Questions and Answers
The combination of these two different worlds, that of traditional medicine and that of technology and digital health, will enable better quality, customized and more efficient patient care, with improved accessibility and costs.
HIPAA is the acronym for the US Health Insurance Portability and Accountability Act.of 1996. HIPAA defines the requirements for protecting sensitive data and patient information. This law applies to medical and digital healthcare companies dealing with patients’ medical and/or health information. Such companies have a duty to protect medical/health information, and to take physical, technological and network security measures, as well as monitor the data, to ensure that this information is not leaked and is maintained in its entirety and with high reliability.
Any body, company or other entity that provides treatment, information, data or personal information, whether directly or as part of working with such an entity, as a subcontractor or as a business partner, is also required to work in compliance with HIPAA requirements.
GDPR is the acronym for the EU General Data Protection Regulation which came into force in 2018. It deals with confidentiality of information and privacy.
The GDPR contains mandatory provisions to be applied by entities which, as part of their activities, collect personal information and/or process information from the internet.
HIPAA was created to protect sensitive data with two main purposes – to provide continuous health insurance coverage for workers who lose or change jobs, and to reduce the burden and health care costs provided to the insured, through standardization of how electronic means are used, medical information transmission and transmission of administrative and financial transactions, while improving the availability and accessibility of nursing and health insurance services to patients.
The privacy rules and confidentiality of medical information contained in HIPAA apply to any health information being held or transferred that allows for the individual identification of a person. Health information can be stored in any form, including digitally.
The digital health field is an innovative technological field that connects the high-tech world to the healthcare world.
Digital health is also called digital technology, e-Health or health-tech.
The digital health sector uses information, communication and technology (ICT) for the benefit of public health.
CE marking is a European system based on compliance of medical devices to regulatory requirements for maintenance of health, safety, effectiveness and performance, quality and the environment.
The CE mark on a medical device allows the medical device to be sold on the European market and in other markets that have adopted compliance to the EU requirements. In most cases, a CE mark application will be submitted by the legal manufacturer of the medical device.
ISO 13485 is an international standard relevant to quality management systems for medical devices. The latest version was published in 2016 and reconfirmed in 2020.
This standard specifies the requirements for quality management systems for medical device manufacturers to provide safe products for use and in accordance with the regulatory requirements of international bodies. It includes requirements for documentation, personnel qualification, risk management, change control and validation, among others, to ensure that medical devices are safe and effective, and that quality and compliance are maintained according to the applicable regulatory requirements.
The standard is suitable for medical equipment organizations regardless of their size or specific type of medical device or equipment.
To the article ISO 13485 in the medical industry
A harmonized, global definition of “medical device” (MD) does not yet exist.
US law and regulations define a medical device as “instrument, apparatus, implement, machine, contrivance, implant, in vitro reagent…intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease, in man or other animals, or Intended to affect the structure or any function of the body…and which does not achieve its primary intended purposes through chemical action …and which is not dependent upon being metabolized for the achievement of its primary intended purposes…”
EU law and regulations define a medical device as any “instrument, apparatus, appliance, software, material or other article… for the purpose of diagnosis, prevention, monitoring, treatment or alleviation of disease,…injury or handicap, investigation, replacement or modification of the anatomy or of a physiological process, control of conception, and which does not achieve its principal intended action in or on the human body by pharmacological, immunological or metabolic means…”
The different heath authorities have rules for determining the risk class of a medical device, based on its potential for harm if misused, design complexity, and use characteristics. Risk classifications generally range from Class I through Class III or IV, where Class I is the lowest level of risk. Risk classification has an impact on the regulatory pathway to be followed for product registration applications and may also influence the quantity and quality of documentation required to support the applications in each target market.
Data integrity is a cornerstone of the quality management system in pharma and medical device companies.
It is a company’s ability to make absolutely certain that the data used by the company are complete, consistent, reliable and accurate throughout their life cycle.
Bio-Chem articles for you