MMT commissioned the development of a new platform from the ground up to be able to offer a medically certified end-to-end system. Latest technologies have been applied and the SW Development Process has been meticulously documented for CE-MDR and FDA Certification.
SW Development Process and deliverables (IEC 62304)
MMT received it’s ISO 13485 Medical Certification in December 2019.
The SW system developed is composed by three subsystems. The FW of the module embedded in the medical devices, the Mobile Phones Applications and the Cloud System.
Medical data are highly confidential, and it is important that an unauthorized receiver does not intercept information transmitted from a wireless medical sensor.
MMT’s Cloud System, including the interface between Mobile Phone Applications and the Cloud, have been developed, validated, and operated appropriately for the intended use of the system. The system complies to regulations and guidelines applicable to organizations that make medical devices and medical software applications. The overall intent is to ensure that medical products are safe for consumers and to ensure the integrity and confidentiality of data used.
Cloud System detailed functionality
Cybersecurity requirements of the European Medical Devices Regulations, both pre-market and post-market aspects, are covered. Of particular relevance are those requirements regarding privacy and confidentiality of data associated with the use of MDs that may be outside the scope of the Medical Devices Regulations but are subject to other legislations
In the context of cybersecurity and within the MDR, the following provisions are relevant:
• Privacy and data protection: General requirements regarding clinical investigations conducted to demonstrate conformity of devices
• Conformity assessment procedures
• Post-market surveillance system of the manufacturer
• Post-market surveillance plan
• Post-market surveillance report
• Periodic safety update report
• Reporting of serious incidents and field safety corrective actions
• Trend reporting
• Analysis of serious incidents and field safety corrective actions
• Technical documentation
• Technical documentation on post-market surveillance
• Clinical evaluation and post-market follow-up
Regarding GDPR recommendations, the following guidelines apply for data security:
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:
• the pseudonymization and encryption of personal data;
• the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
• the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
• a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.