Developers of medical devices designed to allow exchange of data with other devices need to monitor not only the basic safety-related and functional requirements, but also the regulatory and legal requirements applicable to the exchange of data and IT networks. TÜV SÜD has summarized the key information on this subject in a Med-Info, which is now available for download here [ PDF 422 kB ].
In Germany, for example, the requirements of the German Data Protection Act and X-Ray Regulation must be taken into account when X-ray images are to be included in electronic patient records directly after being taken.
These and many other requirements related to IT security are essential elements of risk management and must be considered from the outset for any medical device that incorporates a programmable electrical medical system (PEMS), is intended to be connected to an IT network, and, together with the IT network, is under control of a third party, i.e. not under the control of the medical device manufacturer.
The Med-Info [ PDF 422 kB ] now published by TÜV SÜD Product Service is available in English and provides an overview of the regulations, standards and processes that must be taken into account for the conformity assessment of medical devices intended to be incorporated into an IT network. Of course, as a manufacturer you can also contact the TÜV SÜD experts directly. They will be happy to show you how you can successfully manage IT security with general trainings, gap analysis, certification, knowledge services and tests.