Software is one of the most significant and prevalent part of healthcare. With advance in technology now-a-days and access to internet, software designed for medical and non-medical purposes are used in healthcare. With this arrive new challenges with respect to safety of the usage of the devices.Therefore, in order to ensure the safety we need certain regulations in place. It is defined as software that is meant to perform one or more medical functions without getting involved in hardware medical device. It includes in-vitro diagnostic device, that need not be a part of or run by a hardware device but can be used in conjunction with hardware device. It provides a method to alleviate a disease, details on scan, diagnosis and treatment of a disease.
Is your software as a medical device compliant? Let’s go through it!!There are several challenges a medical device software faces :Once moved to different hardware systems, it might not act as expected.Update made by manufacturer might be left for the user to installBecause of ease of access across different platforms, it might be misused by users which is often not in control of the manufacturer.There might be changes made in software at a later stage.There are many aspects in clinical environment that can cause hazards to the users(patients) of software as a medical devices, for eg: kind of disease, condition, level of dependence on the device etc. The intended use of SaMD has different importance on the action taken by the user. To treat or diagnose the disease in conjunction with other devices.To pilot clinical management by helping in treatment and diagnosis.
To report clinical management the options for treatment, diagnosis or preventing disease.Also, we classify SaMD depending on health condition of the patient. Factors for classification :Critical condition : Here precise and prompt diagnosis and treatment is required to avoid fatal injuries.Serious condition : Here precise and essential diagnosis and treatment is required to avoid long time irreversible consequences.Non-Serious condition : Here essential diagnosis and treatment is required but doesn’t cause life-threatening injury or complications.SaMD Classification :There are 4 classes depending on extent of influence on patient or public health where precise details given by the SaMD to treat, diagnose, pilot and report clinical management is important to avoid grievous and fatal complications on public health. Classes are relatively significant to each other, Class 4 being the highest level of influence and Class 1 being the lowest.Since SaMD is considered as a part of clinical workflow to improve diagnosis, treatment and patient management, issues related to design and implementation may lead to adverse effects.
Developing SaMD that are safe demands identifying risks and taking measures to control those risks. Therefore, we need several regulations in place which should be followed by manufacturers and users. SaMD QMS Principles :1. SaMD Leadership and Organizational Support:Organization allocates leadership of all activities of SaMD lifecycle processes and is also responsible for implementing QMS that includes Quality policy and Quality objectives.
Resource management should assure that suitable resources are provided like skilled employees, who are competent in performing their jobs and infrastructure, tools required, good work environment etc.2. SaMD Lifecycle Support Processes:The important processes applicable across SaMD lifecycle are discussed below:Product Planning: Provides strategy to be followed during product development lifecycle. Planning includes different phases, activities, responsibilities and resources needed for developing SaMD.
It has to be regularly updated whenever new landmark is achieved.Risk Management: The safety, efficacy, performance of SaMD can be increased by appropriate risk management. The risk management process should be incorporated throughout entire lifecycle of SaMD. For SaMD, the following risk factors should be considered.Identification of HazardsEstimation and evaluation of associated risksMeasures taken to control risksMethods to monitor effectiveness of measures taken to control risks And also it should be evaluated if SaMD product is suitable for all users, if the application should be available on any device or restricted to particular devices, if the product should be used during environmental disturbance. Manufacturer should give preference to safety concerns.Document and Record Control: Provides proof of outcomes obtained or tasks performed as a part of QMS as well as justification for processes not performed. Records can be either in paper form or electronic form.
Document control and record management makes it easy for the users, both within and outside the organization. Records should be properly identified, stored, protected and retained for set duration of time. Documents should be reviewed and approved before use. Configuration management and control: To maintain integrity and traceability of SaMD, control action has to be taken on items like source code, releases, documents, software tools, history of alterations made, so that user can decide whether to use SaMD with available hardware and networks. Measurement, Analysis and Improvement of Processes and Products: To improve the use and to deliver safe and effective SaMD, we need to measure quality characteristics of products and processes.
Post market surveillance should be done to analyse the quality data by taking feedback, complaints, identifying problems and taking corrective measures to solve the issues.Managing Outsourced Processes, Activities and Products: If an organization chooses to outsource different parts of SaMD process, activities or products, in such cases measures to control the effect of outsourced result is important for safe and effective SaMD delivery. Organization needs to understand the potential of outsourcing suppliers, convey the roles and responsibilities, quality requirements, criteria for review of deliverables etc clearly. 3. SaMD Realization and Use Processes:It lists the methodologies used in lifecycle processes of SaMD:Requirements management: Since SaMD is used in different clinical and home use environments, along with functional requirements safety requirements also should be considered.
Customer interaction is needed to understand the user needs, which can be then translated into requirements. The functionality of operating system on which SaMD runs should be considered.Design: Defines the architecture, components and interfaces of software system based on user requirements.
The greater aspect should be patient safety, privacy, data availabilty, ability to tackle intentional and unintentional threats and restorability to safe state in case of attack.Development: The specified requirements, architecture and design are transformed into software items. Appropriate review activities should be performed and defined implementation strategy should be followed for good development practice. Verification and Validation: Ensures that all the components from design and development including modifications made during maintenance and enhancement are implemented correctly and the proof is documented.Deployment: Includes aspects of delivery, implementation, arrangement and configuration that support controlled and efficient distribution of SaMD to customer including reduction of the risks planned throughout lifecycle processes. Before deployment, platform and OS requirements should be clearly communicated to customers.
It should be tailored depending on user environment.Maintenance: Includes activities to revise previously deployed SaMD. Maintenance activities should not affect SaMD and their result.Decommissioning: Its purpose is to abort all the maintenance and distribution activities in a controlled manner.
SaMD reaches end of life stage and so its supporting data should be removed.
