MDR, DiGAV, BSI TR-03161 and data protection test criteria for DiGAs
Quicker out of the DiGAV compliance gap
DiGA manufacturers are currently under pressure to implement significant additional regulatory requirements. Deadlines for the following cost-intensive certifications also apply to existing digital health applications (DiGAs):
- BSI certificate data security according to BSI TR-03161 required from 01.01.2025
- Data protection certificate in accordance with the data protection test criteria for DiGAs and DiPAs (BfArM)
Plan B for DiGA manufacturers:
mHealth Suite instead of individual improvements
The mHealth Suite infrastructure platform offers a fast and cost-efficient plan B fortherapy services as digital health applications (DiGAs). During product development with the mHealth Suite, conformity with MDR, DiGAV, the “Test criteria for data protection for DiGAs and DiPAs” (BfArM) and data security in accordance with BSI TR-03161 is always included.
The modular and indication-agnostic software technology of the mHealth Suite platform realizes your individual product for your medical content and therapy logic – DiGA-ready in 8 weeks.
Yes, it is possible to move an existing digital health product to the mHealth Suite. Thanks to the high configurability and modularity of our platform, a large number of mHealth product workflows can be integrated quickly. Individual components can also be added for specific requirements. In addition, the switch not only ensures legal compliance through continuous monitoring of MDR, GDPR and DIGAV, but also includes maintenance, hosting and regular updates to ensure regulatory compliance. In addition, our platform enables scalable further development of your product, which not only makes further development technically easier, but also more cost-efficient.
Yes, the security of patient data is integrated into our system architecture from the ground up through the principle of ‘security by design’. All data is stored exclusively in certified cloud services in Germany or Europe that have the C5 certificate. Information security is ensured through the application of ISO 27001. We have already started the process of certifying the mHealth Suite in accordance with BSI TR-03161.
The PECAN procedure for eligibility for reimbursement in France has very similar requirements, so that no problems are to be expected here either. Another reimbursement system exists in Belgium and is planned for Austria. No equivalents of the DiGA fast track have yet been established for other countries.
Our solution for DiGA manufacturers
The mHealth Suite reduces costs and shortens timelines
✔ Data protection and data security
DiGA products by mHealth Suite fulfill the requirements for proof of data protection according to the test criteria of the BfArM (Federal Institute for Drugs and Medical Devices) – as well as for data security according to the Technical Guideline TR-03161 of the BSI (Federal Institute for Information Security).
✔ MDR and DIGAV conformity
A DiGA product by mHealth Suite meets the requirements of the MDR and DiGAV at all times. The highly automated requirements and documentation management also facilitates further development and scaling.
✔ Carefree package
These services are regularly included in the license price of the mHealth Suite
- Development
- Maintenance costs for apps
- Maintenance costs for servers
- Hosting for servers
- Operation of servers
- Third-level support
- Technical assistance with second-level support
- Further development (limited): Your content adaptations, optimized approach to patients, possibly supplementary exercises, up to improvement of therapy concept
- Achievement, monitoring of conformity plus any necessary adjustments*:
- Medical Device Regulation (MDR)
- Digital Health Applications Ordinance (DiGAV)
- BSI TR-03161 – Technical Guideline Cybersecurity
- Data protection test criteria for DiGAs and DiPAs (BfArM) including establishment of GDPR processes with the help of ready-made templates
* excl. certain manufacturer obligations that we as a supplier cannot/may not assume
What is conceivable is now also feasible
Next level for your DiGA within 8 weeks
Always on the safe side
"My DiGA product by mHealth Suite is sustainably compliant with regulations"
- Digital therapy
- Digital therapy support