Kaleidoscope has worked with national, regional and sub-regional bodies to create data management frameworks and governance arrangements that work to deliver data-enabled public services to citizens.Read More
Kaleidoscope supports organisations of all sizes and across the team has experience of working in all types of health settings from primary care practices to large multi-site hospitals.Read More
The scope of GDPR extends far beyond simply data security and Kaleidoscope have worked with a variety of medical technology developers supporting them with compliance with GDPR and access to the UK's NHS market.Read More
Kaleidoscope has experience supporting Clinical Research Organisations (CRO) and sponsors to navigate the complex legislative landscape.Read More
In Western health and social care there is an almost universal drive to provide integrated service delivery across organisational boundaries. These new ways of working present significant challenges for people and systems, not least data sharing and linkage.Read More
Health and social care provision is typically separated between those that buy the services (payers) and those that provide the services (providers). Depending on a country's funding model, these may vary in their relationship, for example between state-funded, as in the UK, and insurance-funded, as in Australia.Read More
Holding a CE mark rarely indicates compliance with GDPR. The Medical Device Regulation is expressly linked to the General Data Protection Regulation through MDR article 110. There are also references in the section on Clinical Investigation (article 72). We have found very view test houses that check for compliance with these requirements.
Kaleidoscope works with medical technology manufacturers and designers to implement the requirements of GDPR is their designs from the outset. This includes both the technical design of the product - GDPR requires Privacy by Design and Privacy by Default - as well as in the routes to different markets, which can change the role of the manufacturer from processor to controller.Read More
In European law there is an overlapping relationship between the General Data Protection Regulation (GDPR), the Clinical Trials Regulation (CTR) and the Medical Device Regulation (MDR) where it relates to clinical investigation.
The way European law works, a regulation is law in every state immediately from the enforcement date (normally a number of years after publication). Most states exercise any facility within a Regulation to adapt the Regulation to national cultural and legal difference. Whereas a Directive must be implemented through state legislation before it becomes law. This approach results in a greater variety between states than for a Regulation, although GDPR has some significant differences between European states.
Knowledge of the differences between state legislation is vital when mapped to CTR and MDR, and some European states have special conditions that apply specifically to processing personal data for these purposes.Read More