On 20.02.2025, both a new version of the German Medical Devices Operator Ordinance (Medizinproduktebetreiberverordnung – 𝗠𝗣𝗕𝗲𝘁𝗿𝗲𝗶𝗯𝗩 ) and an amendment to the Medical Devices Dispensing Ordinance (Medizinprodukte-Abgabeverordnung – 𝗠𝗣𝗔𝗩 ) came into force.
The starting point for these regulations was an evaluation of the existing legal situation by the Federal Ministry of Health (Bundesministerium für Gesundheit). It became clear that there is a need for amended regulations due to increasing digitalization and the experience gained during the coronavirus pandemic. Advancing digitalization in particular is a key driver for these regulations.
The most important changes of the MPBetreibV at a glance:
1. Extension of the scope of application
The MPBetreibV now also applies to the operation and use of devices in accordance with Annex XVI of Regulation (EU) 2017/745 (MDR). These are devices without a medical purpose in accordance with Art. 1 Para. 2 MDR, such as for removing the upper layers of the skin (“skin resurfacing”) or for removing hair (“intense pulsed light method”).
2. Amendments to the definitions
a. New definition of user
The previous term “Anwender” (user) is replaced by “Benutzer” (user excluding laypersons). “Benutzer” is anyone who uses a device on a patient within the scope of the ordinance, excluding laypersons. The new term clarifies that the term user does not refer to the “user” (Anwender) according to the MDR, which can also include laypersons.
b. New term “provider”
The term “provider” is newly defined. “Provider” is anyone who has to provide products to patients on the basis of a legal or contractual obligation. This refers in particular to health insurance funds, accident insurance funds and long-term care insurance funds.
3. New requirements for software and IT security
a. Re-instruction after updates
Whereas previously only a one-off briefing on the handling of products was mandatory, a new briefing may now be required. This is the case if an update to the software brings significant changes in operation, as it may be the case when the UI design is redesigned. In this respect, it is interesting to note that the legislator continues to assume that users cannot be assumed to have sufficient digital literacy per se.
b. Software maintenance
The obligation to maintain products is again emphasized and clarified. Regarding software, it is now explicitly stated that maintenance also includes the installation of available security-relevant software updates, such as security patches.
c. IT security checks for high-risk software
Software that constitutes a class IIb or III medical device according to the MDR or an in-vitro diagnostic device according to classes C and D of Regulation (EU) 2017/746 may only be operated or used if the manufacturer or an authorized person has previously checked that it has been properly installed and has been instructed in its use and operation.
If such software is operated or used in a healthcare facility, a regular IT security check must be carried out (generally every 2 years). This can include, for example, testing existing interfaces (such as WLAN, Ethernet or Bluetooth) or accompanying hardware (such as cabling, routers or peripheral devices). It is interesting to note that although the MPBetreibV stipulates that an IT security check must be carried out by specially qualified persons, it only refers to the recognized rules of technology with regard to the content of the check. In this respect, the manufacturer may need to be involved.
4. Ban on the use of single-use devices that are CE reprocessed
The draft revision of the MPBetreibV originally stipulated that the reprocessing and reuse of single-use devices that are either CE reprocessed (Art. 17 para. 2 MDR) or CS reprocessed (Art. 17 para. 3 and 4 MDR) is permitted. This was amended by resolution of the Federal Council of 05.07.2024 (Bundesrat Drucksache 251/24). Accordingly, the use of single-use devices that are CE-processed in accordance with Art. 17 para. 2 MDR is not permitted.
The basis for this ban is that in the case of reprocessing in accordance with Art. 17 para. 2 MDR, it is currently not ensured that only those single-use devices are reprocessed that were used for the first time by another operator in accordance with their instructions for use and intended purpose, that there were no malfunctions and that the devices were not incorrectly handled, transported, stored or used on critical patients. In this respect, the reuse of such products is associated with an increased risk for patients that cannot be justified at present.
The most important amnemdnets of the MPAV at a glance:
1. Extension of the scope of application
Like the MPBetreibV, the MPAV now also applies to devices in accordance with Annex XVI of Regulation (EU) 2017/745 (MDR).
2. Removal of the dispensing restriction for certain in-vitro diagnostics
According to the previous version of the MPAV, in-vitro diagnostics intended for the direct or indirect detection of a pathogen for the diagnosis of a disease or infection with a pathogen within the meaning of Section 24 S. 1 and S. 2 IfSG may only be supplied to healthcare professionals. This dispensing restriction has now been lifted.
This lifting is based on the view that such a ban has disadvantages that make it no longer appear justified in view of the advantages of lifting it (e.g. faster detection of infectious diseases or faster initiation of further measures). In addition, the positive experience gained during the coronavirus pandemic is added to this: It can be assumed that laypersons will strive to improve their own health and seek medical treatment if the test results are positive.
Overall, it should be noted that the new version of the MPBetreibV in particular raises safety standards to a higher level, especially with regard to software as a medical device. At the same time, however, the new regulations also lead to additional bureaucracy, such as the obligation to prepare a report on IT safety checks. Manufacturers and operators are now required to take a close look at their existing processes and adapt them if necessary.
