In a three-part series, The Device Chronicle interviews Dr. Baya Oussena about the full process of researching, designing, and managing a software-defined medical device (SDMD) throughout its lifecycle.
Dr. Baya Oussena has worked on embedded software projects for Siemens, Volkswagen, and Fresenius Medical Care. She has researched distributed systems, algorithms, and their parallelization, synchronization, and applications in medical computing, including diagnostic assistance and the early detection of breast cancer. While she was a lecturer and researcher at the universities of Glasgow and Mainz, Dr. Oussena worked on embedded systems for nuclear physics experiments. This work aimed to optimize the performance of data acquisition systems for subatomic physics, requiring software skills ranging from manipulating binary machine instructions to effectively utilizing high-level programming languages such as C++.
Considerations for the research and design of a software-defined medical device (SDMD)
Dr. Oussena begins by setting out that the research and design of a software-defined medical device involve two key components:
- Choosing an appropriate mathematical modeling approach. This includes selecting models for image texture analysis, signal processing, data science techniques, or AI/ML algorithms based on the system's specific requirements and characteristics.
- Defining the methodology for exploring and developing the software architecture of the medical device.
Dr. Oussena addresses the second component. She explains that a software-defined medical device (SDMD) delivers its primary functionality through software rather than dedicated hardware. Designing an SDMD involves a multidisciplinary approach that combines expertise from medical, engineering, regulatory, cybersecurity, and user-centered design considerations. Every phase, from conceptualization and development to validation and post-market surveillance, must ensure the SDMD operates reliably and safely in real healthcare settings.
Above all, the safety of patients who depend on or use the SDMD must always be the top priority. The product design team must ensure systems are in place to identify and respond to safety concerns promptly. It includes real-time monitoring of potential risks, maintaining incident protocols, and conducting safety audits. The SDMD must also include built-in features, particularly for devices that deal with life-threatening conditions or require real-time patient monitoring. If an SDMD detects a critical issue, it should have automatic fail-safes or alerts that notify healthcare professionals instantly.
Understanding regulatory & standards requirements
Dr. Oussena stresses that understanding regulatory requirements, such as those of the FDA in the US and MDR in the EU, is critical for developing a safe and effective medical device that prioritizes patient safety. The product design team and regulatory affairs must assess the device classification (e.g., Class I, II, III in the US or MDR Class I/IIa/IIb/III in Europe).
The product team must ensure compliance with key standards, including IEC 62366 (usability engineering), IEC 62304 (software life cycle), ISO 13485 (quality management), ISO 14971 (risk management), IEC 81001-5-1:2021 (security – activities in the product lifecycle), IEC 82304-1:2016 (for standalone or health software) and EU/FDA standards for electronic records and signatures.
Define intended use & target users
Dr. Oussena explains that it is essential to state and explain the medical purpose of the SDMD. What issue will it address? Will it be used for diagnosis, monitoring, treatment, or to assist healthcare processes? The target users should be identified: Is the SDMD designed for doctors, patients, or caregivers? Knowing the end-users influences the software's design in terms of interface and complexity.
User Interface (UI) & User Experience (UX) design
Dr. Oussena believes that UI and UX design are vital for medical devices, where clarity can have life-or-death consequences. This phase ensures that the software is intuitive and usable under pressure. Software should be designed to meet the needs of healthcare professionals, patients, and caregivers, where there are varying degrees of technical skill and acumen. SDMDs must be designed with diverse users, including those with disabilities, in mind. It may involve voice control for hands-free operation, large fonts for individuals with visual impairments, and explicit language for all users.
The SDMD should minimize user error with clear prompts, undo options, and confirmations for critical actions (e.g., submitting medical reports). The UI/UX must ensure the software remains responsive in high-pressure environments, such as hospitals or operating rooms.
Risk management
Risk management plays a vital role in the SDMD development process, given the importance of safety when working with medical devices. This management process should encompass risk analysis, control measures, and documentation procedures. The risks may include failure modes like incorrect data processing, software crashes, or security vulnerabilities that could compromise patient data. After identifying the risks, it is essential to implement mitigation strategies. All efforts to mitigate risks should be documented in a risk management file, which is crucial for regulatory submissions and serves as evidence of the safety measures undertaken.
ISO 14971 provides guidelines on the risk management process for medical devices, including practical risk assessment and risk management.
Cybersecurity & data protection
Given the rise of digital health solutions, ensuring robust cybersecurity is non-negotiable. For SDMDs, data protection is particularly crucial due to concerns about patient privacy. This includes data encryption, access controls, secure communication protocols, data storage, and security testing. Cybersecurity involves preventing external threats, maintaining tamper-proof software, and safeguarding internal processes. IEC 81001-5-1:2021, ISO/IEC 27701:2022, and ISO/IEC 29100:2011 provide cybersecurity and data protection guidelines.
Detailed design & software development
Dr. Oussena describes the key considerations during the design phase. These include:
- Patient Safety: Patient safety must be the top priority. The software should protect patients and prevent misdiagnosis, treatment delays, or other issues that may harm them.
- Cybersecurity: Since SDMD often involves sensitive patient data, robust cybersecurity measures should be incorporated to prevent unauthorized access or tampering.
- Compliance: Always ensure compliance with specific regulatory standards and certification requirements. This process continues throughout the design and development phases.
- Collaboration with medical experts: Working with doctors, clinical engineers, and healthcare professionals ensure that the SDMD effectively addresses actual medical requirements.
Dr. Oussena points out that this process is highly iterative and requires constant testing, validation, and feedback loops to ensure safety and functionality. She notes that documenting everything is also extremely important, as regulatory authorities will need proof that the design and development processes have adhered to medical device regulations.
Read the rest of the conversation:
Part 2
Part 3