Critical Factors in Designing, Developing and Securing Medical Device Software

October 24  

As devices get more connected and more capable, developing them becomes more complex. In this blog we share an overview of four key areas — UX/UI design, software development, regulatory compliance, and medical-software cybersecurity — and offer effective processes and best practices to follow as you work toward medical device certification.

Thoughtful Design, Meticulous Development

As connected technologies drive innovation and transform healthcare, today’s medtech companies need to be hyper-focused on thoughtful user experience (UX) design and meticulous software development to create products that deliver improved patient experiences and outcomes. Here are some key steps to take to create an environment for success.

Focus on UX From the Start

A growing number of medical device manufacturers (MDM) are embracing safety-focused user experience (UX) design and Human Factors Engineering (HFE) as the starting point when designing their products. This is a smart move as doing so helps minimize the potential for use error, shrink (or erase) the amount of time needed to learn how to operate a device — and ultimately more easily meet FDA requirements.

Prioritizing UX at the outset can also help preempt device complaints, reduce product liability and smooth the regulatory approval process because incorporating UX and HFE early in the process helps avoid a mismatch between user expectations and product design. From a user’s perspective, this means they can effectively reap the benefits of the device.

Starting UX early makes it far easier to produce more intuitive, more usable and holistically better products that are highly saleable and capable of facilitating better patient outcomes.

When UX is implemented later in the development lifecycle, there is greater likelihood that full attention will not be paid to user needs. As a result, there’s significant potential for MDMs opting for this approach to face last-minute design changes after summative testing, experience unexpected validation results, incur greater training and support program costs due to significant ease of use issues, and even suffer a recall stemming from a high incidence of use error.

Choose an Effective Development Process

To create innovative, increasingly complex, safety-critical devices and applications designed to improve patient outcomes you need a robust infrastructure — a platform, architecture and rapid-development process up to the challenge. That’s why an approach that is layered, UX-focused and test-driven should be at the top of your wish list.

A layered approach moves your idea swiftly from concept to working prototype to product with minimal development risk.

Relying on a well-defined layered architecture eliminates much of the complexity associated with medtech product development, which allows you to reduce redundancies and costs while enhancing software performance. It also facilitates use of reusable code, which trims costs and development time. Decoupling the layers also enables the division of work between UX designers, UI implementation, business logic providers and hardware partners.

Follow the Pathway to Approval

As technology-powered medical devices gain widespread acceptance in clinical practice, they’re growing more capable and connected — in other words, more complex. As device complexity expands the safety of these medical devices becomes more critical than ever.

That’s why the U.S. Food and Drug Administration (FDA) and other regulatory bodies have elevated safety expectations of MDMs through guidance, initiatives and standards, such as IEC 14971 (risk management) and IEC 62366 (human factors and user experience). The FDA has also increased expectations regarding device cybersecurity.

This regulatory pressure underlines the need to evolve medical devices to ensure they become safer for a more diverse and less technically sophisticated range of users, including patients themselves. For this reason, many MDMs are moving safety systems in medical devices from traditional piecemeal solutions to coherently conceived, self-reinforcing, multi-tiered systems. While this is good news for clinicians and patients — after all, who doesn’t want a safer medical device? — developing compliant products becomes increasingly difficult.

To thrive in this highly regulated environment and protect your company’s good name, identify the regulations applicable to your project and then utilize patient-centric software design and development strategies that are in line with these latest regulations. This will allow you to create a safe, high-quality, highly usable device that is well-positioned to gain FDA approval without undo cost overruns, schedule changes or damaging publicity.

Safeguard Medical Devices from Cyber Threats

By 2023, 68% of medical devices will be connected. Though many are crucial to patient safety and contain protected personal information, there still is an expectation that they’re usable in all the ways we’ve become accustomed to in consumer devices: wireless/wired connectivity, cloud usage, ease of user access, automatic software updates. The list goes on.

But these usability features can be a significant source of vulnerability, which is why modern medical devices not only appeal to clinicians but to cybercriminals. For that reason, the FDA’s premarket cybersecurity guidance requires medical device vendors to design devices with security in mind. Without a security-focused development approach, obtaining 510(k) clearance for new medical devices is likely beyond reach.

Healthcare organizations and medical devices face cyberattacks like every other industry — but the stakes are much higher. Problem is, most software engineers are not cyber experts and don’t know how to best incorporate cybersecurity into the medical device development lifecycle. To convince regulatory authorities, healthcare professionals and patients that your device is safe and secure, it is imperative to create a development culture that believes that even though it is not possible to close every vulnerability, it is possible to close the ones most likely to be attacked.

This blog is excerpted from ICS’ ebook Critical Factors in Designing, Developing and Securing Medical Device Software, written by design, development, regulatory and cybersecurity experts from our dedicated medtech practice. To read the entire book, including key steps to take, download it here.


Creating Transformative Products That Advance Patient Care

Integrated Computer Solutions’ (ICS) dedicated medtech practice is focused on creating innovative and compliant medical devices, in vitro diagnostics and SaMD. Our team comprises UX and visual designers, software engineers, and regulatory and cybersecurity experts who use ISO 13485 and IEC 62366-compliant processes in full-stack product development leading to 510(k) submission. Our understanding of human-centric design and FDA manufacturing specifications helps our customers navigate regulatory compliance to meet the requirements of applicable standards.

Companies like Quidel, Thermo Fisher Scientific, MilliporeSigma, Boston Scientific and Johnson & Johnson rely on ICS for medtech products that feature intuitive touch, voice and gesture interfaces — everything from smart infusion pumps, ventilators and defibrillators to proton radiation systems, in vitro diagnostics and scientific software.

Success message!
Warning message!
Error message!