Gemelli Digital Medicine & Health

Regulation

GDMH strongly believes a robust and solid regulatory compliance is essential in conveying efficient and secure Digital Medicine solutions in the Healthcare market.

Policies & Credentials

Despite the vastness of Digital Health products currently on sale in the healthcare market, a strongly-defined regulatory path is needed to disambiguate the different digital solutions, their scope and use, and the creation and development process ongoing behind them.

At the moment, the EU MDR 745/2017 (Medical Device Regulation) is the reference point for companies, manufacturers, suppliers, importers or distributors of medical devices. It defines:

More stringent rules

around Softwares as Medical Devices (SaMD) used to execute and support the clinical trials regarding their actual benefits in the therapeutic journey.

Guidelines

for safety and performance involving the SaMD’s development and production phases before the commercialization and more control on the post-marketing surveillance.

Transparency

through the European database of medical devices and their traceability.

Class I Devices

The manufacturer can independently assign the CE marking and self-declare the Oproduct’s conformity to standards.

Class II, III and sub.I Devices

The MDR stipulates that there must be a Notitied Bodv to assess the required conformity. A determining element in the evaluation and approval of Class Il and o Class III Digital Medicine products is the evidence generated by clinical trials, (ISO 14155:2011) conducted in principle under the responsibility of a sponsor (Article 63 of the MDR); this role should be assumed by either the manufacturer or another physical or legal person.

International Standard
Organization Indications

Together with the MDR’s guidelines, the International Standard Organization (ISO) gives further indications and norms to follow in order to develop, produce and commercialize medical devices starting from the international standards for clinical trials, up to the post-marketing surveillance and the information security systems for the management individuals’ data. 

01.

STANDARD ISO 14155:2011​

Clinical investigation of medical devices for human subjects — Good clinical practice.

02.

STANDARD ISO 13485:2016​

Medical devices — Quality management systems — Requirements for regulatory purposes​.

03.

STANDARD ISO/IEC 27001:2022​

Information security, cybersecurity and privacy protection — Information security management systems — Requirements​.

For more informations

04.

ISO 20417 ​

Medical devices – Information to be supplied by the manufacturer​.

05.

Technical report ISO/TR 20416 ​

Medical devices – Post-market surveillance for manufacturer​.

06.

ISO/TR 11147:2023​

Health informatics — Personalized digital health — Digital therapeutics health software systems​.

DATA PROTECTION

GDPR

EU 2016/679 General Data Protection Regulation (GDPR) defines the following:

  • Accountability of the data controller and the data processor.
  • Security measures must be adapted to the risk inherent in the processing of personal data
  • Mandatory creation of a Record Of Processing Activities (ROPA) and notification to the Data Protection Authority of a data breach
  • Mandatory (for the processing when is needed) of the Data Protection Impact Assessment (DPIA)
  • Mandatory designation of the Data Protection Officer (e.g. for large corporate groups or even small entities that process very sensitive data).
Given the above, GDMH has:​

“Companies that offer digital medicine services must be able to equip themselves with their own privacy risk assessment system, without counting, as in the past, upon legal review by the Supervisory Data Protection Authority (SDPA)”.

Giorgianni. F. 2023. GDPR as a First Step Towards Free Flow of Data in Europe. In: Cesario, A., D’Oria, M.. Auffray, C.. Scambia, G. (eds) Personalized Medicine Meets Artificial Intelligence. Springer.

Scroll to Top