Standalone software

The EU Medical Device Regulation uses standalone software to describe “devices in the form of software.” However, this regulation only applies to some standalone software.

Content

This page provides a brief overview and references articles for further background information.

Taxonomy
Regulatory requirements for standalone software
Five challenges and possible solutions
Support

1. Taxonomy of software devices

a) Definition

Standalone software applications are independent devices brought to market without hardware, either as a download (e.g., via an app store) or on a physical data carrier (e.g., flash drive).

b) Delimitation

Standalone software intended for the healthcare sector is different from health software. It is also incongruent with medical device software (see Fig. 1).

Standalone software for the healthcare sector is a subset of health software.

Fig. 1: Standalone healthcare software is a subset of health software (all four quadrants).

c) Examples

Examples of standalone software are

clinical information systems
many digital health applications (DiGA)
mobile medical apps
other health software that is not a medical device, such as wellness and fitness applications

2. Regulatory requirements

a) Standalone software – a medical device?

Manufacturers must clarify whether their standalone software counts as a medical device. The article on the qualification and classification of software as a medical device sheds light on when this is the case.

b) Regulations, laws, standards

If the standalone software counts (“qualifies”) as a medical device , it must meet the legal and normative requirements. These do not differ from the requirements for software that is part of a medical device.

The medical device regulations (MDR, IVDR) are relevant in Europe. These contain general regulations. This article presents the essential requirements for software.
IEC 62304 defines the life cycle processes for medical device software.
IEC 82304-1 applies to all health software and, therefore, all standalone software in the healthcare sector. It requires conformity with the requirements of IEC 62304.
The FDA also sets out specific requirements for medical software in its guidance documents.

Further information

3. Five challenges and possible solutions

Challenge 1: Identification of the standalone software

With web-based medical devices in particular, manufacturers find it challenging to determine which part is part of the medical device and which is part of the runtime environment. For example, is the application server included?

It is important to document this definition explicitly.

Fig. 2: Web-based medical devices consist of many levels. One part belongs to the software (medical device), one part to its runtime environment. SOUP are part of the medical device.

Challenge 2: Placing on the market

If the software is made available via app stores, the question arises as to when the placing on the market actually occurs. When it is uploaded to the store? When it is activated in the app store? Or only at download?

This article on placing on the market provides answers.

Challenge 3: Software testing

The runtime environments on which the standalone software is installed differ. Hardly any two computer systems are the same. This applies to notebooks and servers as well as smartphones. There are thousands of Android-based end devices.

This makes it difficult for manufacturers to review the correct functioning of their software on these end devices. They therefore have to restrict them or test them riskbased.

Challenge 4: Actual use

This diversity affects not only the technical environment, but also the use environments and benefits. How are manufacturers supposed to ensure that only the users intended for the intended purpose use the devices? How should they anticipate under which circumstances (e.g., when driving, at night, during sport) their devices will be used?

Systematic post-market surveillance is essential here in order to track actual use and react to it if necessary.

Challenge 5: Latency of “approval”

In contrast to many physical devices, software must and can be brought to market in short development cycles. This is necessary because security patches must be installed.

However, this is offset by lengthy approval and conformity assessment procedures.

The Johner Institute digitizes the regulatory processes and works on real-time regulation.

4. Support for software manufacturers

Benefit from the support of the Johner Institute:

Do you have questions about the development and approval of standalone software? Then, take advantage of the free micro-consulting.
In the compact seminar on medical software, you will acquire the necessary competencies. You will learn about and meet the legal requirements for software development.
The Medical Device University‘s video training courses help you to create a lean and IEC 62304-compliant “software file” step by step. In addition, a complete set of templates takes a lot of work off your hands.
You can also benefit from the support of our experts. They will help you to document your software briefly, precisely, and in compliance with the law and prepare you for audits and tech file reviews.
Have the IT security of your software reviewed using penetration tests.

Contact us right away so that we can discuss the next steps. This will ensure that the “approval” process succeeds and that your software or devices are quickly launched on the market.

PDMS (Patient Data Management System): What you should consider from a regulatory perspective

By Christian Rosenzweig April 30, 2024 Leave a comment

PDMS stands for patient data management system. These clinical information systems are typically used in hospitals, especially in departments that treat patients in intensive care. PMDS are experiencing a new boom in Germany as a result of the funding provided by the Hospital Future Act (Krankenhaus-Zukunftsgesetz, KHZG). This article provides 1. PMDS: Functionalities and requirements Patient data management systems (PDMS)…

Details

Verification and validation: Differences and definitions

By Prof. Dr. Christian Johner April 14, 2024 Leave a comment

What is the difference between verification and validation, and how are these terms defined? Even standards and regulations use the terms incorrectly or misleadingly. This article 1. Verification a) Definition This definition does not explain what type of “requirements” need to be confirmed by verification. Limiting these requirements to product or component requirements is recommended to avoid…

Details

Risk management in hospitals and at other operators

By Christian Rosenzweig March 26, 2024 Leave a comment

Laws require risk management in hospitals, especially in order to improve patient safety. Nevertheless, many hospitals find this difficult. This article presents the most important regulatory requirements and provides tips for implementation. 1. Typical risks in a hospital a) Risks for patients The most important risks for patients include: b) Risks for all people in…

Details

Qualification and classification of IVD software

By Dr. Tina Priewasser March 26, 2024 Leave a comment

The qualification and classification of IVD software determine how and how quickly IVD manufacturers can bring their software to market and what costs arise for “approval.” This article will help you correctly qualify and classify IVD software, thereby avoiding regulatory problems and the resulting costs and delays. 1. Definition of terms 1.1 Qualification Qualification is…

Details

Regulatory requirements for medical devices with machine learning

By Dr. Tina Priewasser March 26, 2024 Leave a comment

The incorporation of AI in medical devices has made great strides, for example, in the diagnosis of disease. Manufacturers of devices with machine learning face the challenge of having to demonstrate compliance of their devices with the regulations. Even if you know the law – what are the standards and best practices to consider in…

Details

SBOM: Software Bill of Materials

By Christian Rosenzweig January 23, 2024 Leave a comment

Laws and standards require medical device manufacturers to compile a Software Bill of Materials, the SBOM. However, standardized SBOM formats are not always sufficient to meet these requirements. In particular, medical device manufacturers who do not supply and use SBOMs for their software are no longer accepted in the market. Here are the reasons. 1.…

Details

Software life cycle: What is meant by this?

By Dr. Tina Priewasser January 22, 2024 Leave a comment

The Medical Device Regulation (MDR) (like the Medical Device Directive (MDD) and thus the Medical Device Act before it) requires manufacturers to comply with life cycle processes for their software. IEC 62304 and IEC 82304 also refer to software life cycle processes. But what is a software life cycle? The software life cycle includes all…

Details

IT security for legacy devices

By Christian Rosenzweig November 28, 2023 Leave a comment

Understandably, laws and standards also require IT security for legacy devices. However, the way in which these requirements are formulated often leads to confusion. For example, legislators and standard committees have been unable to agree on common definitions. One definition refers to the IT security of legacy devices, another to the IT security of old…

Details

Software as Medical Device

By Alexander Wassel November 17, 2023 Leave a comment

Software as Medical Device (SaMD) refers to (independent) standalone software that is a medical device but not part of one. It should not be confused with Medical Device Software as defined by the EU. As a manufacturer, when do you have to qualify Software as Medical Device, and when as Medical Device Software? Find out…

Details

MDCG 2023-4 on combinations of MDSW and hardware

By Prof. Dr. Christian Johner October 31, 2023 Leave a comment

MDCG published guideline MDCG 2023-4 in October 2023 entitled “Medical Device Software (MDSW) – Hardware combinations – Guidance on MDSW intended to work in combination with hardware or hardware components.” Criticism 1: Unclear scope of MDCG 2023-4 The title gives the impression that (all) types of combinations of hardware and Medical Device Software (MDSW) are…

Details

Name	Borlabs Cookie
Provider	Owner of this website, Imprint
Purpose	Saves the visitors preferences selected in the Cookie Box of Borlabs Cookie.
Cookie Name	borlabs-cookie
Cookie Expiry	1 Year

Accept	YouTube
Name	YouTube
Provider	Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Purpose	Used to unblock YouTube content.
Privacy Policy	https://policies.google.com/privacy?hl=en&gl=en
Host(s)	google.com
Cookie Name	NID
Cookie Expiry	6 Month