Cloud Services for Medical Devices with CE Mark

E

elbatius

My company is trying to push things online with IoT for our class IIb device. We need a company to provide cloud hosting services, and there is quite a number of them on Google. What are the regulations and standards we should look out for when choosing a cloud hosting service, one that has security, privacy and CE compliance?
 

Ronen E

Problem Solver
Moderator
My company is trying to push things online with IoT for our class IIb device. We need a company to provide cloud hosting services, and there is quite a number of them on Google. What are the regulations and standards we should look out for when choosing a cloud hosting service, one that has security, privacy and CE compliance?

Hello elbatius and welcome to the Cove :bigwave:

Not an expert on this subject, but as a start there's an EU directive governing the protection of patient data. I would also expect some sort of certification along the ISO 27000 series lines, to ensure recoverability.

Hopefully others will soon chime in and provide the expertise I lack.

Cheers,
Ronen.
 
E

elbatius

Thanks for the welcome!! I just dove into the job of QA and got help here :D

By the protection of patient data, is it the general personal data protection(95/46/EC)?

And I realised... there's really two parts to my question:
1. What certifications/complied regulations should we look out for in the cloud service providers?
2. Is there any additional directives/standards (apart from 13485, 14971, 62304) my company have to comply with when integrating cloud services into our medical device?
 

shimonv

Trusted Information Resource
The following link will take you to the European Commission page on data protection rules with links to the current directive and the new regulation:

(broken link removed)

In terms of standards, I am not aware of any harmonized standards as yet; its kind of a new terrain. What I can recommend is to review FDA's recommendation for use and adoption of the voluntary “Framework for Improving Critical Infrastructure Cybersecurity” that has been developed by the National Institute of Standards and Technology (NIST) with collective input from other government agencies and the private sector:

(broken link removed)

Good luck,
Shimon
 
Top Bottom