Often integral parts or components of the medical device, softwares and mobile applications are following significant growth, that is more and more accelerating. In the movement of e-health, these software as varied as many are intended to allow easier, optimal use of medical devices, and especially safer to which they integrate. This can go as far as preventing the practitioner from making mistakes, guiding and directing actions, or even indicating the frequency of administration and dosing of drugs. Marc Vieillard, Head of Mission at CVO-Europe, expert in medical devices compliance, explains what are the issues related to the development of these softwares, and what precautions must be taken to ensure patient safety.
What are the issues raised by the use of softwares within a medical device?
The development of software as a Medical Device, or component of a Medical Device, must be managed and controlled to take into account the health and safety requirements of the patient (intended use and Data integrity). However, the software is essentially more or less complex to design, develop, operate and maintain. There are different life cycle models (Waterfall, V cycle, RAD (Rapid Application Development), incremental, Agile …). One of the key points to consider from the outset of its development is its modification in the context of corrections and improvements that must be consistent with the quality management system, the PDCA approaches and without increasing the risks for the patient / client. This remains a challenge whereas, by nature, software is immaterial with behaviors that can be variable or random depending on the conditions of use and the technological environment. In this context, it is necessary to provide proof of the management of the software within the medical device, and to ensure complete control of patient risk. The software life cycle must be realized in an established and robust quality context, covering the definition, the design, the development, the diffusion, the maintenance, the change, the management of the configuration and the control of the risk. The ISO 62304 & ISO 82304 standards address this issue by providing solutions to the industrial manufacturer.
What is the added value of ISO 62304 ?
The ISO 62304 standard fits into the context of ISO 13485 + ISO 14971, inheriting from ISO 14071 an approach prescribing risk analysis, risk control, problem solving and post production monitoring. It also integrates
- The processing of integrated software SOUP / COTS more and more integrated by technical-economic facility
- A strong consistency for the graduation of the class (criticality) of the software (A, B, C), in agreement with that is used for the FDA „Levels of Concern“ (Minor, Moderate, Major)
- The inheritance rule for the final software perform from the highest class (criticality) derived from those of its integrated software.
Recommendation concerning the Software Life Cycle:
However the ISO 62304 standard does not impose a particular development cycle (V cycle versus Agile cycle), it sets demonstration of management of the development cycle objectives, according to the class of criticality. By developing under Agile cycle, if the patient risk is high, the recommendation of CVO-Europe is that it is up to the manufacturer to freeze a controlled and identified release to go into use, to demonstrate mastering development. It includes the identification of requirements, specifications, configurations, risk analyzes and protocols, and test reports that are both established, evaluated and approved. This is aligned with the recommendations of the IAMT Guide TIR45_1208.
Conclusion and complementary expertise:
The medical device software manufacturer has an interest in following this simple implementation standard, because it is aligned with ISO 13485 and ISO 14971. It makes it easy to demonstrate mastery and integrity of the initial development of the medical device software, as well as its updates. CVO-Europe consultants are ready to assist you in this rigorous approach by providing resources and expertise: evaluation, audit, mock inspection, remediation plan, implementation, training, consulting, reviews, verifications, tests, testing, qualification, quality management, quality assurance, support for all or part of the life cycle of the software in the field of Health: medical devices, medicines, diagnostics, healthcare facilities …
Marc Vieillard – Head of Mission
RAD : rapid application development SOUP : software of unknown provenance COTS : commercial off the shelf PDCA: plan do check act
Our experts help you with every issues concerning medical devices : our offer