The International Electrotechnical Commission (IEC) sets the widely accepted standard benchmark for medical electrical equipment. In IEC 60601-1 requirements for basic safety and essential performance is set. Compliance with IEC 60601-1 is a de-facto requirement for the commercialization of electrical medical equipment in most countries.

As medical device suppliers consider deployment of the WaveMark solution beyond its own enterprise boundaries to also include hospital locations it is important that implementations proceed unimpeded by global and local standard requirements.

All WaveMark 1500-series RFID cabinets deployed in hospitals are IEC 60601-1 certified which sets the stage for frictionless deployments.

This United States Code of Federal Regulation (CFR) sets forth the criteria under which electronic records and signatures are considered trustworthy, reliable, and generally equivalent to paper records.

CFR 21 Part 11 requires medical device manufacturers to implement controls, including audits, system validations, audit trails, electronic signatures, and documentation for software and systems involved in processing electronic data that are (a) required to be maintained by the FDA predicate rules or (b) used to demonstrate compliance to a predicate rule.

The WaveMark solution is designed to be compliant with CFR 21 Part 11 and has been validated by third parties to be in compliance with this regulation.

This Health Insurance Portability and Accountability Act (HIPAA) was enacted by the U.S. Congress in 1996 to among other things, protect the security and privacy of patient information. The HIPAA standards are meant to improve the efficiency and effectiveness of the healthcare system by encouraging the widespread use of electronic data interchange in the U.S. healthcare system.

HIPAA requires medical device manufacturers to be compliant with HIPAA regulations in all transactions that involve patient data such as implant registration and product recall procedures.

The WaveMark solution is HIPAA compliant by design. An ongoing comprehensive HIPAA training program ensures that all WaveMark employees are educated on the importance of the security and privacy of HIPAA related data, and trained on the proper procedures to handle this data.

The International Organization for Standardization (ISO) 15693 sets the global standard for the radio frequency identification system (RFID) that WaveMark leverages to track medical devices and create intelligence for both healthcare providers and medical device suppliers to optimize the associated supply chain.


Further, the American National Standards Institute (ANSI) has approved the use of RFID technology based on ISO 15693 to track medical devices as they move though the healthcare supply chain and are put to use by healthcare providers.

The ISO standard is important at several levels for medical device manufacturers.

First, the WaveMark system is based on a standard which avoids lock-in to a specific solution; and second, the standard is global which enables global deployment over time without having to adjust to separate standards around the globe.

The Office of Statewide Health Planning and Development (OSHPD), one of 13 departments within the California Health and Human Services Agency, is the governing agency for hospital construction in California. The Facilities Development Division (FDD) of OSHPD grants anchorage and special seismic certification pre-approvals to suppliers of fixed hospital equipment. The purposes of the certification is to ensure that fixed hospital equipment, such as WaveMark's RFID cabinets, are anchored to their supporting structure, and remain in place during seismic activity.

AS medical device suppliers consider broad deployment of a RFID inventory management and device intelligence, OSHPD certification is important as it could otherwise significantly delay deployment in all hospitals in the world's eighth largest economy.

Not only is WaveMark OSHPD compliant, but also OSHPD Pre-Approved (OPA), which is an optional approval that makes it easier for individual hospital deployment of a WaveMark cabinet-based solution to comply with the regulatory process in the state of California.

Conformité Européenne (CE), French for "European Conformity", is a mandatory conformance mark for many products ranging from toys to medical equipment sold in the single market in the European Economic Area (EEA). The CE marking certifies that a product has met EU consumer safety, health, or environmental requirements.

Medical device suppliers need CE mark certification as it offers deployment flexibility across the important European Union market - whether a RFID program initiates in Europe, or in the United States, the option must be there to deploy the RFID solution regardless of geography.

WaveMark has been CE certified since 2010 and supports the deployment of our solution across the European continent.

The International Organization for Standardization (ISO) has defined ISO 9000 as a family of standards for quality management systems. ISO 9000 is maintained by ISO, the International Organization for Standardization and is administered by accreditation and certification bodies. Some of the requirements in ISO 9001:2008 include:

• a set of procedures that cover all key processes in a business;
• monitoring processes to ensure effectiveness;
• keeping adequate records;
• checking output for defects, with appropriate, and corrective action where necessary;
• regularly reviewing individual processes and the quality system itself for effectiveness; and
• facilitating continual improvement

As medical device suppliers evaluate solutions for inventory management and medical device intelligence, the total quality management orientation of the solution provider is a key consideration. WaveMark has continually demonstrated its commitment to quality in everything we do: WaveMark's core software development organization is ISO 9001:2008 certified.

In addition the US-based manufacturing facility that WaveMark uses is ISO 9001:2008 certified ensuring the highest possible quality hardware.

Statement on Auditing Standards No. 70 (SAS 70) is designated by the U.S. Securities and Exchange Commission (SEC) as an acceptable method for a user organization's management to obtain assurance about a service organization's internal controls without conducting separate assessments

A service auditor's examination performed in accordance with SAS No. 70 (SAS 70 Audit) is widely recognized, because it represents that a service organization has been through an in-depth audit of their control objectives and control activities, which often include controls over information technology and related processes. A Type II report not only includes the service organization's description of controls, but also includes detailed testing of the design and operating effectiveness of the service organization's controls

Completion of the SAS 70 Type II examination indicates that selected processes, procedures and controls have been formally evaluated and tested by an independent accounting and auditing firm. The examination included the company's controls related to security monitoring, change management, service delivery, support services, backup and environmental controls, logical and physical access

WaveMark's hosting service provider, Rackspace Hosting, has completed an examination in conformity with Statement on Auditing Standards No. 70 (SAS 70), Service Organizations.

In addition to the above, WaveMark also holds certifications and is in compliance with the following standards:

• EMC Standards for Emissions, Immunity, and Safety
• Restriction of Hazardous Substances (RoHS) directive 2002/95/EC
• Safety Standards IEC, UL, and CSA
• FCC 47 CFR Part 15, Class A
• Canada EMC Requirements (IC)
• Japan EMC Requirements (VCCI)
• GS1
• HIBCC

To see more details on the hardware equipment used in combination with the WaveMark solution, click here