Regulatory positioning statement
MediReady is not a clinical decision-support system, not a medical device, and not a tool for diagnosis, treatment, or patient-facing decisions. The platform is designed for administrators, quality leads, and operations managers who need to structure, document, and audit internal workflows, policies, and compliance posture.
The system processes administrative information only. It does not process medical decisions, clinical parameters, or patient records.
MediReady is intended for:
MediReady does not influence medical decisions, does not process clinical data, and does not provide recommendations on diagnosis, treatment, or care.
The EU MDR applies only where software has a medical purpose — for example diagnosis, treatment, monitoring, or alleviation of disease. MediReady does not meet these criteria.
“Software for administrative purposes is not covered.”
— from the MDR administrative-purpose exclusion
MediReady is an administrative compliance tool, not a clinical system.
NMI covers systems that:
Supporting reference:
NMI does not apply to generic software used in a care environment unless the software has been adapted for a medical purpose.
MediReady does not process medical information, does not process patient data, and does not access registries.
MediReady is built to minimise data-protection risk and to align with IMY's published supervisory priorities.
Inputs are processed in memory and discarded immediately after the run. No PHI is stored. No background collection, no telemetry, no profiling.
The healthcare provider is the controller. MediReady is the processor. A GDPR-compliant Data Processing Agreement (DPA) is required under Article 28.
IMY prioritises AI use, children and young people, sensitive data, and the healthcare sector. MediReady does not process sensitive personal data, which lowers supervisory exposure.
NIS2 applies where a company:
MediReady is not an EHR system and is not automatically in scope. Assessment is made by company size, not by product function.
EHDS is primarily directed at EHR systems and national health-data flows. MediReady is an administrative tool and is out of scope, but the regulatory development is tracked.
Avoid terms that imply clinical function. Use: compliance documentation tool, workflow audit tool, administrative audit engine.
Maintain an internal document that records why MediReady is not MDSW and not NMI. Reference the MDR administrative-purpose exclusion and the HSLF-FS 2022:42 definitions.
Highlight the stateless design in the DPA and security documentation. Make the no-PHI-stored statement explicit.
Recommended for regulatory reasons. Focus areas: marketing, intended use, DPA, risk analysis.
MediReady is an administrative tool for compliance documentation and workflow audit, not a medical system. It falls outside MDR, outside NMI, and does not process PHI. GDPR is followed through stateless processing and clear role allocation. NIS2 and EHDS may become relevant depending on company size and future interoperability requirements.