Millennium Medical Records System Implemented Without Required Safety Certification

The healthcare sector in parts of the Västra Götaland region adopted the new Millennium medical records system, developed by the American technology company Oracle, in November 2024. Shortly after its launch, significant operational disruptions and concerns over patient safety emerged, prompting regional authorities to halt the system's implementation within several days.

The issues extended beyond technical complications. Investigations revealed that the Millennium system did not comply with the European Union's Medical Device Regulation (MDR), which mandates that healthcare IT systems with certain functionalities must be certified with a CE mark to confirm adherence to safety standards. Notably, portions of Millennium lacked this essential safety certification at the time of deployment.

Prior to the rollout, Oracle maintained that the system was compliant with relevant EU regulations. Regional administrators also expressed confidence in the company's legal compliance, proceeding with the introduction as planned. However, a regulatory review conducted by the Swedish Medical Products Agency later determined that several components of Millennium were either incorrectly certified or entirely missing the required CE marking.

The investigation found no evidence that Oracle was aware of the certification deficiencies before the system was activated. After being notified, Oracle initiated an internal review, which led to a reassessment of the system's compliance status. The company has since begun the process of obtaining the proper safety classifications for the affected software modules.

Given Oracle's ongoing efforts to address these certification gaps and the fact that Millennium is no longer operational in the region, Swedish regulatory authorities have decided not to pursue further action at this stage. As a result of these developments, the Västra Götaland Regional Council has officially terminated the project and will seek alternative medical records solutions for its healthcare facilities. Meanwhile, Region Skåne, another area planning to implement Millennium, has postponed its deployment, pending the completion of the necessary safety verifications.

Oracle had previously informed both regions that certain Millennium modules required CE marking under revised assessments, particularly those offering clinical decision support functionalities, such as medication dosage recommendations. Under EU MDR, such systems must obtain a CE mark at Risk Class II or higher, a category that requires independent external evaluation to confirm compliance with all safety requirements. This process had not been completed for Millennium before its initial use in healthcare settings.

Regulatory frameworks exist to ensure that healthcare IT systems do not pose risks to patient health. Proper certification and external assessment are crucial, especially for platforms that influence clinical decisions. Authorities emphasize that adherence to these standards is essential to maintain safety and trust in medical technology deployed within healthcare environments.

Efforts to resolve the certification issues are ongoing, and both regional healthcare providers and Oracle are working to ensure that future systems meet all regulatory and safety requirements before being integrated into patient care workflows.