaluated using penetration tests.

Contact us right away so that we can discuss the next steps. This will ensure that the “approval” is a success and that your software or devices are quickly launched on the market.

DIN EN IEC 80001-1:2023

By Christian Rosenzweig June 6, 2023 Leave a comment

IEC 80001-1 has the long title “Application of risk management for IT-networks containing medical devices – Part 1: Tasks, responsibilities and activities“. This article reveals what the standard requires and why manufacturers should also consider it.

Details

V-model: Avoiding the 5 most common problems

By Mario Klessascheck May 23, 2023 Leave a comment

The V-model is a development process model that was originally used for government projects (e.g., armaments). To this day, it is still anchored in many people’s minds and in standards for projects in regulated environments (e.g., medical technology, banks). This leads to disputes in teams that prefer agile development processes. This article helps to resolve…

Details

Development process: Lean and compliant with standards

By Prof. Dr. Christian Johner May 16, 2023 Leave a comment

Laws and standards formulate requirements on how medical device manufacturers must define and document the development process. Notified bodies check these requirements during audits. This article on the development process provides tips on how to design the process and how to align it with other processes, such as the risk management process.

Details

Develop software components compliant with IEC 62304 and FDA

By Prof. Dr. Christian Johner May 9, 2023 Leave a comment

Medical software manufacturers must meet the legal requirements for software components in order to “approve” their devices. This article presents these requirements and gives seven tips on how to fulfill them quickly and easily.

Details

7 steps to the DiGA directory

By Claudia Schmitt April 24, 2023 Leave a comment

Since 2020, the German legislature has allowed the reimbursement of digital health applications (DiGA). DiGA manufacturers must fulfill several requirements for this. This article describes the steps required to do so.

Details

IEC 81001-5-1: The standard for secure health software

By Christian Rosenzweig March 27, 2023 Leave a comment

The cybersecurity standard IEC 81001-5-1 focuses on how IT security needs to be taken into account in the software life cycle. As a special standard for health software, it supplements IEC 82304-1 and IEC 62304 among others, and can close gaps that urgently need to be closed. The EU is currently planning to harmonize IEC…

Details

MDR Classification Rule 11: The classification nightmare?

By Markus Gerhart March 3, 2023 Leave a comment

The MDR contains the Classification Rule 11. This rule is especially for software. The Rule 11 has serious implications: it bears the potential to further undermine Europe’s innovation capacity. Manufacturers should familiarize themselves with the MDCG‘s interpretation to avoid misclassifying software and to be able to follow the reasoning of notified bodies and authorities. This article…

Details

HIPAA in a nutshell

By Prof. Dr. Christian Johner February 20, 2023 Leave a comment

The Health Insurance Portability and Accountability Act (HIPAA) is a US law that establishes requirements for processing protected health data. Institutions that collect or process these data in the USA and their subcontractors must comply with HIPAA if they want to avoid sanctions. For European companies in particular, HIPAA is a regulation that is difficult to understand…

Details

IT security in healthcare

By Christian Rosenzweig February 17, 2023 Leave a comment

We have known how vulnerable IT security is in the healthcare sector since February 2016, when the IT infrastructures of many clinics were brought to a standstill by a simple virus attack. As a result, the authorities are paying closer attention to ensuring that not only clinics but also manufacturers guarantee the IT security of…

Details

Class I software

By Prof. Dr. Christian Johner December 20, 2022 Leave a comment

Practical guidance based on the experience of the Johner Institute, Oliver Hilgers, and Stefan Bolleininger The discussion about class I software continues to rage. This article provides guidance regarding the MDR rules for the classification of medical software.

Details

Name	Borlabs Cookie
Provider	Owner of this website, Imprint
Purpose	Saves the visitors preferences selected in the Cookie Box of Borlabs Cookie.
Cookie Name	borlabs-cookie
Cookie Expiry	1 Year

Name	Google Tag Manager
Provider	Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Purpose	Cookie by Google used to control advanced script and event handling.
Privacy Policy	https://policies.google.com/privacy?hl=en
Cookie Name	_ga,_gat,_gid
Cookie Expiry	2 Years

Accept	Google Analytics
Name	Google Analytics
Provider	Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Purpose	Cookie by Google used for website analytics. Generates statistical data on how the visitor uses the website.
Privacy Policy	https://policies.google.com/privacy?hl=en
Cookie Name	_ga,_gat,_gid
Cookie Expiry	2 Months

Accept	YouTube
Name	YouTube
Provider	Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Purpose	Used to unblock YouTube content.
Privacy Policy	https://policies.google.com/privacy?hl=en&gl=en
Host(s)	google.com
Cookie Name	NID
Cookie Expiry	6 Month