SaaS Development for UK MedTech — MHRA Built In
ClickMasters provides SaaS Development for UK MedTech businesses with MHRA, IEC 62304 compliance from Sprint 1.
Key Highlights
Compliance
+3 more standards
Pricing
SaaS Development for MedTech — UK Specifics
MHRA SaMD SaaS Registration
MHRA Software as a Medical Device registration: SaaS delivered via cloud is SaMD if it meets the SaMD definition (software that performs a medical purpose without being part of a hardware medical device). MHRA registration: Class I (annual registration fee £200), Class IIa (registration + technical file review), Class IIb/III (full conformity assessment). SaaS-specific: the SaMD is the software version — each version change assessed against IEC 62304 change impact assessment. Post-Brexit: UKCA marking for UK market, CE marking for EU/ROW.
Multi-Tenant MedTech SaaS Architecture
NHS multi-tenant MedTech SaaS: each NHS Trust or healthcare organisation is a separate tenant. PostgreSQL Row Level Security: clinical data for Trust A never accessible to Trust B. Tenant-specific clinical settings: each trust can configure formulary, care pathways, and clinical protocols independently. Trust onboarding: data processing agreement signed, tenant provisioned, users created (NHS SDS authentication), and data retention policy set per trust. DTAC per tenant: each Trust deploying the SaaS may require their own DTAC assessment (or platform-level DTAC covers all tenants — documented in DTAC scope).
IEC 62304 Software Lifecycle for SaaS
IEC 62304 for SaaS: continuous delivery creates a challenge for traditional waterfall-style medical device software lifecycle. ClickMasters IEC 62304-compliant agile: sprint as a software item release cycle, sprint planning = requirements for next software item version, sprint review = software item verification, and sprint retrospective = problem resolution. Design History File: maintained as a living document — each sprint adds artefacts (requirements, architecture, test reports) to the DHF. Immutable sprint artefacts: GitHub commit hashes reference specific DHF artefacts.
CQC Registration for MedTech SaaS Providers
Care Quality Commission (CQC): software-as-a-service providing regulated health services (not just providing software tools to health services) may require CQC registration. CQC regulated activities: diagnostic and screening procedures, treatment of disease, disorder or injury. SaaS providing patient-facing diagnostic output (e.g., AI symptom checker providing triage output directly to patients) may be a CQC regulated activity. ClickMasters advises on CQC scope as part of MedTech SaaS Technical Discovery — many clients are unaware of the CQC registration requirement.
Compliance
MHRA
IEC 62304
DTAC
DCB0129
UK GDPR Article 9
Cyber Essentials Plus
ISO 27001
Compliance & Regulations
Every solution we build for this industry is designed to meet the following regulatory and standards requirements.
MHRA
IEC 62304
DTAC
DCB0129
UK GDPR Article 9
Cyber Essentials Plus
ISO 27001
Investment Options
Flexible engagement models tailored to your medtech project requirements.
£40,000–£200,000
Full engagement
- Industry-specific approach
- UK GDPR compliant
- Dedicated technical lead
£3,500–£8,000
Scoping
- Industry-specific approach
- UK GDPR compliant
- Dedicated technical lead
from £2,000/mo
Ongoing support
- Industry-specific approach
- UK GDPR compliant
- Dedicated technical lead
What Our Clients Say
Success stories from clients in medtech industry.
“ClickMasters transformed our digital infrastructure. Their understanding of UK fintech regulations saved us months of compliance work.”
Sarah Mitchell
CTO, FinTech Solutions Ltd
“The team's expertise in NHS integrations and DTAC compliance was invaluable. They delivered on time and within budget.”
Dr. James Cooper
Medical Director, HealthFirst UK
“Their grasp of FCA requirements and insurance sector nuances helped us launch our platform 40% faster than expected.”
Michael Brooks
CEO, InsureTech Pro
Frequently Asked Questions
Common questions about medtech software development.
Does NHS multi-tenant SaaS need separate DTAC per NHS Trust?
DTAC assessment can cover a platform (the SaaS product) or a deployment (a specific NHS Trust's use of the SaaS). Platform-level DTAC: the SaaS vendor obtains DTAC for the platform — applies to all NHS Trusts using the platform without re-assessment. Trust-level DTAC: each Trust assesses independently (common for bespoke or highly customised deployments). ClickMasters recommends platform-level DTAC for NHS SaaS — one assessment covers all NHS customers, reducing sales friction significantly.
What MHRA registration does NHS SaaS require?
MHRA SaMD registration requirements for NHS SaaS: (1) Is the software a Medical Device? (meets IVD, SaMD, or general medical device definition) — many NHS productivity tools are NOT medical devices. (2) If SaMD: what class? (Class I → MHRA registration + basic technical documentation; Class IIa+ → full conformity assessment). (3) UK market: UKCA marking required. ClickMasters produces a MHRA classification justification document as part of all NHS SaaS Technical Discovery — clarifying whether MHRA registration is required before any build commitment.
Ready to Build for medtech?
Let us engineer a platform that meets your industry regulations, serves your users, and scales with your ambitions.