Software in Medical Devices, by MD101 Consulting

To content | To menu | To search

Tag - IEC 62304

Entries feed - Comments feed

Friday, 26 October 2012

What is software verification?

Many people make the confusion between verification and validation. There is no exception for software! I'd even say that the confusion is even worse for standalone software.

Let's see first the definition of verification and validation. I borrowed these definitions from the FDA website:

  • Verification is confirming that design output meets the design input requirements,
  • Validation is ensuring that the device conforms to defined user needs and intended uses.

OK, this remains theoretical. How to do that with software medical devices?
In this article I focus on verification and will focus on validation in the next article: What is software validation.

Continue reading...

Friday, 28 September 2012

Probability of occurence of a software failure

In two previous articles, I talked about the differences of bugs, software failures, and risks.
I left the discussion unfinished about the probability of occurence of a software failure or a defect.
I think that assessing the probability of occurence of a software failure is a hot subject. I've already seen many contradictory comments on this subject. It's also a hot subject for software manufacturers that are not well used to risk assessment.

Continue reading...

Friday, 6 July 2012

Class C software and agile methods

Are agile methods compatible with the constraints of development set by IEC 62304 standard of class C software?
After a series of three posts about agile methods and risks analysis. I focus in this post on IEC 62304 class C critical software.

Continue reading...

Saturday, 23 June 2012

How to combine risk management process with agile software development? - Part 3

We've seen in my last post that it's possible to have agile development methods combined with a risk management process. To be compliant with ISO 14971 standard, a risk management plan that describes this process along iterations, has to be written. And a risk assessment report has to be created in iteration 0 and updated in every iteration, by following the risk management process like the one found in figure 1 or figure B.1 of ISO 14971 standard.

Continue reading...

Sunday, 17 June 2012

How to combine risk management process with agile software development? - Part 2

This post is the continuation of the post of last week.
We've seen in that post that fixing bugs during software maintenance is like a small chunk of design, excepted that software specifications do not change. Therefore risk management process when fixing bugs is very close to risk management process during design, without the initial assessment of risks at the beginning of the software development cycle.

Continue reading...

Saturday, 9 June 2012

How to combine risk management process with agile software development? - Part 1

This post comes after a series of three posts where I exposed my thoughts about development of software medical devices with agile methods.
These posts were focussed on software development. Risk management deserves its own series of posts. Here is the first of three.

Continue reading...

Saturday, 2 June 2012

How to develop medical device software with agile methods? - Part 3

In my previous post, I explained how to adapt agile methods to IEC 62304. I finish this series of 3 posts with some advices about the organization of an iteration and the software development team.

Continue reading...

Wednesday, 16 May 2012

How to develop medical device software with agile methods? - Part 2

In my previous post, I explained how I tweaked the waterfall model to obtain something close to agile methods. But still not agile, actually...

Continue reading...

Saturday, 12 May 2012

How to develop medical device software with agile methods? - Part 1

IEC 62304 is the standard to apply for software in medical devices. It is not bound to any software development method or model. Though not explicit, using the waterfall development model is the most straighforward way to apply this standard.
The waterfall model has become old fashioned to the eyes of most of software developers, with the emergence of agile methods. Agile methods are so popular now that everydody wonders how to apply IEC 62304 with agile methods.

An AAMI/CDV-1 TIR(SW1) - Guidance on the use of agile practices in the development of medical device software exists about this subject. But it is still a draft and only members of AAMI have access to it.

So, how to use agile methods and still be compliant with IEC 62304?
Here are my thoughts about these questionings!

Continue reading...

Monday, 23 April 2012

Class A, B or C (continued)

I didn't have time to post anything worth it this week.
To give a side view of my last post about software classes, here is a link to DO-178B on wikipedia. It is the reference about software embarked in aircrafts.
If you take time to read this document, you will see that it goes very further than what we have today in IEC 62304. The constraints about design on high classes are very very hard to respect. That's normal, when you think that software is used in flight commands and other stuff in the cockpit.
It has some side effects, mainly to stretch software development projects, and to ban software from some parts of the plane, for cost-driven reasons.
For example, a microcontroler plus software plus electric motors would be perfect to memorize and retreive the position settings of the pilot's seat. But the cost to develop such software is very high, as the pilot's seat is seen as a critical component. Aircraft manufacturers prefer replacing software and microcontroler by good old analogic electronics to do the same task on some models.
In my humble opinion, the constraints of the two highest classes for software in aircrafts would be to high for medical devices. There is always a pratician, or an emergency medical service, able to "catch" the patient if something goes wrong. Whereas there is nobody to "catch" a falling plane if its flight commands fail. The consequences of risks are far higher in aircrafts, with potentially hundreds of victims in an accident.
That is why classes A, B and C, and their design constraints are enough for medical devices.

Next week, I'll talk about exemptions of ISO13485 for standalone software medical devices.
Bye.

Saturday, 14 April 2012

Is my software in class A, B or C?

IEC 62304 defines three safety classes for software:

  • Class A: No injury or damage to health is possible
  • Class B: Non-SERIOUS INJURY is possible
  • Class C: Death or SERIOUS INJURY is possible

Here comes the eternal question: Which class my software belongs to?

Continue reading...

Friday, 9 March 2012

Inflation of software medical devices - part 1

the-lesson.jpg
Don't worry, I'm not going to talk about money and quantitative easing! I let people with better knowledge in economics (that makes a lot of people!) do that.
When I talk about inflation, I mean the inflation of software medical devices in their number and variety, which creates a collateral inflation in the number of regulations, guidances, standards, and the like.
This post is the first of a series of three. In this first post, I focus on the inflation of standards. The next one will be on the inflation of regulations and the last one on the inflation of medical devices.

Continue reading...

Wednesday, 18 January 2012

Breast implants scandal: does the CE Mark malfunction?

Breast implants are technically far from software and one may say they don’t have anything in common. Yes, they do, when software is part of a medical device, they are both subject to the regulation of the 93/42 CE directive.

Is it possible to have a massive injury of people with software, like the one we discovered with the breast implants scandal?

To understand how this happened, let us begin with a brief history of the CE mark.

Continue reading...

Wednesday, 4 January 2012

Software development subcontractors: How to manage your Customer

Congratulations! You have signed a contract with a medical devices manufacturer. They don't have a very good knowledge of software. They rely on you to develop something brand new on a smartphone. The application they want to develop will bring new functionalities to doctors and let them do their jobs faster. Your customer chose you because you are the specialist of software on every OS’es on smartphones. You ensured him that your company can be in conformity with IEC 62304 standard. To that purpose, you modified and added the necessary procedures and forms to your quality system. You have one year to develop the application, which fits their desires … and the medical devices standards!

Continue reading...

Monday, 12 December 2011

How to externalize software development for a medical device?

Case example

You are a medical device company and you want to replace your old products by “smart” ones. Your competitors are doing it and you customers want them. “Smart” means something like an tiny computer (its amazing how small they are), with an operating system and big software. For electronic stuff, you have your own engineers or you have your subcontractors, which you have been working for 20 years with. They knew how to design embedded software on microchips. But they don’t know how to design software of higher level, with intelligent behaviour and complex algorithms.

Continue reading...

Friday, 18 November 2011

Software Medical Devices. How to obtain market homologation?

The homologation of a medical device is a complex task and can become a nightmare with devices with a high level of risk. It involves many standards and regulations, different from one country to another: FDA in the USA, CE Mark in Europe, CMDCAS in Canada, KFDA in South Korea, and so on …

Fortunately, most of these regulations have common requirements and rely on ISO standards, the most important standards being ISO 13485 and ISO 14971. If you meet the requirements of these standards, you increase your chances of passing the homologations for the devices with low risk. For devices with high risk, these standards are (almost) mandatory.

Continue reading...

Tuesday, 1 November 2011

ISO and IEC standards for software in medical devices in a nutshell

Here is a short description of ISO and IEC standards related to software and medical devices.

The starting point is legal. Government agencies give the authorizations to manufacturers to sell their devices. These agencies rely on standards to ensure that the device was designed and manufactured in a good and safe way. Given these regulations, medical device manufacturers have to adhere to these standards. Full stop.

Let's see what these standards are.

Continue reading...

page 3 of 3 -