8 steps to develop MDR-certified applications

Developing an app isn’t rocket science. The steps are well known and you can find hundreds of guides online. But how does MDR affect things? Read on to learn the 8 steps for developing MDR-certified applications.
8 steps to develop MDR-certified applications
Developing an app isn’t rocket science. The steps are well known and you can find hundreds of guides online. But how does MDR affect things? Read on to learn the 8 steps for developing MDR-certified applications.

The medical device regulation (MDR) will transform digital health. Many eHealth applications are now classed as medical devices. As a result, your application will now need an MDR CE certificate before you can sell it. Here, we look at the 7 stages of developing an MDR-certified application. At the end, we show how Chino.io will save you months of effort.

1. Requirements

The first stage of app development is capturing requirements, conducting user research and analysing what the app needs to do. For health apps, this is the stage where you need to start thinking about MDR and GDPR. In particular, you need to work out what MDR class you are likely to fall into. We explain this in our recently-updated eBook.

2. Quality management system

Quality management is one of the most important aspects of MDR. Indeed, under MDR you must make quality management a core responsibility for your executive team. The de facto quality management standard for MDR is ISO 13485. So, you need to become certified for this standard. In turn, you need to ensure that all your providers are meeting an equivalent level of quality. We explain this in detail in our eBook.

3. Clinical evaluation

MDR requires you to conduct a clinical evaluation to prove that your device achieves its clinical aims in a safe fashion. This is a huge change for application developers. However, this isn’t as scary as it sounds. Only full-blown medical applications will require clinical trials. For many eHealth apps, a detailed literature review is sufficient. But remember, you have to document everything!

4. Design

Obviously, we can’t tell you how to design your core application. However, there are a few additional things you have to consider with MDR. Firstly, MDR requires you to be fully GDPR compatible. This means you need to understand the data security requirements such as pseudonymization and record-level encryption. You also need to design a proper user permissions management system, audit logging and consent management.

5. Develop

As well as implementing your app code, you need to implement the proper data security on both the frontend and backend. You also need to implement the additional technical requirements mentioned above. Implementing these properly is time-consuming and hard, even for skilled developers. However, Chino.io can provide you with all these services using our easy-to-integrate API.

6. Testing

During the testing phase, you need to verify that your application is correctly delivering the clinical outcomes you claim. In addition, it’s worth confirming that GDPR aspects like audit logging are working properly.

7. CE certification

Before you can release your application on the market is to get an MDR CE certificate. This certificate is required in order to market, distribute or sell your application. This has to come from a notified body and will take some months to achieve. At the time of writing, there are only 3 notified bodies: BSI UK, TÜV SÜD and DEKRA. This shortage of notified bodies is likely to delay the certification process.

8. Post-market surveillance

The final stage for MDR-certified products is the need to conduct post-market surveillance. This includes monitoring the use of your application, auditing that it is working as inspected and ensuring you and your suppliers are always technically up to date.

Timeline for developing an MDR-compliant application with Chino.io

How can Chino.io help?

We are the only healthcare platform as a service that is certified for medical devices. We can help you with all the required technology to become GDPR compliant. Our API takes just days to integrate and implements state of the art data security and user management. We are also ISO 13485 certified. This means you avoid the need for additional QMS paperwork If you use our service. As the Gantt chart above shows, we typically save 6-9 months time when developing a simple health application.