Software is increasingly used in all kinds of physical devices to expand the functionality of (or even completely replace) hardware components. This has been a trend in recent years across various industries, and is also the case with medical devices. Software enables the sophistication of even relatively simple devices such as insulin pumps, bringing new functionality and increasing the efficiency of these products.
With increased sophistication comes increased complexity and risks. Developers not only have to make sure they maintain the high quality of their products, they also need to develop these products in shorter time than ever before, due to a competitive market landscape. Overall, they need to be able to build better quality products faster, while managing risks and maintaining the safety and reliability of their products.
Is Agile the solution?
Agile has been increasingly adopted in various sectors as the software development methodology that allows developers to do just that. It's a fairly recent methodology that emphasizes collaboration, continuous testing, gathering feedback from end users early and often, and using that to update the requirements in order to better satisfy customers' needs.
Despite ensuring high product quality, thorough risk management, and the early discovery of issues, Agile also comes with certain challenges. This methodology promotes self-governing teams, and values working software over extensive documentation – which is exactly why companies developing safety-critical software (such as software embedded in medical devices) have long been wary of switching to the "deregulated" Agile method.
Related reading: Agile + IEC 62304: Using Agile in Medical Device Development
In such a highly regulated industry where transparency, process visibility, traceability, access control and process enforcement are crucial for compliance with standards and regulations, Agile is seen as a solution that increases, rather than reduces the risk and number of potential issues.
The FDA's 2012 decision to recognize Agile as a standard puts an end to the dispute about whether Agile can be used in the development of medical device software. The decision concludes that Agile is fit for developing safety-critical software as it enables developers to achieve the level of scrutiny demanded by regulations. That said, discipline is key.
Agile and compliance
FDA's decision marks an inflection point and will most likely propel the adoption of Agile in medical software development. However, as mentioned above, maintaining control over all processes, and discipline in adhering to regulations is key to compliance with relevant medical standards (ISO 14971, IEC 62304, IEC 61508, and similar FDA regulations are among the most commonly cited medical standards).
Specifically, release planning plays an important role in Agile development. User stories and requirements should be added to releases and sprints, laying out the timeline for subsequent iterations. This allows you to monitor and manage all development processes throughout the lifecycle. Perhaps even more importantly, links need to be established between work items across the lifecycle – end-to-end traceability is a fundamental requirement of all medical standards.
Another vital process when relying on Agile in a safety-critical environment is risk management. The standard ISO 14971 outlines the requirements for developers to identify, prioritize, and reduce or mitigate all risks during the development lifecycle of medical device software, as well as the necessary documentation required to facilitate compliance audits.
Failure Mode and Effects Analysis (FMEA) helps a big deal in managing hazards – its variant HFMEA, specifically designed for the healthcare industry, is widely used in medical development. Risk management should be one of the key concerns when applying Agile in medical device development.
To ensure process enforcement and access control, custom workflows need to be configured when developing medical software in an Agile environment. In order to be able to prove compliance with relevant standards, all approvals need to be authenticated using e-signatures.
To learn more about Intland's Medical IEC 62304 Template and how codeBeamer ALM could help streamline your medical device development processes, get in touch with us for a free, 1-on-1 product demonstration, or start your free trial today!