A medical device without a valid maintenance report cannot legally be used on a patient

In some sectors, a missing report results in a fine. In others, a missing report means someone uses a faulty device on a patient. Biomedical engineering falls into the second category.

The European Medical Device Regulation — EU MDR 2017/745 — requires that every medical device be demonstrably maintained and calibrated. Without a valid maintenance report or calibration certificate, a device is legally out of service, even if it functions perfectly. The national authority can request the complete maintenance history at any inspection. What is not documented does not exist.

Who does this work and how

Large hospitals have an internal biomedical engineering department. But GP practices, dental practices, rehabilitation centres, home care organisations and small private clinics work with independent biomedical maintenance companies: small teams of two to ten technicians driving between institutions.

An average technician manages hundreds of devices: infusion pumps, electrocardiographs, dopplers, blood pressure monitors, defibrillators, patient monitors, physiotherapy equipment. Each device has its own maintenance cycle, its own test protocol, its own calibration interval. And for each device: after every intervention, a fully documented report.

What the legislation specifically requires

The EU MDR requires technical documentation per device for at least ten years after the last intervention, fifteen years for implants. That documentation includes:

• —Complete maintenance history: every intervention, replaced parts with lot and serial numbers, measurements before and after.
• —Calibration certificate with measurement values, uncertainty and traceable reference standards (BIPM/NIST).
• —Electrical safety test per IEC 62353: leakage current, earth resistance, insulation resistance — with limit values and pass/fail.
• —Non-conformities and evidence of corrective action.
• —Decommissioning with date and disposal evidence.

ISO 13485 — the quality management system applicable to all actors in the medical device chain — adds a documented maintenance programme: every device must have a planned maintenance schedule based on its risk class, and every deviation from that schedule must be motivated and documented.

Where things go wrong in practice

Measurement values that get retyped

A calibration certificate for an infusion pump contains precise measurement values: flow rate at different settings, accuracy per channel, maximum deviation. Those values are read from a calibration meter, noted on paper, and then manually typed into a Word template.

Every time a number is manually retyped, there is a chance of error. In a clinical context, a misplaced decimal or a transposed digit can mean a device is classified as compliant when it is not. The certificate is then legally invalid — worse, it creates a false sense of safety.

Corrective maintenance that goes undocumented

A breakdown is time-critical. The institution wants the device back quickly, the technician is under pressure. They fix it, test it, and leave. The report? That will follow later. But later sometimes becomes days later, and sometimes never. During an inspection or a liability claim, that corrective maintenance is then untraceable in the dossier.

Devices that are never formally decommissioned

A faulty device gets put in the back of a cupboard. Nobody formally writes it off. Six months later a staff member uses it again, because it was there and nobody knew it had been rejected. If an incident follows, there is no trail showing when the device was taken out of service.

What is at stake

If a medical device is involved in a patient incident, the first thing an investigator asks for is the maintenance dossier. Was maintenance performed? Was the device calibrated? Did it pass the electrical safety test? If any of those questions cannot be answered with a dated, signed document, the biomedical technician and their client face liability exposure.

This is not a theoretical risk. There are precedents where healthcare institutions were held liable specifically because documentation was incomplete — even though the device itself was technically functioning correctly.

What automation looks like for a biomedical technician

A technician arrives at a GP practice for the annual maintenance of an ECG device. On their phone they open the device via the serial number. The maintenance protocol is loaded based on the device type. They work through the checklist, enter the measurement values, and record the result. Five minutes of work.

The maintenance report is automatically generated with their name, company details and the date. The calibration certificate — including traceable reference standards — is created alongside it. Both documents are stored in that device's dossier. The GP receives a copy by email.

• —No retyping of measurement values: what is entered on the phone is immediately the final document.
• —Electrical safety test: values entered, pass/fail automatically calculated based on device class.
• —Device that fails the test: automatically set to out-of-service with notification to the responsible person.
• —Ten years of dossier per device: exportable in one click for inspection or internal audit.
• —Maintenance planning: automatic reminder per device based on interval and risk class.

Why this is the most underserved segment

Large hospitals use heavy enterprise CMMS software. But those systems cost tens of thousands of euros per year and are designed for IT departments, not for two technicians driving around in a van. The gap between pen and paper and enterprise CMMS is enormous — and that is exactly where the independent biomedical maintenance technician sits.

The sector carries the highest liability pressure of any niche in this overview. At the same time, willingness to pay for correct documentation is highest: healthcare institutions understand better than anyone what it costs when documentation is missing.

EU MDR: the same regulation, national enforcement per country

EU MDR 2017/745 is a European regulation and applies identically across all member states. However, national enforcement differs. In Belgium, the FAMHP (Federal Agency for Medicines and Health Products) is the competent authority. In the Netherlands, this is the CIBG (Central Information Point for Healthcare Professions) under the Ministry of Health, with accreditation via RvA. In Germany, the BfArM (Federal Institute for Drugs and Medical Devices) oversees compliance, together with the Landesbehörden for market surveillance. In France, the ANSM (Agence nationale de sécurité du médicament et des produits de santé) is the competent authority.

ISO 13485 is also an international standard and is recognised in all four countries as the standard for quality management in the medical device supply chain. A biomedical maintenance company certified to ISO 13485 can in principle operate as a recognised maintenance provider in the Netherlands, Germany or France as well — provided it also meets national registration requirements. The documentation structure required by EU MDR is identical in all countries.