Some healthcare-related applications on the market are not classified as medical devices and therefore do not carry a CE marking, or its UK equivalent, the UKCA marking. These marks are not required, for example, when an app simply transfers data from one location to another. However, the qualification of a product as a medical device and the presence of a CE or UKCA marking benefit the customer, as they impose strict safety and quality requirements on the product.
Requirements for medical devices focus particularly on safe usage, minimising risks, and maintaining performance. These requirements span the entire lifecycle of the product—from design to product end-of-life. The manufacturer of a medical device commits to ensuring the product’s quality, safety, and performance throughout its lifecycle.
Designed and tested for specific use and users
Medical devices are designed and tested specifically for a defined user group and intended use, which is determined before the product is released to the market. For example, the Medanets application is designed for use by healthcare professionals. The application must function in such a way that the user cannot inadvertently endanger the patient.
In addition to the user and intended use, the production process of medical software also considers the environment of use—for Medanets, this means the hospital environment. Compatibility with other systems and devices used in hospitals is also ensured.
The manufacturer’s quality management system guarantees compliance with all applicable laws and regulations. For example, GDPR requirements for built-in and default data protection and security are considered from the design stage. This ensures the protection of patient and user data.
The quality management system also ensures traceability of the product’s manufacturing stages. Records include the product requirements, how they were tested, who was involved in each stage, their qualifications, and who authorised the product for release.
Same standards apply to non-medical components
Medical software must meet the general safety and performance requirements of the European Medical Device Regulation (MDR), and the UK MDR2002. Clinical validation is conducted to ensure the software functions correctly in a clinical context—using appropriate clinical data, performing calculations accurately, and providing clinically valid responses or instructions. This allows the software to be used for the benefit of individual patients.
Following this, a conformity assessment is carried out according to the product’s risk class. Higher risk classes require evaluation by a notified body as part of the CE marking, or by a UK approved body as part of the UKCA marking. The manufacturer and the medical software must also be properly registered in the Eudamed system and, if necessary, in national registers, such as the MHRA DORS in the UK.
Some parts of the product may not fall under medical device regulation. For example, the Early Warning Score feature in the Medanets application is considered a medical device. However, the application also includes several non-medical components that support healthcare professionals in their work. For instance, merely displaying data from an Electronic Health Record or documenting medication administration via a mobile app are not considered medical features.
Even these non-medical features can pose unpredictable patient risks if not anticipated and managed from the design stage. Therefore, all parts of the Medanets application are developed according to the same process and certified ISO 13485 quality system, ensuring they meet the same stringent requirements.
Risk management minimises safety deviations
Risk management begins at the software design stage and continues throughout the product’s lifecycle. The medical device manufacturer commits to holding multidisciplinary risk management meetings frequently enough to identify and address all risks appropriately.
Medanets’ risk management team includes a clinical expert and a Clinical Safety Officer, as required by the regulation. They understand clinical and patient risks related to healthcare software. If a fault or function is identified that could pose a risk to a patient or professional, mitigation actions are initiated immediately—such as modifying the software.
Medical devices that utilise artificial intelligence are generally classified as high-risk AI systems and are subject to strict obligations under the EU’s AI regulation before they can be marketed. In the UK, relevant AI policies are defined by the NHS. Medanets’ quality and risk management system also accounts for the development of AI systems.
The manufacturer must maintain a process for handling customer feedback and complaints, too. The manufacturer receives and promptly reviews all feedback and provides a timely response to the customer. This ensures that customers and end users are heard, and that any deficiencies or errors are identified and addressed without delay. There is also a dedicated process for handling adverse events, ensuring the manufacturer fulfils its responsibilities. This may include making necessary notifications and taking any actions required to prevent recurrence.
Regulatory oversight of medical devices
Medical devices are regulated and overseen in all EU countries and in the UK by the national authorities. For example, in the UK, the authority is the Medicines and Healthcare Products Regulatory Agency, MHRA. The MHRA performs market surveillance and takes decisions over the marketing and supply of devices. They must also be notified of any product-related adverse events.
The Medanets application is also classified as a healthcare information system, and its development takes into account national legislation in each market area. Legislative requirements emphasise interoperability, data security, and data protection.