Security = Safety

Under EU MDR, cybersecurity is a General Safety and Performance Requirement. Failure to secure software is a patient safety risk.

Technical Steps:

• Secure architecture and testing (MDCG 2019-16)
• Access control, encryption, logging
• Vulnerability management and patches

GDPR Considerations:

• Health data = special category
• Explicit consent and purpose limitation
• DPIA (Data Protection Impact Assessment) required if high-risk AI involved

This post is part of SaMD Europe Launch Guide.

This content has been enhanced by GenAI tools.