Are you confused by the different safety standards and regulations which apply to eHealth? Certainly the relationship between the Medical Device Directive (MDD) and eHealth Safety Standards SCCI 0129 and SCCI 0160 can, at times, be complex. The SCCI Standards tell us that only one or the other can apply to a particular product so how do the scope and requirements of the two compare? Here are five differences between the two:
- The MDD only applies to eHealth systems which meet defined criteria based on the product’s functionality and Intended Purpose. The SCCI Standards apply to all products (apart from Medical Devices) which have the potential to adversely impact the care of individual patients. So, a TeleHealth system which provides advice on the basis of blood pressure measurements taken from a patient might be a Medical Device. An EPR which simply lists blood pressure recordings over time might not a Medical Device but would be subject to the SCCIs. A product which ascertains mean blood pressure for a cohort of patients for research purposes might not be subject to either.
- The SCCI Standards are enforced through policy, procurement and local commercial contracts. The MDD is a piece of European Law which is enacted as a regulation by parliament. The directive is enforced by the MHRA and there can be serious implications if a Manufacturer fails to comply.
- Products compliant with the MDD must be CE Marked and be accompanied by a Declaration of Conformity; it is for the Manufacturer and Notified Bodies to take a view on the product’s safety position at the time of certifying the product. In contrast there is no SCCI 0129 ‘certificate’. Products compliant with the SCCI Standards are accompanied by a Safety Case. It is for Healthcare organisations to judge the safety position of the system based on that Safety Case (supported as appropriate by NHS Digital).
- The SCCI Standards set out the requirements for a risk management system. The MDD also has requirements for a risk management system but also a number of other things (quality management system, clinical effectiveness, security, management of complaints and investigations, compliance with other harmonized standards, etc.) Whilst manufacturers may choose to undertake these activities anyway as part of their business case and product lifecycle they would not be audited against SCCI 0129.
- MDD compliance can only be undertaken by the Manufacturer. Whilst SCCI 0129 is addressed to Manufacturers, compliance activities could be undertaken by a System Integrator or other stakeholder providing that they have adequate knowledge of the product and the support of the manufacturer. Each Safety Case is considered on its merits irrespective of the precise authoring party.
Dr Adrian Stavert-Dobson is the Managing Partner of Safehand, independent consultants in clinical risk management, and the author of Health Information Systems: Managing Clinical Risk.