Security with app hardening and privacy-by-design backend are a top priority for Digital Health Providers

Fraud, privacy violations, cyberattacks, unauthorized data collection, outlaw processing, and hacking of connected medical devices and mobile applications are just a few of the threats arising from the digitalization of the healthcare industry. A hack, that can be disastrous for individuals, is just as harmful for businesses, who will face regulatory fines and damage to their reputation. Such threats can be minimized by implementing adequate privacy and security measures right from the very start. Protecting digital channels is invaluable on many levels, saves lives and prevents significant financial losses.

“Smartphones and tablets are the primary access point for both our personal and work life, and a valuable target for attackers,” said Dr. Christian Schlaeger, Build38 CEO. “Business agility provided by mobile devices will continue to drive adoption in the mobile health sector, even more now with the announced DiGA initiative of the German government. Build38 and Pryv empower businesses to embrace the productivity benefits of mobile devices while addressing the security and privacy risks.”

“Developing the privacy and security layers of Digital Health applications is a highly demanding task, yet essential to gain users trust and achieve compliance.” said Pierre-Mikael Legris, CEO at Pryv “This partnership is a game changer for digital health innovation. It provides digital health innovators with a rigorously tested off-the-shelf solution, allowing them to easily and rapidly develop trustworthy and scalable products.”

The offering by Pryv and Build38 foster compliance with the most stringent existing and forthcoming data protection and cybersecurity regulations. No dedicated security knowledge or privacy-expertise is required by development teams. Companies can focus on their core competency, while de-risking security and privacy compliance, winning time-to-market and fostering user-engagement through trust and transparency.

About Build38:

Build38 is a global provider of mobile application protection solutions. Its Trusted Application Kit (T.A.K) solution combines AI-platform and strongest app shielding technology which protects B2B and B2C mobile channels from fraud and reduces your compliance risk exposure. It also enables new use cases and opens the market for new digital business models. Build38 protects applications across various industries including automotive, financial, public transport and health care. Build38 is headquartered in Munich with global offices in Barcelona and Singapore.

www.build38.com

About Pryv SA:

Pryv makes health personal data processing as secure and trustworthy as online banking.

Pryv.io is a solid foundation on which you build your own digital health solution, so you can collect, store, share and rightfully use personal data. It comes with must-have consent and auditing tools to keep you compliant with existing and forthcoming regulations. The software has been developed to accommodate rapid integration, allowing you to properly manage your users’ data from day one. It comes with turnkey IoT connectivity, a secure storage vault, fine-grained consent management, and comprehensive auditing capability that radically cut IT risk, development costs and accelerate time-to-benefit while addressing the GDPR and the most stringent data protection requirements.

pryv.gihub.io/www

The post Build38 and Pryv Team Up to Simplify Mobile Security and Privacy for Digital Health Companies appeared first on Pryv.

In May 2021, all companies providing healthcare solutions recognized as “medical devices” under the new EU “Medical Devices Regulation” (MDR) will have to comply with newer, stricter requirements, for which they may not be prepared.

A number of discussions around MDR and how it might affect our customers and digital health innovators inspired us to write this article: summarizing the “must-knows” of MDR for those of you who are still in doubt about the Regulation, or will have to face it in the future. We hope it will help you get confidence on where to get started, and provide you with the keys to get your MDR compliance done right in a simple yet effective way.

*The  tags below will outline the specific areas of the Regulation where we could provide you with further assistance if needed. But first, let’s get into it.

MDR-Checklist:

• Are you a medical (eHealth) device provider?
• Do you operate on the European market?
• Still not ready for MDR yet?
  

If all your answers above are “YES”: then now is the time to take action. So what is MDR exactly and how will you prepare for compliance?

MDR, explained.

MDR is the new European “Medical Devices Regulation”. Applying to all companies placing “medical devices” on the European market, it came into force in May 2017 with a 3-year transition period (which is soon to expire) and sets out the new EU rules to ensure safety and performance of med devices within the Union.

Specifically, it was designed to bring the EU market to newer safer, higher standards, align with digital health innovation, and put patients safety and transparency at the heart of the EU healthcare industry.

Simply explained, MDR works like this: it classifies “medical devices” according to risks and then defines the appropriate legal requirements for each class. 

By “medical devices”, MDR means: any instrument or software that is intended to be used for some specific predefined medical purposes, such as health diagnosis, treatment or monitoring, including digital health and eHealth diagnostic devices. All targeted “devices” and ”intents” are listed in the regulation. If in doubt about yours, refer to art. 1 & 2 MDR.

To successfully achieve compliance, you will have to understand MDR objectives and how they will impact the affected businesses. Among the main objectives of MDR are:

• To improve safety, quality and reliability over medical devices: thus, most devices – maybe yours? – have been reclassified to higher risks class and will thus need to comply with further requirements in order to stay/be in the EU market.

• To strengthen transparency of information for consumers: every product placed, put into service or made available on the market will be registered in the EU Database for Medical Devices (EUDAMED) with a “unique device identifier” to keep track of it.

• To enhance vigilance and market surveillance: pre- and post-market data collection will be mandatory to prove products efficiency. For that one, we strongly advise to review for GDPR-compliance, and watch for any other applying regulation.

The time is now:
As of the date 26 May 2020, MDR will fully apply and replace the existing Medical Devices Directive (MDD) and Active Implantable Medical Devices Directive (AIMDD). All affected companies will have to meet with the new requirements by then.

The 6 steps to compliance:

Once you’ve established that you fall under MDR (see MDR flowchart above), here are the 6 steps to achieve compliance:

#1 Product (re)classification:

First, check MDR classification rules to determine the right conformity route to follow: should your device be (re)classified in Class I, IIa, IIb or III?

For software devices (Rule 11, Annex VIII MDR), it works like this:

• Software for diagnosis or therapeutic intent are Class IIa, except if involving possible death or irreversible deterioration: then Class III, or a serious deterioration or surgical intervention: then Class IIb. 

• Software for physiological processes monitoring intent are Class IIa, except if involving vital physiological parameters and possible immediate danger for the patient: then Class IIb.

• All other software is Class I.

#2 Notified Bodies?

If not Class I, a third-party auditor (known in the industry as a “Notified Body”) will be required to assess product’s conformity. You can choose one from that list.

#3 Technical file:

Set up and update a technical file that describes your product & reflects on its ability to meet with MDR requirements (that should include clinical evaluation reports, as well as code documentation for “software-devices”).  

• Tip: get your clinical data ready, you’ll probably need them before you know it!

#4 Management Systems:

Get a QMS, RMS & PMSS* in place or upgrade to meet with the new requirements. Better be safe than sorry: always be ready to be fully audited!  

• Tip: For digital health solutions: emphasize on code documentation & software security.

#5 EU Declaration of Conformity:

Fill up a document in which you declare that the product satisfies MDR requirements. YOU are responsible for the compliance of your product.

#6 CE marking:

 Get your product “CE marked”, that is, certified with a specific mark that indicates EU conformity. Once done, you’ll be ready to launch your product on the market!

Ready to comply yet? Now having read this, we hope you will be.

Get this job done and let us know about your success! 

Yours,
Stephanie & Evelina

Pryv makes compliance software for personal and health data. We help healthcare innovators preserve data privacy and rigorously manage personally identifiable information from creation, to use, sharing and disposal. Our software accelerates patient-centric innovation and helps to reduce up to 80% of the resources required to achieve compliance with Data Protection and Medical-grade Regulations. Get in touch and let us turn your compliance investment into a competitive advantage. 

——–

*QMS: Quality Management System,

*RMS: Risk Management System,

*PMSS: Post Market Surveillance System.

Sources:

• https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32017R0745 
• https://ec.europa.eu/growth/sectors/medical-devices/new-regulations_en
• https://mdreurope.com/ 

• https://www.slideshare.net/mobile/levshapiro/mhealth-israelthe-new-regulatory-challenges-in-europe-the-clinical-evaluation-of-your-devicesmichael-imhoff
• https://www.medicalplasticsnews.com/news/how-will-eu-mdr-affect-the-ce-marking-process-for-medical-de/
• https://medcitynews.com/2020/01/what-will-the-medtech-sector-look-like-under-eu-mdr-law/

The post Get your MDR compliance done right: explained in a less than 5 minutes read appeared first on Pryv.