Abstract
Failure of medical device (MD) software can have potentially catastrophic effects, leading to injury of patients or even death. Therefore, regulators penalise MD manufacturers who do not demonstrate that sufficient attention is devoted to the areas of hazard analysis and risk management (RM) throughout the software lifecycle. This paper has two main objectives. The first objective is to compare how thorough current MD regulations are with relation to the Capability Maturity Model Integration (CMMI®) in specifying what RM practices MD companies should adopt when developing software. The second objective is to present a Risk Management Capability Model (RMCM) for the MD software industry, which is geared towards improving software quality, safety and reliability. Our analysis indicates that 42 RM sub-practices would have to be performed in order to satisfy MD regulations and that only an additional 8 sub-practices would be required in order to satisfy all the CMMI® level 1 requirements. Additionally, MD companies satisfying the CMMI® goals of the RM process area by performing the CMMI® RM practices will not meet the requirements of the MD software RM regulations as an additional 20 MD-specific sub-practices have to be added to meet the objectives of RMCM.
Similar content being viewed by others
References
AAMI. (2001). Medical device software-software life cycle processes, ANSI (American National Standard)/AAMI (Association for the Advancement of Medical Instrumentation) SW68:2001. http://www.techstreet.com/cgi-bin/detail?product_id=923487.
AAMI. (2004). TIR32:2004, Medical device software risk management, http://marketplace.aami.org/eseries/scriptcontent/docs/Preview%20Files/TIR320412%20preview.pdf.
AAMI. (2005). New guidance offered on software risk management. 40(2).
Automotive SIG. (2005). The SPICE User Group Automotive Special Interest Group, Automotive SPICE Process Reference Model, 2005, available from http://www.automotivespice.com.
Bassen, H., Silberberg, J., Houston, F., Knight, W., Christman, C., & Greberman, M. D. (1985). Computerized medical devices: Usage trends, problems and safety technology. In Proceedings of IEEE 7th annual conference engineering in medicine and biology society (pp. 180–185).
Bates, D. W., Kuperman, G. J., Rittenberg, E., Teich, J. M., Fiskio, J., et al. (1999). A randomized trial of a computer-based intervention to reduce utilization of redundant laboratory tests. The American Journal of Medicine, 106(2), 144–150.
Bovee, M. W., Paul, D. L., & Nelson, K. M. (2001). A framework for assessing the use of third-party software quality assurance standards to meet FDA medical device software process control guidelines. IEEE Transactions on Engineering Management, 48(4), 465–478.
BS/EN. (2000). BS EN 60601-1-4:2000, medical electrical equipment, part 1. General requirements for safety, http://engineers.ihs.com/document/abstract/THIIPAAAAAAAAAAA.
Burton, J., McCaffery, F., & Richardson, I. (2008). Improving software risk management practices in a medical device company, international conference on software process 2008 (ICSP 2008), Leipzig, Germany, 10–11 May, 2008, Lecture Notes in Computer Science, LNCS 5007, Springer, ISBN: 978-3-540-79587-2, ISBN (on-line): 10-3-540-79587-1 (pp. 24–35).
Burton, J., McCaffery, F., & Richardson, I. (2006). A risk management capability model for use in medical device companies. In 4th workshop on software quality, ICSE 2006 Shanghai, China (pp. 3–8) May 21 2006.
Cass, A., & Volcker, C. (2000). SpiCE for SPACE: A method of process assessment for space projects. In SPICE 2000 conference proceedings, http://www.synspace.com.
Ciarkowski, A. A. (2000). FDA regulatory requirements for medical devices with control algorithms. In Proceedings of the American control conference Chicago (Vol. 5, pp. 3497–3500). Illinois, June 2000.
Crumpler, E. S., & Rudolph, H. (1997). FDA software policy and regulation of medical device software. Food Drug Law Journal, 52, 511–516.
Eagles, S., & Murray, J. (2001). Medical device software standards: Vision and status, http://www.devicelink.com/mddi/archive/01/05/002.html, May 2001.
Elahi, B. J. (1993). Safety & hazard analysis for software controlled medical devices. In Proceedings of sixth annual IEEE symposium on computer-based medical systems (pp. 10–15), June 13–16, 1993.
EN. (2008). EN 50128 handbook, updated http://www.esterel-technologies.com/technology/handbooks/en-50128.
European Council. (1993). Council directive 93/42/EEC concerning medical devices, June 14, 1993, http://ec.europa.eu/enterprise/newapproach/standardization/harmstds/reflist/meddevic.html.
FDA/CDRH. (1999). Guidance for off-the-shelf software use in medical devices. http://www.fda.gov/cdrh/ode/guidance/585.pdf.
FDA/CDRH. (2000). Guidance for industry and FDA premarket and design control reviewers—medical device use-safety: incorporating human factors engineering into risk management, July 18, 2000, http://www.fda.gov/cdrh/humfac/1497.html.
FDA/CDRH. (2002). General principles of software validation; final guidance for industry and FDA staff, January 2002.
FDA/CDRH. (2005). Guidance for the content of premarket submissions for software contained in medical devices. http://www.fda.gov/cdrh/ode/guidance/337.pdf.
FDA Regulations. (2006). Code of federal regulations 21 CFR part 820. http://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfcfr/CFRSearch.cfm?CFRPart=820&showFR=1.
FDA’s Mission Statement. (2007). http://www.fda.gov/opacom/morechoices/mission.html.
IEC. (1985). IEC 60812, analysis technique for system reliability—procedure for failure modes and effects analysis (FMEA), 1985.
IEC. (1998). IEC/ISO 15026. http://webstore.iec.ch/webstore/webstore.nsf/artnum/040115.
IEC. (2006). ANSI/AAMI/IEC 62304:2006, Medical device software—software life cycle processes association for the advancement of medical instrumentation, July 19, 2006 (replacement for SW68) http://www.techstreet.com/cgi-bin/detail?product_id=1277045, ISBN 1-57020-258-3.
IEC. (2006-1). IEC 61508 overview report, a summary of the IEC 61508 standard for functional safety of electrical/electronic/programmable electronic safety-related systems, 2006, http://www.exida.com/articles/iec61508_overview.pdf. Last accessed August 2008.
IEEE. (2000). IEEE 1471-200 http://standards.ieee.org/cgi-bin/status?1471-2000.
ISO. (2007). ANSI/AAMI/ISO:14971, 2007, medical devices—application of risk management to medical devices.
ISO/IEC. (2003). ISO/IEC 15504, information technology—process assessment—part 5: an exemplar process assessment model, ISO/IEC JTC1/SC7, International Standards Organisation, October 2003.
ISPE. (2001). GAMP guide for validation of automated systems. GAMP 4, Dec 2001. http://www2.ispe.org/eseries/scriptcontent/orders/ProductDetail.cfm?pc=4BOUNDFUS.
Johnson, C. M., Johnson, T. R., & Zhang, J. (2005). A user-centered framework for redesigning health care interfaces. Journal of Biomedical Informatics, 38(1), 75–87.
Kim, P. T. H. (1993). FDA, FDA and the regulation of medical software. In Proceedings of sixth annual IEEE symposium on computer-based medical systems (pp. 1–6). June 13–16 1993.
Kohn, L., Corrigan, J., & Donaldson, M. (2000). To err is human: building a safer health system. National Academy Press.
Leveson, N. G. (1995). Safeware: System safety and computers. Addison-Wesley.
Leveson, N. G., & Turner, C. S. (1993). An investigation of the Therac-25 accidents. Computer, 26(7), 18–41.
Mc Caffery, F., & Coleman, G. (2007). The need for a software process improvement model for the medical device industry. International Review on Computers and Software (I.R.E.C.O.S) Journal, 2(1), 10–15.
Mc Caffery, F., Donnelly, P., McFall, D., & Wilkie, F. G. (2005a). Software process improvement for the medical industry. In C. D. Nugent, P. J. McCullagh, E. T. McAdams, & A. Lymberis (Eds.), Personalised health management systems—The integration of innovative sensing, textile, information and communication technologies. Studies in health technology and informatics (Vol. 117, pp. 117–124). 2005, hardcover, ISBN: 1-58603-565-7, IOS Press.
Mc Caffery, F., McFall, D., Donnelly, P., & Wilkie, F. G. (2005b). Risk management process improvement for the medical device industry. In O. Bendiktsson, P. Abrahamsson, D. Dalcher, E. T. Hvannberg, R. O’Connor, H. Thorbergsson (Eds.), Proceedings of the international conference on software development (SWDC-REK-2005) (pp. 92–103), University of Iceland, 27 May–1 June, 2005, in “Software Development”, University of Iceland Press & Engineering Research Institute (Reykjavik), ISBN 9979-54648-4.
McDermid, J. (1993). Issues in the development of safety-critical systems. In F. Redmill & T. Anderson (Eds.), Safety-critical systems: Current issues, techniques and standards (pp. 16–43). London: Chapman and Hall.
Medical Devices Today. (2007). CDRH software forensics lab: Applying rocket science to device analysis. October 15, 2007, http://www.medicaldevicestoday.com/2007/10/cdrh-software-f.html. Last accessed 13th January 2009.
MOD. (2004). UK Ministry of Defence. UK MOD 00-56/3: Interim Defence Standard 00-56/3: Safety.
Munsey, R. R. (1995). Trends and events in FDA regulation of medical devices over the last fifty years. Food Drug Law Journal, 50, 163–177.
Munzer, R. F. (1988). FDA rules for the medical device engineer. In Special symposium on maturing technologies and emerging horizons in biomedical engineering (pp. 48–49). Nov 4–7, 1988.
Rados, C. (2003). Medical device works to reduce preventable medical device injuries. Medical device consumer magazine, July–August 2003, Accessed at: http://www.fda.gov/fdac/features/2003/403_devices.html.
RTCA. (1992). RTCA DO-178B. http://www.esterel-technologies.com/do-178b/.
Rudolph, H. (2003). Do we need medical device risk management certification? Medical device & diagnostic industry. http://www.devicelink.com/mddi/archive/03/11/001.html.
Sawyer, D., Aziz, K. J., Backinger, C. L., et al. (1996). Do it by design: An introduction to human factors in medical devices. In US Department of Health and Human Services, Public Health Service, Food and Drug Administration, Center for Devices and Radiological Health, 1996.
Sayre, K., Kenner, J., & Jones, P. L. (2001). Safety models: An analytical tool for risk analysis of medical device systems. In Proceedings 14th IEEE symposium on computer-based medical systems (CBMS 2001), July 26–27 (pp. 445–451).
Schmuland, C. (2005). Value-added medical-device risk management. IEEE Transactions on Device and Materials Reliability, 5(3), 488–493.
SEI. (2006). Capability maturity model® integration for development, version 1.2 (2006), http://www.sei.cmu.edu/publications/documents/06.reports/06tr008.html, technical report CMU/SEI-2006-TR-008.
SEI. (2007). +SAFE, V1.2: A safety extension to CMMI-DEV, V1.2, defence materiel organisation, Australian Department of Defence, March 2007, Software Engineering Institute, TECHNICAL NOTE CMU/SEI-2007-TN-006http://www.sei.cmu.edu/pub/documents/07.reports/07tn006.pdf.
Tang, P. C., & Patel, V. (1994). Major issues in user interface design for health professional workstations: Summary and recommendations. International Journal of Bio-Medical Computing, 34, 139–148.
Theisen, T. W., & Neill, C. J. (2004). FDA regulations and auditing practices for software suppliers at a pharmaceutical manufacturer. SQP, 6(4).
Tierney, V. W., McDonald, C. J., Martin, D. K., & Rogers, M. P. (1987). Computerized display of past test results effect on outpatient testing. Annals of Internal Medicine, 107(4), 569–574.
US Department of Health and Human Services. (1992). Software related recalls for fiscal years 1983–91, CDRH, FDA.
US General Accounting Office. (1997). Medical device reporting: Improvements needed in FDA’s system for monitoring problems with approved devices, GAO/HEHS-97-21, http://www.gao.gov/archive/1997/he97021.pdf.
Voas, J., Miller, K., & Payne, J. (1993). A software analysis technique for quantifying reliability in high-risk medical devices. In Proceedings of sixth annual IEEE symposium on computer-based medical systems, June 13–16 (pp. 64–69).
Wallace, D. R., & Kuhn, D. R. (2001). Failure modes in medical device software: An analysis of 15 years of recall data, National Institute of Standards and Technology (NIST). International Journal of Reliability, Quality and Safety Engeneering, 8(4).
Wood, B. J. (1999). Software risk management for medical devices. Medical Device & Diagnostic Industry, Jan 1999, http://www.devicelink.com/mddi/archive/99/01/013.html.
Acknowledgements
This research is supported by the Science Foundation Ireland (SFI) funded project, Global Software Development in Small to Medium Sized Enterprises (GSD for SMEs) grant number 03/IN3/1408C within Lero—the Irish Software Engineering Research Centre, University of Limerick (http://www.lero.ie) and also through the SFI Stokes Lectureship Programme, grant number 07/SK/I1299 and SFI Principal Investigator Award, grant number 08/IN.1/I2030. We would also like to acknowledge the work of the Software Quality Journal reviewers.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Mc Caffery, F., Burton, J. & Richardson, I. Risk management capability model for the development of medical device software. Software Qual J 18, 81–107 (2010). https://doi.org/10.1007/s11219-009-9086-7
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11219-009-9086-7