What Are The Official Guidelines For Medical Software Development

Medical software is acting as a key differentiator among healthcare organizations. While the adoption rates of medical software such as EMR/EHR have skyrocketed in the recent past, there is also a lot of innovation going on in the field of healthcare software that involve use of technologies such as artificial intelligence, big data, machine learning and cloud computing.

As more and more healthcare practitioners and hospitals move towards adopting innovative software solutions within their workflows, knowledge of the official guidelines for medical software development is more important than ever.

Healthcare software development is a tightly regulated industry. Healthcare software developers need to adhere to high standards of regulatory compliance to ensure that the requirements are met consistently.

Whether it is developing software as a medical device or mobile medical applications, being cognizant of the regulatory requirements is crucial for avoiding hefty fines as a result of non-compliance.

Official guidelines for medical software development – IEC62304

International standard of IEC62304 is generally considered the benchmark for complying with the regulatory requirements in both US and European markets. It specifies the requirements for medical device software development and software development life cycle processes.

While the standard does not focus on a single model or a documentation structure, it outlines the product development approaches that can be adopted during medical software development in a phased manner.

Phase 1 – Requirements and Planning

Requirement gathering and project planning are the first steps in any kind of software development that involve documenting all the particulars pertaining to the development project. The development tasks that need to be undertaken and the responsibility of their completion are assigned in the phase 1 of development.

Which software development model is to be followed is another decision that is taken during this phase. While development teams have historically used the waterfall model, the benefits of following Agile methodology in healthcare software development are being increasingly acknowledged.

The entire development life cycle is broken down into smaller sprints with objectives and software milestones spelled out. The features that will be included in every development sprint are predefined.

Requirement specifications include the functional requirements, capability requirements, software system inputs and outputs, interfaces, security requirements, and usability requirements.

Phase 2A – Architecture and Feasibility

Architecture outlines how the software that is being developed will interact with the hardware. The architecture identifies the software items which are further analyzed during the risk analysis and management process.

Any interface between the hardware and software or internal and external components needs to be described by the architecture.

Phase 2B/2C- Detailed Design Phase

The details of the architecture design are elaborated in the detailing phase. It also involves unit integration and testing followed by a code review by other members of the team.

An incremental approach that involves implementation of specific modules first is acceptable during the detailed design stage.

Phase 3 – Design Verification and Transfer

The system verification test protocols that are laid down during phase 2 are executed in this phase. Release notes containing the listing of issues discovered during coding and testing are formulated and software verification testing is conducted to fix the bugs in the software.

The quality assurance team executes the test runs and once the software has been tested for possible anomalies or issues, the final confirmation is given. The design verification and transfer phase treats the entire software as a whole rather than focusing on the individual modules.

FDA guidelines for medical software development and medical devices

The Food and Drug Administration applies its regulatory authority on software applications intended for use on mobile devices including medical mobile applications.

While the guidelines spelled out by the FDA are not legally enforceable responsibilities, it does lay out the recommendations that healthcare software developers should follow.

Additionally, FDA intends to apply enforcement discretion for software functions which pose low risk to the patients such as software that helps patients self-manage their conditions or automates simple tasks for the healthcare providers.

Telemedicine software that help patients communicate with their healthcare providers and send supplemental data in the form of images are also exempt. Requirements under the FD&C act do not apply to these segments of medical software.

HIPAA compliance during medical software development

Any organization that deals with collection, transmission and storage of healthcare data, also known as protected health information (PHI), needs to be compliant with HIPAA (Health Insurance Portability and Accountability Act).

Under HIPAA, both covered entities  and business associates need to comply with HIPAA privacy and security rules. The Omnibus Rule was added to update HIPAA in 2013 which expanded the liability of the Privacy and Security Rules onto the vendors that work with covered entities as well.

A healthcare software development company such as Arkenea, who specializes in healthcare are experts in the field and are well versed in ensuring compliance to HIPAA requirements. The healthcare software you develop needs to ensure that their application includes all the policies and procedures to prevent ePHI from being changed or destroyed and protect data integrity.

Ensuring the code quality in healthcare software development

Coding standards in software development are a set of rules that the developers use as a guideline to ensure that the code displays uniformity, consistency and exhibits readability.

Following coding standards in healthcare software development ensures that the medtech product being developed is of high quality and doesn’t end up being susceptible to security breaches.

Periodic code reviews within the organization, either through static code analysis or peer to peer code reviews can go a long way in ensuring consistency in the code quality.

While implementing coding standards among your development team is a voluntary step rather than a strict regulatory requirement, doing so ensures higher quality of healthcare software development while driving faster time to market.

Looking to get started with medical software development? With more than a decade of experience in the field of healthcare software development, our team of developers excel in developing and delivering innovative software solutions while ensuring compliance to the regulatory requirements.

Get in touch with us to discuss your project requirements today.



Author: Dr Vinati Kamani
Dr Vinati Kamani writes about emerging technology and its application across industries for Arkenea. Dr Kamani is a medical professional and has worked as a dental practitioner in her earlier roles. She is an avid reader and self proclaimed bibliophile. When Vinati is not at her desk penning down articles or reading up on the recent trends, she can be found travelling to remote places and soaking up different cultural experiences.