How to effectively control the quality of medical device software

Medical Device Software Quality Control

With the rapid development of information and communication technology, the application of software in medical devices is becoming more and more common and its role is becoming more and more important. The development forms are flexible and changeable, and new technologies emerge in an endless stream. However, the accompanying quality problems are also increasing. Medical device recall data show that the number of software-related recalls continues to increase, which is significantly higher than the overall level of medical devices in the same period. The seriousness of quality problems cannot be ignored, and it is necessary to strengthen software quality assurance based on software characteristics.

Software Features:

Software has no physical entity, and human factors are everywhere in the process of development and use. Due to time and cost constraints, software testing cannot exhaust all situations, so software defects are unavoidable. At the same time, software updates are frequent and rapid, minor updates may lead to serious consequences, and there are cumulative effects and degradation problems (that is, every time several defects are fixed, a new defect will be generated), so software defects cannot be eradicated. Therefore, software defects can be regarded as one of the inherent attributes of software, which is also the root cause of more prominent software quality problems.

In view of the characteristics of software, only by comprehensively considering the requirements of risk management, quality management and software engineering can the safety and effectiveness of software be guaranteed. Based on the degree of software risk, it is necessary to adopt good software engineering practices to improve the quality management system, and to carry out software quality assurance work as early as possible, focusing on, and comprehensively targeting at the main reasons for software recalls such as algorithms, interfaces, updates, and exception handling.

Software Risk Level:

Considering the universality of software use, the limited regulatory resources and the orientation of risk classification management, the software risk level is different, and its life cycle quality control requirements and registration application data requirements are also different.

The degree of software risk is expressed by the software security level. The higher the software security level, the stricter the life cycle quality control requirements, and the more detailed the registration application materials. The software security level is divided into three levels: slight, medium, and serious based on the degree of software risk. The slight level means that the software is unlikely to cause harm, the medium level means that the software may directly or indirectly cause slight (not serious) harm, and the serious level means that the software may cause harm. result in serious injury or death, directly or indirectly.

Minor level, moderate level, and severe level correspond to level A, level B, and level C defined in YY/T 0664, respectively.

The software security level can also be determined according to the risk level determined by the risk management. The classification of the software security level and the risk level can be different, but there is a corresponding relationship between the two, so the software security level can be determined according to the risk level, but it should be Judgment is made before risk control measures are taken, and the initial software security level can be reduced through external risk control measures (including software measures and hardware measures).

Software Risk Management:

Software risk management needs attention: software itself is not dangerous, but it may cause dangerous situations; although software failure appears to be random failure, it is actually a systematic failure, and the probability of danger caused by software failure is difficult to count, so the degree of software risk is based on The severity of injury can be judged in combination with the probability of injury caused by dangerous situations; software components need to carry out risk management work with their medical devices as a whole.

Software security level reference:

The software safety level can also be judged by referring to the adverse events and recalls of the similar marketed medical device software, that is, if a serious adverse event or a first-level recall occurs in the marketed similar medical device software, it belongs to the serious level, and if an adverse event or a second-level recall occurs, it belongs to the serious level. Moderate grade, no adverse events and only three recalls or no recalls are minor grades.

Software lifecycle management:

Due to the complexity of the software itself and the limitations of software testing, quality assurance activities in the software development process are not sufficient to ensure the safety and effectiveness of the software. Therefore, software quality control requirements should be considered throughout the life cycle of medical devices, and software risk management, Software configuration management, software defect management, and software traceability analysis run through the entire life cycle of medical devices.

Carry out sufficient and effective software verification and confirmation activities before listing, identify foreseeable risks of software and reduce them to an acceptable level. After listing, continue to carry out software quality assurance work, identify unforeseen risks in combination with user complaints, adverse events, and recalls, and take necessary measures to ensure software quality; at the same time, based on the assessment of software update needs, implement software update activities to satisfy users New requirements, and carry out appropriate software verification and confirmation activities to ensure the quality of software updates; in addition, software outages consider the requirements of user notification and follow-up services, data migration, patient data and privacy protection.

Finally, for medical device software, its quality management is mainly in the design and development stage, and software design and development procedures should be formulated to effectively manage the enterprise software design and development process.