Procedure on Privacy Policy in the ISO 13485 quality management system

SGquality

Quite Involved in Discussions
I would like to know if you have developed a procedure on Privacy Policy in the ISO 13485 quality management system?
 

yodon

Leader
Super Moderator
Do you mean in terms of the devices you manufacture or internally like personnel records?

If the former, I think you would if you handle protected info in any way. 4.2.5 (control of records) explicitly requires "The organization shall define and implement methods for protecting confidential health information contained in records in accordance with the applicable regulatory requirements." Setting the foundation with policy would be appropriate, IMO.
 

SGquality

Quite Involved in Discussions
Not for personnel records but mainly on the lines of ensuring data privacy collected by the device. Hence how could we adopt the privacy principles at the design stage?
 

William55401

Quite Involved in Discussions
Include privacy as a Design Input, one of many, that must be accounted for in the overall design solution. The design outputs will ultimately be verified against the inputs. Besides the ISO cite above, you probably have a HIPAA requirement and others you are thinking about. I am not sure you need a procedure; just call it an input and the Design Controls should address it via the detailed design and design verification.
 
Top Bottom