Transferring medical data from a device (Sec 201(h)): regulatory implications

[PacoRabanez]

Hi forum fellows,
I am investigating the possible regulatory implications, if any, regarding the export (complete transferring) of the database from an previously cleared and currently distributed medical device to another, in particular, from a corneal topographer to a biometer, or from one of these to a web-based software platform for managing data from multiple devices.
The database includes patient records and all the tests performed by the device.
I'd like to know if regulations, standards, reference guidelines related to this topic are available and, therefore, if specific applicable requirements and responsibilities (if any) of the manufacturer exists?

Hope you can help me.
Greetings to you

PS: can anyone help me for the same problem but for Europe regulation?

 

[Junn1992]

Where was the data previously stored? In cloud server also, or on the devices themselves.

 

[PacoRabanez]

Where was the data previously stored? In cloud server also, or on the devices themselves.

Hi, sorry for being late and many thanks for the reply.
The data are present on the devices themselves. In some cases it is a matter of exporting an excel file.

 

[Junn1992]

I do not see any immediate MDR implications from this. However, you should take note of the following:

EU GDPR:
- data export. did patient consent?
- data storage. does it fulfill requirements under the GDPR?
- where is data going to be stored? GDPR is very strict regarding cross border data flows
- should also consider cybersecurity of the system where data is being stored

So immediately I can see that your issues would be with patient consent, storage of the data, and using the data in a compliant manner with reference to the GDPR.