Friday, November 12, 2010

Standards for Software Safety

Annex B of IEC 62304 provides a useful framework for standards associated with the safety of medical device software. On page 77 it states:

"There is no known method to guarantee 100% safety for any kind of software.

There are three major principles which promote safety for medical device software:

- Risk Management
- Quality Management
- Software Engineering"

In the medical device software world there are three standards that provide the essential guidance on software safety:

Risk Management - ISO 14971 - Medical Devices - Application of Risk Management to Medical Devices
Quality Management - ISO 13485 - Medical devices —— Quality management systems —— Requirements for regulatory purposes
Software Engineering - IEC 62304 - Medical Device Software - Software Lifecycle Processes

At least two of these standards have been adapted from more generic standards to meet the needs of the medical device software industry. In particular:

ISO 13485 is adapted from ISO 9001
IEC 62304 is adapted from ISO/IEC 12207 (Software Life Cycle Processes)

In pursuing this matter for clinical systems including EMRs and EHRs, we have three choices to choose from:

1. Adopt the standards that have been developed for medical device software (13485/14971/62304)
2. Adopt the more generic ISO standards (9001/12207)
3. Develop a unique set of standards for clinical systems including EMRs and EHRs

Thoughts?

No comments:

Post a Comment