Medical software is any software item or system used within a medical context, such as:reducing the paperwork, tracking patient activity [1] [2] [3]
Medical software has been in use since at least since the 1960s, [4] a time when the first computerized information-handling system in the hospital sphere was being considered by Lockheed. [5] [6] As computing became more widespread and useful in the late 1970s and into the 1980s, the concept of "medical software" as a data and operations management tool in the medical industry — including in the physician's office — became more prevalent. [7] [8] Medical software became more prominent in medical devices in fields such as nuclear medicine, cardiology, and medical robotics by the early 1990s, prompting additional scrutiny of the "safety-critical" nature of medical software in the research and legislative communities, in part fueled by the Therac-25 radiation therapy device scandal. [9] [10] The development of the ISO 9000-3 standard [9] as well as the European Medical Devices Directive in 1993 [1] helped bring some harmonization of existing laws with medical devices and their associated software, and the addition of IEC 62304 in 2006 further cemented how medical device software should be developed and tested. [11] The U.S. Food and Drug Administration (FDA) has also offered guidance and driven regulation on medical software, particularly embedded in and used as medical devices. [2] [12] [13] [14] There was an expansion of medical software innovation with the adoption of electronic health records and availability of electronic clinical data. In the United States, substantial resources were allocated starting with the HITECH Act of 2009. [15]
The global IEC 62304 standard on the software life cycle processes of medical device software states it is a "software system that has been developed for the purpose of being incorporated into the medical device being developed or that is intended for use as a medical device in its own right." [11] In the U.S., the FDA states that "any software that meets the legal definition of a [medical] device" is considered medical device software. [16] A similar "software can be a medical device" interpretation was also made by the European Union in 2007 with an update to its European Medical Devices Directive, when "used specifically for diagnostic and/or therapeutic purposes." [17]
Due to the broad scope covered by these terms, manifold classifications can be proposed for various medical software, based for instance on their technical nature (embedded in a device or standalone), on their level of safety (from the most trivial to the most safety-critical ones), or on their primarily function (treatment, education, diagnostics, and/or data management).
The dramatic increase in smartphone usage in the twenty-first century triggered the emergence of thousands of stand-alone health- and medical-related software apps, many falling into a gray or borderline area in terms of regulation. [18] While software embedded into a medical device was being addressed, medical software separate from medical hardware — referred to by the International Medical Device Regulators Forum (IMDRF) as "software as a medical device" or "SaMD" [19] — was falling through existing regulatory cracks. In the U.S., the FDA eventually released new draft guidance in July 2011 on "mobile medical applications," with members of the legal community such as Keith Barritt speculating it should be read to imply "as applicable to all software ... since the test for determining whether a mobile application is a regulated mobile 'medical' application is the same test one would use to determine if any software is regulated." [20] Examples of mobile apps potentially covered by the guidance included those that regulate an installed pacemaker or those that analyze images for cancerous lesions, X-rays and MRI, graphic data such as EEG waveforms as well as bedside monitors, urine analyzers, glucometer, stethoscopes, spirometers, BMI calculators, heart rate monitors and body fat calculators. [21] By the time its final guidance was released in late 2013, however, members of Congress began to be concerned about how the guidance would be used in the future, in particular with what it would mean to the SOFTWARE Act legislation that had recently been introduced. [22] Around the same time, the IMDRF were working on a more global perspective of SaMD with the release of its Key Definitions in December 2013, focused on "[establishing] a common framework for regulators to incorporate converged controls into their regulatory approaches for SaMD." [19] Aside from "not [being] necessary for a hardware medical device to achieve its intended medical purpose," the IMDRF also found that SaMD also could not drive a medical device, though it could be used as a module of or interfaced with one. [19] The group further developed quality management system principles for SaMD in 2015. [23]
IEC 62304 has become the benchmark standard for the development of medical device software, whether standalone software or otherwise, in both the E.U. and the U.S. [3] [24] Leading industry innovation in software technologies has led key industry leaders and government regulators to recognize the emergence of numerous standalone medical software products that operate as medical devices. This has been reflected in regulatory changes in the E.U. (European Medical Devices Directive [1] ) and the U.S. (various FDA guidance documents [2] [12] [13] [22] ). Additionally, quality management system requirements for manufacturing a software medical device, as is the case with any medical device, are described in the U.S. Quality Systems Regulation [25] of the FDA and also in ISO 13485:2003. Software technology manufacturers that operate within the software medical device space conduct mandatory development of their products in accordance with those requirements. Furthermore, though not mandatory, they may elect to obtain certification from a notified body, having implemented such quality system requirements as described within international standards such as ISO 13485:2003.
Media related to Medical software at Wikimedia Commons
Biomedical engineering (BME) or medical engineering is the application of engineering principles and design concepts to medicine and biology for healthcare purposes. BME is also traditionally logical sciences to advance health care treatment, including diagnosis, monitoring, and therapy. Also included under the scope of a biomedical engineer is the management of current medical equipment in hospitals while adhering to relevant industry standards. This involves procurement, routine testing, preventive maintenance, and making equipment recommendations, a role also known as a Biomedical Equipment Technician (BMET) or as clinical engineering.
The United States Food and Drug Administration is a federal agency of the Department of Health and Human Services. The FDA is responsible for protecting and promoting public health through the control and supervision of food safety, tobacco products, caffeine products, dietary supplements, prescription and over-the-counter pharmaceutical drugs (medications), vaccines, biopharmaceuticals, blood transfusions, medical devices, electromagnetic radiation emitting devices (ERED), cosmetics, animal foods & feed and veterinary products.
A quality management system (QMS) is a collection of business processes focused on consistently meeting customer requirements and enhancing their satisfaction. It is aligned with an organization's purpose and strategic direction. It is expressed as the organizational goals and aspirations, policies, processes, documented information, and resources needed to implement and maintain it. Early quality management systems emphasized predictable outcomes of an industrial product production line, using simple statistics and random sampling. By the 20th century, labor inputs were typically the most costly inputs in most industrialized societies, so focus shifted to team cooperation and dynamics, especially the early signaling of problems via a continual improvement cycle. In the 21st century, QMS has tended to converge with sustainability and transparency initiatives, as both investor and customer satisfaction and perceived quality are increasingly tied to these factors. Of QMS regimes, the ISO 9000 family of standards is probably the most widely implemented worldwide – the ISO 19011 audit regime applies to both and deals with quality and sustainability and their integration.
Current good manufacturing practices (cGMP) are those conforming to the guidelines recommended by relevant agencies. Those agencies control the authorization and licensing of the manufacture and sale of food and beverages, cosmetics, pharmaceutical products, dietary supplements, and medical devices. These guidelines provide minimum requirements that a manufacturer must meet to assure that their products are consistently high in quality, from batch to batch, for their intended use. The rules that govern each industry may differ significantly; however, the main purpose of GMP is always to prevent harm from occurring to the end user. Additional tenets include ensuring the end product is free from contamination, that it is consistent in its manufacture, that its manufacture has been well documented, that personnel are well trained, and that the product has been checked for quality more than just at the end phase. GMP is typically ensured through the effective use of a quality management system (QMS).
A medical device is any device intended to be used for medical purposes. Significant potential for hazards are inherent when using a device for medical purposes and thus medical devices must be proved safe and effective with reasonable assurance before regulating governments allow marketing of the device in their country. As a general rule, as the associated risk of the device increases the amount of testing required to establish safety and efficacy also increases. Further, as associated risk increases the potential benefit to the patient must also increase.
Good clinical practice (GCP) is an international quality standard, which governments can then transpose into regulations for clinical trials involving human subjects. GCP follows the International Council for Harmonisation of Technical Requirements for Pharmaceuticals for Human Use (ICH), and enforces tight guidelines on ethical aspects of clinical research.
ISO 13485Medical devices -- Quality management systems -- Requirements for regulatory purposes is a voluntary standard, published by International Organization for Standardization (ISO) for the first time in 1996, and contains a comprehensive quality management system for the design and manufacture of medical devices. The latest version of this standard supersedes earlier documents such as EN 46001 and EN 46002 (1996), the previously published ISO 13485, and ISO 13488.
The Global Harmonization Task Force (GHTF) was “a voluntary group of representatives from national medical device regulatory authorities and the members of the medical device industry” whose goal was the standardization of medical device regulation across the world. The representatives from its five founding members were divided into three geographical areas: Europe, Asia-Pacific and North America, each of which actively regulates medical devices using their own unique regulatory framework. Founded in 1992, the GHTF was created in “an effort to respond to the growing need for international harmonization in the regulation of medical devices."
Verification and validation are independent procedures that are used together for checking that a product, service, or system meets requirements and specifications and that it fulfills its intended purpose. These are critical components of a quality management system such as ISO 9000. The words "verification" and "validation" are sometimes preceded with "independent", indicating that the verification and validation is to be performed by a disinterested third party. "Integration verification and validation" can be abbreviated as "IV&V".
A notified body, in the European Union, is an organisation that has been designated by a member state to assess the conformity of certain products, before being placed on the EU market, with the applicable essential technical requirements. These essential requirements are publicised in European directives or regulations.
SOUP stands for software of unknownpedigree, and is a term often used in the context of safety-critical and safety-involved systems such as medical software. SOUP is software that has not been developed with a known software development process or methodology, or which has unknown or no safety-related properties.
ISO 14971Medical devices — Application of risk management to medical devices is a voluntary standard for the application of risk management to medical devices. "Voluntary standards do not replace national laws, with which standards' users are understood to comply and which take precedence" over voluntary standards such as ISO 13485 and ISO 14971. The ISO Technical Committee responsible for the maintenance of this standard is ISO/ TC 210 working with IEC/SC62A through Joint Working Group one (JWG1). This standard is the culmination of the work starting in ISO/IEC Guide 51, and ISO/IEC Guide 63. The third edition of ISO 14971 was published in December 2019 and supersedes the second edition of ISO 14971.
IEC 62304 – medical device software – software life cycle processes is an international standard published by the International Electrotechnical Commission (IEC). The standard specifies life cycle requirements for the development of medical software and software within medical devices. It has been adopted as national standards and therefore can be used as a benchmark to comply with regulatory requirements.
Parasoft C/C++test is an integrated set of tools for testing C and C++ source code that software developers use to analyze, test, find defects, and measure the quality and security of their applications. It supports software development practices that are part of development testing, including static code analysis, dynamic code analysis, unit test case generation and execution, code coverage analysis, regression testing, runtime error detection, requirements traceability, and code review. It's a commercial tool that supports operation on Linux, Windows, and Solaris platforms as well as support for on-target embedded testing and cross compilers.
CEBEC is a private Belgian rating label for the quality assurance of electrical appliances. Use of this label indicates that a piece of equipment conforms to European safety standards. The label is issued by SGS-CEBEC, now part of the SGS group. CEBEC has its own electrical testing laboratory located in Brussels. It is an approved laboratory for the purpose of certifications granted by SGS.
Single-use medical device reprocessing is the disinfection, cleaning, remanufacturing, testing, packaging and labeling, and sterilization among other steps, of a used,, medical device to be put in service again. All reprocessed medical devices originally labeled for single use in the United States are subject to U.S. Food and Drug Administration (FDA) manufacturing requirements and must meet strict cleaning, functionality, and sterility specifications prior to use.
Cantata++, or simply Cantata in newer versions, is a commercial computer program for dynamic testing, specifically unit testing and integration testing, and code coverage at run time of C and C++ programs. It is developed and sold by QA Systems, and was formerly a product of IPL Information Processing Ltd.
Harmonization is the process of minimizing redundant or conflicting standards which may have evolved independently. The name is also an analogy to the process to harmonizing discordant music.
Guidances for statistics in regulatory affairs refers to specific documents or guidelines that provide instructions, recommendations, and standards pertaining to the application of statistical methodologies and practices within the regulatory framework of industries such as pharmaceuticals and medical devices. These guidances serve as a reference for statisticians, researchers, and professionals involved in designing, conducting, analyzing, and reporting studies and trials in compliance with regulatory requirements. These documents embody the prevailing perspectives of regulatory agencies on specific subjects. It is worth noting that in the United States, the term "Guidances" is used, while in Europe, the term "Guidelines" is employed.
Regulation (EU) 2017/745 is a regulation of the European Union on the clinical investigation and sale of medical devices for human use. It repeals Directive 93/42/EEC (MDD), which concerns medical devices, and Directive 90/385/EEC, which concerns active implantable medical devices, on 26 May 2021.