News Deaconess Health System goes live as the first RPM program on Epic Toolbox Read the story
See a demo
Home  /  Compliance

Intended use, quality, security and regulatory registrations

CareSimple is built and operated to medical-device standards. Here is how our platform is intended to be used, and the certifications and registrations that govern it.

Intended use

How CareSimple is intended to be used

CareSimple® is intended for non-continuous, mobile and multi-parameter physiologic patient monitoring. Patients using CareSimple report quantitative and qualitative parameters through manual entries, questionnaires, wireless patient medical devices, and messaging, audio and video communications.

CareSimple is intended to provide information used to support decisions with diagnostic or therapeutic purposes by the Health Care Professional (HCP), but not as the only means to aid in the diagnosis or treatment of a patient. It retrospectively displays data, user-defined data alerts and system alerts to the HCP, and allows the patient to review their data.

CareSimple is not intended to make a diagnosis. It does not replace the knowledge, skills or judgment of any HCP, and in particular does not replace a diagnostic decision made by an HCP. HCPs are expected to use CareSimple in conjunction with other sources of patient information, including but not limited to electronic health records or claims history.

CareSimple is not intended for emergency use or real-time monitoring. CareSimple is not an emergency medical response system.

Intended conditions and patient population

Intended diseases / conditions

CareSimple is intended to receive, display and store monitored physiological parameters for patients with chronic diseases or health conditions requiring post-episodic to long-term care, including but not limited to diabetes, hypertension, dyslipidemia, obesity, congestive heart failure, chronic obstructive pulmonary disease, coronavirus, cancer, inflammatory bowel disease, and pregnancy.

Intended patient population

There is no specific intended patient population. CareSimple is for use in patients as determined appropriate by the HCP user, and as appropriate or indicated by the given applicable medical device being remotely monitored.

Quality & security

Quality

Our quality compliance assurance program covers the identification, assessment, correction and monitoring of the aspects that enhance the quality of CareSimple and its related services. It establishes and maintains the requirements for developing and manufacturing a reliable medical device, in conformity with the regulatory requirements of each jurisdiction where the platform is deployed.

In 2020, CareSimple obtained ISO 13485:2016 certification, the recognized quality management system standard for medical devices. Compliance is validated through management review, internal and external audit, employee training, risk control, and analysis of data (KPIs).

ISO 13485:2016
Security

CareSimple operates under a rigorous Information Security Management System (ISMS), a framework of policies and procedures covering all legal, physical and technical controls involved in an organization's information risk management processes. ISO 27001 certification was obtained in 2020.

We hold to the highest standards of information security management, guided by a set of security objectives: protect privacy, ensure integrity, constantly improve, plan & manage, be recognized, and assess & review.

ISO 27001:2022

HIPAA

CareSimple is built to support compliance with the U.S. Health Insurance Portability and Accountability Act (HIPAA). When CareSimple processes protected health information (PHI) on behalf of a covered entity, it does so as a Business Associate under a signed Business Associate Agreement (BAA).

Our platform implements the administrative, physical, and technical safeguards required by the HIPAA Security Rule — including role-based access controls, audit logging, encryption of PHI in transit and at rest, workforce security training, and breach-notification procedures. These controls are maintained within the same ISO 27001-certified Information Security Management System described above.

Regulatory

Per the FDA 513(g) Request for Information process, CareSimple is classified as a Non-Device Medical Device Data System (MDDS) and therefore meets current US FDA requirements.

United States

Food and Drug Administration

Canada

Health Canada

Questions about compliance

For questions regarding our quality, security, privacy or regulatory posture, including certificate requests and security documentation for procurement, reach out to our team.

Need our security and compliance documentation?

We routinely support health-system and payer procurement reviews with certificates, security questionnaires, and integration documentation.

Talk to our team