Corsano has medically certified it's new software platform under ISO 13485 and EU-MDR. Latest technologies have been applied and the Software Development Process has been meticulously documented for CE-MDR and FDA Certification.
Willem Baelde is Corsano's person responsible for regulatory compliance (PRRC). He is responsible for the supervision and control of the manufacture of and the post-market surveillance and vigilance activities of medical devices are carried out within Corsano’s organisation. Willem ensures regulatory compliance:
- The conformity of medical devices is checked in accordance with the QM system (before delivery) (Article 10(9)).
- The technical documentation is kept up to date (Article 10(4) and (6)).
- Market surveillance is performed in compliance with the EU regulations (Article 10(10)).
- The reporting obligations according to the EU regulations are met (Article 10(13)).
- For “investigational devices”, the statement according to Annex XV, Chapter 2 is issued.
The following displays the SW development process and its deliverables:
The 287 runs in its firmware, the medical-grade Philips WEST library, for accurate and reliable vital signs monitoring. In collaboration with Preventicus, MMT-Corsano measures cardiac arrhythmias (like absolute arrhythmia with suspicion of atrial fibrillation, or increased ectopic beats), and to determine plus categorize resting of heart rate (like bradycardia and tachycardia).
The SW system developed is composed by three subsystems. The FW of the module embedded in the medical devices, the Mobile Phones Applications and the Cloud System.
The VitalSigns Optical Library platform is based on Photoplethysmography (PPG) technology. VitalSigns Optical platform uses an optical sensor to measure blood volume variations and an accelerometer to track body motion. A proprietary algorithm extracts and processes the sensor data, factoring out body motion, pigmentation, and ambient light to produce highly accurate results.
The Cloud System
Medical data are highly confidential, and it is important that an unauthorised receiver does not intercept information transmitted from a wireless medical sensor.
Corsano’s Cloud System, including the interface between Mobile Phone Applications and the Cloud, have been developed, validated, and operated appropriately for the intended use of the system. The system complies to regulations and guidelines applicable to organizations that make medical devices and medical software applications. The overall intent is to ensure that medical products are safe for consumers and to ensure the integrity and confidentiality of data used. Cybersecurity requirements of the European Medical Devices Regulations, both pre-market and post-market aspects, are covered. Of particular relevance are those requirements regarding privacy and confidentiality of data associated with the use of MDs that may be outside the scope of the Medical Devices Regulations but are subject to other legislations.
In the context of cybersecurity and within the MDR, the following provisions are relevant:
- Privacy and data protection: General requirements regarding clinical investigations conducted to demonstrate conformity of devices
- Conformity assessment procedures
- Post-market surveillance system of the manufacturer
- Post-market surveillance plan
- Post-market surveillance report
- Periodic safety update report
- Reporting of serious incidents and field safety corrective actions
- Trend reporting
- Analysis of serious incidents and field safety corrective actions
- Technical documentation
- Technical documentation on post-market surveillance
- Clinical evaluation and post-market follow-up
Regarding General Data Protection Regulation (GDPR) recommendations, Corsano applies extensive security.
Appropriate technical and organizational measures are implemented:
- the pseudonymization and encryption of personal data;
- the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
- the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
- a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.