Epic Systems
Epic develops software that helps people get well, helps people stay well, and helps future generations be healthier.
ID: 414574852633-53
Lobbying Activity
Response to Digital package – digital omnibus
11 Oct 2025
Medical Device Regulation (MDR) Software Overclassification Rule 11 of MDR effectively classifies nearly all healthcare software as at least a Class II device. In contrast, other jurisdictions exempt software meeting the definition of clinical decision support. As a result, common sense tools such as clinical calculators, medication advisories, and risk scoresreadily managed under healthcare organization protocolsface slow, burdensome approvals in the EU, delaying innovation and patient benefit. MDR Consistency Concerns Structured dialogue with Notified Bodies helps, but a formalized pre-consultation pathway providing binding guidance would improve predictability. Currently, similar products can follow divergent pathsone needing a CE mark, another notwithout a clear, centralized way to reconcile those outcomes. The lack of robust tooling compounds this. Whereas the U.S. FDAs eSTAR standardizes submissions and edits and provides step-by-step guidance, the EU lacks comparable infrastructure; for example, EUDAMED is still not required. General Data Protection Regulation (GDPR) Data Protection Impact Assessments (DPIA) as Innovation Bottlenecks Fear of GDPR penalties leads organizations to conduct redundant DPIAs and delay new technologies, even for similar data uses. Many re-evaluate all processors unnecessarily. Data Protection Authorities should implement and maintain Allow-Lists under Art. 35(5), clarifying when DPIAs are unnecessaryespecially in healthcare, where processing identifiable data is expected and essential to quality care. GDPR Pseudonymised IP Address Data Overemphasis IP addresses are often treated as personal data despite minimal reidentification risk, especially when used solely for cybersecurity. CJEU case law supports excluding them from personal data status where identification isnt possible. Authorities should align guidance with this case law and educate the public on the many benefits and low risk that such processing offers. European Health Data Space (EHDS) Implementation Interoperability is technically demanding. Even the Xt-EHR effort to lay the technical groundwork for the implementing acts has sometimes struggled with this, for example by defining the required data structures but not the transactions for exchanging data in them. Both technical expertise and clinical representatives should be included in ongoing consultations. For instance, a proposed multi-factor authentication design would have required clinicians to remove medical gloves up to 14 times more per day, harming both efficiency and sustainability. Inclusion of real-world users will quickly identify such issues. EHDS Timeline Risks A two-year rollout from implementing acts to live systems is unrealistic. The Netherlands medicatieoverdracht medicatieproces 9 projectnarrower in scope than EHDS, covering only ePrescriptions and eDispensationsremains incomplete after three years. To avoid similar delays, the EU should set interim milestones between implementing acts and go live, notably the early release of testing environments for vendor self-certification. Testing environments are needed not only for final conformance but also during development; if insufficiencies are identified, vendors need time to go back to fix them and test again. A single, EU-wide conformance tool would also avoid member state inconsistencies. It would be very easy for member state-specific testing environments to be different in practice even if they derive from a common specification. Artificial Intelligence (AI) Act Alignment with MDR The AI Act adds new documentation requirements even where MDR documentation exists, compounding vendor and reviewer burden. With few Notified Bodies accredited for AI assessments, meeting compliance deadlines for high-risk AI systems will be nearly impossible unless capacity expands quickly.
Read full response