Controlling installation

Interpreting the requirements of ISO 13485, or FDA QSR, we can say that medical software manufacturers shall control the way software is installed on target platforms. They have to verify that software is well installed and configured, to ensure that no adverse event will be raised by a wrong installation.
The way this verification of installation is done depends deeply on the context, for example:

  • Embedded software is installed on production lines, QA tests may include verifcation of software installation,
  • Big IT systems are installed by technicians with support from back-office, they may follow work instructions to verify the installation,
  • Standalone PC software may be installed directly by the end-user. There is no formal verification at this step. It was previously tested in factory on target plaforms.

Installing on mobile platforms

That said, it's not possible to follow throughly the way an application is installed on a mobile platform. The odds are that end-users may install it at home or in conditions where verification of installation isn't possible.

Installing

Installation follows a process imposed on the medical device manufacturers by mobile application store. The verification of the installation shall include tests that follows this imposed process.
Another way to say it: installing software on a smartphone or tablet configured for software development is not the right test. The verification is not complete until you test the installation by downloading software from the mobile application store to a clean (i.e. OS reinstalled from scratch) mobile device.

Limiting access

Another question is the target audience of mobile medical device apps. Since mobile application stores are public, everybody should be able to download any medical app. But only a few people with clinical skills may be able to use them.
To avoid such situation, it's possible to add a limitation of access to app functions. This may be by login to a server, by license key, or by an activation code.

Constraints of mobile applications stores

Nevermind that you have to pay up to $80 to publish an app on a store, there are constraints peculiar to a store that are outside medical devices regulations.

Requests of application store reviewers

Application store reviewers may have requests that are wide off the mark. Medical mobile app manufacturers usually have to change software, to cope with their requests. As a consequence, risk assessment may be breached by such changes.
More, some mobile platforms manufacturers are introducing themselves in the medical market, see this article on NY Times blog, or see the list of non-FDA participants (Apple or Google) to meetings held the 12th and 18th of december 2013 on public calendar of FDA.
This situation may raise conflicts between companies, which want to publish apps on stores held by their competitors.

Delays

Another pitfall is the delay necessary to see a new application published on a store. It may take up to 3 months. That's really bad news if you have to submit a new version of an app, which mitigates a risk unveiled by post-market surveillance.

Are applications stores distributors?

The goal of a distributor is to put goods closer to the customer than the manufacturer is able to.

Apps for general public

From the point of view of manufacturers of borderline mobile medical apps, dedicated to enhance general health condition, these stores may be seen as distributors. Thanks to them, the general public has access to their apps.

Apps for professionals

But this is not true from the point of view of medical devices manufacturers, which develop apps with a specific intended use. For example to connect to other devices in its product line and to control them in a remote mode.

In this case, customers are gained thanks to a long work, reaching opinion leaders, installing solutions in luminary sites and deploying slowly (then quickly if the concept is seducing) their products. When apps are deployed, they'll have to do the post-market surveillance, no chance that owners of app stores give feedback about the use of mobile medical apps.

For these reasons, owners of application stores have near zero added value.
Thus, application stores are more like transporters than distributors, only allowing the product to be shipped to its destination. It may be relevant to treat them as such from the point of view of ISO 13485 or FDA QSR.



To sum it up, it's difficult to have the requirements of regulations cope with the constraints of mobile applications stores. Medical devices manufacturers willing to deploy mobile medical apps should take while to think about these constraints before placing their apps on the market.


Next time, we'll draw a conclusion about this series