Compliant deployment and data management

The legal deployment of both connected medical devices and SAMD devices is subject to working to rigorous standards and contracts that require complex and sophisticated capabilities to be put in place as well as specialist skills to operate them. It can take months to acquire the personnel and systems and there is always major risk and cost in setting up operations.

Likewise, to access and process fortressed healthcare data requires sophisticated operation and contracts with data providers that go beyond those needed to meet ISO standards.

Camgenium has the regulatory processes, systems and contracts in place to allow us to manage product deployment and to host and process highly sensitive personal data, thus saving many months that would otherwise be required to put these capabilities in place.

In short, Camgenium offers a one-stop-shop solution that meets global healthcare industry requirements for hosting, compliance with laws and regulations, objective evidence reports and if required, third-line support for customers to resolve end-user issues.

Surveillance

A key requirement of ISO 13485, the international medical device standard, is that manufacturers monitor use of their products, capture information about adverse events and ensure that any required reports are provided to the regulatory authority. Camgenium can take responsibility for this aspect of medical device deployment, providing full reports on a regular basis to the client, and ensuring that the complex operations required for medical device deployment are legal and meet regulated requirements.

Systems

Camgenium has regulatory compliant servers in the UK (also covering Europe), USA and Canada that are located across multiple physical sites in each territory for resilience and redundancy. We also manage products on infrastructure belonging to local health services around the world. Using our server estate brings a wide range of benefits, however we can also host products o any compliance Cloud infrastructure, including Azure and AWS.

Security and resilience

We have implemented best-in-class enterprise architecture and security on our systems and we commission regular external penetration tests to ensure that we have no obvious vulnerabilities. We have automated data cloning to remote ready-to-run (warm) secure sites. Our systems and policies have been approved by major healthcare providers around the world including the UK National Health Service (NHS) and several major hospital chains in the USA. We operate several critical frontline health systems for customers with tens of thousands of active patients around the world.

Business recovery and continuity management
Camgenium has tested, audited business recovery plans for our whole infrastructure and operations. If a hosting site becomes unavailable, all operations will continue to run from alternate locations.

Client access to data
Secure, encrypted VPNs with multi-factor security can be provided to allow clients remote access to reports and data. We take responsibility for ensuring that all the requirements of the General Data Protection Regulation (GDPR) and other similar standards are met.

Data management

All data are encrypted on our systems at all times, both in transit and at rest. We use industry standard encryption (AES256). In accordance with international health authority standards, we have implemented secure data destruction methods and issue certificates.

Personal identifiable data

We hold and process identifiable data in the jurisdiction where it originated, and where possible we use anonymisation and pseudonymisation to eliminate risks to personal information.

Control of product and service provision

Maintaining products once deployed is important and occasionally it may be necessary to issue updates. Camgenium uses automated, internal secure systems for ensuring versioning, documentation and software builds. Our test team will have produced a set of largely automated test scripts during development that can allow your entire product to be revalidated each time an update is implemented or maintenance is performed.

The Camgenium eQMS approved audit system is used to maintain all records and provide objective evidence to external auditors. Automated software development tools are used to minimise the risk of errors, track deployed software and provide objective evidence for standards.

Monitoring and reporting

Camgenium uses automated monitoring to ensure problems are immediately identified. We also collect all the information required for health contracts and ISO 27001 in approved audit systems. If required, full reporting can be supplied to the customer on a scheduled basis with all objective evidence necessary for the customer to complete their own certifications and audit.