Software Quality And Device Recalls
By Poornima Venkatesan, Virtusa
The definition of medical device has expanded quite a bit in the past decade. Not only do wheelchairs, imaging equipment and pacemakers qualify as medical devices, but so do health monitoring apps and digital health trackers. Thanks to the advancements of the digital age, “hospital at home” is the trend. The industry is moving towards a connected care environment where devices that capture data, applications that derive insights from that data and apps that deliver personalized suggestions have become the critical driving factors. Nevertheless, the industry is also fueled by globalization, competition and demand for more advanced treatments. Sensors are at the heart of every device, from small bandages to implants.
The Flip Side
The recent Stericycle Recall Index report shows that the United States, the largest medical device consumer and manufacturer in the world, has faced 343 device recalls in the first quarter of 2018 alone involving 208 million units. Unsurprisingly, software issues such as bugs, false results, and network connection issues were the major reason behind the recalls. Issues like disparity in patient data, displaying incorrect test results and loss of reports could lead to consequences ranging from wrong clinical decisions to even death.
A recall not only puts the brand value at risk, but also pinches the pocket of the manufacturers due to lawsuits, reimbursements, wastages, etc. According to a McKinsey report, the industry spent a whopping US $36 billion on quality control in 2017, one-third of which went toward ensuring good quality and the remainder being the direct cost of poor quality.
The Expense Of Doing Things Wrong
What went wrong?
Complexity of software: The more complex the software, the more difficult the workflows are, resulting in complex coding and more susceptibility to bugs.
Outsourcing: Most device manufacturers outsource their software development, which means that more attention is required when integrating the software, testing it for all potential errors and fixing it on time. Above all, vendors might lack the right functional expertize.
Incomplete regulations: With software advancements, regulations must also become more stringent in terms of reviewing technical risks and medical errors. Current premarket and post-market regulations do not account for software vulnerabilities.
Cybersecurity threats: Many of today’s devices and applications are connected to hospital systems. The increase in the number of devices brings with it threats of leakage of personal health information. A device with outdated software is susceptible to attacks.
Recalling medical devices is not as simple as returning a product to an e-commerce website like Amazon, though. With the number of medical devices on the market, managing information about each device and tracking it is difficult. Drugs use unique national drug codes, but universal device identification (UDI) is not prevalent yet.
What if a recall affects more than one country? How would a company locate and communicate the issue to a patient who could be anywhere around the globe? How can the supply chain ensure that recalls don’t affect patients?
Prevention Is Better Than A Cure
Documentation and testing: Complete documentation of a product, from risk assessment to functional and technical design requirements, test plans, traceability matrices, deviation tracking and maintaining change controls, helps with verification and validation of the product. A usual testing process is not sufficient for complex applications. Keeping track of all conversations involving product requirements and complex code reviews will also help with detailed testing. In addition to testing the software for what it is supposed to perform, it is also important to know how it interacts with various systems.
Using AI bots in testing can also help find and fix errors faster and more accurately. It is cost effective and helps in improving testing efficiency and refining product quality.
Proactive risk management: Using an automated risk management tool can help to avoid risks created by human error. These tools not only provide accurate and reliable data, but also derive important insights from the data being fed to them.
Maintaining medical device records: Along with UDIs, we need to create systems that keep records of every device from concept to manufacturing details, including the lot number, inventory data, supplier data, patient data, and billing information. This level of information is necessary to track any device across the globe. These systems must also be standardized to capture accurate, real-time data and monitor any software updates/patches released by a manufacturer to avoid cyberattacks.
The SurgeryOS database is an example of such a system. It helps manufacturers collect, organize and distribute data in real time, making devices more valuable for the practitioners using them. The manufacturer can also send notifications of malfunctions in the product and share case studies about new products, improving utilization of the products and assuring care for patients who are using them.
About The Author
Poornima Venkatesan, Senior Consultant at Virtusa, comes with rich experience in product management, agile development (Scrum), requirements gathering, and documentation. She has also created various learning materials on drug development, medical devices, verification & validation, and medication therapy management. At Virtusa, she is also involved in branding Virtusa Lifesciences domain solutions.
Apart from being an MBA from Great Lakes Institute of Management, she also holds a degree in Advanced Management Program from IAE Bordeaux University. She is currently pursuing her Masters in Psychotherapy and Counseling. Beyond business analysis, she is a voracious reader, a solo-traveler, an artisan, short film actor and a passionate blogger.