International Review on Computers and Software (I.RE.CO.S.), Vol. xx, n. x Manuscript received January 2006, revised January 2006, accepted February 2006 Copyright © 2006 Praise Worthy Prize - All rights reserved Fergal Mc Caffery 1 and Gerry Coleman 2 Abstract – Software is becoming an increasingly important aspect of medical devices and medical device regulation. Software enables highly complex systems to be built. However, complexity is the enemy of safety, therefore strict adherence to well documented processes is important within the domain of medical device software. Medical devices can only be marketed if compliance and approval from the appropriate regulatory bodies (e.g. the Food and Drug Administration (FDA)) is achieved. This paper outlines the development of a software process improvement (SPI) model specifically for the medical device industry. The paper details how medical device regulations may be satisfied by adopting relevant practices from the Capability Maturity Model Integration ( 1 CMMI ® ). Copyright © 2006 Praise Worthy Prize - All rights reserved. Keywords: Medical device, Software Process Improvement Model, CMMI® 1 ® CMMI is registered in the U.S. Patent and Trademark Office by Carnegie Mellon University I. Introduction Medical device companies base their software development processes on the need to comply with the FDA [1,2,3,4]. Due to the safety-critical nature of medical device software it is important that highly efficient software practices are in place within medical device companies. In fact, integrated into the design process of medical devices, is the requirement of the production and maintenance of a device technical file, incorporating a design history file. Design history illustrates the well documented, defined and controlled processes and outputs, undertaken in the development of medical devices and for our particular consideration with this framework - the software components. The software framework introduced in this paper will address an opportunity to integrate regulatory issues and process improvement mechanisms in order to achieve greater customer satisfaction, faster time to market and improved software quality. II. The medical device industry The risk of patient injury from software defects is a concern due to the manufacture and deployment of increasing numbers of software-embedded medical devices [5],[6],[7]. There have been a number of major medical device product recalls over this past 25 years that were the result of software defects [8]. Change control within medical device software is important as such modifications can occur frequently and may occur at different levels (e.g. design, interface or code), therefore increasing the risk of software failure [8]. It is therefore important that a medical device company has efficient software development processes in place that include change control practices. According to the Institute of Medicine report ‘To Err is Human’ [9], between 44000 to 98000 people die in hospital from preventative medical errors. The report also says that more people die every year as a result of medical errors than from motor vehicle accidents, breast cancer or AIDS. Like most industries, the healthcare industry depends on computer technology to perform many of the functions ranging from financial management to patient treatment [10]. The use of software in medical devices has become widespread in the last two decades. Medical devices with software include those that are supplied and used entirely in hospitals and other health facilities, as well as consumer items such as blood pressure monitors. Many medical devices, and their software, operate in real time – monitoring, diagnosing, or controlling a physiological process as it changes. The complexity and risk profile of medical devices varies widely and range from a consumer digital thermometer for minor diagnosis, and an implanted artificial heart that is critical to preserving a patient’s life, to a therapeutic X-ray machine with a computer user interface, programmable software controlled therapy and anatomical and biophysical modelling in the software, which is operated under a high level of professional staff supervision [11]. Analysis of medical device recalls highlights the diverse nature of medical device software failures. The The Need for a Software Process Improvement Model for the Medical Device Industry With permission of Praise Worthy Prize S.r.I...from the International Review on Computers and Software, IRECOS, vol.2 no.1 Copyright © 2007, Praise Worthy Prize S.r.I..... brought to you by CORE View metadata, citation and similar papers at core.ac.uk provided by University of Limerick Institutional Repository