Microservices Architecture for UK MedTech — MHRA Built In
ClickMasters provides Microservices Architecture for UK MedTech businesses with MHRA, IEC 62304 compliance from Sprint 1.
Key Highlights
Compliance
+3 more standards
Pricing
Microservices Architecture for MedTech — UK Specifics
MHRA SaMD Registration for Microservices
MHRA registers Software as a Medical Device (SaMD) at the system level — not at individual microservice level. However: IEC 62304 software lifecycle must be applied per software item (each microservice is a software item). IEC 62304 Class B/C software items: each microservice has its own software requirements specification, architectural design, unit tests, and integration tests. Design History File (DHF): the DHF is for the overall SaMD system but references each software item's documentation.
Clinical Safety Architecture for Medical Microservices
DCB0129 clinical safety in microservices: hazards must be assessed at the system level and at each service boundary. Critical safety hazard: data inconsistency between microservices causing incorrect clinical information. Mitigation: eventual consistency with clinical safety guarantee (critical clinical data — medication doses, allergy lists — uses synchronous consistency, not eventual). Saga pattern: medical workflows requiring atomicity across services use the Saga pattern with compensation transactions, not distributed transactions.
NHS Integration Patterns in Medical Microservices
NHS Spine integration (PDS, eRS, EPS, SCR): all NHS Spine integrations from a dedicated NHS Integration Service microservice — single point of NHS Spine connectivity. FHIR R4 gateway: all external FHIR R4 APIs (NHS systems) accessed via a dedicated FHIR Gateway microservice — normalise responses and handle UK Core profile validation centrally. Benefits: NHS Spine connection complexity isolated, FHIR UK Core validation in one place, NHS Spine credential management centralised.
UK GDPR Article 9 Health Data in Medical Microservices
Article 9 health data in microservices: each service that processes health data must have a registered Article 30 ROPA entry. Data sharing between services: governed by a single Article 28 DPA for the microservices platform (same data controller — services are internal, not separate controllers). Right to erasure across microservices: erasure event published to all services via event bus, each service erases its own data within 24 hours, audit service logs erasure completions.
Compliance
MHRA
IEC 62304
DTAC
DCB0129
UK GDPR Article 9
Cyber Essentials Plus
ISO 27001
Compliance & Regulations
Every solution we build for this industry is designed to meet the following regulatory and standards requirements.
MHRA
IEC 62304
DTAC
DCB0129
UK GDPR Article 9
Cyber Essentials Plus
ISO 27001
Investment Options
Flexible engagement models tailored to your medtech project requirements.
£40,000–£200,000
Full engagement
- Industry-specific approach
- UK GDPR compliant
- Dedicated technical lead
£3,500–£8,000
Scoping
- Industry-specific approach
- UK GDPR compliant
- Dedicated technical lead
from £2,000/mo
Ongoing support
- Industry-specific approach
- UK GDPR compliant
- Dedicated technical lead
What Our Clients Say
Success stories from clients in medtech industry.
“ClickMasters transformed our digital infrastructure. Their understanding of UK fintech regulations saved us months of compliance work.”
Sarah Mitchell
CTO, FinTech Solutions Ltd
“The team's expertise in NHS integrations and DTAC compliance was invaluable. They delivered on time and within budget.”
Dr. James Cooper
Medical Director, HealthFirst UK
“Their grasp of FCA requirements and insurance sector nuances helped us launch our platform 40% faster than expected.”
Michael Brooks
CEO, InsureTech Pro
Frequently Asked Questions
Common questions about medtech software development.
Do all microservices in an NHS SaMD system require IEC 62304 documentation?
Yes — IEC 62304 applies to all software items that are part of the medical device software system. Each microservice is a software item. However: IEC 62304 software item classification (Class A, B, or C) applies per service. A microservice that cannot contribute to patient harm (e.g., a notification service that sends appointment reminders) may be Class A (documentation requirements are lower). A microservice that handles clinical decision support is Class C (highest documentation requirements).
Can NHS HealthTech microservices use different cloud regions?
NHS DSPT and DTAC require UK data residency for patient personal data (health data is Article 9 — highest sensitivity). All microservices handling NHS patient data must be deployed in AWS eu-west-2 (London) or Azure UK South. Non-patient data (e.g., internal configuration, non-personal analytics) may use other regions. Inter-service communication across regions is not appropriate for patient data — all NHS patient data services must be co-located in the UK region.
Ready to Build for medtech?
Let us engineer a platform that meets your industry regulations, serves your users, and scales with your ambitions.