Not complying with IEC 62304 for software design could be detrimental on many levels

Medical devices have become increasingly sophisticated, now employing software-controlled applications whose failure to function correctly could result in death or serious injury. Despite this increased complexity, medical software standards continue to reflect only the rigor of low-risk applications.

Notably, many of the medical device faults stem from product upgrades. An analysis of 3140 medical device recalls conducted between 1992 and 1998 by FDA reveals that 7.7% are attributable to software failures. Of the software recalls, 79% were caused by software defects introduced after software upgrades.

Reacting to an ongoing inability to manage product upgrades, the FDA recently took punitive action against Baxter Healthcare and their infusion pumps forcing a recall. On April 27, 2010, the FDA had warned users about faulty components in defibrillators manufactured by Cardiac Science Corp. Unable to remedy the problems with software patches, Cardiac Science was forced to replace 24,000 defibrillators that were implicated. As a result, Cardiac Science reported a net loss of $18.5 million. (They were eventually acquired by Opto Circuits)

These recalls have resulted in a change in focus by many medical device providers. Many companies are now changing their approach to improve their software processes as well as to adopt IEC 62304, a standard for design of medical products recently endorsed by the European Union and the United States. IEC 62304 introduces a risk-based compliance structure—Class A through C, where the failure of Class C software could result in death or serious injury—that ensures that medical applications comply with the standards suitable for their risk assessment. This standard outlines requirements for each stage of the development lifecycle and defines the minimum activities and tasks to be performed to provide confidence that the software has been developed in a manner that’s likely to produce highly reliable and safe software products.

IEC 62304 focuses on the software development process, defining the majority of the software development and verification activities. This process includes activities like software development planning, requirement analysis, architectural design, software design, unit implementation and verification, software integration and integration testing, system testing, and finally software release.

To read this article in its entirety, click here.

About the author

Anil Kumar is a technical consultant with LDRA in India, specializing in the development, integration, and certification of mission- and safety-critical systems. With a solid background in development tools and real-time operating systems, Anil guides organizations in selecting, integrating and supporting their real-time embedded systems from development through to certification.