Course description
Applying the Regulations for Health Apps and Medical Device Software
Are you aware of the methodologies available to identify and manage risk associated with your software? Is your software product compliant with the recent usability and effectiveness guidelines laid out in the Medical Device Regulation (MDR)?
Health software qualifying as a medical device must comply with the general safety and performance requirements (GSPR) pertaining to safety and security. In addition, under the MDR, developers must demonstrate compliance with development guidelines (such as IEC 62304 and IEC62366) ensuring user-friendly and effective devices. Using practical examples, this 6-module course teaches you bes tpractices to apply EU safety and security regulations ensuring your device is fully compliant. You will also learn various testing and evaluation strategies outlined in the MDR to create apps and software that meet usability and effectiveness requirements.
If you are involved in the development of health software, or responsible for regulatory or developmental control, then this course details everything you need to know to ensure you are compliant with the evolving MDR
Do you work at this organisation and want to update this page?
Is there out-of-date information about your organisation or courses published here? Fill out this form to get in touch with us.
Upcoming start dates
Suitability - Who should attend?
This course is a suitable follow on for attendees from Navigating the Regulations online course and is also suitable for professionals who work in software development who wish to further their understanding of how to apply the EU regulations to their product. Popular areas include:
- Regulatory Affairs
- Quality control
- Software Development
- Software Engineering
- Clinical Evaluators
- Post-market vigilance
Outcome / Qualification etc.
- Understand the importance of cybersecurity for health apps by learning about the key principles of data integrity
- Learn to minimise safety and security risks by applying methodologies detailed under GSPR
- Understand key risk management strategies to adequately identify safety and security risks associated with your software
- Develop your project management techniques to maximise the efficiency of your daily processes and effectively design your device
- Build-on your knowledge of the International Standards relating to the usability of your software device
- Discover key considerations for clinical investigations, evaluations and post-market activities for your device
- Apply a range of different software platforms, plugins and design controls to your own health app or software
Training Course Content
Module 1
General safety and performance requirements and technical documentation
- General safety and performance requirements (GSPR)
- Safety-related requirements
- Security-related requirements
- Performance-related requirements
- Harmonized standards and the role of Annex ZD to prove GSPR are met
- Risks associated with the IT environment and devices connected to them (MDR GSPR 14, 18 and IVDR GSPR 13)
- Aspects relevant for devices that incorporate electronic programmable systems and software that is a device in itself (MDR GSPR
17 and IVDR GSPR 16) - Information for the instructions for use of software (MDR GSPR 23 and IVDR GSPR 20)
- Electronic Instructions for Use (eIFU; Regulation 207/2012)
- Practical construction of a technical file
Module 2
Safety Risk Management: Creating, implementing and using safe health software
- Process and Terminology
- Process: identify, assess, evaluate and control risk
- Causal chain terminology
- Risk Identification Methodologies
- Checklists
- Hazard and Operability Analysis (HAZOP)
- Methodology
- HAZOP applied on a grey box
- HAZOP applied on software requirements
- HAZOP applied on procedures
- Failure Mode and Effect Analysis (FMEA)
- Methodology
- Limitations
- Aspects to consider when identifying risks
- Risk Assessment Methodologies
- Fault Tree Analysis
- Probability and severity of harm
- Risk Evaluation Methodologies
- Risk acceptability
- Benefit-risk determination
- Risk Control Methodologies
- Safety Case
- Regulatory requirements and standards
- Safety of health software (IEC 82304)
- Risk management (EN IEC/ISO 14971 and ISO 24971and IEC/TR 80002-1)
- Process interfaces with Clinical Evaluation, Design and Development,
- Vigilance Reporting and Post-Market Surveillance processes
Module 3
Cybersecurity Risk Management: creating, implementing and using secure health software
- Assuring information integrity, security and privacy (ISO/IEC 27001)
- Practical design of secure software
- Security Risk Management
- Process maturity
- Security awareness
- Penetration testing
- Manufacturer Disclosure Statements
- Patching strategy
- Secure Disposal and Reuse
- Assuring the security of products that contain third party components
- Balancing safety with security
- Applicable information integrity security and privacy legislation
Module 4
Controlled design of health software
- Software Life Cycle Process (IEC 62304)
- Software Development Requirements and Design Controls
- Agile software development
- Management of software suppliers
- Use of open source software
- Software platforms and plugins
- Legacy software
- Project management, development planning and change management
- Requirements management
- Software architecture anddesign
- Development
- Configuration management
- Software verification and validation
Module 5
Creating user-friendly software
- Usability (IEC 62366)
- Formative and summative testing
- Cognitive walk-throughs
- Heuristic Evaluations
- User Evaluations
- Practical design of user-friendly software
- Interface with risk management
Module 6
Clinical evaluation, post-market surveillance and vigilance
- Clinical investigation
- Clinical evaluation
- Post-Market clinical follow-up
- Post-Market Surveillance
- Vigilance reporting
- Medical incident and (near-) incidents
- Periodic safety updates
- Issuing a field service notice and collecting customer reply forms
- Trend reporting
Why choose PTI
On average, delegates of their online academies said:
Quality of content:
4/5
85% had applied content during the course to their role
Delivery rating:
4/5