In-house development of medical software
The discussion here focuses on the regulation of in-house produced medical software under EU MDR17. Apart from EU member states, this remains relevant to Northern Ireland and will probably form the basis of what will be required under the new UK medical device regulation (expected 2026).
Clause 4 of the EU MDR states that “devices that are manufactured and used within health institutions shall be considered as having been put into service... [but] .. with the exception of the relevant general safety and performance requirements (GSPR) set out in Annex I, the requirements of this Regulation shall not apply to devices manufactured and used only within health institutions established in the Union, provided that all the conditions set out in Article 5.5 are met". This has become known as the Health Institution Exemption (HIE), but the basic (GSPR) requirements that must still be followed would prove onerous for most hospital clinical scientific computing departments.
The UK MHRA produced guidance on the HIE back in 2021 but this was withdrawn when the EU MDCG produced its guidance on the subject in 2023. Writing from a developers point of view, the UK's Institute of Physics and Engineering in Medicine (IPEM) has also produced guidance for clinical and engineering staff working in UK hospitals.