Software Engineering & Electronics

Symbol of development in medical devices: a woman looks at MRI images

Developing Healthcare Devices: What Needs to be Done?

Is the Development of Medical Devices Different from that for other Functional Safety?

Time to Read 4 min

When you develop medical devices that contain embedded software and hardware (PEMS: Programmable Electrical Medical Systems), what do you have to do? Medical devices are subject to different standards than other industries, and the terminology is also different: is it possible to also apply the principles of functional safety development?

The most important of these standards for medical devices are:

  • ISO 13485: Quality management system
  • ISO 14971: Risk management (with ISO 24971: guidance on its application)
  • IEC 62304: Software development
  • IEC 60601-1: Basic standard for the safety of electrical medical devices (plus any sub-standards for your specific medical device)

But what does this mean for embedded development? What needs to be done?

If we summarize these standards, which usually all apply together, then their requirements always add up to requirements for development that apply to functional safety in all industries.

Below, we go through the list for functional safety for all industries with regard to the development of medical devices. The links below point to the pages that explain the concepts in more detail. Where possible, an example of a standard referencing the concept is provided.

One important note: in the context of development and engineering, traceability is not the traceability of individual products trough the complete manufacturing process as defined in ISO 13485, but the traceability between different artifacts and results of the development process.

Preliminary phase

In the preliminary phase, the same activities must be carried out as for other standards: define the certification base and safety goals. The only thing that can cause confusion at the beginning is that safety goals for medical devices in IEC 60601-1 are called “essential performance”.

Basic Concepts of Functional Safety

The basic ideas are the same as for other industries:

  • „Use quality to manage risk”: e.g. ISO 13485, 0.3
  • Planning: e.g. ISO 13485, 7.3.2
  • Evidence: e.g. ISO 13485, 4.2.4, 4.2.5 / IEC 60601-1, 3.72
  • Traceability: e.g. IEC 62304, 5.1.1.c, 7.3.3

Development Activities

What does the Engineer Do?

Here, too, engineers have to perform the same activities as in other industries:

  • Safety Analyses
    • Hazard-/ Risk Analysis: e.g. ISO 14971, 5
    • Fault Tree Analysis (FTA): e.g. ISO 14971, 5 (see ISO 24971, Annex B)
    • Failure Modes and Effects Analysis (FMEA): e.g. ISO 14971, 5 (see ISO 24971, Annex B)
  • Safety Measures based on the single-fault approach / single-fault safety, e.g. IEC 60601-1, 14.6.1
    • against random hardware failures
    • against systematic software failures
    • against systematic hardware failures
    • detection of latent faults
  • Requirements
    • V-Model: e.g. IEC 60601-1 H.2
    • Requirements-Traceability: e.g. IEC 62304, 5.1.1.c, 7.3.3
      • with Traceability-Coverage Analysis
  • Verification
    • Reviews: e.g. ISO 13485, 4.2.4, 7.3.5
      • with checklists
    • Tests: e.g. ISO 13485, 7.3.6
    • Code-Coverage Analysis: e.g. FDA Guidance “General Principles of Software Validation”
  • Standards
    • Requirement Standards we recommend for reasons of efficiency
    • Design Standards we recommend for reasons of efficiency
    • Coding Standards: e.g. IEC 62304, 5.5.3, B.5.5
  • Components
    • Quantitative Analysis (failure rates) is the only point you can avoid with medical devices
    • High-Reliability Components: e.g. IEC 60601-1, 14.8 a)
  • Tools
    • Tool Classification: e.g. ISO 13485, 4.1.6
    • Tool Qualification: e.g. ISO 13485, 4.1.6
  • Give and Accept Feedback

What does the Project Team Do?

The project team is confronted with the same requirements as for other safe developments.

  • Plans: e.g.: ISO 13485, 7.3.2 / IEC 62304, 5.1.1
    • Risk Management Plan: e.g. ISO 14971, 4.4
    • Verification Plan: e.g. IEC 62304, 5.1.6
    • Integration Plan: e.g. IEC 62304, 5.1.5
    • etc.
  • Configuration Management: e.g. ISO 13485, 4.2.4
    • Releases
    • Storage
  • Change Management: e.g. ISO 13485, 7.3.9
    • Change Control Board
    • Traceability
  • Audits: e.g. IEC 60601-1, 14.1
  • Statements
    • Safety Case: as a component of the various files, e.g. ISO 13485, 4.2.3, 7.3.10 / IEC 62304 FAQ, 2.3.11
  • Communication

What does the Company Do?

And of course, the company cannot avoid the things that are standard for functional safety:

  • Processes: e.g. ISO 13485, 7.3.1
    • Way of Working
    • Tools
    • Templates
    • Checklists
    • etc.
  • Level 3
    • Processes for the Entire Organisation: e.g. ISO 13485, 4.1.3
    • Processes Continously Improved: e.g. ISO 13485, 8.5
  • Safety Culture: is not directly required, but without it, medical development could be difficult in the long run
    • Safety before commercial aspects
    • Safety Before Commercial Aspects
    • Proactive Attitude towards Errors
    • Clear Plans
    • Traceable Responsibility
  • Keep It Simple

Do you want to develop medical devices? Do you have questions about the procedures and processes for developing healthcare devices / PEMS? We are happy to support you, contact me:

Andreas Stucki

Do you have additional questions? Do you have a different opinion? If so, email me  or comment your thoughts below!

Author

Comments

No Comments

What is Your Opinion?

* These fields are required

Projects? Ideas? Questions? Let's do a free initial workshop!

+41 (0)44 555 39 00