ISO 82304

ISO 82304-1:2016 specifies requirements for the safety and quality of health software — including software intended to be used as a medical device and broader health management software not subject to medical device regulation.

The standard addresses the full lifecycle of health software: design, development, maintenance, and decommissioning, with particular emphasis on the quality characteristics that make health software trustworthy for clinical and personal use.

ISO 82304-1 is most relevant for: SaMD (Software as a Medical Device) products, electronic health records (EHR) systems, clinical decision support tools, patient-facing health apps, and wellness software with health monitoring functions.

ISO 82304-1 has a broader scope than IEC 62304 — it applies to health software generally, not just software that constitutes or is embedded in a regulated medical device. This makes it particularly relevant for the growing ecosystem of health apps and digital health platforms.

The standard addresses: health software product quality (what the software should do and how well), safety (freedom from unacceptable risk when used as intended), and the lifecycle processes needed to achieve and maintain quality.

For regulated medical devices, ISO 82304-1 complements IEC 62304 — while IEC 62304 focuses on development process requirements, ISO 82304-1 addresses product quality characteristics that the process should produce.

ISO 82304-1 adopts a quality model based on ISO/IEC 25010:2011 (Systems and software quality requirements and evaluation), adapted for health software contexts. Key quality characteristics include:

Functional suitability: The software correctly and completely performs its intended health functions. Reliability: The software performs without failures under normal conditions. Usability: Users can achieve their goals effectively, efficiently, and with satisfaction. Security: Protection of information and data.

Safety: The absence of unacceptable risk of harm — a health-specific extension of the generic quality model. Maintainability and Portability complete the model.

Each characteristic is measurable, enabling manufacturers to establish objective quality criteria for health software products.

ISO 82304-1 is designed to work alongside — not replace — IEC 62304. IEC 62304 specifies how to develop medical device software (the lifecycle process); ISO 82304-1 specifies what qualities the resulting software should have.

The standard also relates to: ISO 14971 (risk management, referenced for safety), IEC 62366-1 (usability engineering, referenced for the usability quality characteristic), and IEC 27001/IEC 82304-2 (information security for health software).

Part 2 of the ISO 82304 series (ISO 82304-2, published 2021) addresses health and wellness apps specifically — providing a scoring and labeling framework for consumer health apps that may not be regulated as medical devices.