Process of designing robust, dependable, safe and secure software for medical devices: Point of care testing device as a case study

This article has been made available through the Brunel Open Access Publishing Fund.Copyright © 2013 Sivanesan Tulasidas et al. This paper presents a holistic methodology for the design of medical device software, which encompasses of a new way of eliciting requirements, system design process, security design guideline, cloud architecture design, combinatorial testing process and agile project management. The paper uses point of care diagnostics as a case study where the software and hardware must be robust, reliable to provide accurate diagnosis of diseases. As software and software intensive systems are becoming increasingly complex, the impact of failures can lead to significant property damage, or damage to the environment. Within the medical diagnostic device software domain such failures can result in misdiagnosis leading to clinical complications and in some cases death. Software faults can arise due to the interaction among the software, the hardware, third party software and the operating environment. Unanticipated environmental changes and latent coding errors lead to operation faults despite of the fact that usually a significant effort has been expended in the design, verification and validation of the software system. It is becoming increasingly more apparent that one needs to adopt different approaches, which will guarantee that a complex software system meets all safety, security, and reliability requirements, in addition to complying with standards such as IEC 62304. There are many initiatives taken to develop safety and security critical systems, at different development phases and in different contexts, ranging from infrastructure design to device design. Different approaches are implemented to design error free software for safety critical systems. By adopting the strategies and processes presented in this paper one can overcome the challenges in developing error free software for medical devices (or safety critical systems).Brunel Open Access Publishing Fund

Security and Privacy Qualities of Medical Devices: An Analysis of FDA Postmarket Surveillance

Background: Medical devices increasingly depend on computing functions such as wireless communication and Internet connectivity for software-based control of therapies and network-based transmission of patients’ stored medical information. These computing capabilities introduce security and privacy risks, yet little is known about the prevalence of such risks within the clinical setting. Methods: We used three comprehensive, publicly available databases maintained by the Food and Drug Administration (FDA) to evaluate recalls and adverse events related to security and privacy risks of medical devices. Results: Review of weekly enforcement reports identified 1,845 recalls; 605 (32.8%) of these included computers, 35 (1.9%) stored patient data, and 31 (1.7%) were capable of wireless communication. Searches of databases specific to recalls and adverse events identified only one event with a specific connection to security or privacy. Software-related recalls were relatively common, and most (81.8%) mentioned the possibility of upgrades, though only half of these provided specific instructions for the update mechanism. Conclusions: Our review of recalls and adverse events from federal government databases reveals sharp inconsistencies with databases at individual providers with respect to security and privacy risks. Recalls related to software may increase security risks because of unprotected update and correction mechanisms. To detect signals of security and privacy problems that adversely affect public health, federal postmarket surveillance strategies should rethink how to effectively and efficiently collect data on security and privacy problems in devices that increasingly depend on computing systems susceptible to malware

The Use of Predicates in FDA Regulation of Medical Devices: A Case Study of Robotic Surgical Devices

In the last decade, a number of high profile medical device recalls have drawn attention to the regulatory approval process, particularly the streamlined process for devices considered “lower risk” known as the 510(k). Approval of medical devices through the 510(k) Process is not based on clinical data, but rather on “substantial equivalence” to predicate devices approved pre-1976 or legally marketed thereafter. A predicate device is one that shares the same intended use as the new device and technological characteristics which are either the same or different without introducing new safety hazards. Many scholars believe that the premise of approving medical devices based on similarity to existing devices is inherently flawed. In particular, there is worry that presence of technology creep between predicate devices can lead to the approval of medical devices which ultimately do not resemble the original device for which clinical evidence exists, even as that evidence is used to validate device safety. Given these concerns about the safety of the established regulatory process, this thesis explored the impact of predicate creep within the 510(k) Process through a case study of a Robotic Assisted Surgery (RAS) devices, with particular focus on the Intuitive Surgical Da Vinci Surgical System. Through the development of new methodologies using publicly available data to measure predicate creep, this research traces the predicate ancestry of several RAS devices to assess the current impact and implications of predicate creep on the current regulatory process. The study concludes that there is significant evidence of predicate creep within the approval process and recommend new guidelines for classifying device risk and subsequent evidentiary requirements within the 510(k) Process, to reduce the number of devices with high levels of potential risk to public safety released onto the market

A novel approach to assess minimally invasive surgical device failure utilizing adverse event outcome severity and design complexity.

Medical device failure and misuse have the potential to cause serious injury and death. Given the intricate nature of the instruments utilized specifically in minimally invasive surgery (MIS), users and manufacturers of surgical devices share a responsibility in preventing user error and device failure. A novel approach was presented for the evaluation of minimally invasive device failures, which involved assessing the severity of adverse event outcomes associated with the failures modes and investigating aspects of the devices’ design that may contribute to failure. The goals of this research were to 1) characterize the design attributes, failure modes, and adverse events associated with minimally invasive surgical devices and 2) describe the relationship between minimally invasive surgical device design complexity and the severity of adverse events. The types of failure modes, phases of operation in which failure occurs, severity of adverse event outcomes, and design complexity associated with four minimally invasive surgical devices were determined. An association was shown to exist between phases of surgical device operation and the severity of outcomes that occur in each phase (p \u3c 0.05). Across both device types, the majority of failure occurred during execution of the devices’ main function which involved securing and transecting tissue. The least amount of failures occurred during the results and post-op phase of operation; however, the failures that occurred during this phase resulted in the highest average outcome severity. The endoscopic staplers assessed resulted in overall higher average outcome severities relative to that of the tissue sealers. The methods employed are the first to evaluate medical device design, function, and failure outcomes from a complexity perspective. While statistical conclusions regarding the overall research goal could not be drawn, heuristic methods support development of the approach presented. The work herein assists the enhancement of risk awareness and prevention techniques and serves as a contribution to filling the knowledge gap regarding device use and failure outcomes. Bridging the gap between surgeons and engineers is crucial to the successful implementation and evaluation of new technology in the operating room, which was an essential component of this research

Impact of EU Medical Device Directive on Medical Device Software

Directive 2007/47/EC of the European Parliament amending Medical Device Directive (MDD) provides medical device manufacturers with a compliance framework. However, the effects of the amendments to the MDD on competition in the U.S. medical device software industry are unknown. This study examined the impact of this directive on the competitiveness of U.S. medical device software companies, the safety and efficacy of medical device software, employee training, and recruitment. The conceptual framework for this study included 3 dimensions of medical device regulations: safety, performance, and reliability. The overall research design was a concurrent mixed method study using both quantitative and qualitative techniques. The qualitative techniques involved case studies of 5 purposively selected companies. Data collection involved both surveys and interviews. The sample consisted of 56 employees within medical device firms with markets around the European regions. Qualitative data analysis consisted of descriptive thematic analysis along the study questions and hypotheses and summative evaluation. Quantitative data analysis included descriptive statistics and correlation to test the 4 hypotheses. The results suggested that the MDD has realigned medical device software manufacturing practices, and US medical device companies have gained global competitiveness in improving product safety and increasing sales revenue. Key recommendations to medical device manufacturers include adopting MDD 93/42/EEC, using model-based approaches, and being comprehensive in model use. Adopting the MDD will provide positive social change to patients, as human safety improves with better product quality while companies experience fewer product recalls

Medical Cyber-Physical Systems Development: A Forensics-Driven Approach

The synthesis of technology and the medical industry has partly contributed to the increasing interest in Medical Cyber-Physical Systems (MCPS). While these systems provide benefits to patients and professionals, they also introduce new attack vectors for malicious actors (e.g. financially-and/or criminally-motivated actors). A successful breach involving a MCPS can impact patient data and system availability. The complexity and operating requirements of a MCPS complicates digital investigations. Coupling this information with the potentially vast amounts of information that a MCPS produces and/or has access to is generating discussions on, not only, how to compromise these systems but, more importantly, how to investigate these systems. The paper proposes the integration of forensics principles and concepts into the design and development of a MCPS to strengthen an organization's investigative posture. The framework sets the foundation for future research in the refinement of specific solutions for MCPS investigations.Comment: This is the pre-print version of a paper presented at the 2nd International Workshop on Security, Privacy, and Trustworthiness in Medical Cyber-Physical Systems (MedSPT 2017

Rx: Just What the Doctor Ordered: International Standards for Medical Devices

This Comment demonstrates why the FDA should amend its medical device regulations to emulate those of the European Community. There are two major benefits of a single set of international standards. First, a single set of international standards assures safe medical devices both in the United States and on the international market. Second, the United States will have a greater opportunity to export medical devices to the newly prosperous European Community resulting in greater financial returns and job opportunities for Americans

Preemption and Regulatory Failure

This symposium was convened to address the growing and seemingly conflicting jurisprudence governing federal preemption of state damage actions. One way to evaluate the evolution of preemption law is to examine it through the lens of litigation under the preemption provision of the 1976 Medical Device Amendments ( MDA ) to the federal Food, Drug, and Cosmetic Act - a provision that in many respects is typical of express preemption provisions in regulatory statutes and has spawned a high volume of litigation. The question raised in cases under the MDA is whether the Act\u27s preemption provision nullifies state damage actions based on personal injuries caused by medical devices that are defective, poorly designed, or promoted in ways that do not alert patients (and physicians) to the risks that attend their use. The answer to that question depends on how one reads the MDA preemption provision

Is my medical software allowed to go to market?

The central importance of software in healthcare practices is highlighted by the increasing regulation of medical software in order to safeguard medical activities and patient’s rights. Medical software suppliers need to meet regulatory requirements from different countries to gain market access and offer necessary compliant solutions. The present report focuses on providing methods and tools to allow software suppliers to evaluate which software products should be sold in which countries. Using design science and behavioral science two artifacts are presented integrating influence of regulatory requirements on market access and product lifecycle management. It is required to present all the regulatory information in an actionable way in order for it to be operationalized by businesses and engineering staff within a company

Cyber-Physical Modeling of Implantable Cardiac Medical Devices

The design of bug-free and safe medical device software is challenging, especially in complex implantable devices that control and actuate organs in unanticipated contexts. Safety recalls of pacemakers and implantable cardioverter defibrillators between 1990 and 2000 affected over 600,000 devices. Of these, 200,000 or 41%, were due to firmware issues and their effect continues to increase in frequency. There is currently no formal methodology or open experimental platform to test and verify the correct operation of medical device software within the closed-loop context of the patient. To this effect, a real-time Virtual Heart Model (VHM) has been developed to model the electrophysiological operation of the functioning and malfunctioning (i.e., during arrhythmia) heart. By extracting the timing properties of the heart and pacemaker device, we present a methodology to construct a timed-automata model for functional and formal testing and verification of the closed-loop system. The VHM\u27s capability of generating clinically-relevant response has been validated for a variety of common arrhythmias. Based on a set of requirements, we describe a closed-loop testing environment that allows for interactive and physiologically relevant model-based test generation for basic pacemaker device operations such as maintaining the heart rate, atrial-ventricle synchrony and complex conditions such as pacemaker-mediated tachycardia. This system is a step toward a testing and verification approach for medical cyber-physical systems with the patient-in-the-loop