Within the European Union, software used for diagnostic and therapeutic purposes is considered a medical device and needs to comply with the European Medical Device Regulation (2017/745). Our products, which are intended to support physicians in diagnosing severe conditions, are generally classified as class IIb, meaning they require review by a Notified Body to verify they conform to EU legislation (Conformité Européenne or ‘CE’). Our company is audited yearly by DEKRA Certification B.V. to ensure that our devices and operations continue to comply with the regulatory requirements.

Contact [email protected] for obtaining the most recent copy of our CE certification under MDR 2017/745.

Our clinical devices make use of our Veye Engine software. Veye Engine is positioned between the clinical device and the customer system to ensure smooth data transfers and pseudonymisation of patient data. Veye Engine is considered a medical device accessory and is cleared through notification at the Dutch Healthcare Inspectorate (IGJ).

Under the European Medical Device Regulation, Aidence has appointed a Person Responsible for Regulatory Compliance (PRRC). The role is currently executed by our Head of Regulatory Compliance, Leon Doorn.

The regulatory system within the UK broadly aligns with the European system applicable to medical devices. We will be appointing our UK registered office to fulfil the UK responsible person role as required per September 2021 and register our products with MHRA before that date.

We are pursuing UKCA certification as soon as possible (pending accreditation of the certification body) with our current (CE) certification body. The UKCA mark will be mandatory for our products per 2023.

Our products are currently not certified for use in the US market.

In Canada, Class II-IV medical devices require a Medical Device License (MDL) before market use. An MDL is a product approval, similar to a CE certificate and a 510(k) certification.

We have obtained the MDL for Veye Lung Nodules. The licence can be viewed here.

When applying for an MDL, it is required to have an MDSAP certificate that covers Canadian requirements. Therefore, gaining an MDL also shows we meet the requirements of the Canadian Medical Devices Regulation SOR/98-282.  

ISO 27001

The ISO 27001 documents the Information Security System requirements for organisations. It includes requirements around confidentiality, integrity, and availability of information. Amongst others, Annex A supports organisations to implement technical and organisational measures to protect information that is important to those organisations.

You can download a copy of our ISO 27001 certificate here.

MDSAP

The Medical Device Single Audit Program (MDSAP) certificate aims to fast-track the regulatory process in five countries – the US, Canada, Japan, Australia, and Brazil – by managing a single quality system audit in place of multiple audits. The programme extends the ISO 13485 requirements to local legislation for the participating countries.

You can download a copy of our MDSAP certificate here.

The CE marking for medical devices requires the implementation of many more standards. Our company and products thus comply with:

IEC 62304 – Regarding Software Lifecycle Processes
IEC 82304 – Product Safety Requirements for Health Software
ISO 14971 – Regarding Risk Management
ISO 15223 – Use of symbols on medical devices
IEC 62366 – Regarding usability engineering

Our specific field further lays down product standards such as:

NEMA PS3 / ISO 12052 – Digital Imaging and Communications in Medicine (DICOM)
DCB 0129 – Regarding Clinical Risk Management (UK specific standard)

In line with DCB 0129, Aidence has appointed a Clinical Safety Officer, which is our Chief Medical Officer (CMO), Joris Wakkie. When necessary, external registered clinicians are supporting us in the conduct of clinical risk assessments.

Compliance documentation is available upon request.

ISO standards (under development)

Aidence is an active member of the SC 42 standards committee for ISO. SC 42 aims to develop ISO standards and reports with regards to Artificial Intelligence. Time permitting, we actively contribute to the developments of standards.

For further details on SC42, refer to https://www.iso.org/committee/6794475.html.

GDPR EU and UK

As our company processes (Data Processor) Personal (health) Data belonging to EU and UK citizens, we must comply with the relevant privacy legislation (e.g. EU and UK versions of the GDPR). Our company is bound to strict Data Processing Agreements with each customer. The customers clarify how Aidence can process data on their behalf as a Data Controller.

You can read more about our data processing activities in our Data Processing Policy. To better understand how we process your data through our website, contact forms or email, read up on our Privacy and Cookie Policy.

Aidence has appointed a Data Protection Officer (DPO) to help ensure that personal data is processed in line with the requirements set out by the privacy legislation. Our DPO is the Head of Regulatory Compliance, Leon Doorn.

HIPAA Compliance

Currently not applicable as we are not conducting any commercial activity within the U.S.