Search the Elsmar Cove!
**Search ALL of** with DuckDuckGo Especially for content not in the forum
Such as files in the Cove "Members" Directory

Procedure on Privacy Policy in the ISO 13485 quality management system


Staff member
Super Moderator
Do you mean in terms of the devices you manufacture or internally like personnel records?

If the former, I think you would if you handle protected info in any way. 4.2.5 (control of records) explicitly requires "The organization shall define and implement methods for protecting confidential health information contained in records in accordance with the applicable regulatory requirements." Setting the foundation with policy would be appropriate, IMO.


Quite Involved in Discussions
Not for personnel records but mainly on the lines of ensuring data privacy collected by the device. Hence how could we adopt the privacy principles at the design stage?


Involved In Discussions
Include privacy as a Design Input, one of many, that must be accounted for in the overall design solution. The design outputs will ultimately be verified against the inputs. Besides the ISO cite above, you probably have a HIPAA requirement and others you are thinking about. I am not sure you need a procedure; just call it an input and the Design Controls should address it via the detailed design and design verification.
Top Bottom