Med-Adept: A Lightweight Assessment Method for the Irish Medical Device Software Industry

In this paper we describe how a lightweight assessment method was developed to educate Irish software development organisations in relation to becoming medical device software suppliers

Challenges Experienced by Medical Device Software Organisations while following a Plan-driven SDLC

Medical device software organisations face challenges not faced by generic software development organisations. These challenges include the adherence to regulatory controls. Regulatory bodies require medical device software organisations to provide objective evidence that the software they are developing is safe and reliable. To produce this, regulatory bodies require a number of deliverables which must be achieved. However, they do not dictate which Software Development Life Cycle (SDLC) must be followed in order to achieve these deliverables. Despite not dictating which SDLC must be followed when developing medical device software, organisations typically develop their software in accordance with a Plan-Driven software development lifecycle. By conducting semi structured interviews with seven medical device software organisations, we gained a deeper insight into how the challenges experienced impact on the development of medical device software. The interviews also attempted to learn from the participants how they believe the challenges experienced can be overcome. The aim of this paper is to explain the methodology used to perform interviews with medical device software organisations and to present these interviews

Piloting MDevSPICE: the medical device software process assessment framework

Software development companies moving into the medical device domain often find themselves overwhelmed by the number of regulatory requirements they need to satisfy before they can market their device. Several international standards and guidance documents have been developed to help companies on their road to regulatory compliance but working their way through the various standards is a challenge in itself. In order to help software companies in the medical device domain, we have developed an integrated framework of medical device software development best practices called MDevSPICE®. This framework integrates generic software development best practices with medical device standards’ requirements enabling consistent and thorough assessment of medical device processes. MDevSPICE® can be used by software companies evaluating their readiness for regulatory audits as well as by large medical device manufacturers for selecting suitable software suppliers. The MDevSPICE® framework consists of a process reference model, a process assessment model, an assessment method, and training and certification schemes. The framework has been validated using expert reviews and through MDevSPICE® assessments in industry. In this paper, we describe the MDevSPICE® process assessment framework focusing on its benefits and significance for the medical device manufacturing community as learned from MDevSPICE® assessments conducted to date

Medical device software as a subsystem of an overall medical device

Embedded software is a sub-system that needs to be integrated with the electrical and mechanical subsystems for a functional medical device to be developed and marketed. In order to be able to develop a medical device system through integrating its sub-systems, the complete system requirements should be known at the start of the project and managed throughout development. Software requirements are then derived from the systems requirements. We have developed and piloted a medical device software process assessment framework called MDevSPICE® that integrates processes from various medical device software standards as well as generic software development standards. This paper describes how the MDevSPICE® framework has been designed so as to enable medical device software developers to produce software that will be safe and easily integrated with other sub-systems of the overall medical device. We also describe the lessons learned from piloting MDevSPICE® in the medical device industry and challenges medical device software developers meet in tracing requirements and risks to and from the system level

How Can Software SMEs Become Medical Device

The amount of software content within medical devices has grown considerably over recent years and will continue to do so as the level of complexity of medical devices increase. This is driven by the fact that software is introduced to produce sophisticated medical devices that would not be possible using only hardware. This therefore presents opportunities for software development SMEs to become medical device software development organisations. However, some obstacles need to be addressed and overcome in order to make the transition from being a generic software development organisation to becoming a medical device software development organisation. This paper describes these obstacles and how research that is currently being performed within the Regulated Software Research Group in Dundalk Institute of Technology may be used to assist with this transitio

Adopting Agile Practices when Developing Medical Device Software

Agile methods are gaining momentum amongst the developers of non-safety critical software. They offer the ability to improve development time, increase quality and reduce development costs. Despite this, the rate of adoption of agile methods within safety critical domains remains low. On face value agile methods appear to be contradictory to regulatory requirements. However while they may appear contradictory, they align on key values such as the development of the highest quality software. To demonstrate that agile methods could in fact be adopted when developing regulatory compliant software they were implemented on a medical device software development project. This implementation showed that not only can agile methods be successfully followed, but it also revealed that benefits were acquired. For example, the medical device software development project was completed 7% faster when following agile methods, when compared to if it had been completed in accordance with a plan-driven approach. While this implementation is confined to a single project, within a single organization it does strengthen the belief that adopting agile methods within regulated domains can reap the same benefits as those acquired in non-safety critical domains

Adopting Agile Practices When Developing Software for Use in the Medical Domain

Non-safety critical software developers have been reaping the benefits of adopting agile practices for a number of years. However, developers of safety critical software often have concerns about adopting agile practices. Through performing a literature review, this research has identified the perceived barriers to following agile practices when developing medical device software. A questionnaire based survey was also conducted with medical device software developers in Ireland to determine the barriers to adopting agile practices. The survey revealed that half of the respondents develop software in accordance with a plan driven software development lifecycle and that they believe that there are a number of perceived barriers to adopting agile practices when developing regulatory compliant software such as: being contradictory to regulatory requirements; insufficient coverage of risk management activities and the lack of up-front planning. In addition, a comparison is performed between the perceived and actual barriers. Based upon the findings of the literature review and survey, it emerged that no external barriers exist to adopting agile practices when developing medical device software and the barriers that do exists are internal barriers such as getting stakeholder buy in

Development and Validation of the MedITNet Assessment Framework: Improving Risk Management of Medical IT Networks

The use of networked medical devices can provide a number of benefits such as improved patient safety, reduced costs of care and a reduction in adverse events. Traditionally, medical devices were placed onto a proprietary IT network provided by the manufacturer of the device. Today, medical devices are increasingly designed for incorporation into a hospital’s general IT network enabling devices to exchange critical information. However, this can introduce risks and negate the potential benefits to patients. While the IEC 80001-1 standard has been developed to aid Healthcare Delivery Organisations (HDOs) in addressing these risks, HDOs may struggle to understand and implement the requirements. The MedITNet framework has been developed to allow HDOs to assess the capability of their risk management processes against the requirements of IEC 80001-1. MedITNet provides a flexible assessment framework enabling HDOs to gain a greater understanding of the requirements of the standard and to improve risk management processes by determining their current state and highlighting areas for improvement. This paper examines the challenges faced by HDOs in the risk management of medical IT networks and briefly explains the components of the MedITNet framework and how the framework addresses these challenges. This paper also details how Action Design Research (ADR) was used in the development and validation of MedITNet

The MedITNet Assessment Framework: Development and Validation of a Framework for Improving Risk Management of Medical IT Networks

Medical devices are increasingly designed for incorporation into a hospital’s IT network allowing devices to exchange critical information. However, connecting devices in this way can introduce risks potentially negating the benefits to patients. While the IEC 80001-1 standard has been developed to aid Healthcare Delivery Organisations (HDOs) in addressing these risks, HDOs often struggle to understand and implement the requirements. The MedITNet framework has been developed to allow HDOs to assess the capability of their risk management processes against the requirements of IEC 80001-1. MedITNet provides a flexible assessment framework enabling HDOs to gain a understanding of the requirements of the standard and to improve risk management processes by determining their current state and highlighting areas for improvement. This paper examines the challenges faced by HDOs in the risk management of medical IT networks and explains the components of the MedITNet framework and how the framework addresses these challenges. The use of Action Design Research (ADR) in the development and validation of MedITNet are also discussed focusing on a pilot implementation of the assessment method and expert review of the overall framework. The changes to the framework and its components as a result of the validation process are also discussed

An Agile Process Model for Product Derivation in Software Product Line Engineering

Software Product Lines (SPL) and Agile practices have emerged as new paradigms for developing software. Both approaches share common goals; such as improving productivity, reducing time to market, decreasing development costs and increasing customer satisfaction. These common goals provide the motivation for this research. We believe that integrating Agile practices into SPL can bring a balance between agility and formalism. However, there has been little research on such integration. We have been researching the potential of integrating Agile approaches in one of the key SPL process areas, product derivation. In this paper we present an outline of our Agile process model for product derivation that was developed through industry based case study research