We're on Medica 2023, come say "hi" and connect in Hall 12, Booth E53-03!

Back to blog

Mastering MedTech Startup Life Cycle

post illustration

Introduction

In the intersection of healthcare and technology, MedTech startups are driving revolutionary changes that have the potential to redefine healthcare delivery and patient outcomes.

Navigating the life cycle of a MedTech startup, however, demands a careful balance of innovation, regulatory compliance, and market strategy. In this article, we explore the key stages of a MedTech startup life cycle and offer insights on how to expedite your path to the much-anticipated launch day.

Stage 1: Idea Conception and Validation

Every MedTech journey begins with an innovative idea that seeks to address a healthcare challenge or gap in the market.

The first stage of the life cycle involves conceptualizing this idea and validating its potential. Startups should engage in extensive market research and solicit feedback from stakeholders to validate the viability and demand for their idea.

To speed up this stage, consider leveraging digital tools for market research and feedback collection. Online survey platforms, social media, and digital health forums can provide rapid, widespread feedback that can refine your idea and ensure it addresses a genuine market need.

After conception, validation becomes paramount. This stage confirms the idea’s technical feasibility, market viability, and regulatory compliance. It requires verifying that the solution can be technically implemented, identifying the potential market, and understanding regulatory requirements.

The involvement of key stakeholders such as clinicians, patients, and administrators during validation can provide insightful feedback, enabling a check on the potential acceptance and use of the solution.

Usually, MedTech innovations hinge on well-conceived and thoroughly validated ideas. By ensuring your solutions meet technological, market, and regulatory demands, you can drive significant improvements in healthcare and move to the next stage, where everything is about the product.

Stage 2: Product Development

The next stage in the MedTech startup journey is product development.

Here, the validated idea transforms into a tangible product through a process that includes designing, prototyping, and testing. It’s crucial that the development process adheres to strict industry standards and regulatory requirements.

Adopting a lean startup methodology can expedite this stage. Focus on developing a minimum viable product (or MVP) that fulfills the core function of your solution. Iterative improvement based on user feedback can streamline the development process and ensure your product effectively meets user needs.

Stage 2.5: Medical Data Management

Creating a robust data management infrastructure is essential for a medical device startup. It enables you to harness data for innovation, regulatory compliance, and value delivery.

First, identify your needs and objectives, determining what data will be collected and how it will be used. Then, select the appropriate technology stack or an out-of-the-box platform for data storage, processing, sharing, and analysis in adherence to regulatory standards.

Given the sensitive nature of patient data, privacy, and security are paramount.

Make sure you incorporate E2E encryption, role-based access control, and regular auditing in your infrastructure design, ensuring compliance with healthcare-specific regulations like HIPAA or GDPR. It may also be useful to check your compliance with standards like FHIR.

Emphasize data quality management through rigorous validation, cleansing, and enrichment processes. Include data analysis and visualization tools in your infrastructure to derive actionable insights.

You can expedite this stage if you start looking for an out-of-the-box solution, like iCure. We’re a medical data utility company that takes up on the ‘boring’ part and lets you focus on your product and perfecting it for the end users.

iCure helps you to:

  • Easily develop tailored and interoperable innovative eHealth solutions
  • Launch projects at low cost within months instead of years
  • Connect your existing solutions into a full ecosystem based on FHIR, IHE Profiles, and international standards

Whatever option you’re going with, remember that your medical data management & infrastructure design should be iterative and adaptable to technological and regulatory changes.

Stage 3: Regulatory Approvals

Regulation is an integral aspect of the MedTech industry.

For products to reach the market, they need to meet regulatory standards, which may involve rigorous testing and extensive documentation. This ensures the product is safe and effective for end-users.

Navigating the EU regulatory landscape is a crucial task for MedTech startups that can’t be underestimated. Primary regulatory frameworks include the Medical Devices Regulation (MDR 2017/745) and the In Vitro Diagnostic Regulation (IVDR 2017/746), which impose stringent safety, efficacy, and quality requirements.

Medical devices are classified into four classes - I, IIa, IIb, and III, each requiring a specific conformity assessment procedure. All devices must meet the general safety and performance requirements (GSPRs) outlined in the MDR or IVDR.

To prove conformity with the GSPRs, most devices need evaluation by a Notified Body.

This organization reviews technical documentation, verifies manufacturing processes, and may conduct audits or inspections. After a successful assessment, the Notified Body issues a CE certificate, allowing the manufacturer to place a CE mark on the product, prepare an EU Declaration of Conformity, and register the device in the European database for Medical Devices (EUDAMED).

For Class I devices without a measuring function or sterilization, manufacturers can usually self-certify, eliminating the need for a Notified Body. The regulatory journey, although complex, ensures patient safety and paves the way for medical innovation.

Data security is also a big part of regulatory compliance. Ensure that your infrastructure design includes end-to-end (E2E) encryption, role-based access control, and regular auditing to comply with healthcare-specific regulations such as HIPAA or GDPR. This is easy to accomplish with the right medical data platform.

Knowing the regulations, standards, and common issues in your geographical target market will help avoid costly mistakes and delays, speeding up your Launch Day.

Stage 4: Clinical Trials

Clinical trials test the safety and effectiveness of the MedTech product in real-world settings. They provide the empirical evidence needed to demonstrate that a product is safe and effective for its intended use.

As such, they are integral to obtaining regulatory approval, securing investments, and gaining the trust of healthcare providers and patients.

Clinical trials in MedTech generally involve multiple phases, each with distinct goals and requirements:

  • Preclinical Trials: Preclinical trials are usually conducted in the laboratory using in vitro methods or on animals. These trials aim to provide preliminary evidence of the product’s safety and functionality. They also inform the design of subsequent human trials.
  • Phase I Trials: Phase I trials, also known as first-in-human trials, primarily focus on safety. A small number of healthy volunteers (typically between 20 to 100) are exposed to the MedTech product to identify any potential side effects and determine its basic parameters. For example, in the case of a new medical device, it could involve evaluating the safety of the device in a controlled setting.
  • Phase II Trials: In Phase II, the product is tested on a larger group of patients, typically up to a few hundred, to assess its efficacy and further evaluate its safety. For a MedTech product, this might involve a controlled study comparing the new device to existing treatments or the standard of care.
  • Phase III Trials: Phase III trials involve a larger patient group, often in the thousands, and are usually randomized and controlled. They aim to confirm and expand on safety and effectiveness results from Phase II, monitor side effects, and sometimes compare the product to standard or equivalent treatments. Successful completion of Phase III trials is often the basis for regulatory approval.
  • Phase IV Trials: Phase IV, or post-marketing surveillance trials, occur after a product has been approved for sale. They involve monitoring of the product’s performance in the ‘real world’ over a long period, collecting data on the product’s long-term effects, and identifying any rare or long-term adverse events.

Throughout all phases of clinical trials, meticulous data collection and statistical analysis are vital. Additionally, maintaining ethical standards, including informed consent and confidentiality, is paramount. The trials must be designed and conducted in compliance with regulatory standards, such as the FDA in the U.S. or the European Medicines Agency (EMA) in the EU, and follow Good Clinical Practice (GCP) guidelines.

In conclusion, clinical trials in MedTech are essential for ensuring that new technologies and products are safe and effective. They provide the rigorous, evidence-based evaluation necessary to drive the innovation process and bring about meaningful advances in healthcare.

Stage 5: Manufacturing and Scalability

Post-approval, the focus shifts to manufacturing and scaling up. Ensuring quality control, managing the supply chain, and preparing for increased demand is central to this stage.

Manufacturing in MedTech involves the production of the finalized medical device or technology. This stage requires meticulous planning and precision, given the industry’s stringent standards for safety, quality, and efficacy.

Manufacturing processes need to ensure that each unit produced meets the exact specifications defined during the product development and validation stages. From sourcing raw materials to assembly and packaging, each step must be monitored and controlled to prevent errors that could impact product performance or patient safety.

Quality management systems (QMS) play a critical role in MedTech manufacturing.

These systems outline the procedures, responsibilities, and resources necessary to maintain and improve product quality. A robust QMS helps you meet regulatory requirements, manage risks, and drive continuous improvement.

In addition to quality, scalability is a significant factor for success in MedTech.

Scalability considerations should be incorporated early in the product development process. For example, a prototype might work perfectly when handmade in a lab, but issues might arise when transitioning to large-scale manufacturing. These issues could range from sourcing specific materials or components to refining assembly processes for mass production.

Furthermore, scalability isn’t only about physical production.

It also involves considerations around regulatory compliance across different markets, logistics and distribution, customer support, and product maintenance or upgrades. As a company grows, its operations, processes, and systems need to scale up accordingly to ensure it can effectively support an increasing number of products in the market.

This also includes medical data management. Managing 1M patients’ data isn’t the same as managing 4M patiens’ record. That’s why, to speed up the scalability, you need to make sure your medical data management platform is easily scalable as well.

Embracing automation and digital technologies can accelerate manufacturing processes. Moreover, having a robust scalability plan can prepare your startup to grow swiftly and efficiently post-launch.

Stage 6: Market Launch and Commercialization

The final stage in the life cycle is market launch and commercialization.

A successful market launch begins with a comprehensive Go-to-Market (GTM) strategy.

This strategy outlines how the company plans to reach its target customers and achieve market penetration. It includes identifying key market segments, defining the value proposition, setting pricing strategies, and developing marketing and sales plans.

The GTM strategy should align with the company’s broader business objectives and be informed by insights from the earlier stages of the innovation process.

Marketing and sales activities are crucial for raising awareness of the new product and persuading potential customers to adopt it.

Marketing activities might include digital marketing campaigns, attendance at trade shows, and educational events for healthcare professionals. Sales activities often involve direct outreach to healthcare institutions or practitioners and might include product demonstrations, pilot projects, and clinical case studies to illustrate the product’s benefits.

Partnerships and collaborations can also play a vital role in the commercialization process.

For instance, partnering with healthcare providers can help you build credibility and gain access to patients. Collaborations with insurers or governmental agencies can assist in overcoming reimbursement challenges, which is often a critical factor in MedTech adoption.

One unique aspect of commercialization in the MedTech sector is the importance of post-market surveillance.

After a product is on the market, ongoing monitoring is required to ensure its continued safety and efficacy. Any adverse events or device malfunctions need to be reported to regulatory authorities. The insights gained from post-market surveillance can also lead to further product enhancements or inform the development of new products.

To fast-track this stage, consider partnering with established GTM experts in the healthcare industry. Additionally, a well-executed launch event and engaging marketing materials can generate buzz and ensure a successful market entry.

Conclusion

The lifecycle of a MedTech startup is a complex and multi-faceted journey that requires more than just a revolutionary idea.

Each phase, from idea conception and validation, product development, medical data management, and clinical trials to manufacturing and scalability, and finally, market launch and commercialization, is vital and interconnected. These stages demand a blend of medical knowledge, engineering prowess, business acumen, and a deep understanding of regulatory compliance, which underscores the challenging nature of the MedTech landscape.

Moreover, key stakeholders such as clinicians, patients, healthcare administrators, and regulators play a crucial role throughout the process, providing insights and feedback that ensure the product meets real-world needs while maintaining safety and efficacy.

Each step contributes to the creation of a product that not only fulfills a market need but also improves healthcare outcomes and patient experience.

Despite the numerous challenges, the potential for MedTech startups to drive healthcare innovation and improve lives is vast. The journey may be arduous, but with careful planning, execution, and persistence, startups can successfully navigate this complex lifecycle to bring valuable and impactful MedTech innovations to market.

Looking for a medical data management provider? Sign up for iCure and get started right away!

Back

Ready for more?

or stop by our instagram icon or linkedin icon to say hello =)

Terms of use

www.iCure.com

1. RECITALS

ICure SA is incorporated in Geneva, Switzerland, with a registered office at Rue de la Fontaine 7, 1211 Geneva, Switzerland registered in the commercial registry under CHE-270.492.477 (“iCure”).

These Terms of Use constitute a legally binding agreement made between you, whether personally or on behalf of an entity (“you”) and iCure SA (“we,” “us” or “our”), concerning your access to and use of the https://www.icure.com website as well as any other media form, media channel, mobile website or mobile application related, linked, or otherwise connected thereto (collectively, the “Website”).

When you accept, these Terms form a legally binding agreement between you and iCure. If you are entering into these Terms on behalf of an entity, such as your employer or the company you work for, you represent that you have the legal authority to bind that entity.

PLEASE READ THESE TERMS CAREFULLY. BY REGISTERING FOR, ACCESSING, BROWSING, AND/OR OTHERWISE USING THE iCURE, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO BE BOUND BY THESE TERMS. IF YOU DO NOT AGREE TO BE BOUND BY THESE TERMS, DO NOT ACCESS, BROWSE, OR OTHERWISE USE THE ICURE WEBSITE.

iCure may, in its sole discretion, elect to suspend or terminate access to, or use of the iCure to anyone who violates these Terms.

All users who are minors in the jurisdiction in which they reside (generally under the age of 18) must have the permission of, and be directly supervised by, their parent or guardian to use the Website. If you are a minor, you must have your parent or guardian read and agree to these Terms of Use prior to you using the Website.

The original language of these Terms and Use is English. In case of other translations provided by iCure, the English version shall prevail.

2. INTELLECTUAL PROPERTY RIGHTS

The Content of the documentation stated on this Website is ours. All Marks, Content that concern iCure cannot be copied, reproduced, aggregated, republished, uploaded, posted, publicly displayed, encoded, translated, transmitted, distributed, sold, licensed, or otherwise exploited for any commercial purpose whatsoever, without our express prior written permission.

Provided that you are eligible to use the Website, you are granted a limited license to access and use the Website and to download or print a copy of any portion of the Content to which you have properly gained access solely for your personal, non-commercial use. We reserve all rights not expressly granted to you in and to the Website, the Content, and the Marks.

3. USER REPRESENTATIONS

By using the Website, you represent and warrant that:

  1. All registration information you submit will be true, accurate, current, and complete; you will maintain the accuracy of such information and promptly update such registration information as necessary.
  2. You have the legal capacity, and you agree to comply with these Terms of Use.
  3. You are not under the age of 13.
  4. Not a minor in the jurisdiction in which you reside, or if a minor, you have received parental permission to use the Website.
  5. You will not access the Website through automated or non-human means, whether through a bot, script, or otherwise.
  6. You will not use the Website for any illegal or unauthorized purpose.
  7. Your use of the Website will not violate any applicable law or regulation.

4. PROHIBITED ACTIVITIES

You may not access or use the Website for any purpose other than that for which we make the Website available. The Website may not be used in connection with any commercial endeavors except those that are specifically endorsed or approved between you and iCure.

As a user of the Website, you agree not to:

  1. Publishing any Website material in any other media.
  2. Selling, sublicensing, and or otherwise commercializing any Website material.
  3. Publicly performing and or showing any Website material.
  4. Using this Website in any way that is or may be damaging to this Website.
  5. Using this Website in any way that impacts user access to this Website.
  6. Using this Website contrary to applicable laws and regulations, or in any way may cause harm to the Website, or to any person or business entity.
  7. Engaging in any data mining, data harvesting, data extracting, or any other similar activity in relation to this Website.
  8. Using this Website to engage in any advertising or marketing.

5. NO WARRANTIES

This Website is provided “as is,” with all faults, and iCure expresses no representations or warranties, of any kind related to this Website or the materials contained on this Website. Also, nothing contained on this Website shall be interpreted as advising you.

6. LIMITATION OF LIABILITY

In no event shall iCure, nor any of its officers, directors, and employees shall be held liable for anything arising out of or in any way connected with your use of this Website whether such liability is under this agreement. iCure, including its officers, directors, and employees shall not be held liable for any indirect, consequential, or special liability arising out of or in any way related to your use of this Website.

7. INDEMNIFICATION

You hereby fully indemnify iCure from and against any and/or all liabilities, costs, demands, causes of action, damages, and expenses arising in any way related to your breach of any of the provisions of these Terms.

8. SEVERABILITY

If any provision of these Terms is found to be invalid under any applicable law, such provisions shall be deleted without affecting the remaining provisions herein.

9. VARIATION OF TERMS

iCure is permitted to revise these Terms at any time as it sees fit, and by using this Website you are expected to review these Terms on a regular basis.

10. ASSIGNMENT

iCure is allowed to assign, transfer, and subcontract its rights and/or obligations under these Terms without any notification. However, you are not allowed to assign, transfer, or subcontract any of your rights and/or obligations under these Terms.

11. ENTIRE AGREEMENT

These Terms constitute the entire agreement between iCure and you in relation to your use of this Website and supersede all prior agreements and understandings.

12. GOVERNING LAW & JURISDICTION

These Terms shall be governed by and construed in accordance with the laws of Switzerland, without regard to its conflict of law provisions.

The parties shall attempt to solve the matter amicably in mutual negotiations. In case of a non-amicable settlement that has been found between the parties, the Court of Geneva will be competent.

13. PRIVACY

Please refer to our Privacy Policy and Cookie Notice for the Data that we collected from the contact form and the Matomo cookie.

IMAGE ATTRIBUTION

In the development of our website, we have incorporated various icons to enhance visual appeal and convey information effectively. We extend our sincere appreciation to the talented designers and contributors who have generously shared their work with the community. Below is an acknowledgment of the resources we have utilized:

SVG Repo: A repository SVG icons. We integrated their icons into our website. Specifically:

  1. Work by author vmware, Key Badged SVG Vector under MIT License
  2. Work by author Twitter, Cloud SVG Vector under MIT License
  3. Work by author Garuda Technology, Node Js SVG Vector and React SVG Vector under MIT License

Thanks to the authors who contributed to the: SVGRepo, Unsplash, Maxipanels community.

iCure features logos from various products, libraries, technologies, and frameworks that our project interacts with. It is important to note that iCure does not hold any proprietary rights to these logos or the products they represent.

iCure SA

Contact: contact@icure.com

Last update: February 20th, 2024.

Privacy Policy

www.iCure.com

iCure SA (iCure) is incorporated in Geneva, Switzerland, with a registered office at Rue de la Fontaine 7, 1204 Geneva, Switzerland registered in the commercial registry under CHE-270.492.477.

This Privacy Policy describes the information that we collect through our Website (https://www.icure.com), how we use such information, and the steps we take to protect such information. We strongly recommend that you read the Privacy Policy carefully.

BY VISITING THE WEBSITE, YOU ACCEPT THE PRIVACY PRACTICES DESCRIBED IN THIS PRIVACY POLICY. IF YOU DO NOT ACCEPT THE TERMS OF THE PRIVACY POLICY, YOU ARE DIRECTED TO DISCONTINUE ACCESSING OR OTHERWISE VISITING THE WEBSITE.

The original language of this Privacy Policy is English. In the case of other translations provided by iCure, the English version shall prevail.

This Privacy Policy is incorporated into and is subject to, the iCure Terms of Use.

1. Definitions

Administrative Data: means Personal Data such as the Name, Email, and Phone in order to perform administrative tasks like Invoicing or contacting the Client (if support is needed).

Cookies: means text files placed on a computer to collect standard internet log information and visitor behavior information. When you visit a website, they may collect information from a computer automatically through cookies or similar technology (for further information please refer to our Cookies Notice, visit allaboutcookies.org.).

Data controller: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Data processor: means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Personal Data: means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing: means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Visitor: means the natural person that submits their Personal Data through our contact form; and/or sends us an email; and/or cookies have been implemented.

All other undefined terms used in this Agreement have the meaning from our Terms and Conditions and the General Data Protection Regulation of the Regulation (EU) 2016/679 of 27 April 2016 (GDPR).

2. Concerning your Personal Data

For this website, iCure collects and determines the use and the purpose of any Personal Data uploaded by the visitor, therefore iCure is defined as the Data Controller according to the GDPR.

2.1 Contact Form

iCure collects Administrative Data that the Visitor completed in our contact form available through our Website.

The Administrative Data that Visitor provides to iCure on this contact form are the First name, the last name, the working e-mail address, the name of your organization, and other Personal Data that the Visitor included in the description of its work.

iCure processes these Administrative Data on the lawful basis of the Visitor’s consent (Article 6, 1. a) of the GDPR).

iCure uses these Administrative Data to perform administrative tasks like contacting the Visitor who completed the contact form, to better understand your needs and interests, and to provide you with better service.

2.2 Email

The Visitor can contact iCure through contact@icure.com to get any information about the Company or new job positions. In this email, the Visitor includes his Name, mail address, and any other Personal Data.

iCure processes these Personal Data on the lawful basis of the Visitor’s consent (Article 6, 1. a) of the GDPR).

iCure uses these Personal Data to answer any request from the Visitor and to consider the Visitor’s job application that they sent us by email.

2.3 Newsletters

iCure offers newsletters to provide you with updates, promotional communications, and offers related to our products and services. If you wish to receive our newsletters, we will collect and process your Personal Data for this specific purpose.

iCure processes these Personal Data on the lawful basis of the Visitor’s consent (Article 6, 1. a) of the GDPR). By subscribing to our Newsletters, you explicitly consent to the use of your Personal Data for direct marketing purposes, including the sending of promotional communications and offers by email.

If you do not want your Personal Data to be further processed for direct marketing purposes, you have the right to withdraw your consent at any time, free of charge and without having to provide any justification, by contacting iCure.

3. Security

iCure has implemented appropriate technical and organizational measures to safeguard your Personal Data against any accidental or illicit destruction, loss, modification, deterioration, usage, access, divulgation, and any other unauthorized processing of your Personal Data. We make every effort to protect personal information. However, you should always be careful when you submit personal or confidential information about yourself on any website, including our website.

4. The data retention period and the conditions for deletion

iCure will not retain your Personal Data, as collected, and processed in accordance with this Privacy Policy, for a period longer than necessary to fulfill the purposes described above.

For the Administrative Data from the contact form completed by the Visitor (as described in section 2.1 of this Privacy Policy), these Data shall be stored for a maximum period of 1 month from the completion of the form.

For the Personal Data from the Email completed by the Visitor (as described in section 2.2 of this Privacy Policy), these Data shall be stored for a maximum period of 2 months from the completion of the form.

For the Personal Data from the Newsletters completed by the Visitor (as described in section 2.3 of this Privacy Policy), these Data shall be stored for a maximum period of 11 months from the date of your consent or until you withdraw it.

5. Your rights

You are entitled to access your Personal Data processed by iCure and request their modification or erasure if it is incorrect or unnecessary. To exercise your rights, you may get in touch with iCure by using the electronic contact form available on our website or send a written and signed request to iCure at the email address privacy@icure.com with a copy of your ID or other identification documents, and any document proving that you are the data subject.

In general, where applicable, you also have the right to withdraw consent to the processing at any time. This withdrawal does not affect the lawfulness of processing based on consent made prior to such withdrawal. In certain cases, you also have the right to data portability. Those rights can be exercised by following the abovementioned procedure.

You have the right to lodge a complaint with a supervisory authority, in the Member State of the European Union of your usual place of residence, your place of work, or the place where the violation occurred, if you consider that the processing of personal data relating to you infringes Data Protection Law.

Please, note that the term of processing of such request can take up to one month. Contact: privacy@icure.com

6. Modification

iCure expressly reserves the right to modify this Privacy Policy and you undertake to regularly review the Privacy Policy. By amending the Privacy Policy, iCure will consider your legitimate interests. You will receive a notification if the Privacy Policy is modified. By continuing to actively use the iCure Services after such notification, you acknowledge that you have read the modifications to the Privacy Policy.

7. Information Sharing

Our employees and/or authorized contractors are the people in charge of the Data Processing.

iCure does not sell, rent, or lease any individual’s personal information or lists of email addresses to anyone for marketing purposes, and we take commercially reasonable steps to maintain the security of this information.

However, iCure reserves the right to supply any such information to any organization into which iCure may merge in the future or to which it may make any transfer in order to enable a third party to continue part or all of its mission.

We also reserve the right to release personal information to protect our systems or business when we reasonably believe you to be in violation of our Terms of Use and Privacy Policy or if we reasonably believe you to have initiated or participated in any illegal activity.

In addition, please be aware that in certain circumstances, iCure may be obligated to release your personal information pursuant to judicial or other government subpoenas, warrants, or other orders.

8. Links to other Websites

This Website may provide links to third-party websites (Instagram and Linkedin) for the convenience of our users. If you access those links, you will leave this website. iCure does not control these third-party websites and cannot represent that their policies and practices will be consistent with this Privacy Policy. For example, other websites may collect or use personal information about you in a manner different from that described in this document. Therefore, you should use other websites with caution and do so at your own risk. We encourage you to review the privacy policy of any website before submitting personal information.

9. Cookies

To get more information on how iCure uses Matomo’s cookies, please check our Cookie Notice.

10. Contact

Please contact us with any questions or comments about this Policy, your Personal Data, and our use and disclosure practices by email at privacy@icure.com If you have any concerns or complaints about this Policy or your Personal Data, you may contact our DPO at privacy@icure.com.

Please, note that the term of processing of such request can take up to one month.

iCure SA

Contact : privacy@icure.com

Last update: July the 26th, 2023.

Information Security Policy

www.iCure.com

1. Introduction

The iCure universe is built on trust. Guaranteeing the confidentiality of the data that are entrusted to us is our highest priority.

The Information Security Policy of iCure abstracts the security concept that permeates every activity and abides by the ISO 27001:2013 requirements for Information Security, so that we ensure the security of the data that iCure and its clients manage.

Every employee, contractor, consultant, supplier and client of iCure is bound by our Information Security Policy.

2. Our Policy

iCure is committed to protecting the confidentiality, integrity and availability of the service it provides and the data it manages. iCure also considers protecting the privacy of its employees, partners, suppliers, clients and their customers as a fundamental security aspect.

iCure complies with all applicable laws and regulations regarding the protection of information assets and voluntarily commits itself to the provisions of the ISO 27001:2013.

3. Information Security Definitions

Confidentiality refers to iCure’s ability to protect information against disclosure. Attacks, such as network reconnaissance, database breaches or electronic eavesdropping or inadvertent information revealing through poor practices.

Integrity is about ensuring that information is not tampered with during or after submission. Data integrity can be compromised by accident or on purpose, by evading intrusion detection or changing file configurations to allow unwanted access.

Availability requires organizations to have up-and-running systems, networks, and applications to guarantee authorized users’ access to information without any interruption or waiting. The nature of data entrusted to us requires a higher-than-average availability.

Privacy is the right of individuals to control the collection, use, and disclosure of their personal information. Our privacy policies are based on the GDPR(https://gdpr-info.eu/) and can be augmented by added requirements of specific clients or law areas.

4. Risk Assessment

The main threats iCure is facing as a company are:

  1. Data Theft;
  2. Data Deletion;
  3. Denial of Service attacks;
  4. Malware;
  5. Blackmail and Extortion.

As providers of a solution used by developers active in Healthcare, we also have to anticipate the risks of:

  1. Attacks on our clients’ data, which could lead to major social damages and a loss of trust in our solution;
  2. Abuse of our solution by ill-intentioned clients, that could impact the quality of the service provided to the rest of our clients.

The motivation of the attackers in the latter cases can range from financial gain to political or ideological motivations.

A last risk is linked to the nature of the healthcare data we handle. We must ensure, that the data we handle are not used for purposes other than those for which they were collected:

A piece of data collected from a patient for the purpose of a medical consultation should not be available to third parties, not even a government agency.

5. Risk Management

The main principles we apply to manage the risks we face are:

  1. Confidentiality by design: All sensitive data is encrypted end-to-end before being stored in our databases. We do not have any access to the data we store. Our client’s customers are the only ones who can decrypt the data we store.
  2. Anonymization by design: Healthcare information that has to be stored unencrypted is always anonymized using end-to-end encryption scheme. This means that the link between the healthcare and administrative information must be encrypted.

Those two principles allow us to minimize the risks of data theft, blackmail, extortion, and coercion by government agency.

  1. Multiple real-time replicas, with automatic failover: We use a distributed database architecture to ensure that our data is available at all times. We use a master-master architecture, each data is replicated at least 3 times. Snapshots are taken every day to ensure that we can restore the data in case of a malevolent deletion event.
  2. Automatic password rotations: no single password can be used for more than 48 hours. Passwords are automatically rotated every 24 hours. In case of a password leak, we can limit the window of opportunity for an attack.

Those two principles allow us to minimise the risks of data deletion, denial of service attacks, and malware.

  1. Minimization of the attack surface: we deploy our systems in the most minimal way. We only expose the network services that are strictly necessary.
  2. Strict dependency management: we only use open-source software that is regularly updated and audited by the community. We favor dependency management software and providers that minimize the risk of supply chain poisoning.

Those two principles allow iCure to minimise the risks of intrusion by vulnerability exploit or supply chain attacks, two risks that could lead to data theft or data deletion.

6. Further Information

This policy is valid as of November 10th, 2022. For futher information please connect with us at privacy@icure.com

Impressum

iCure SA

Rue de la Fontaine 7, 1204 Geneva, Switzerland

CHE-270.492.477

This website uses cookies

We use only one cookie application for internal research on how to improve our service for all users. It is called Matomo, and it stores the information in Europe, anonymized and for limited time. For more details, please refer to our and .

Quality Policy

www.iCure.com

At iCure SA, we are committed to excellence in all aspects of our work. Our quality policy is designed to provide a framework for measuring and improving our performance within the QMS.

1. Purpose of the Organization

The purpose of the QMS is to ensure consistent quality in the design, development, production, installation, and delivery of Data processing, security, archival, technical support and protection solutions for medical device software, while ensuring we meet customer and regulatory requirements. The document applies to all documentation and activities within the QMS. Users of this document are members of the iCure Management Team involved in the processes covered by the scope.

2. Compliance and Effectiveness

We are committed to complying with all applicable regulatory and statutory requirements, including ISO 13485: 2016 and ISO 27001:2013. We strive to maintain and continually improve the effectiveness of our quality management system.

3. Quality Objectives

Our quality objectives are set within the framework of this policy and as defined by our Software Development Lifecycle and are reviewed regularly to ensure they align with our business goals. These objectives serve as benchmarks for measuring our performance and guide our decision-making processes.

4. Communication

We ensure that our quality policy is communicated and understood at all levels of the organization. We encourage every member of our team to uphold these standards in their daily work whether they are employees, contractors, consultants, suppliers, clients or any other person involved in building our medical data management software.

5. Continuing Suitability

We regularly review our quality policy to ensure it remains suitable for our organization. This includes considering new regulatory requirements, feedback from customers, and changes in our business environment. By adhering to this policy, we aim to enhance customer satisfaction, improve our performance, and contribute to the advancement of medical technology

iCure SA

Contact: contact@icure.com

Last update: April 17th, 2024