Methods Inf Med 2014; 53(02): 92-98
DOI: 10.3414/ME13-01-0014
Original Articles
Schattauer GmbH

The Integration of the Risk Management Process with the Lifecycle of Medical Device Software

F. Pecoraro
1   National Research Council, Institute for Research on Population and Social Policies, Rome, Italy
,
D. Luzi
1   National Research Council, Institute for Research on Population and Social Policies, Rome, Italy
› Institutsangaben
Weitere Informationen

Publikationsverlauf

received: 01. Februar 2013

accepted: 17. September 2013

Publikationsdatum:
20. Januar 2018 (online)

Summary

Objectives: The application of software in the Medical Device (MD) domain has become central to the improvement of diagnoses and treatments. The new European regulations that specifically address software as an important component of MD, require complex procedures to make software compliant with safety requirements, introducing thereby new challenges in the qualification and classi -fication of MD software as well as in the performance of risk management activities. Under this perspective, the aim of this paper is to propose an integrated framework that combines the activities to be carried out by the manufacturer to develop safe software within the development lifecycle based on the regulatory requirements reported in US and European regulations as well as in the relevant standards and guidelines.

Methods: A comparative analysis was carried out to identify the main issues related to the application of the current new regulations. In addition, standards and guidelines recently released to harmonise procedures for the validation of MD software have been used to define the risk management ac -tivities to be carried out by the manufacturer during the software development process.

Results: This paper highlights the main issues related to the qualification and classification of MD software, providing an analysis of the different regulations applied in Europe and the US. A model that integrates the risk management process within the software development lifecycle has been proposed too. It is based on regulatory requirements and considers software risk analysis as a central input to be managed by the manufacturer already at the initial stages of the software design, in order to prevent MD failures.

Conclusions: Relevant changes in the process of MD development have been introduced with the recognition of software being an important component of MDs as stated in regulations and standards. This implies the performance of highly iterative processes that have to integrate the risk management in the framework of software development. It also makes it necessary to involve both medical and software engineering competences to safeguard patient and user safety.

 
  • References

  • 1 PTC® white paper, Methods for Managing product reliability and risk in the Medical device field 2012 Available from www.pct.com
  • 2 Mc Caffery F, Donnelly P, Dorling A, Wilkie FG. A software process development, assessment and improvement framework for the medical device industry. In: Proceedings of Fourth International SPICE Conference on Process Assessment and Improvement, SPICE User Group, Lisbon, Portugal 2004; pp 100-109.
  • 3 Shenvi AA. Medical software: a regulatory process framework. In: Proceedings of the 3rd India software engineering conference 2010; pp 119-124.
  • 4 McHugh M, McCaffery F, Casey V. How amendments to the Medical Device Directive affect the development of medical device software. Systems, Software and Services Process Improvement. 2011. Roskilde; Denmark:
  • 5 Ehsan N, Perwaiz A, Arif J, Mirza E, Ishaque A. CMMI /SPICE based Process Improvement. In: IEEE International Conference on Management of Innovation and Technology (ICMIT) 2010; pp 859-862.
  • 6 Lindholm C, Notander JP, Höst M. Software Risk Analysis in Medical Device Development. In: Proceedings of EUROMICRO Conference on Software Engineering and Advanced Applications (SEAA). 2011. Oulu; Finland:
  • 7 Lindholm C, Notander JP, Höst M. A Case Study on Software Risk Analysis in Medical Device Development. 4th International Conference on Software Quality Days, SWQD 2012; 94: 143-158.
  • 8 Neuhaus J, Maleike D, Nolden M, Kenngott HG, Meinzer HP, Wolf I. A Quality-refinement Process for Medical Imaging Applications. Methods Inf Med 2009; 48: 336-339.
  • 9 Schmuland C. Value-Added Medical-Device Risk Management. IEEE Transactions on Device and Materials Reliability 2005; 5: 488-493.
  • 10 Wong K, Callaghan C. Managing requirements baselines for medical device software development. In: IEEE International Systems Conference (SysCon) 2012; pp 1-5.
  • 11 Michalowski W, Slowinski R, Wilk S, Farion K, Pike J, Rubin S. Design and development of a mobile system for supporting emergency triage. Methods Inf Med 2005; 44: 14-24.
  • 12 Ißler L, Spreckelsen C, Weßel C. Implementing Software Development Guidelines in a Medical Informatics Research Project. Methods Inf Med 2007; 46: 641-645.
  • 13 Hoodat H, Rashidi H. Classification and Analysis of Risks in Software Engineering. World Academy of Science, Engineering and Technology 2009; 56
  • 14 Dash R, Dash R. Risk Assessment Techniques for Software Development. European Journal of Scientific Research 2010; 42: 629-636.
  • 15 Luzi D, Pecoraro F. Medical Device Software: A New Challenge. In: Quality of Life through Quality of Information. Proceedings of MIE 2012; pp 885-890.
  • 16 ISO/IEC 12207:2008, Information technology - Software life cycle processes
  • 17 ISO 13485:2003, Medical devices - Quality management systems - Requirements for regulatory purposes
  • 18 IEC 62304:2006, Medical device software - Software life cycle processes
  • 19 ISO 14971:2012, Medical devices - Application of risk management to medical devices
  • 20 IEC 80002-1:2009, Medical device software - Part 1: Guidance on the application of ISO 14971 to medical device software
  • 21 European Commission, Medical Devices: Guidance document - Qualification and Classification of standalone software (MEDDEV 2.1/6). 2012. Brussels; Belgium:
  • 22 Directive 2007/47/EC of the European Parliament and of the Council L 247/21, 21.9.2007
  • 23 Co-ordination of Notified Bodies Medical Devices (NB-MED) on Council Directives 90/385/EEC, 93/42/EEC and 98/79/EC. Recommendation NB-MED 2.2 Rec. 4 2001
  • 24 FDA Guidance for the Content of Premarket Submissions for Software Contained in Medical Devices. 2005
  • 25 FDA Guidance for Off-the-Shelf Software Use in Medical Devices. 1999
  • 26 FDA Draft Guidance for Industry and Food and Drug Administration Staff - Mobile Medical Applications. 2011
  • 27 ISO 9001;2008 Quality management systems – Requirements
  • 28 CFR part 820- Quality System Regulation. www.fda.gov/MedicalDevices/DeviceRegulationandGuidance/Databases/ucm135680.htm
  • 29 FDA/CDRH Guidance Document. General Principles of Software Validation; Final Guidance for Industry and FDA Staff, January 2002
  • 30 IEC 60601-1-X, Medical electrical equipment - Part 1: General requirements for basic safety and essential performance
  • 31 IEC 61010-1:2010, Safety requirements for electrical equipment for measurement, control, and laboratory use - Part 1: General requirements
  • 32 McHugh M, McCaffery F, Casey V. Standalone Software as an Active Medical Device, 11th International SPICE Conference 2011
  • 33 Roland HE, Moriarty B. System Safety Engineering and Management. New York: Wiley; 2009
  • 34 McHugh M, McCaffery F, Casey V. Barriers to Adopting Agile Practices when Developing Medical Device Software. 12th International SPICE Conference Process Improvement and Capability Determination. Palma: Majorca; 2012
  • 35 Ge X, Paige RF, McDermid JA. An Iterative Approach for Development of Safety Critical Software and Safety Arguments. In Agile 2010