Show as: Mobile

Applying the Regulations for Health Apps and Medical Device Software

Course summary
Professional Training
5 weeks
810 GBP excl. VAT
Online courses
Course Dates
Online courses
810 GBP
Enquire for more information

Course description

Applying the Regulations for Health Apps and Medical Device Software

Are you aware of the methodologies available to identify and manage risk associated with your software? Is your software product compliant with the recent usability and effectiveness guidelines laid out in the Medical Device Regulation (MDR)?

Health software qualifying as a medical device must comply with the general safety and performance requirements (GSPR) pertaining to safety and security. In addition, under the MDR, developers must demonstrate compliance with development guidelines (such as IEC 62304 and IEC62366) ensuring user-friendly and effective devices. Using practical examples, this 6-module course teaches you bes tpractices to apply EU safety and security regulations ensuring your device is fully compliant. You will also learn various testing and evaluation strategies outlined in the MDR to create apps and software that meet usability and effectiveness requirements.

If you are involved in the development of health software, or responsible for regulatory or developmental control, then this course details everything you need to know to ensure you are compliant with the evolving MDR

Suitability - Who should attend?

This course is a suitable follow on for attendees from Navigating the Regulations online course and is also suitable for professionals who work in software development who wish to further their understanding of how to apply the EU regulations to their product. Popular areas include:

  • Regulatory Affairs
  • Quality control
  • Software Development
  • Software Engineering
  • Clinical Evaluators
  • Post-market vigilance

Outcome / Qualification etc.

  • Understand the importance of cybersecurity for health apps by learning about the key principles of data integrity
  • Learn to minimise safety and security risks by applying methodologies detailed under GSPR
  • Understand key risk management strategies to adequately identify safety and security risks associated with your software
  • Develop your project management techniques to maximise the efficiency of your daily processes and effectively design your device
  • Build-on your knowledge of the International Standards relating to the usability of your software device
  • Discover key considerations for clinical investigations, evaluations and post-market activities for your device
  • Apply a range of different software platforms, plugins and design controls to your own health app or software

Training Course Content

Module 1

General safety and performance requirements and technical documentation

  • General safety and performance requirements (GSPR)
  • Safety-related requirements
  • Security-related requirements
  • Performance-related requirements
  • Harmonized standards and the role of Annex ZD to prove GSPR are met
  • Risks associated with the IT environment and devices connected to them (MDR GSPR 14, 18 and IVDR GSPR 13)
  • Aspects relevant for devices that incorporate electronic programmable systems and software that is a device in itself (MDR GSPR
    17 and IVDR GSPR 16)
  • Information for the instructions for use of software (MDR GSPR 23 and IVDR GSPR 20)
  • Electronic Instructions for Use (eIFU; Regulation 207/2012)
  • Practical construction of a technical file

Module 2

Safety Risk Management: Creating, implementing and using safe health software

  • Process and Terminology
  • Process: identify, assess, evaluate and control risk
  • Causal chain terminology
  • Risk Identification Methodologies
  • Checklists
  • Hazard and Operability Analysis (HAZOP)
  • Methodology
  • HAZOP applied on a grey box
  • HAZOP applied on software requirements
  • HAZOP applied on procedures
  • Failure Mode and Effect Analysis (FMEA)
  • Methodology
  • Limitations
  • Aspects to consider when identifying risks
  • Risk Assessment Methodologies
  • Fault Tree Analysis
  • Probability and severity of harm
  • Risk Evaluation Methodologies
  • Risk acceptability
  • Benefit-risk determination
  • Risk Control Methodologies
  • Safety Case
  • Regulatory requirements and standards
  • Safety of health software (IEC 82304)
  • Risk management (EN IEC/ISO 14971 and ISO 24971and IEC/TR 80002-1)
  • Process interfaces with Clinical Evaluation, Design and Development,
  • Vigilance Reporting and Post-Market Surveillance processes

Module 3

Cybersecurity Risk Management: creating, implementing and using secure health software

  • Assuring information integrity, security and privacy (ISO/IEC 27001)
  • Practical design of secure software
  • Security Risk Management
  • Process maturity
  • Security awareness
  • Penetration testing
  • Manufacturer Disclosure Statements
  • Patching strategy
  • Secure Disposal and Reuse
  • Assuring the security of products that contain third party components
  • Balancing safety with security
  • Applicable information integrity security and privacy legislation

Module 4

Controlled design of health software

  • Software Life Cycle Process (IEC 62304)
  • Software Development Requirements and Design Controls
  • Agile software development
  • Management of software suppliers
  • Use of open source software
  • Software platforms and plugins
  • Legacy software
  • Project management, development planning and change management
  • Requirements management
  • Software architecture anddesign
  • Development
  • Configuration management
  • Software verification and validation

Module 5

Creating user-friendly software

  • Usability (IEC 62366)
  • Formative and summative testing
  • Cognitive walk-throughs
  • Heuristic Evaluations
  • User Evaluations
  • Practical design of user-friendly software
  • Interface with risk management

Module 6

Clinical evaluation, post-market surveillance and vigilance

  • Clinical investigation
  • Clinical evaluation
  • Post-Market clinical follow-up
  • Post-Market Surveillance
  • Vigilance reporting
  • Medical incident and (near-) incidents
  • Periodic safety updates
  • Issuing a field service notice and collecting customer reply forms
  • Trend reporting

Why choose PTI

On average, delegates of their online academies said: 

Quality of content:


85% had applied content during the course to their role

Delivery rating:


Get Inspired! Watch the Video

About provider

PTI - Pharmaceutical Training International - Training for the Pharma Industry

PTI is the global leader in professional education for the pharmaceutical industry, delivering a broad course portfolio that covers the industry spectrum: R&D, Clinical Development, Generics, Bio-pharmaceuticals, fine Chemicals, Agro-chemicals, Medical Devices, Animal Health, Manufacturing and Regulations. PTI's open courses,...

Read more and show all courses with this provider

Contact info



 Show phone number