Process of designing robust, dependable, safe and secure software for medical devices: Point of care testing device as a case study

This article has been made available through the Brunel Open Access Publishing Fund.Copyright © 2013 Sivanesan Tulasidas et al. This paper presents a holistic methodology for the design of medical device software, which encompasses of a new way of eliciting requirements, system design process, security design guideline, cloud architecture design, combinatorial testing process and agile project management. The paper uses point of care diagnostics as a case study where the software and hardware must be robust, reliable to provide accurate diagnosis of diseases. As software and software intensive systems are becoming increasingly complex, the impact of failures can lead to significant property damage, or damage to the environment. Within the medical diagnostic device software domain such failures can result in misdiagnosis leading to clinical complications and in some cases death. Software faults can arise due to the interaction among the software, the hardware, third party software and the operating environment. Unanticipated environmental changes and latent coding errors lead to operation faults despite of the fact that usually a significant effort has been expended in the design, verification and validation of the software system. It is becoming increasingly more apparent that one needs to adopt different approaches, which will guarantee that a complex software system meets all safety, security, and reliability requirements, in addition to complying with standards such as IEC 62304. There are many initiatives taken to develop safety and security critical systems, at different development phases and in different contexts, ranging from infrastructure design to device design. Different approaches are implemented to design error free software for safety critical systems. By adopting the strategies and processes presented in this paper one can overcome the challenges in developing error free software for medical devices (or safety critical systems).Brunel Open Access Publishing Fund

Towards a Life Sciences Code: Countering the Threats from Biological Weapons

Ye

Enhancing the Auditability of the Agile XP Software Development Process in the Context of EU Medical Device Regulations

Nowadays, there is increasing reliance on software in the healthcare industry, such as software used for diagnostic or therapeutic purposes and software embedded in a medical device, often known as medical device software. Regulatory compliance has become increasingly visible in healthcare industries. Software development companies that develop medical devices software in Europe must comply with EU Medical Device Regulation (EU MDR) regulations in order to get the CE marking. Agile development practices are increasingly adopted by generic software development companies. For example, agile extreme programming (XP) is now considered a common model of choice for many business-critical projects. The reason behind that is that Agile XP has several benefits, such as developing high-quality software with a low cost and in a short period of time, with the capability to embrace any changing requirements during the development process. However, healthcare industries still have a low rate of agile adoption. This is due to the challenges that software developers face when using Agile XP within the stringent requirements of healthcare regulations. These challenges are the lack of fixed up-front planning, lack of documentation, traceability issues, and formality issues. Agile software companies must provide evidence of EU MDR conformity, and they need to develop their own procedures, tools, and methodologies to do so. As yet, there is no consensus on how to audit the Agile XP software companies to ensure that their software processes have been designed and implemented in conformity with EU MDR requirements. The motivation of this research is to assist the companies developing medical device software that wish to adopt Agile XP practices in their effort to meet the EU MDR certification requirements (CE marking). In addition, this research aims to help the information system auditors to extract auditing evidence that demonstrates conformity to the EU MDR requirements that must be met by Agile XP software organisations. This research will try to answer three main questions: Do Agile XP practices support the EU MDR requirements? Is it possible to adopt Agile XP practices when developing medical devices software? Is it possible to submit conformity evidence to EU MDR auditors? The main aim of this research is to enhance the auditability of the Agile XP software development process in the context of EU MDRs. This aim can be achieved by two main objectives: first, proposing an extension to the Agile XP user story to enhance the early planning activities of Agile XP according to EU MDR requirements. Second, designing an auditing model that covers the requirements of EU MDR. This auditing model should provide the EU MDR auditors with auditing evidence that the medical device software developed with an Agile XP process has fulfilled the requirements of EU MDR. The main contribution of this research study is the auditing model for EU MDR requirements that is aligned with the principles of Agile XP. The proposed auditing model would help auditors to audit the Agile XP development process of the medical device with regard to the EU MDR requirements in way of obtaining evidence in conformity to EU MDR requirements. And also, this auditing model can be considered as a guideline that would guide the Agile XP developers to follow the EU MDR requirements. The proposed auditing model has been assessed based on relevant case studies. As result, the evidence gathered shows at least partial support for the requirements in each case study. However, no case study has been demonstrated as supporting fully the auditing yardsticks of the proposed auditing model

Impact of EU Medical Device Directive on Medical Device Software

Directive 2007/47/EC of the European Parliament amending Medical Device Directive (MDD) provides medical device manufacturers with a compliance framework. However, the effects of the amendments to the MDD on competition in the U.S. medical device software industry are unknown. This study examined the impact of this directive on the competitiveness of U.S. medical device software companies, the safety and efficacy of medical device software, employee training, and recruitment. The conceptual framework for this study included 3 dimensions of medical device regulations: safety, performance, and reliability. The overall research design was a concurrent mixed method study using both quantitative and qualitative techniques. The qualitative techniques involved case studies of 5 purposively selected companies. Data collection involved both surveys and interviews. The sample consisted of 56 employees within medical device firms with markets around the European regions. Qualitative data analysis consisted of descriptive thematic analysis along the study questions and hypotheses and summative evaluation. Quantitative data analysis included descriptive statistics and correlation to test the 4 hypotheses. The results suggested that the MDD has realigned medical device software manufacturing practices, and US medical device companies have gained global competitiveness in improving product safety and increasing sales revenue. Key recommendations to medical device manufacturers include adopting MDD 93/42/EEC, using model-based approaches, and being comprehensive in model use. Adopting the MDD will provide positive social change to patients, as human safety improves with better product quality while companies experience fewer product recalls

Formal verification of automotive embedded UML designs

Software applications are increasingly dominating safety critical domains. Safety critical domains are domains where the failure of any application could impact human lives. Software application safety has been overlooked for quite some time but more focus and attention is currently directed to this area due to the exponential growth of software embedded applications. Software systems have continuously faced challenges in managing complexity associated with functional growth, flexibility of systems so that they can be easily modified, scalability of solutions across several product lines, quality and reliability of systems, and finally the ability to detect defects early in design phases. AUTOSAR was established to develop open standards to address these challenges. ISO-26262, automotive functional safety standard, aims to ensure functional safety of automotive systems by providing requirements and processes to govern software lifecycle to ensure safety. Each functional system needs to be classified in terms of safety goals, risks and Automotive Safety Integrity Level (ASIL: A, B, C and D) with ASIL D denoting the most stringent safety level. As risk of the system increases, ASIL level increases and the standard mandates more stringent methods to ensure safety. ISO-26262 mandates that ASILs C and D classified systems utilize walkthrough, semi-formal verification, inspection, control flow analysis, data flow analysis, static code analysis and semantic code analysis techniques to verify software unit design and implementation. Ensuring software specification compliance via formal methods has remained an academic endeavor for quite some time. Several factors discourage formal methods adoption in the industry. One major factor is the complexity of using formal methods. Software specification compliance in automotive remains in the bulk heavily dependent on traceability matrix, human based reviews, and testing activities conducted on either actual production software level or simulation level. ISO26262 automotive safety standard recommends, although not strongly, using formal notations in automotive systems that exhibit high risk in case of failure yet the industry still heavily relies on semi-formal notations such as UML. The use of semi-formal notations makes specification compliance still heavily dependent on manual processes and testing efforts. In this research, we propose a framework where UML finite state machines are compiled into formal notations, specification requirements are mapped into formal model theorems and SAT/SMT solvers are utilized to validate implementation compliance to specification. The framework will allow semi-formal verification of AUTOSAR UML designs via an automated formal framework backbone. This semi-formal verification framework will allow automotive software to comply with ISO-26262 ASIL C and D unit design and implementation formal verification guideline. Semi-formal UML finite state machines are automatically compiled into formal notations based on Symbolic Analysis Laboratory formal notation. Requirements are captured in the UML design and compiled automatically into theorems. Model Checkers are run against the compiled formal model and theorems to detect counterexamples that violate the requirements in the UML model. Semi-formal verification of the design allows us to uncover issues that were previously detected in testing and production stages. The methodology is applied on several automotive systems to show how the framework automates the verification of UML based designs, the de-facto standard for automotive systems design, based on an implicit formal methodology while hiding the cons that discouraged the industry from using it. Additionally, the framework automates ISO-26262 system design verification guideline which would otherwise be verified via human error prone approaches

Firmware design of a portable medical device to measure the quadriceps muscle group after a total knee arthroplasty by EMG, LBIA and clinical score methods

El objetivo de este proyecto es el diseño del firmware de un dispositivo médico portátil para mediciones de EMG y LBIA, que se utilizará para la evaluación de pacientes de artroplastia total de rodilla, para estudiar la progresión de diferentes prótesis de rodilla (Medial-Pivot y Ultra-Congruente). En la tesis, se expone el conocimiento actual de los estudios y aplicaciones de EMG y LBIA, junto con los dispositivos comerciales utilizados actualmente. Además, se han estudiado e implementado las diferentes técnicas de filtrado y procesamiento digital para señales de EMG y LBIAs. Adicionalmente, se ha realizado un estudio estadístico preliminar con datos LBIA de 12 pacientes de artroplastia total de rodilla. El diseño del firmware de esta tesis incluye: los procesos de adquisición de datos con el uso de diferentes ADCs (Conversor Analógico a Digital) (de la propia placa y externos, utilizando la interfaz SPI) y un DAC (Conversor Digital a Analógico), el correspondiente procesamiento de la señal y la extracción de sus características, la comunicación con un dispositivo externo utilizando un módulo BLE externo con interfaz UART, el proceso de encriptación de los datos médicos, la funcionalidad de manejo de errores y la aproximación del nivel de batería. En esta tesis, todos los flujos de trabajo de los procesos se exponen y explican mediante diagramas de flujo, mientras que se justifica cada cálculo y configuración. Además, todo el código correspondiente se ha programado en lenguaje C y se expone en los anexos. También se ha revisado la normativa aplicable y se ha analizado tanto el impacto ambiental como el coste económico del producto. Por último, se proponen mejoras para futuros trabajos.The aim of this project is the firmware design for a portable medical device for EMG and LBIA measurements which will be used for the assessment of total knee arthroplasty patients to study the progression of different knee prostheses (Medial-Pivot and Ultra-Congruent). For its realization, the state of the art of the EMG and LBIA studies and applications are exposed, along with the currently used medical devices. In addition, the different digital filtering and processing techniques for these studies have been studied and implemented. Furthermore, a preliminary statistical study has been performed with LBIA data from 12 patients with total knee arthroplasty. The firmware design of this thesis includes: the acquiring data processes with the use of different ADCs (from the actual board and external, using the SPI interface) and a DAC, the corresponding signal processing and feature abstraction, the communication with an external device using an external BLE module with UART interface, the medical data encrypting process, the error handling functionality, and the battery level approximation. In this work, all the process workflows are exposed and explained using flowcharts, while every calculation and configuration is justified. In addition, all the corresponding code has been programmed using C language and exposed in the Annexes. Moreover, the applicable regulation has been reviewed, and both the environmental impact and economic cost of the product have been analyzed. Finally, improvements are proposed for future work.L'objectiu d'aquest projecte és el disseny del microprogramari d'un dispositiu mèdic portàtil per a mesures d'EMG i LBIA. L’aparell mèdic s'utilitzarà per a l'avaluació de pacients d'artroplàstia total de genoll per estudiar la progressió de dues pròtesis de genoll (Medial-Pivot i Ultra- Congruent). En el treball, s'exposa el coneixement actual dels estudis i aplicacions d'EMG i LBIA, juntament amb els dispositius comercials utilitzats actualment. A més, s'han estudiat i implementat les diferents tècniques de filtrat i processament digital dels senyals de EMG i LBIA. Addicionalment, s'ha fet un estudi estadístic preliminar amb dades de LBIA de 12 pacients amb artroplàstia total de genoll. El disseny del microprogramari d'aquesta tesi inclou: els processos d'adquisició de dades fent ús de diferents ADCs (de la pròpia placa i externs, utilitzant la interfície SPI) i un DAC, el processament dels senyals i l'abstracció de les seves característiques, la comunicació amb un dispositiu extern utilitzant un mòdul BLE extern amb interfície UART, el procés d'encriptació de les dades mèdiques, la funcionalitat de l’avaluació d'errors i l'aproximació del nivell de bateria. En aquest treball, totes les funcionalitats del dispositiu s'exposen i s'expliquen mitjançant diagrames de flux i es justifiquen els càlculs i configuracions corresponents. Tot el codi desenvolupat s'ha programat en llenguatge C i s'exposa als annexos. A més, s'ha revisat la normativa aplicable i s'ha analitzat tant l'impacte ambiental com el cost econòmic de l’aparell. Finalment, es proposen millores per a futurs desenvolupaments

Humans in the Loop

From lethal drones to cancer diagnostics, humans are increasingly working with complex and artificially intelligent algorithms to make decisions which affect human lives, raising questions about how best to regulate these human-in-the-loop systems. We make four contributions to the discourse. First, contrary to the popular narrative, law is already profoundly and often problematically involved in governing human-in-the-loop systems: it regularly affects whether humans are retained in or removed from the loop. Second, we identify the MABA-MABA trap, which occurs when policymakers attempt to address concerns about algorithmic incapacities by inserting a human into a decision-making process. Regardless of whether the law governing these systems is old or new, inadvertent or intentional, it rarely accounts for the fact that human-machine systems are more than the sum of their parts: they raise their own problems and require their own distinct regulatory interventions. But how to regulate for success? Our third contribution is to highlight the panoply of roles humans might be expected to play, to assist regulators in understanding and choosing among the options. For our fourth contribution, we draw on legal case studies and synthesize lessons from human factors engineering to suggest regulatory alternatives to the MABA-MABA approach. Namely, rather than carelessly placing a human in the loop, policymakers should regulate the human-in-the-loop system