To ensure the safety of healthcare products, manufacturers of a medical device are required to guarantee a quality management system (QMS) for the development, production, distribution and service of their product. Even when the product is already on the market, i.e. after it has been put into circulation, important quality management standards have to be met. In addition to this QMS, legislation in Germany requires the implementation of an information security management system (ISMS) for the approval of digital health applications.

The guideline developed by Berlin Cert GmbH within the AIQNET project will help medical device companies and software developers to meet this legal requirement in the future. It describes which additional elements must be implemented by the manufacturer in order to adapt an existing quality management system to the increased requirements in terms of information security in accordance with the regulations. "The guide has been created specifically for the product group of digital health applications. However, it can also be seen as an example of an integrated management system," explains Ulrich Wegener of Berlin Cert GmbH, who developed the guide.

As a notified body in the AIQNET project, Berlin Cert GmbH forms an interface to other notified bodies and supports the consortium with its expertise in conformity assessment and medical technology regulations. For example, the company provides checklists on cybersecurity and artificial intelligence that can be used to implement project content within the regulatory framework.

"Currently, we see that legislators place a high value on the interoperability of digital health care tools. This is precisely a weak point in the current structure of digitization," explains Wegener. "However, the increased focus on IT security and privacy can help modify existing hospital information systems in the future to make the transfer of health data faster and more secure."

This is exactly where AIQNET comes in. A digital ecosystem facilitates the collection and structuring of clinical data using artificial intelligence in a legally secure framework. In the long term, this not only improves the evaluation and thus the safety of medical devices. Also administrative tasks such as documentation in everyday clinical practice can be automated. Moreover, a digital marketplace is being created where innovative applications (apps) for health data are developed and offered. "Our guide can play a major role for these apps in particular. Because ultimately it is a guide through the certification maze. We are pleased to make this important contribution in the AIQNET project and for the information security of health data," says Wegener.