The medical devices industry has been subject to a growing number of challenging regulations over recent decades. On one side of the chasm is the clearly defined goal of ensuring that end users are rapidly informed about product and document updates. On the other side, privacy regulations have introduced new restrictions on what information can be shared and when.
Both types of regulation are in place to ensure data is deployed safely and consensually. It has resulted in new challenges for eIFU provision in this area – but also new opportunities.
Overcoming challenges
With the publication of Commission Implementing Regulation (EU) 2021/2226 of 14 December 2021, the way users approach eIFU has changed significantly. Before, it was single direction traffic where end users could download documents. But in light of the regulation, end users must be alerted whenever documents are updated.
The new requirement came into effect to benefit end users. But they pose a challenge to individual manufacturers who manage this personal information.
Manufacturers can keep abreast of the changes by ticking off the following checklist:
- End users must be able to opt in and out at their choice.
- Information updates must be as limited as possible.
- Information must be used for the sole purpose of notifying end users.
- Information must be protected from tampering and unauthorised use.
IFUcare combines best of both worlds
IFUcare has fulfilled these requirements by providing end users with an option to subscribe using an email address. This email address, after confirmation by the end user, is stored in encrypted databases to ensure it cannot be used for any purpose other than notifying them of updates. These updates are sent by the system automatically – ensuring they are quick, secure and informative.
IFUcare also ensures that any processed personal information – including, for example, subscriptions, paper copy requests and system users – is covered by the IFUcare privacy policy. Fundamental rights of the individual specified in the legislation – like the right to be forgotten – are enforced. With this approach IFUcare provides both end users and manufacturers with a compliant solution that safeguards the interests of all parties.
Finding advantages
Since eIFU offers a direct channel towards end users, it provides fertile ground for post market surveillance (PMS). Protecting the personal information of end users is an essential consideration while these activities are ongoing. With an eIFU application, such surveillance can be performed without capturing any personal information in the first place.
IFUcare has approached PMS activities by focusing on overall interactions with the application rather than on the individual end users. This allows manufacturers to compare certain metrics of the system versus internal information available to them – all while protecting user privacy. Among the datapoints available for comparison are total amount of downloads of specific products over a designated period with total sales volume, number of subscribers to notifications with customer volume and number of paper copy requests with downloads. An eIFU system also provides a great opportunity to ask users for feedback, providing them access to optional questionnaires which can be filled in.
There are certain considerations to be made and technical challenges to be overcome when combining eIFU provision with privacy stipulations. But taking a sensitive approach means privacy for end users and compliance for the manufacturers needn’t be in tension – they can go hand in hand and provide safe passage across the legislative chasm.
Above all, working with an experienced eIFU platform provider like IFUcare can help medical device manufacturers navigate the legislative landscape and exploit potential benefits on offer. Download the whitepaper on this page to find out more.