In the past few years, medical devices have become increasingly dependent on software. More than 50 percent of medical devices now rely on software for some functionality. The software either is embedded in the device or plays an integral role in its production. For example, modern infusion pumps contain more than 100,000 lines of code, while proton bean therapy machines can contain more than 1 million.
Software integrity is not a "nice-to-have" quality in medical devices. Defects or bugs in the software can lead to device malfunctions that could result in injury or even death. With the serious nature of medical devices, the Food and Drug Administration has strict regulations that original device manufacturers (OEMs) must follow for their products to reach the market. However, with the dramatic increase in software and the expanding global supply chain, the risk of defects and bugs in the software also increases.
To mitigate this risk, OEMs should employ a set of policies in the software development phase to ensure the code meets the federal guidelines every step of the way. To that end, implementing a governance solution in development helps manufacturers ensure compliance to these policies in several ways:
Defining policies based on FDA guidance. OEMs must establish clear and specific policies that align with regulatory requirements. For example, a policy based on FDA guidelines would require all runtime errors to be identified and fixed before software can move on to the next stage in the development process. A governance solution provides a centralized location to define these policies and set thresholds to test against to validate ongoing compliance.
Testing often and early. Once an OEM defines its policies, those policies must be tested against. Implementing a governance solution in development enables teams to test software, whether developed in-house or from a third party, against the established policies and then fix any defects that arise while the code is still in development, where issues are least expensive and time-consuming to fix.
Controlling risk and compliance. Beyond setting policies and testing for defects, a governance solution allows managers to gain visibility into the quality and risk of software in the device supply chain. This visibility can ensure that progress made in development does not compromise regulatory guidelines or compliance metrics.
A governance solution is one way that medical device OEMs can overcome the challenge of managing the risk of failure inherent in software.
Thanks for the blog, it is really needed to define some policies to avoid the malfuction of the medical instruements which are embedded in key areas of medical environment. They should be rigourously tested before sending out to the market. Quality assurance in the medical area should definitely be 100% will avoid disaster.
This blog is a real eye-opener. It makes perfect sense that the software in medical devices should be defect-free. But look at consumers' tolerance for software flaws--we pretty much take them for granted. I'm glad there are agencies and companies looking out for this type of thing, and recommendations like the ones you outline here.
@ Anne, I agree with your call for OEMs to provide adequate and regular software maintenance to forestall any malfunction. I also see the need for the call by Andy for governance solution as a good one. The potential risk associated with software malfunction calls for ongoing tuning and performance analysis.
Andy, great post! As a consumer of medical devices, I had been really concerned with the increase in the electronic software in patient care and pondered about managing the risk posed by potential failure of software in these devices.
You are absolutely right about the need for ongoing requirements of effective management of risks posed by software use in medical device. The policies and procedures you mentioned provides comprehensive support for information governance solutions. This will help OEMs to respond to data quality, security, privacy at the entry points and auditing, retention, archiving and optimizationat a later stage.
The need for information governance to help transform data into strategic assets that can help lower cost and risks, increase the organization’s profitability is critical especially now during this weak economic period.
This is a nice blog with good points on mitigating the medical device software risk. In addition, OEM should also provide adequate and regular software maintenance plan and agreement to forestall any malfunctioning, and give the performance improvement.
Good points and they can be applied to every industry.The embedded device field of Machine-to-Machine (M2M) technology is expected explode in the coming years.In fact, in a recent research report by Analysis Mason, the global market for M2M device connections will grow to 2.1 billion in 2020.
I think having a governance solution is vital. Without governance companies are putting themselves at serious risk and could be wasting many resources ensuring the software is functioning properly. There needs to be a better system in place to ensure things are running properly.
When a million lines of code becomes part of an embedded device for some life critical medical devices, just following compliance procedures and having the documentation is not enough. We need traceability of the fault embedded into the product itself which should be able to pinpoint a particular module or the interface very precisely in that maze of 1 miilion lines of code.
A new methodology is required to integrate such huge amount of code which forces automated tests as each code module gets integrated into the product and kind of regressive analysis when a bug is found at a certain stage of integration.
Andy, you are right. Most of the medical devices are making use of embedded software and IT applications. But I think the credibility of such systems is yet to be proven. I have experienced these difficulties during the diagnostics phases in hospitals. For example, there are differences in values for BP reading between the manually taken and from automated machines. The case is same for diabetics and lipid profiles. Those hospitals who possess such machines are clamming that machines are accurate than manual and others as vice versa.
Andy, great post! As a consumer of medical devices, I had been really concerned with the increase in the electronic software in patient care and pondered about managing the risk posed by failure of software in these devices. You stated in your post the need for ongoing and effective management of risks posed by software use in medical device, and the call for governance solution is a good call.
The policies and procedures that meet regulatory standards are important aspects of the risk management since they provide comprehensive support for information governance solutions and help companies to respond to data quality, security, and privacy at the entry points; auditing, retention, archiving and optimization at a later stage. The ongoing tuning, performance analysis, and monitoring will certainly go a long way to mitigate software risks.
We need information governance solutions to help transform data into strategic assets that can help lower cost and risks, increase the organization’s profitability is critical especially now during this weak economic period.
EBN Dialogue enables you to participate in live chats with notable leaders and luminaries. Open to the entire EBN community of electronics supply chain experts, these conversations see ideas shared, comments made, and questions asked and answered in real time. Listed below are upcoming and archived chats. Stay tuned and join in!