This document outlines a 10-step plan for medical device software validation and verification presented by Ginsbourg.com. It discusses past issues with inadequate medical device software testing, like the Therac-25 radiotherapy accident that killed patients. The FDA regulates medical mobile apps and other software as medical devices based on risk. The plan involves performing risk analysis, documenting requirements and design, developing a test plan, and maintaining records of testing and releases.
4. Ginsbourg.com
1. Coding finished
2. Run a few tests
3. System approved
4. Release
Result: Disaster !
Inadequate design or
poor coding produces many
time bombs in the system!
← High Risk Approach
July 24, 2014 4Ginsbourg.com MD SW V&V 2014-2015
5. Ginsbourg.com
Therac-25 medical accelerator (1985-1987)
• Therac-25 was a therapy system that delivered two different kinds of radiation:
either a low-power electron beam or X-rays.
• The Therac-25's X-rays were generated by smashing high-power electrons into a
metal target positioned between the electron gun and the patient.
• An electromechanical safety interlock was replaced by a software control, because
software was perceived to be more reliable.
• The OS was compiled by a programmer with no formal training.
• Because of a “race condition” bug, the operator could accidentally configure the
Therac-25 so the electron beam would fire in high-power mode, but with the metal
X-ray target out of position.
• At least five patients died; others were seriously injured.
Catastrophic software failure
July 24, 2014 5Ginsbourg.com MD SW V&V 2014-2015
6. Ginsbourg.com
July 24, 2014 6Ginsbourg.com MD SW V&V 2014-2015
"I can’t tell you how many manufacturers I have seen that have tried to
present their risk management system by simply presenting a FMEA.
That is NOT a risk management system."
Kimberly A. Trautman, QSR Expert, CDRH, FDA
7. Ginsbourg.com
QC → Products
QA → Processes
ISO 13485:2003 Medical devices - Quality management
systems - Requirements for regulatory purposes
July 24, 2014 7Ginsbourg.com MD SW V&V 2014-2015
11. Ginsbourg.com
July 24, 2014
What are mobile medical apps?
Mobile apps are software programs that run on
smartphones and other mobile communication
devices.
How will the FDA regulate mobile medical apps?
The FDA will apply the same risk-based approach the
agency uses to assure safety and effectiveness for
other medical devices.
Last Updated: 10/22/2013
11Ginsbourg.com MD SW V&V 2014-2015
13. Ginsbourg.com
July 24, 2014
• Currently available for iOS devices.
• Helps doctors calculate the percentage of a
patient’s body surface area that is burned.
• Calculates the amount of fluid to be
administered in the 24-hour period that
follows the burn injury.
13Ginsbourg.com MD SW V&V 2014-2015
17. Ginsbourg.com
July 24, 2014 17Ginsbourg.com MD SW V&V 2014-2015
10-step plan for medical device software validation and verification:
1. Perform risk analysis
2. Determine level of concern
3. Describe the software
4. Formulate requirements specifications
5. Develop design specifications inc. architecture design chart
6. Craft a software development environment summary document
7. Document validation and verification testing
8. Perform a traceability analysis
9. Determine unresolved anomalies
10.Maintain a log of revision and release numbers