Risk management capability model for the development of medical device software

Failure of medical device (MD) software can have potentially catastrophic effects, leading to injury of patients or even death. Therefore, regulators penalise MD manufacturers who do not demonstrate that sufficient attention is devoted to the areas of hazard analysis and risk management (RM) throughout the software lifecycle. This paper has two main objectives. The first objective is to compare how thorough current MD regulations are with relation to the Capability Maturity Model Integration (CMMI®) in specifying what RM practices MD companies should adopt when developing software. The second objective is to present a Risk Management Capability Model (RMCM) for the MD software industry, which is geared towards improving software quality, safety and reliability. Our analysis indicates that 42 RM sub-practices would have to be performed in order to satisfy MD regulations and that only an additional 8 sub-practices would be required in order to satisfy all the CMMI® level 1 requirements. Additionally, MD companies satisfying the CMMI® goals of the RM process area by performing the CMMI® RM practices will not meet the requirements of the MD software RM regulations as an additional 20 MD-specific sub-practices have to be added to meet the objectives of RMCM.

[1]  C. Goodman,et al.  Food and Drug Administration Center for Devices and Radiological Health , 1988 .

[2]  Fergal McCaffery,et al.  Risk Management process improvement for the Medical Device Industry , 2005 .

[3]  Zheng Jian Discussion of IEC 60601-1-4:2000 Medical Electrical Equipment-Part 1-4:General Requirements for Safety-Collateral Standard:Programmable Electrical Medical Systems , 2007 .

[4]  Lucy E. Dunne,et al.  Personalised health management systems: The integration of innovative sensing, textile, information and communication technologies , 2005 .

[5]  David L. Paul,et al.  A framework for assessing the use of third-party software quality assurance standards to meet FDA medical device software process control guideline's , 2001, IEEE Trans. Engineering Management.

[6]  Constantin F. Aliferis,et al.  Studies in Health Technology and Informatics , 2007 .

[7]  Fergal Mc Caffery,et al.  The Need for a Software Process Improvement Model for the Medical Device Industry , 2007 .

[8]  Jeffrey M. Voas,et al.  A software analysis technique for quantifying reliability in high-risk medical devices , 1993, [1993] Computer-Based Medical Systems-Proceedings of the Sixth Annual IEEE Symposium.

[9]  A. Ciarkowski FDA regulatory requirements for medical devices with control algorithms , 2000, Proceedings of the 2000 American Control Conference. ACC (IEEE Cat. No.00CH36334).

[10]  秦显忠 机载系统和设备软件适航认证最新指导文件—RTCA DO—178B , 1995 .

[11]  C. McDonald,et al.  Computerized display of past test results. Effect on outpatient testing. , 1987, Annals of internal medicine.

[12]  Paul T. H. Kim FDA and the regulation of medical software , 1993, [1993] Computer-Based Medical Systems-Proceedings of the Sixth Annual IEEE Symposium.

[13]  A. Wall,et al.  Book ReviewTo Err is Human: building a safer health system Kohn L T Corrigan J M Donaldson M S Washington DC USA: Institute of Medicine/National Academy Press ISBN 0 309 06837 1 $34.95 , 2000 .

[14]  D. A. Sawyer,et al.  Do it by design: an introduction to human factors in medical devices , 1996 .

[15]  Todd R. Johnson,et al.  A user-centered framework for redesigning health care interfaces , 2005, J. Biomed. Informatics.

[16]  B. John Elahi Safety & hazard analysis for software controlled medical devices , 1993, [1993] Computer-Based Medical Systems-Proceedings of the Sixth Annual IEEE Symposium.

[17]  Nancy G. Leveson,et al.  An investigation of the Therac-25 accidents , 1993, Computer.

[18]  En Iso,et al.  DECLARATION OF CONFORMITY TO COUNCIL DIRECTIVE 93/42/EEC (INCLUDING DIRECTIVE 2007/47/EEC) CONCERNING MEDICAL DEVICES , 2010 .

[19]  P C Tang,et al.  Major issues in user interface design for health professional workstations: summary and recommendations. , 1994, International journal of bio-medical computing.

[20]  Karl E. Wiegers Software Process Improvement in Web Time , 1999, IEEE Softw..

[21]  Colin J. Neill,et al.  FDA Regulations and Auditing Practices for Software Suppliers at a Pharmaceutical Manufacturer , 2004 .

[22]  Whole Grain Label Statements Guidance for Industry and FDA Staff , 2006 .

[23]  Nancy G. Leveson,et al.  Safeware: System Safety and Computers , 1995 .

[24]  Paul L. Jones,et al.  Safety models: an analytical tool for risk analysis of medical device systems , 2001, Proceedings 14th IEEE Symposium on Computer-Based Medical Systems. CBMS 2001.

[25]  G J Kuperman,et al.  A randomized trial of a computer-based intervention to reduce utilization of redundant laboratory tests. , 1999, The American journal of medicine.

[26]  E S Crumpler,et al.  FDA software policy and regulation of medical device software. , 1997, Food and drug law journal.

[27]  Fergal McCaffery,et al.  Software process improvement for the medical industry. , 2005, Studies in health technology and informatics.

[28]  Fergal McCaffery,et al.  Improving Software Risk Management Practices in a Medical Device Company , 2008, ICSP.

[29]  尚弘 島影 National Institute of Standards and Technologyにおける超伝導研究及び生活 , 2001 .

[30]  C. Schmuland,et al.  Value-added medical-device risk management , 2005, IEEE Transactions on Device and Materials Reliability.

[31]  Fergal McCaffery,et al.  A risk management capability model for use in medical device companies , 2006, WoSQ '06.

[32]  WU Jun-hua The Main Change of Second Edition Standard of Medical Devices-Application of Risk Management to Medical Devices , 2007 .

[33]  R R Munsey,et al.  Trends and events in FDA regulation of medical devices over the last fifty years. , 1995, Food and drug law journal.

[34]  L. Kohn,et al.  To Err Is Human : Building a Safer Health System , 2007 .

[35]  Munsey Rr Trends and events in FDA regulation of medical devices over the last fifty years. , 1995 .

[36]  D. Richard Kuhn,et al.  FAILURE MODES IN MEDICAL DEVICE SOFTWARE: AN ANALYSIS OF 15 YEARS OF RECALL DATA , 2001 .

[37]  Felix Redmill,et al.  Safety-critical Systems: Current issues, techniques and standards , 1993 .

[38]  Carol Rados,et al.  FDA works to reduce preventable medical device injuries. , 2003, FDA consumer.

[39]  R. F. Munzner FDA rules for the medical device engineer , 1988, Proceedings of a Special Symposium on Maturing Technologies and Emerging Horizons in Biomedical Engineering..