Law-based and standards-oriented approach for privacy impact assessment in medical devices: a topic for lawyers, engineers and healthcare practitioners in MedTech
{"title":"Law-based and standards-oriented approach for privacy impact assessment in medical devices: a topic for lawyers, engineers and healthcare practitioners in MedTech","authors":"Yuri R. Ladeia, David M. Pereira","doi":"arxiv-2409.11845","DOIUrl":null,"url":null,"abstract":"Background: The integration of the General Data Protection Regulation (GDPR)\nand the Medical Device Regulation (MDR) creates complexities in conducting Data\nProtection Impact Assessments (DPIAs) for medical devices. The adoption of\nnon-binding standards like ISO and IEC can harmonize these processes by\nenhancing accountability and privacy by design. Methods: This study employs a\nmultidisciplinary literature review, focusing on GDPR and MDR intersection in\nmedical devices that process personal health data. It evaluates key standards,\nincluding ISO/IEC 29134 and IEC 62304, to propose a unified approach for DPIAs\nthat aligns with legal and technical frameworks. Results: The analysis reveals\nthe benefits of integrating ISO/IEC standards into DPIAs, which provide\ndetailed guidance on implementing privacy by design, risk assessment, and\nmitigation strategies specific to medical devices. The proposed framework\nensures that DPIAs are living documents, continuously updated to adapt to\nevolving data protection challenges. Conclusions: A unified approach combining\nEuropean Union (EU) regulations and international standards offers a robust\nframework for conducting DPIAs in medical devices. This integration balances\nsecurity, innovation, and privacy, enhancing compliance and fostering trust in\nmedical technologies. The study advocates for leveraging both hard law and\nstandards to systematically address privacy and safety in the design and\noperation of medical devices, thereby raising the maturity of the MedTech\necosystem.","PeriodicalId":501112,"journal":{"name":"arXiv - CS - Computers and Society","volume":"31 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-09-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"arXiv - CS - Computers and Society","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/arxiv-2409.11845","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Background: The integration of the General Data Protection Regulation (GDPR)
and the Medical Device Regulation (MDR) creates complexities in conducting Data
Protection Impact Assessments (DPIAs) for medical devices. The adoption of
non-binding standards like ISO and IEC can harmonize these processes by
enhancing accountability and privacy by design. Methods: This study employs a
multidisciplinary literature review, focusing on GDPR and MDR intersection in
medical devices that process personal health data. It evaluates key standards,
including ISO/IEC 29134 and IEC 62304, to propose a unified approach for DPIAs
that aligns with legal and technical frameworks. Results: The analysis reveals
the benefits of integrating ISO/IEC standards into DPIAs, which provide
detailed guidance on implementing privacy by design, risk assessment, and
mitigation strategies specific to medical devices. The proposed framework
ensures that DPIAs are living documents, continuously updated to adapt to
evolving data protection challenges. Conclusions: A unified approach combining
European Union (EU) regulations and international standards offers a robust
framework for conducting DPIAs in medical devices. This integration balances
security, innovation, and privacy, enhancing compliance and fostering trust in
medical technologies. The study advocates for leveraging both hard law and
standards to systematically address privacy and safety in the design and
operation of medical devices, thereby raising the maturity of the MedTech
ecosystem.