As the international medical device industry goes forward in innovation, the integration of tech in medical devices has increased. Many medical devices now either operate through internal software or can be connected to the cloud or are themselves software. The ease of access, sharing, and monitoring abilities have made tech-integrated medical devices popular among healthcare professionals and patients alike.
One of the many benefits of software in medical devices is that it gives patients their freedom back. Patients can now take the hospital with them; so to speak. So that whenever they have a medical need (get low blood sugar, for example) they can receive notifications on their phones (or their caregivers’ phones) within seconds.
However, tech like this is highly quality-sensitive. As healthcare professionals will likely make medical decisions based on the information provided by these devices, use them for research and survey, or even automate the devices themselves as part of the treatment routine; the quality cannot be risked. As such, regulatory authorities have introduced IEC 62304 to control the quality of software used in or as medical devices.
What is medical device software?
Before getting into the details of IEC 62304, it is necessary to know what the regulation affects: medical device software.
The inclusion criteria of medical device software vary depending on the device being marketed. In the European Union, according to the medical device regulation, software that fulfills the criteria to be a medical device on its own or in combination with another device can be called “medical device software”.
In the USA, according to the FDA, software that is to be used for medical purposes alone without being part of a physical medical device is called “software as a medical device”.
As such, there are slight differences worldwide on what is considered medical device software. Whether software is considered a medical device by itself or a part of a medical device, almost all of the regulations are still applicable nevertheless.
What is the IEC 62304?
IEC stands for International Electrotechnical Commission. They provide internationally accepted standards on almost all electrical and related technology. Regardless of the field of use, the IEC sets requirements for electrical devices and assesses whether they meet them.
Medical devices that use software or software that works as medical devices are electrical in nature, and many of the IEC standards apply to them. However, since the requirements for software used in the medical field are different than regular software, the IEC has an entire regulation dedicated to medical device software.
The IEC 62304 applies to medical software exclusively. More precisely, it applies to the development of medical device software. The IEC 62304 provides requirements for updates and maintenance of medical device software during its lifetime.
The regulations classify all medical device software into three groups based on the risk they might pose. The class A or I devices are the least harmful. They pose no risk to a patient's health and person if they fail to function. The Class B or II devices might cause non-serious injuries if they malfunction or fail. Class C or III devices are the most high-risk. They can cause severe damage to the patient’s health or even cause death.
Similar to medical devices, this classification is used to determine regulatory requirements such as risk management, maintenance, updates, configuration, etc.
The IEC prioritizes standardizing the software development and maintenance process. The IEC 62304 outlines what both of these processes should look like. While it explains the entire system, it doesn’t give exact details. For example, parameters regarding software updates or specific software aren’t mentioned. This is done intentionally to keep the regulation relevant to upcoming years. As the regulation was first published in 2006, this was a necessary step.
The IEC 62304 regulation focuses on the following:
- Development lifecycle: The regulation focuses on the lifecycle of the software. Each step from the initial design to maintenance should be appropriate as per its risk class.
- Risk management: Risk management is a huge part of building safe medical software. IEC 62304 focuses on identifying potential safety issues, assessing them, and alleviating them effectively. This risk-based approach prioritizes patient safety.
- Configuration: For software, configuration management is an important aspect. The regulation emphasizes employing the correct configuration management system and keeping track of all updates.
- Documentation: Documentation is crucial for any medical device or software development. Each step from the initial development stage to the entire lifetime of the software and all data must be collected, and stored.
- Traceability: Medical device software is easier to trace than regular medical devices, especially, if they are connected to the cloud. According to the regulation, automated tracing of software is encouraged for swift detection of a malfunctioning unit and fast recall or update if needed.
- Verification: All software needs to go through a verification process to ensure it works as it’s meant to.
