This post will be more opinionated than usual. Maybe I am overlooking things; if so, readers are welcome to set me straight.
I attended a small conference today in the Netherlands about eHealth. It was great to great to see how many people were trying to throw their weight behind eHealth initiatives in every possible way: remote monitoring of demented senior citizens by means of picture interpreting software, decision support systems, you name it. It was strange however that basically none of the persons presenting or discussing had considered the possibility that software with an important role in a medical process would need to be validated on another than a purely technical basis (does it work?).
Another case in point is the recently launched online “Health risk test” launched by the Dutch Bronovo hospital. For a mere € 19,95 (for the expert test, there’s a free version too) you can fill in a bunch of information about your yourself, your medical history and your lifestyle and the test will provide you with an overview of risks of you getting a number of the most prevalent diseases. A lot of doctors seem to have cooperated, given the number of pictures of people in white coats on the website.
So, I think: this is a medical device. There is a piece of software running on a server somewhere that applies a model or decision tree and produces a result based on that and serves up the information for medical purposes (diagnosis of health risks) that it obtained directly from a human subject. In other words: fits the definition of software as standalone medical device. So I start looking for the CE sign on the website. No CE sign. I took the test, maybe I overlooked something somewhere. Still no CE sign witnessing that the manufacturer of the test had taken the trouble to properly test the thing and compile a technical file supporting the way the software reaches its conclusions and presents them, for example: does it render the same way in all browsers (I was using Safari, who knows how my results may have been distorted)? Then I heard a radio program on BNR Nieuwsradio saying the Dutch Healthcare Inspectorate (IGZ) also had its doubts about this test because apparently had not been properly validated and might be contrary to the Act on Population Investigation (Wet op het Bevolkingsonderzoek). Apparently the possibility of other infringements, like the Act on Medical Devices, has not occurred even to the Inspectorate yet, or the press has not picked up on it. I couldn’t locate an official statement of IGZ on the subject, so I can’t be sure on this.
It is strange to see how clinicians that are working on eHealth solutions outside a medical devices company seem to have a tendency to completely overlook the possibility that they are putting medical devices on the market and risk being charged with illegal behaviour. In this particular case they may also have contravened some other rules in the process. Maybe I have met the wrong clinicians so far and my impression is incorrect. However, it seems to me that for eHealth to truly take off in a legally compliant fashion, the Dutch medical profession has some serious catching up to do.
medicaldeviceslegal 
Erik Vollebregt considers “Health risk test” as a medical device (“stand alone software”) and falling under the European Medical Device Directive (MDD). However the MDDdefines medical device as any product to be used “specifically for diagnostic and/or therapeutic purpose and to be used for the purpose of diagnosis of a disease, injury or handicap”. It seems to me that Health risk test leads only to a risk estimation of several diseases and a recommendation for further testing and diagnosis.
In Directive 2007/47/EC (amending MDD) is considered: “It is necessary to clarify that software in its own right, when specifically intended by the manufacturer to be used for one or more of the medical purposes set out in the definition of a medical device, is a medical device. Software for general purposes when used in a healthcare setting is not a medicaldevice.” I understand that the test is a risk calculation and not with a purpose of diagnosis of a disease.
Theo, thanks for your comment. We clearly differ in opinion here, because I am of the opinion that the test is a medical device because it draws a clinical conclusion (you have a certain risk to get a particular disease) based on the user’s input. That makes it a clinical diagnosis support system that falls within the scope of the definition of medical device. The fact that it calculates a risk does not detract from that, because many clinical decision support systems only provide risk analyses. This piece of software is (1) specifically intended by its manufacturer (2) to be used for a medical purpose set out in the directive (diagnosis) – and therefore a medical device. The authoritative Swedish competent authority document about medical technology substantiates my conclusion (see par. 8.2.4 about patient portals with added functionality), as well as COCIR’s decision tree for determining whether a particular piece of software is a medical device.
The Company which owns it, à Foundation, has only two people mentioned, only one (NJM Aarts) is à specialist doctor. This Company has also complied for a US Patent. Strange story.