Medical software

Abstract

Healthcare industry is governed by regulations which are region or country specific. Since it deals directly with human lives, if a device, be it standalone or a connected system or a Healthcare informatics package, is to be launched in a particular country/region, it has to abide by the corresponding regulations. However these regulations are not standardized across the globe and that makes it challenging for a device manufacturer to abide by the corresponding country specific regulations where the product is going to be launched. For e.g. US is regulated by Quality Systems requirements of FDA and 510 K approval, Europe is governed by CE marking and ISO 13485 standard, China has its SFDA requirements whereas Japan follows PAL regulations.Software is at the heart of all these equipments. More and more of the devices and the corresponding clinical applications and workflows are now controlled by software. Right from capturing the images generated by the scanner to the processing of these images and subsequent post processing for clinical decision making is done by software. The Picture Archival and Communication system (PACS) system which is the backbone of healthcare Informatics in hospitals has at its core. So automatically all the that is written for these products comes under the purview of these regulations. Infact the Global Harmonization Task force specifically includes in its definition of devices.Software development in many organizations is governed by engineering principles applied through a SEI-CMMI model which lays strong emphasis on establishing sound process framework to ensure a good quality. So on one hand we have a CMMI based Quality system and on other hand the development and maintenance of medical software has to abide by the regulatory structure posed by FDA, ISO 13485 etc. This raises certain fundamental questions for organizations dealing with development and maintenance of medical software -- Are these Quality systems requirements too diverse or is there any overlap? How much exactly is this overlap? Is it possible to marry both these worlds of CMMI and the regulatory standards and have a common process framework for the organization? If there is an already existing CMMI based system then is it possible to extend it to include the ISO and FDA aspects? And if yes how can this be done? As the industry matures, more and more standards will get added to the regulatory requirement -- in such a scenario, how does one keep the scalability and integrity of the Quality system? and other similar questions?.This paper is an attempt to answer these questions by sharing the experience of deploying ISO 13485 and FDA CFR 820 elements in an existing CMMI based Quality Management System for development and maintenance of software. It begins by painting the regulatory landscape across the globe -- America, Europe, Asia, goes onto explaining briefly the structure of ISO 13485, and FDA Quality systems requirements and summarizes the approach followed by Philips-Healthcare Bangalore centre to achieve the ISO certification in a CMMI based process framework. The paper finally details out a granular mapping of the ISO 13485 clauses to the CMMI Process areas including Generic and Specific practices. This will help any CMMI based organization dealing with to easily map and extend their existing practices to the required regulatory standards and achieve the corresponding certification.