OLG Hamburg on the risk classification of medical device software
With the introduction of the MDR (Regulation (EU) 2017/745) and Rule 11 in particular, the requirements for the risk classification of medical software have been significantly tightened, as software that provides information for diagnostic or therapeutic decisions is generally assigned to at least Class IIa; the Higher Regional Court of Hamburg confirmed in its decision of 22.09.2023 that the provision of such information alone is sufficient for a higher classification - regardless of whether the software itself makes a diagnosis - and emphasized the priority of health protection, even if this broad interpretation is sometimes viewed critically by experts.
Teilen Sie diesen Beitrag:
Teilen Sie diesen Beitrag:
Introduction of MDR and Rule 11 in the software sector
With the introduction of Regulation (EU) 2017/745 (“MDR”), there have been major changes, particularly in the software sector. Due to the introduction of the new “Rule 11” (Annex VIII of the MDR) as a special classification rule for software, the risk classifications of many products that were still approved under the old legal situation (the Medical Devices Directive) cannot be seamlessly transferred to the MDR. In most cases, Rule 11 results in a higher classification than the previous provisions of the Directive. Rule 11 reads as follows:
“Software intended to provide information that is used to make decisions for diagnostic or therapeutic purposes is in class IIa, unless these decisions have an impact that may cause the following:
- the death or irreversible deterioration of a person’s state of health, in which case they are assigned to Class III, or
- a serious deterioration in a person’s state of health or a surgical intervention; in this case, it is assigned to class IIb.
Software intended for the control of physiological processes is in Class IIa, unless it is intended for the control of vital physiological parameters, in which case the nature of the change in these parameters could lead to immediate danger to the patient, in which case it is in Class IIb.
All other software is assigned to Class I.”
Decision and reasoning of the OLG Hamburg
The reason for the lawsuit was a competition law case in the form of an injunction. The parties to the proceedings were two competitors from the medical sector. The subject matter of the dispute was software that was marketed by the defendant as a medical device in risk class I in accordance with the MDR. According to the instructions for use, images were to be sent to dermatologists via the software, which they could “assess” in the form of a “visual diagnosis”. The applicant objected to this, as a higher risk class would be necessary due to the way the software works.
The Senate ruled in favor of the applicant and, referring to the wording of Rule 11, stated in its decision that it depends on whether the transmitted information is used for diagnostic or therapeutic purposes. It did not matter whether the software itself carried out a diagnosis or evaluation. The wording of Rule 11 is unambiguous and not, as claimed by the defendant, “unsuccessful”. There is no room for a restriction such as that made by the defendant due to the inherent assurance of a high level of health protection for patients and users in the MDR.
In addition, the Senate rejected the view that the classification of a medical device in risk class IIa or higher should be based on the risk to the patient compared to conventional treatment, as there is no indication of this in the MDR.
In addition to the comments on Rule 11, it is interesting to note that the Senate waived the granting of a period for use or conversion, within which the defendant could have continued to leave the software on the market if it had been granted, while at the same time going through the certification process of the product with a notified body. With reference to health protection, the Senate argued that the defendant could have already taken the necessary measures with the warning (preparation of a distribution ban or initiation of a conformity assessment procedure involving a notified body).
Reactions and criticism of the ruling and possible effects
Although it can be assumed that the ruling will not initially have any precedential effect, it shows how important it is to carry out a risk classification in accordance with the law in order to avoid legal disputes and the possible subsequent ban on distribution. BAYOOCARE will be happy to help you with this.
Scope for action in practice
For hospitals, this means that they must first check all AI systems used and classify them according to risk categories. Based on this, it is advisable to set up an interdisciplinary committee that combines supervision, ethics and IT security. This is the only way to answer technical, legal and clinical questions consistently.
It is equally important to involve the employees: Training and further education will become an integral part of everyday clinical practice. At the same time, a culture must be created in which mistakes are openly documented and reflected upon instead of being swept under the carpet. Finally, communication with patients must not be neglected. They have a right to know when AI is involved in their treatment and to request a human review if they wish.
