Literature & References

The CARE-IT Framework is not a regulatory standard and does not replace legal or statutory requirements.
However, it is positioned within the professional context of existing regulatory, normative, and methodological frameworks.

The references below provide the technical and conceptual background for governance, risk evaluation, lifecycle management, and operation of digital clinical infrastructure.

European Regulation

Regulation (EU) 2017/745 – Medical Device Regulation (MDR)

European regulation governing medical devices.

The MDR defines requirements for safety, performance, risk management, clinical evaluation, post-market surveillance, and responsibilities of manufacturers and operators.

CARE-IT particularly relates to:

Risk management obligations
Requirements for networked systems
Regulatory operator responsibility
Documentation and traceability requirements

MDCG Guidance Documents (Medical Device Coordination Group)

Guidance documents supporting interpretation and implementation of the MDR.

Particularly relevant in the context of digital clinical infrastructure:

Guidance on Software as a Medical Device (SaMD)
Guidance on interconnected medical systems
Guidance on clinical evaluation and post-market surveillance
Cybersecurity guidance for medical devices

These documents clarify regulatory expectations regarding integration, interoperability, and system responsibility.

Swiss Regulation

Medical Devices Ordinance (MedDO, SR 812.213)

Swiss implementation of the European MDR regulatory framework.

The ordinance governs:

Market placement
Market surveillance
Obligations of economic operators
Documentation and safety requirements

CARE-IT is compatible with the regulatory requirements of MedDO but does not replace legal assessment.

Normative Foundations

ISO 14971 – Medical devices — Application of risk management to medical devices

International standard for risk management of medical devices.

Relevance for CARE-IT:

Systematic risk identification
Evaluation of clinical impact
Documented risk decisions
Consideration of residual risk

CARE-IT extends the product-focused logic of ISO 14971 to systemic and organizational interdependencies within clinical operations.

ISO/IEC 62304 – Medical device software — Software life cycle processes

Standard defining lifecycle processes for medical device software.

Relation to CARE-IT:

Structured development and maintenance
Change management
Documentation
Version control

ISO/IEC 27001 – Information security management systems

Standard for information security management systems.

CARE-IT incorporates information security requirements as part of patient-relevant risk evaluation but is not limited to IT security considerations.

Validation & Operation

Computerized Systems Validation (CSV)

Methodological framework for validating computerized systems, particularly in regulated environments.

Relevance:

Demonstration of functional suitability
Documented testing procedures
Change validation
Auditability

CARE-IT understands validation as part of structured operator responsibility.

GAMP 5 – Good Automated Manufacturing Practice

Guideline for risk-based validation of computerized systems.

Particularly relevant in contexts involving:

Complex system constellations
Integration scenarios
Structured documentation requirements

Interoperability & System Constellations

HL7 / FHIR Standards

International standards for structuring and exchanging clinical data.

Relevance for CARE-IT:

Information integrity
Interface transparency
Cross-system consistency

Organizational & Governance Context

ITIL (Information Technology Infrastructure Library)

Framework for IT service management.

CARE-IT does not replace ITIL but extends its perspective by integrating clinical effectiveness, patient safety, and systemic care logic.

Positioning

CARE-IT:

does not replace regulatory requirements,
does not certify organizations,
does not constitute an audit scheme.

It serves as a:

structuring reference framework,
governance model for healthcare operators,
organizational development instrument,
integration logic between clinical care and digital infrastructure.

Version Note

References reflect the regulatory and normative context at the time of publication of CARE-IT Version 1.2.0.

Users are responsible for independently monitoring regulatory developments and updates.

European Regulation​

Regulation (EU) 2017/745 – Medical Device Regulation (MDR)​

MDCG Guidance Documents (Medical Device Coordination Group)​

Swiss Regulation​

Medical Devices Ordinance (MedDO, SR 812.213)​

Normative Foundations​

ISO 14971 – Medical devices — Application of risk management to medical devices​

ISO/IEC 62304 – Medical device software — Software life cycle processes​

ISO/IEC 27001 – Information security management systems​

Validation & Operation​

Computerized Systems Validation (CSV)​

GAMP 5 – Good Automated Manufacturing Practice​

Interoperability & System Constellations​

HL7 / FHIR Standards​

Organizational & Governance Context​

ITIL (Information Technology Infrastructure Library)​

Positioning​

Version Note​