Call Us Today at 508-231-8842        EMERGENCY

If you’re a medical device manufacturer planning do to business with the European Union you need to know about the regulatory change that took place in May 2018 that could have operational process and financial implications for your business.

The new General Data Protection Regulation (GDPR) contains both existing and new data privacy requirements that, if not met, can result in significant fines of up to 20 million Euro or four percent of annual turnover. Maintaining compliance is required of organizations as well as relevant vendors and partners and is critically important to ensuring that organizational IT ecosystems are doing all they can to help customers protect individual rights and freedoms.

One of the newest requirements is the need to respond to a data breach or loss within 72 hours and provide a full report of the event or incident that includes details such as how many individuals were affected and the type of data compromised. Consequences of the breach must also be reported, based on the disclosure of what the organization believes happened based on evidence, potential implications, as well as measures taken and that will be taken to mitigate the risks that were identified within the breach disclosure report.

To adequately respond to the change in regulations as a result of GDPR implementation, medical device firms should ensure that employees are well-trained at bringing issues to the attention of management. This can affect employees throughout your organization, from ground-level staff, who need to know what personal data is and how to manage it, to the triage and incident response (IR) teams, who will need to be involved for issues that need immediate resolution. It would also be advisable to work with an experienced medical device consulting firm, especially one that specializes in medical regulatory consulting.

Central to how you handle data and protect it from illegal access is how you gather that data in the first place. If your firm is going to collect personally identifiable information (PII) you must be sure to receive customer consent before you track it and your collection process must follow US HIPAA regulation. If at any time the customer requests to stop being tracked, your company must stop and purge that customer’s information from your files.

As organizations adopt data breach and data security and privacy regulations across the globe, a primary concern is how to develop standard processes to address individual sets of requirements. One approach that can help bootstrap process development is to create a basic set of data

protection principles consisting of principles and FAQs that cover a number of practice pointers to help drive home key concepts to employees using standardized terminology. A broader, integrated approach to training and process development will help standardize responses to a wide range of regulatory issues stemming from GDPR, HIPAA, EU-US Privacy Shield, etc.

When it comes to data protection, the ideal situation is no situation at all. That means avoiding being breached, but if and when it happens, being prepared with a strong foundation will serve well in helping assess, remediate, and respond quickly and appropriately.

For more information about developing and implementing regulatory strategies, please contact the medical regulatory consulting specialists here at MEDIcept.

Sign up to receive our Newsletters!

The Latest News

Artificial Intelligence: What you need to know about next-gen smart medical device compliance

Recent strides in artificial intelligence (AI) and machine learning technology is opening the door to the development of increasingly smart medical devices capable of turning big data and digital information into actionable insights for healthcare professionals. AI is having a significant impact on the evolution of smart devices and how healthcare will be delivered in the future. AI, coupled with machine learning, is calling into question what it means to approve a medical device capable of...

Mobile Medical Apps

In today’s wireless world, it seems everyone has a smartphone and it’s revolutionizing how services and information are presented and accessed. In the healthcare industry, this means rapid advances in telemedicine and the development of mobile medical apps (MMAs) which raise some unique concerns for compliance and challenges for regulation by the FDA and medical regulatory submissions. It is important to determine if your product is a regulated MMA or not a medical device. On May 17, 2019, the...
MEDIcept

Digital Health Innovation and Regulatory Compliance

Advances in digital health technology and innovation are picking up speed as wireless communications continue to evolve and become incorporated in growing numbers of devices, systems, and networks. The cloud, , are only fueling the demand for wireless and cloud-based integration of medical devices, which promises to improve the delivery of healthcare, often at reduced costs. Telemedicine, wearable devices, artificial intelligence (AI), and remote diagnostic and monitoring systems are just some...