Privacy and compliance in the medical industry: how firms can walk the tightrope

Recent changes in eIFU regulations have changed the way medical device firms operate. Utilising the power of eIFU innovations can help them adapt

The medical devices industry has been subject to a growing number of challenging regulations over recent decades. On one side of the chasm is the clearly defined goal of ensuring that end users are rapidly informed about product and document updates. On the other side, privacy regulations have introduced new restrictions on what information can be shared and when.

Both types of regulation are in place to ensure data is deployed safely and consensually. It has resulted in new challenges for eIFU provision in this area – but also new opportunities.

Overcoming challenges

With the publication of Commission Implementing Regulation (EU) 2021/2226 of 14 December 2021, the way users approach eIFU has changed significantly. Before, it was single-direction traffic where end users could download documents. But in light of the regulation, end users must be alerted whenever documents are updated.

The new requirement came into effect to benefit end users. But they pose a challenge to individual manufacturers who manage this personal information.

Manufacturers can keep abreast of the changes by ticking off the following checklist:

  • End users must be able to opt in and out at their choice.
  • Information updates must be as limited as possible.
  • Information must be used for the sole purpose of notifying end users.
  • Information must be protected from tampering and unauthorised use.

IFUcare combines the best of both worlds

IFUcare has fulfilled these requirements by providing end users with an option to subscribe using an email address. This email address, after confirmation by the end user, is stored in encrypted databases to ensure it cannot be used for any purpose other than notifying them of updates. These updates are sent by the system automatically – ensuring they are quick, secure, and informative.

IFUcare also ensures that any processed personal information – including, for example, subscriptions, paper copy requests, and system users – is covered by the IFUcare privacy policy. Fundamental rights of the individual specified in the legislation – like the right to be forgotten – are enforced. With this approach, IFUcare provides both end users and manufacturers with a compliant solution that safeguards the interests of all parties.

Finding advantages

Since eIFU offers a direct channel for end users, it provides fertile ground for post-market surveillance (PMS). Protecting the personal information of end users is an essential consideration while these activities are ongoing. With an eIFU application, such surveillance can be performed without capturing any personal information in the first place.

IFUcare has approached PMS activities by focusing on overall interactions with the application rather than on the individual end users. This allows manufacturers to compare certain metrics of the system versus internal information available to them – all while protecting user privacy. Among the data points available for comparison are the total amount of downloads of specific products over a designated period with total sales volume, number of subscribers to notifications with customer volume and number of paper copy requests with downloads. An eIFU system also provides a great opportunity to ask users for feedback, providing them access to optional questionnaires which can be filled in.

There are certain considerations to be made and technical challenges to be overcome when combining eIFU provision with privacy stipulations. But taking a sensitive approach means privacy for end users and compliance for the manufacturers needn’t be in tension – they can go hand in hand and provide safe passage across the legislative chasm.

Above all, working with an experienced eIFU platform provider like IFUcare can help medical device manufacturers navigate the legislative landscape and exploit potential benefits on offer. Download the whitepaper on this page to find out more.

Practical steps to a successful eIFU implementation

The advantages of moving away from physical instructions for use to eIFUs are well known. Operators can save time, prevent legal missteps and ultimately raise revenues via the efficiencies on offer from digitised instructions. But the transition must be managed carefully. Regulatory requirements can vary across markets, Notified Bodies need to be kept in the loop and customers should be kept aware of how they can obtain their IFUs. Working with an expert partner can help surmount the potential hurdles and funnel the benefits through to end users more quickly. IFUcare are the regulatory experts in MD and IVD, with years of experience channelled into developing a full-service eIFU solution. Fill in your details to get the lowdown on overseeing a successful eIFU transition and how IFUcare could help.


ISO 13485 and ISO 27001 certified
Pas 257, 2440 Geel BELGIUM
+32 (0)14 49 04 22

Ⓒ2023 QARAD. All right reserved

IFUcare and Qarad are part of the