25 1 Apps in healthcare and medical research; European legislation and practical tips every healthcare provider should know Intellectual property If an app is developed by a contracted external developer, a good contract must be in place. It must be clearly defined who is the data processor of the app and who is the manufacturer, and thus who is responsible for compliance to the GPDR and the MDR. Furthermore, it is advisable to record specifically in writing who will have the intellectual property (IP). The party funding the app development will not automatically be the owner of the source code of the app or the IP. If the initiator of the app fails to record the IP, the manufacturer will automatically become the owner of the app.26 This situation can be problematic, when considering the transfer of the app to another external developer, especially if the current developer fails to comply with the agreements or legislations. Privacy and safety Medical apps have to comply to the GDPR and the MDR. When employed in a healthcare facility, you can rely on the expertise of Data Protection Officer (DPO) who is familiar with current rules and regulations regarding data protection. A DPO can help to make sure the app complies with the required legislation. Otherwise, external expertise must be sought to comply to the GDPR. An external app designer/developer that regularly works in the healthcare setting, will be familiar with the processing of personal data and is therefore obliged to have employed a DPO. Additionally, healthcare facilities often employ a MDR expert who can provide support. The ISO 27001, ISO 27002, EN ISO 13485, EN ISO 14971 and ISO/TS 82304-2 standards provide more practical guidelines for building apps that are compliant with the MDR and GDPR. Other agreements It is also advisable to decide on arrangements for situations that one would rather not consider. These situations include bankruptcy of an external manufacturer or a dissatisfying cooperation. In case of bankruptcy, the development and maintenance of mobile applications will stop. The source code will be transferred to a curator or another party (in the case of a takeover of the company). To ensure app development can continue at another chosen manufacturer, the source code must be transferred to the buyer/client/ initiator. Predetermined arrangements, such as a vendor lock, or an escrow agreement must be drawn up.
RkJQdWJsaXNoZXIy MTk4NDMw