Healthcare & MedTech
MDR/IVDR-compliant medical software, telemedicine, EHRs, AI-assisted diagnostics, HL7/FHIR integration, patient portals, clinical-trial management. Healthcare GDPR + ISO 13485 compliance.
What we typically cover
- Telemedicine + e-prescription
- Electronic Health Records (EHR)
- AI-assisted diagnostics
- HL7 / FHIR integration
- Clinical trial management
- MDR / healthcare GDPR compliance
Typical use cases
Private clinic replacing paper records with a compliant EHR
A medical practice or outpatient facility moving away from paper and spreadsheets to centralise patient data with proper access controls. They reach us after a failed attempt with off-the-shelf software that couldn't meet GDPR health data requirements or lacked audit trails.
MedTech startup navigating SaMD classification for the first time
A team with a working diagnostic algorithm or medical app hitting the MDR/IVDR wall for the first time. They come to us when they realise that a CE mark requires structured technical documentation, a QMS, and a defined software lifecycle — not just a functioning product.
Hospital system connecting siloed HIS, LIS and RIS via FHIR
Healthcare providers with multiple legacy systems that need to expose structured data to patients or third-party apps via HL7 FHIR R4. The recurring problem: each vendor claims integration is the other vendor's responsibility. We own the middleware layer.
Pharma or CRO moving clinical trial data off spreadsheets
Life science companies that need audit-ready trial data management, digital informed consent, and 21 CFR Part 11 or EMA Annex 11 compliance. They contact us when manual processes are creating data integrity risks ahead of a regulatory submission.
Frequently asked questions
Do you actually know MDR, or will you be learning on our project?
We have a dedicated healthcare vertical. Our team is familiar with SaMD classification, IEC 62304 software lifecycle requirements, IEC 62366 usability engineering, and Technical File structure. If you have partial documentation, we build on it. If you're starting from scratch, we scope the compliance work before writing any code.
Where is patient data hosted, and how is it protected?
EU-based cloud infrastructure only — AWS Frankfurt or Azure Netherlands, or on-premise if that's your policy. We apply pseudonymisation, AES-256 encryption at rest and in transit, full access logging, and configurable retention periods. We sign a DPA before handling any data and support your legal or DPO team through architecture review.
Can you integrate with our existing HIS without the vendor's cooperation?
Often yes. Most legacy HIS systems expose HL7 v2 feeds or FHIR endpoints that go unused. We start with an interface mapping exercise before estimating effort. Where vendor cooperation is genuinely required, we help you frame the technical request. Integration timelines are usually driven by the legacy system, not by our development.
We want AI-assisted diagnostics. What are the regulatory implications?
AI used for diagnostic purposes typically falls under MDR Class IIa or IIb depending on intended use and risk profile. That means a clinical validation process, model transparency documentation, and training dataset governance — none of which we skip. We map your intended purpose to the correct classification before any technical scoping.
What does your involvement look like post-launch for a regulated product?
For SaMD, post-market surveillance is a regulatory obligation, not optional support. We set up automated anomaly monitoring, manage the Post-Market Clinical Follow-Up data feeds, and handle software change documentation so every update stays within your approved Technical File. You get a defined change control process, not ad-hoc patches.
Need technical support?
We're ready to step in.
Fill in the form or chat with our AI assistant: we'll get back to you within 24 working hours.