ISO/TS 25238:2007 is concerned with the safety of patients and gives guidance on the analysis and categorization of hazards and risks to patients from health software products, in order to allow any product to be assigned to one of five risk classes. It applies to hazards and risks which could cause harm to a patient. Other risks, such as financial or organizational risks, are outside the scope of ISO/TS 25238:2007 unless they have the potential to harm a patient.
ISO/TS 25238:2007 applies to any health software product, whether or not it is placed on the market and whether it is for sale or free of charge. Examples of the application of the classification scheme are given.
ISO/TS 25238:2007 does not apply to any software which is necessary for the proper application or functioning of a medical device.