Software that is deemed "not a medical device"

[bryantj8]

Hello all,
We are currently working on a submission for a software product that is a little bit on the line of being considered a medical device. Has anyone in this group had a submission that your notified body has determined is not a medical device? What is the process for this? Particularly, were you provided with some documentation that your product does not carry the CE mark as it has been determined it is not a medical device. From a business standpoint, we have customers wanting a CE mark, but is there anything we can show them to explain why we don't have one?

Thank you!
jess

 

[Billy Milly]

CE mark is necessary for all products on EEC market, not only medical devices...

 

[cfcruz]

What would be the scope of the Notified Body submission? As mentioned there are CE marking for other products, not only medical devices.
If you wouldn't qualify as medical device and there would be no other need of CE marking, there would be no submission to a Notified Body.
If you consider the software as not medical device please beware of the claims you have. It may be easy for a software in the healthcare field for example to start processing information or have claims concerning aiding diagnosis or therapy and therefore qualifying as a medical device.
If a device has claims that meet the medical device definition and is not being qualified as a medical device and is on the market, the National Competent Authority may ask questions / ask to remove from the market.

 

[AlexisRuiz2772]

In that case they could ask for compliance with GDPR.
If the software is within a healthcare environment, it may fall under the scope of the IEC 82304 and standards of cybersecurity (e.g. 81001-5-1).

Not pretty sure about this, but perhaps they can state that a software is not a medical device, however it is developed under a medical grade process. This means that follows all standards for medical device, without being a medical device.

I hope that helps!

 

[DanMann]

CE mark is necessary for all products on EEC market, not only medical devices...

This is not true - many products do not require CE marking to be placed on the EU market (e.g. food, clothing). Software that is not a medical device does not need to be CE marked.

 

[DanMann]

At a previous company, we submitted something we had treated as a MDSW to a notified body for MDR transition and they refused our application on the grounds that the software was not a medical device. There was no official documentation to go with this, just an email and a conversation.
If you are confident your software is not a medical device based on the MDCG guidance and the regulation, I would document your reasoning for this based on the guidance and send this to customers on request. You could also be ISO 13485 certified even if you don't make a medical device and confirm to customers that although this is not a medical device, it is developed under an ISO 13485 certified quality management system.

 

[DanMann]

In that case they could ask for compliance with GDPR.
If the software is within a healthcare environment, it may fall under the scope of the IEC 82304 and standards of cybersecurity (e.g. 81001-5-1).

Not pretty sure about this, but perhaps they can state that a software is not a medical device, however it is developed under a medical grade process. This means that follows all standards for medical device, without being a medical device.

I hope that helps!

You cannot CE mark a product for GDPR compliance and a product cannot be GDPR compliant - only organisations and activities can be GDPR compliant. Customers may ask for evidence of your company's GDPR compliance or how your product has been designed to support GDPR compliance and how it can/should be used in a GDPR-compliant manner.

 

[Ed Panek]

GDPR begins with the question of whether are you a data processor or data controller. You can self certify you are GDPR compliant and you have the elements required in your privacy policy and beyond and (If USA based) are actively within the DPF Framework Digital Privacy Framework