By medical device we mean, for example, a device, software or instrument that is used to diagnose or treat patients. The software itself may be a medical device, or software can be used to control the operation of a medical device.
A medical device can help diagnose an illness, monitor a patient’s condition or treat a medical condition. For example, an algorithm that calculates, on the basis of measurements taken, the patient’s probability to go down with coronary artery disease within the next decade, is considered medical software.
Who is authorized to manufacture medical devices and their software? Firstly, manufacturers of medical devices must have in place a quality management system (QMS) compliant with the ISO 13485 standard. Medical software development differs in many ways from other types of software development, the following being the key differences:
1. Careful planning, implementation and documentation
Any piece of software should be planned carefully. However, careful planning and documentation of a medical device is mandatory, because using the device and software must be safe to both its user and the patient.
The software design of a medical device is regulated by IEC 62304, medical device software – software life cycle processes. Before implementing the software, its requirements must be documented and its architecture designed. After implementation, the software must be verified by testing
The usability of a medical device’s user interfaces must be planned carefully and professionally. Following usability planning, the usability of a medical device is evaluated in accordance with standard IEC 62366-1.
Usability is evaluated with the chosen evaluation method a number of times. When the evaluators are satisfied that there are no more usability problems, a final summative evaluation will be made. In the earlier EU Medical Devices Directive (MDD), usability did not play such a major role, whereas in the new EU Medical Devices Regulation (MDR) usability must be taken into account.
3. Risk management from the viewpoint of patient safety
Risk management plays a key role in the design of a medical device especially from the viewpoint of patient safety. Once the software has been designed, a risk assessment will be conducted on it according to the ISO 14971 standard. Risk management, as specified in the above standard, focuses on the evaluation and prevention of patient safety risks. With the adoption of the new EU regulation (MDR), a data security aspect has been included in the patient safety considerations.
A risk assessment must consider the proper use of the device and determine whether the device or software can be used incorrectly. A patient safety risk may include the possibility of the software not working correctly, resulting in a disease not being detected.
4. Verification of libraries used
If a medical device uses ready-made libraries (Software of Unknown Provenance, SOUP), it must be checked how they function. The library requirements are described and verified, and use of the libraries in terms of patient safety is assessed. The life cycle of the library’s use in production is monitored, if necessary, from a data security viewpoint.
5. Can a patient benefit from the device?
If the medical device has some measurable health benefit to the patient, this benefit must be described and proved. If the device’s purpose has been narrowed down and described, the benefit of such use must be proved through technical tests and clinical studies. Once the device made available, its clinical performance is monitored, and, if necessary, further clinical studies conducted.
Choose your software development partner carefully
Medical software development is carefully regulated, starting from the design stage all the way until the software has been approved. If, for example, the manufacturer does not have the necessary certificate for a sufficient quality system or if the required standards are overlooked, no medical device or their software may be manufactured. This means that you should choose your software development partner carefully.
We at Atostek offer services for the software development of medical devices. We have been awarded the ISO 13485 certificate for medical devices and software, concerning development of medical software for customers. We also guarantee that we perform our work in accordance with the regulatory requirements.
Marketing and Communications Specialist