The Integration of the Risk Management Process with the Lifecycle of Medical Device Software

 

 Buy Article Permissions and Reprints

Summary

Objectives: The application of software in the Medical Device (MD) domain has become central to the improvement of diagnoses and treatments. The new European regulations that specifically address software as an important component of MD, require complex procedures to make software compliant with safety requirements, introducing thereby new challenges in the qualification and classi -fication of MD software as well as in the performance of risk management activities. Under this perspective, the aim of this paper is to propose an integrated framework that combines the activities to be carried out by the manufacturer to develop safe software within the development lifecycle based on the regulatory requirements reported in US and European regulations as well as in the relevant standards and guidelines.

Methods: A comparative analysis was carried out to identify the main issues related to the application of the current new regulations. In addition, standards and guidelines recently released to harmonise procedures for the validation of MD software have been used to define the risk management ac -tivities to be carried out by the manufacturer during the software development process.

Results: This paper highlights the main issues related to the qualification and classification of MD software, providing an analysis of the different regulations applied in Europe and the US. A model that integrates the risk management process within the software development lifecycle has been proposed too. It is based on regulatory requirements and considers software risk analysis as a central input to be managed by the manufacturer already at the initial stages of the software design, in order to prevent MD failures.

Conclusions: Relevant changes in the process of MD development have been introduced with the recognition of software being an important component of MDs as stated in regulations and standards. This implies the performance of highly iterative processes that have to integrate the risk management in the framework of software development. It also makes it necessary to involve both medical and software engineering competences to safeguard patient and user safety.

• References

• 1 PTC® white paper, Methods for Managing product reliability and risk in the Medical device field 2012 Available from www.pct.com
  PubMed
• 2 Mc Caffery F, Donnelly P, Dorling A, Wilkie FG. A software process development, assessment and improvement framework for the medical device industry. In: Proceedings of Fourth International SPICE Conference on Process Assessment and Improvement, SPICE User Group, Lisbon, Portugal 2004; pp 100-109.
  PubMedGoogle Scholar
• 3 Shenvi AA. Medical software: a regulatory process framework. In: Proceedings of the 3rd India software engineering conference 2010; pp 119-124.
  PubMedGoogle Scholar
• 4 McHugh M, McCaffery F, Casey V. How amendments to the Medical Device Directive affect the development of medical device software. Systems, Software and Services Process Improvement. 2011. Roskilde; Denmark:
  Google Scholar
• 5 Ehsan N, Perwaiz A, Arif J, Mirza E, Ishaque A. CMMI /SPICE based Process Improvement. In: IEEE International Conference on Management of Innovation and Technology (ICMIT) 2010; pp 859-862.
  PubMedGoogle Scholar
• 6 Lindholm C, Notander JP, Höst M. Software Risk Analysis in Medical Device Development. In: Proceedings of EUROMICRO Conference on Software Engineering and Advanced Applications (SEAA). 2011. Oulu; Finland:
  Google Scholar
• 7 Lindholm C, Notander JP, Höst M. A Case Study on Software Risk Analysis in Medical Device Development. 4th International Conference on Software Quality Days, SWQD 2012; 94: 143-158.
  PubMedGoogle Scholar
• 8 Neuhaus J, Maleike D, Nolden M, Kenngott HG, Meinzer HP, Wolf I. A Quality-refinement Process for Medical Imaging Applications. Methods Inf Med 2009; 48: 336-339.
  Article in Thieme ConnectPubMedGoogle Scholar
• 9 Schmuland C. Value-Added Medical-Device Risk Management. IEEE Transactions on Device and Materials Reliability 2005; 5: 488-493.
  CrossrefPubMedGoogle Scholar
• 10 Wong K, Callaghan C. Managing requirements baselines for medical device software development. In: IEEE International Systems Conference (SysCon) 2012; pp 1-5.
  PubMedGoogle Scholar
• 11 Michalowski W, Slowinski R, Wilk S, Farion K, Pike J, Rubin S. Design and development of a mobile system for supporting emergency triage. Methods Inf Med 2005; 44: 14-24.
  Article in Thieme ConnectPubMedGoogle Scholar
• 12 Ißler L, Spreckelsen C, Weßel C. Implementing Software Development Guidelines in a Medical Informatics Research Project. Methods Inf Med 2007; 46: 641-645.
  Article in Thieme ConnectPubMedGoogle Scholar
• 13 Hoodat H, Rashidi H. Classification and Analysis of Risks in Software Engineering. World Academy of Science, Engineering and Technology 2009; 56
  PubMedGoogle Scholar
• 14 Dash R, Dash R. Risk Assessment Techniques for Software Development. European Journal of Scientific Research 2010; 42: 629-636.
  PubMedGoogle Scholar
• 15 Luzi D, Pecoraro F. Medical Device Software: A New Challenge. In: Quality of Life through Quality of Information. Proceedings of MIE 2012; pp 885-890.
  PubMedGoogle Scholar
• 16 ISO/IEC 12207:2008, Information technology - Software life cycle processes
  PubMed
• 17 ISO 13485:2003, Medical devices - Quality management systems - Requirements for regulatory purposes
  PubMed
• 18 IEC 62304:2006, Medical device software - Software life cycle processes
  PubMed
• 19 ISO 14971:2012, Medical devices - Application of risk management to medical devices
  PubMed
• 20 IEC 80002-1:2009, Medical device software - Part 1: Guidance on the application of ISO 14971 to medical device software
  PubMed
• 21 European Commission, Medical Devices: Guidance document - Qualification and Classification of standalone software (MEDDEV 2.1/6). 2012. Brussels; Belgium:
• 22 Directive 2007/47/EC of the European Parliament and of the Council L 247/21, 21.9.2007
  PubMed
• 23 Co-ordination of Notified Bodies Medical Devices (NB-MED) on Council Directives 90/385/EEC, 93/42/EEC and 98/79/EC. Recommendation NB-MED 2.2 Rec. 4 2001
  PubMed
• 24 FDA Guidance for the Content of Premarket Submissions for Software Contained in Medical Devices. 2005
  PubMed
• 25 FDA Guidance for Off-the-Shelf Software Use in Medical Devices. 1999
  PubMed
• 26 FDA Draft Guidance for Industry and Food and Drug Administration Staff - Mobile Medical Applications. 2011
  PubMed
• 27 ISO 9001;2008 Quality management systems – Requirements
  PubMed
• 28 CFR part 820- Quality System Regulation. www.fda.gov/MedicalDevices/DeviceRegulationandGuidance/Databases/ucm135680.htm
  PubMed
• 29 FDA/CDRH Guidance Document. General Principles of Software Validation; Final Guidance for Industry and FDA Staff, January 2002
  PubMed
• 30 IEC 60601-1-X, Medical electrical equipment - Part 1: General requirements for basic safety and essential performance
  PubMed
• 31 IEC 61010-1:2010, Safety requirements for electrical equipment for measurement, control, and laboratory use - Part 1: General requirements
  PubMed
• 32 McHugh M, McCaffery F, Casey V. Standalone Software as an Active Medical Device, 11th International SPICE Conference 2011
  PubMed
• 33 Roland HE, Moriarty B. System Safety Engineering and Management. New York: Wiley; 2009
  Google Scholar
• 34 McHugh M, McCaffery F, Casey V. Barriers to Adopting Agile Practices when Developing Medical Device Software. 12th International SPICE Conference Process Improvement and Capability Determination. Palma: Majorca; 2012
  Google Scholar
• 35 Ge X, Paige RF, McDermid JA. An Iterative Approach for Development of Safety Critical Software and Safety Arguments. In Agile 2010
  PubMedGoogle Scholar