Classification of medical apps under MDR — it’s not the end of the world
Let’s not follow the crowd, but actually look into the law to understand what it means for your medical app.
Short background
MDR stands for medical device regulation and is an European regulation that will become active mid of next year. It succeeds the medical device directive. And as such it’s similar to GDPR. GDPR is an European directive that succeeded the data protection directive.
If you have anything to do with medical apps you are most likely aware of that. You probably also assume that your medical app will be classified higher than it is right now. Just to remember, in Europe medical devices are generally divided into the risk classes 1, 2a, 2b, and 3. Class 1 means lowest risk and class 3 means highest risk. An Example for class 3 are pacemaker. Besides a few exceptions, most medical apps are classified as class 1 so far. The myth with the upcoming MDR is that this will change and every class 1 medical app will shift up to either class 2a or 2b. Let’s look at this in some more detail.
What does the MDR actually say?
To understand this classification a bit better, I would recommend you to look at the wording of the regulation. You find the full text here. Among a lot of other things, it describes so called classification rules. You simply work through those rules and get a classification as a result. The MDR has a specific rule for software. Let’s have a look at rule 11:
Software intended to provide information which is used to take decisions with diagnosis or therapeutic purposes is classified as class IIa, except if such decisions have an impact that may cause:
death or an irreversible deterioration of a person’s state of health, in which case it is in class III; or
a serious deterioration of a person’s state of health or a surgical intervention, in which case it is classified as class IIb.
Software intended to monitor physiological processes is classified as class IIa, except if it is intended for monitoring of vital physiological parameters, where the nature of variations of those parameters is such that it could result in immediate danger to the patient, in which case it is classified as class IIb.
All other software is classified as class I.
Let’s dissect it a bit into 3 parts:
- The first part applies to your app if the app provides information that is used for diagnosis or therapeutic purposes. If that’s not the case, you can skip it.
- The second part is relevant if your app monitors certain aspects of the human body, e.g. heart rate or generally any physiological processes. Again, if that’s not the case, you can skip it.
- All other software is classified as class 1.
The main takeaway of this article is that your medical is not automatically in risk class 2 by next year.
What you should do now?
A lot of the medical apps that I know do something preventative. And especially those apps won’t necessarily be classified higher than the current class 1. MDR generally gives more focus on software by having a dedicated classification rule. But that doesn’t mean that every medical app is automatically at least in risk class 2a as some people claim.
The main takeaway of this article is that your medical is not automatically in risk class 2 by next year. You need to analyze in detail your medical app and its intended purpose and decide what risk class to go with in the future. Just keep in mind, if it’s class 2a or higher, you need to work with a notified body. So you need to start this process early enough. Reach out to me if you need any guidance on that.
Photo by The Roaming Platypus on Unsplash