The path to MDR and IVDR compliance for medical device software

12 February 2021 11:22

Dr. Visa Suomi, medical devices industry manager at MathWorks, explains how medical device software can achieve compliance under the new MDR and IVDR regulations in the EU.

Regulatory changes in the EU: MDR and IVDR

New medical devices introduced to the EU market will be required to comply with the Medical Device Regulation (MDR) by the European Commission from May 2021 [1]. Similarly, new in vitro diagnostic (IVD) devices brought to the EU market will need to conform to the In Vitro Diagnostic Regulation (IVDR) starting from May 2022 [2]. A transition period applies to devices certified under the old Medical Device Directive (MDD), Active Implantable Medical Device (AIMD) Directive, and In Vitro Diagnostic Directive (IVDD) before these dates, but they will eventually need to be recertified under the new regulations (see Figure 1).

As in the old MDD, the new MDR categorises medical devices into four risk-based classes: class I, IIa, IIb, or III, with class III being the highest-risk class. The assigned class reflects the potential risk posed to the health of the public and an individual as a result of malfunction of the medical device or software. Similarly, the new IVDR uses a risk-based classification system to assign IVD devices to four main classes: class A, B, C, or D, with class D being the highest-risk class.

The new regulations bring a lot of changes, especially in relation to safety-critical medical device software development and testing. This is particularly challenging for the manufacturers of medical and IVD devices, which will be placed in a higher-risk class according to the new regulations. For example, active devices with embedded software that incorporate diagnostic or therapeutic features would be classified as higher risk under the new regulations when compared with the old directives.

Medical device software development with the IEC 62304 standard

With the new regulations coming into effect, medical and IVD device manufacturers affected by these changes will need to establish state-of-the-art workflows for their software development. Manufacturers are required to address all the steps needed, from requirements management and system architecture to unit, integration, and system-level testing and verification. Establishing these new quality processes in an already existing product development workflow is a time-consuming task, but starting the process with the right approach will make the transition achievable.

IEC 62304 is a functional safety standard published by the International Electrotechnical Commission (IEC) that defines the requirements of the software life-cycle processes for medical device software development [3]. The standard specifies a set of processes, activities, and tasks that establish a common framework for designing safe and tested software for medical devices. It categorises software into three safety classes according to the severity of the harm to the patient from a possible software failure:

Class A: No injury or damage to health is possible.
Class B: Non-serious injury is possible.
Class C: Death or serious injury is possible.

The IEC 62304 standard is harmonised by the EU and US, which means that it can be used as a reference to comply with the regulatory requirements in both markets. Although IEC 62304 is yet to be harmonised under the new MDR/IVDR, it is still recommended to follow the standard as the current best practice. Therefore, following an IEC 62304–compliant workflow for software is a pathway toward achieving regulatory approval for new medical devices under the MDR and IVDR. To prove compliance with the regulations, manufacturers need to provide technical documentation from the development process (see Table 1) for a notified body.

Delivering safer medical devices to the market

Market pressure and regulatory restrictions affect all manufacturers in the medical devices industry. Furthermore, the medical device under development can be subject to constant changes, including requirement modifications, specification updates, and design changes. Companies must often meet the conflicting business objectives of reducing time to market while delivering safer products for clinical use. By integrating verification and validation into the software development workflow, companies can remain competitive in the market while providing safer medical devices to patients.

Learn more: Developing IEC 62304–Compliant Embedded Software for Medical Devices

References

European Commission (2017). Regulation (EU) 2017/745 of the European Parliament and of the Council of 5 April 2017 on medical devices
European Commission (2017). Regulation (EU) 2017/746 of the European Parliament and of the Council of 5 April 2017 on in vitro diagnostic medical devices
International Electrotechnical Commission (2006). IEC 62304:2006 Medical device software — Software life cycle processes

Related

Two of a kind: How digital twins are evolving healthcare

How new EU Batteries Regulation may affect UK medical device manufacturers

MedTech Europe calls for reform of European regulatory framework

European Commission proposes extended IVDR transition