Medical software

1. Definitions

Medical software includes all software used for healthcare, particularly for medical devices or medical devices (embedded software), and software that is itself a medical device (standalone software).

IEC/CD1 82304-1 (Health Software – Part 1: General requirements for product safety) distinguishes between the following terms:

HEALTH SOFTWARE
Software intended to be used specifically for maintaining or improving health of individual persons, or the delivery of care
MEDICAL SOFTWARE
Software intended to be used specifically for incorporation into a physical medical device or intended to be a SOFTWARE MEDICAL DEVICE
SOFTWARE MEDICAL DEVICE
Software intended to be a medical device in its own right
MEDICAL DEVICE SOFTWARE
Software intended to be used specifically for incorporation into a physical medical device

This clarifies that medical software can be a medical device but does not have to be.

Medical software also includes medical device software and software as a medical device.

Fig. 1: Medical software includes medical device software and software as a medical device (click to enlarge).

2. Regulatory requirements

a) Medical software – a medical device?

The question often arises as to when medical software meets the definition of a medical device. You can find a further discussion on this topic in the article on the classification of software as a medical device and in the article on the qualification and classification of IVD medical device software.

b) Regulations, laws, standards

Software that is a medical device or part of a medical device must meet the regulatory requirements:

In Europe, the medical device regulations (MDR, IVDR) are relevant. However, these only contain relatively general regulations for software, which this article presents.
IEC 62304 defines the life cycle processes for medical device software.
IEC 82304-1 applies to all “health software”. IEC 82304-1 also requires conformity with the requirements of IEC 62304.
There are also MDCG guidelines, e.g., MDCG 2019-11 and MDCG 2023-4.
The FDA sets out specific requirements in its guidance documents, including specific requirements for medical software. It also answered many questions specifically about software as a medical device in this FAQ.

Further information

3. Support for medical device manufacturers

Benefit from the support of the Johner Institute:

Do you have questions about developing and approving medical devices that contain or are software? Our free micro-consulting will provide you with answers.
In the medical software compact seminar, you will acquire the prescribed competencies. You will learn about and fulfill the legal requirements for software development.
The Medical Device University’s video training will help you to create a lean and IEC 62304-compliant “software file” step by step. In addition, a complete set of templates takes a lot of work off your hands.
You can also benefit from the support of our experts. They will help you to document your software briefly, precisely, and in compliance with the laws and standards and prepare you for audits and tech file reviews.
Have the IT security of your software evaluated using penetration tests.

Contact us right away so that we can discuss the next steps. This will ensure that the “approval” is a success and that your software or devices are quickly launched on the market.

IEC 82304 – What the standard requires of “health software”

By Dr. Tina Priewasser September 14, 2016 Leave a comment

IEC 82304 is now available. This is a good reason to take a closer look at this standard for “health software products.”

Health Breach Notification Rule

By Prof. Dr. Christian Johner April 19, 2016 Leave a comment

The Health Breach Notification Rule defines when health records providers have to report which security issues to whom, within what time frame and in what form. This article provides a brief overview of the requirements of the US Federal Trace Commission (FTC).

Federal Trade Commission FTC: for medical device manufacturers?

By Prof. Dr. Christian Johner April 18, 2016 Leave a comment

The Federal Trade Commission (FTC) is an US agency that aims to ensure compliance with competition law and consumer protection. This article explains the circumstances that require you (e.g., as a medical device manufacturer) to comply with the FTC requirements and the specifics of these requirements. The case of Lumosity shows how radically the FTC…

Details

Software audit: What really matters

By Claudia Schmitt March 7, 2016 Leave a comment

“Will a software audit take place?” is a question that reached me via our micro-consulting. ‘And can I avoid a software audit by choosing the appropriate software safety class?” At first, I didn’t realize exactly what ‘software audit’ meant or what the exact concern was. But then I understood and found the question to be…

Details

Risk management and risk analysis for software

By Christian Rosenzweig November 12, 2015 Leave a comment

Software risk analysis depends on the following: Software itself cannot cause harm. It always happens via hardware or people. However, this does not mean there is no need for risk analysis in software. The opposite is the case!

Software unit: specifying and testing according to IEC 62304

By Janos Hackenbeck September 15, 2015 Leave a comment

The term software unit is defined in IEC 62304. Many manufacturers experience difficulties when specifying and testing these software units. This article gives you tips on how to avoid them.

Details

PESS: Programmable Electronic Subsystems

By Mario Klessascheck August 12, 2015 Leave a comment

IEC 60601-1 defines a PESS, a Programmable Electronic Subsystem, as a system based on one or more central processing units, including their software and interfaces. The standard does not reveal what it means by system; in this context, it is a medical device component. For this, IEC 60601-1 sets out specific requirements for the PESS.

Details