Over the last decade, “medical device software has evolved from low-level firmware with archaic user interfaces to sophisticated instruments with smooth, elegant user interfaces, providing seamless communications with either local servers or cloud servers,” said Frances Cohen, president of Promenade Software, an Irvine, Calif.-based provider of software development services for medical device manufacturers (MDMs).
As hardware becomes more powerful and more affordable, expanded capabilities and differentiation are being designed into software. This ranges from software embedded in medical devices (for example, the development of the artificial pancreas) to “big data/analytics applications for improvements in prescribing cancer therapies from companion diagnostics and mobile- and cloud-based applications for ECG, electronic stethoscopes, and monitoring of diabetic blood glucose levels,” said Dennis Rubenacker, a senior partner at Noblitt & Rueland, an Irvine, Calif.-based provider of technical consulting and training services to internationally regulated industries. “In addition, manufacturers are using software for implementation of electronic systems for quality system procedures and processes, such as document control, product data management for design and development, complaint file processing, corrective and preventive action (CAPA), and manufacturing execution systems.”
The big push right now among OEMs and high-level supply-chain partners is integrating different software-based monitoring systems through a central hub or command center. Although many individual point solutions exist in the market today—for example, quality management systems, manufacturing execution systems (MES), enterprise resource planning (ERP), and customer relationship management (CRM)—OEMs want the simplicity of a master system that links them all together.
“We are seeing a trend toward the integration and consolidation of business systems,” said Anthony Parise, product strategist for life sciences for ETQ , a Farmingdale, N.Y.-based provider of quality, operational risk, and compliance management software. “Companies want to simplify the way they consume and disseminate data and provide a seamless ‘story of compliance’ across the enterprise. Business systems can no longer be siloed; they need to be integrated and streamlined to provide more value, from the top floor to the shop floor.”
A central hub for these processes provides companies with full traceability of compliance within their operations, as well as from their supply chains and external resources. Advantages include greater design efficiency, increased visibility into product lifecycle processes, unified change management for all documents, and increased resource utilization—all of which improve quality while saving time and money.
For example, traditional ERP functionality covers accounting, sales orders, material requirements, inventory, and purchasing, plus extended native features for CRM and human resources. MES addresses production scheduling, shop floor control, warehouse control, and quality assurance.
“The current state of ERP and MES software in the medical device manufacturing market varies greatly from one manufacturer to another,” said Dan Randunz, chief technology officer for IQMS, a Paso Robles, Calif.-based provider of ERP and MES software. “Some are highly automated, while others continue to use low-end accounting software and spreadsheets, and some still run their operations exclusively on clipboards and paper forms.”
Two factors drive ERP and MES purchases: managing profitable growth and fulfilling regulatory and compliance needs (which impacts profitable growth). “The need to more accurately manage production scheduling, improve pricing estimates, and gain operational efficiencies is the key driver in deciding to implement an integrated ERP and MES solution,” added Randunz.
Integration helps identify problems, reduce errors, and maximize quality. Design and manufacturing process controls are still the major areas of failures for medical devices. Therefore good design, streamlined clinical execution, regulatory oversight, and overall quality management are needed across a device company’s enterprise.
“This, however, still falls short where companies are just now trying to automate operational processes and consolidate and harmonize their requirements into one common integrated platform addressing content and operational data across quality, clinical, regulatory, and commercial areas of the business,” said Nikki Willett, senior director of strategy, medical devices, and diagnostics for Veeva Systems, a Pleasanton, Calif.-based provider of cloud-based software for the global life sciences industry. “The maturity of the industry for automation is still progressing slowly from reacting to anticipating. A rise in requests for proposals [RFPs] last year and this year are showing companies are biting the bullet to make a change in consolidating automated systems to have the single source of the truth in a real-time environment.”
Product failures and recalls can also be the result of inadequate testing and traceability. Requirements management software can be integrated into a central hub to confirm traceability, from product requirements through engineering and test validation.
“Requirements management provides a complete end-to-end process in the management of requirements, linking requirements to test cases and test results to ensure that all requirements are tested, optimizing product quality and patient safety,” said Arieh Halpern, a life sciences industry business consultant with Dassault Systèmes, a medical device consulting firm headquartered in France.
Product lifecycle management (PLM) is yet another software application that can be integrated with other management systems. PLM traditionally supports the R&D departments; however, MDM management is recognizing the need to expand these solutions to include other departments such as quality, regulatory, marketing, and manufacturing. “This supports and streamlines the product development process by integrating people, data, processes, and business systems across the enterprise, both internal and external of the company,” said Jean Colombel, vice president, life sciences industry, for Dassault Systèmes. “This way everybody has access to everyone and everything, eliminating the individual silo-based approach.”
Moving into the Cloud
MDMs are looking for software products that are easy to use and modular in design, allowing for the addition of other software modules with minimal customization as needed. The cloud, the number-one advancement in software capability in recent years, lightens the load of building and/or maintaining software infrastructure. It provides access to innovative, fast, and relatively simple software that appeals to all levels of users. Cloud services are easy to use, inexpensive, and provide 24/7 worldwide secure access.
With cutbacks in operational budgets, many MDMs are looking for software solutions that can operate in the cloud. Cloud adoption is primarily driven by the desire to get new products into the market faster, improving operating cost efficiencies by reducing IT expenses, faster implementation up-time, and scalability. Therefore, it is not surprising that small to mid-size medical device companies are the fastest adopters of off-site cloud systems hosting companies.
On-premise cloud hosting is starting to make inroads into large, multi-national medical device companies for similar reasons, including the ability to bring newly acquired medical device companies into a common enterprise platform, with a common set of software products—“for example, quality management systems, regulatory, document control, and engineering design software products under a single unified change control process,” said Colombel. “This reduces the possibility of FDA 483 citations for noncompliance.”
Although the cloud is, in general, gaining acceptance among MDMs, there is still concern about security, especially by regulatory agencies. In response to potential security issues about maintaining sensitive and critical data in a shared environment like the cloud, larger firms are showing interest in creating their own private clouds, where security is easier to control.
Less Risk for OEMs
OEMs like software solutions that are flexible enough to adapt to a changing and evolving market, and mitigate risk as well. A core business objective is visibility and control; with this objective comes the need to understand risks and effectively manage them. Therefore, more MDMs strive for unlimited visibility into operations.
“MDMs want not only visibility into operations and business processes, but also the tools to gain an enterprise view on compliance within all aspects of the operation,” indicated Parise. “This includes robust analytics, risk-based alerts, supplier management, and process automation, but most importantly, it provides the organization with the tools necessary to make better, more informed decisions about how to manage and respond to compliance initiatives.”
As software becomes more complex, and regulatory aspects more demanding, OEMs are outsourcing to third-party software contractors to complete product development. It used to be that an OEM’s firmware team was all that was needed, but now experts are required in firmware, embedded applications, mobile apps, cloud server software, cybersecurity, human factors and user interface design, database, and regulatory aspects.
This type of collaboration is a key way to reduce risk, but the speed and quality of communication can still be a challenge between the OEM and the contract manufacturing organization (CMO). “CMOs can’t always keep up with the numerous products and changes without an easier and better mechanism of communication than email,” said Willet. “We are seeing more partner portals and external user’s models for software to keep up with a two-sided conversation.”
This, of course, improves understanding and process efficiencies, thereby reducing risk and maximizing quality.
Open-Source vs. Custom
It’s logical to assume that advanced software for medical devices is highly complex and customized, rather than off-the-shelf or open-source, such as Linux. However, Linux is widely used by MDMs and saves them from having to develop an expensive customized operating system (in fact, Linux can support customization if needed). As a result, the open-source approach has evolved from a minor tool to become the underlying software for a wide variety of applications and IoT devices. “Companies need more oversight for software that is rapidly changing by hundreds of thousands of developers,” said Willett. “However, an open-source development model is a fast, highly innovative, and cost-efficient approach to making software that’s well-suited to the critical IT demands of the life sciences industry.”
“It is amazing what is available in the open-source community,” added Cohen.
Many new software advancements coming from the web or mobile applications can be applied to medical devices. For example, Promenade uses React Native. Made open-source by Facebook, it allows applications to be developed once and deployed for a device (Linux, Windows, Android, and iOS). “Unlike previous generations of this type of framework, it enables the use of native controls of the operating system such that it looks like a native application on those devices,” said Cohen. “We are very excited about this technology because it allows us to write our code once, then deploy it for all three environments. This is a huge savings for our customers, who previously had to pay for development in each separate environment.”
More off-the-shelf (OTS) software is being used by MDMs as well, to the point where many medical devices developed today have a majority of OTS software. OTS software used in medical devices can include operating systems such as Windows/Linux, databases, drivers for peripherals including motors, data acquisitions systems, and storage/cloud storage.
“Established open-source and OTS software will always have a place in the medical device industry, but most implementations in devices or systems will require customization, especially to meet the demands for complex products,” said Brian Goemans, senior consultant and country manager for South Africa for Austin, Tex.-based Emergo, a global medical device regulatory consultancy.
“This allows MDMs to focus on developing custom software applications within their own area of expertise,” agreed Rubenacker.
Cohen indicates that nearly every device Promenade works on includes a significant amount of off-the-shelf software, much of it open-source. “It is totally unnecessary to re-invent the wheel on non IP-related features,” he said. “This software is used by millions and has proven to be robust.”
Although every instrument must have its custom software, the open sources and frameworks are designed for that customization. The trick is selecting the best off-the-shelf operating systems and frameworks, and build on top of them. “Of course, a thorough risk analysis with resultant mitigations must also be put in place in case it fails,” added Cohen.
Perhaps the biggest role for software in the regulatory space serves traceability—not just for materials and finished products, but also the production parameters at the time of manufacturing. Traceability is driven by the track-and-trace regulations (21 CFR Part 821) that have become part of the medical device regulatory landscape over the past several years (and will soon become mandatory).
To comply with 21 CFR Part 821, MDMs can carry out manual record-keeping, contract with a unique device identification (UDI) registry, or manage the records internally from production through a product’s entire lifecycle using an ERP system that integrates with a quality management system, product lifecycle management system, and manufacturing execution system. The ERP approach manages all these processes in a single system, delivering broad functionality in one turnkey package.
“Typically, mid-market manufacturers want to avoid complex integrations and customized solutions that, over time, become unwieldy and expensive,” said Steve Bieszczat, chief marketing officer for IQMS. “They are also attracted by the fact that all the data used by the modules is managed by the same embedded database, which facilitates visibility, accuracy, traceability, and compliance.”
Companies want integrated software systems that manage and streamline all regulatory aspects, even event correction and beyond. These tasks include electronic records, electronic signatures, design history file, device master record, quality system records, nonconforming product, CAPA, UDI, and hazard risk analysis. Maintaining a “hub” of compliance, where the entire center of operations receives vital information that results in assessing risks and making informed decisions, greatly improves compliance and quality management. “This is even more critical as regulatory agencies, such as the FDA, are becoming electronic themselves,” observed Parise. “Electronic medical device records, FDA Adverse Event Reporting System, and other electronic submission methods are bridging the gap from technology within the manufacturer to technology within the regulatory agency. This greater connection from all areas of the operations needs to be supported and embraced.”
Cybersecurity, especially from the risk management and usability point of view, has become the latest regulatory challenge for MDMs. Addressing these concerns needs to be part of an overall risk management process to identify cybersecurity risks and mitigations. “New requirements exist in FDA guidance to address cybersecurity as part of documentation reviewed in FDA submissions such as for a 510(k) or premarket approval,” said Rubenacker. “Recent news of potential hacking into implantable devices/programmers has highlighted FDA cybersecurity concerns/risks for medical devices.”
For example, mobile phones and tablets are often accessed as the user interface for medical devices, using the phone’s display, schedulers, audio, and computation power. This real-time communication connectivity does, however, increase cybersecurity risks. Medical devices have historically been deficient with security, choosing accessibility over security. Within the last few years, the FDA has published premarket and postmarket guidances for cybersecurity in medical devices, and are looking closely at submissions to gauge their security risks.
“Postmarket guidance calls for MDMs to keep the devices secure through their entire lifecycle, monitor vulnerabilities, have a coordinated disclosure policy, and apply patches and fixes,” said Cohen. “The FDA also encourages membership in information sharing and analysis organizations to share vulnerability information with the community and help keep everyone in the industry secured.”
Software is a vital component to the Internet of Things, which has the potential to rapidly expand the technical and performance capabilities of medical devices. IoT will vastly improve data mining and analysis. New advances in 3D modeling and virtual design of medical devices helps MDM designers and engineers visualize, analyze, and communicate design intent before ever building a physical prototype. Human body computational modeling and simulation is another advanced software application that allows medical device companies to explore a variety of different designs in less time, at a fraction of the cost, compared to traditional approaches.
“Predictive human body simulation has broad applications across the healthcare environment, from assessing human body reaction to implanted medical devices, long-term reaction to pharmacological drugs, interaction between drugs and implants (passive and active), and outcome effects to surgical procedures,” said Colombel.
The Internet of Things, combined with increased computer abilities, will push Industry 4.0 to the forefront. Driven by data analytics, automation, and cloud-based computing, Industry 4.0 will take real-time analysis and behavioral predictions in manufacturing to new levels—for example, identifying and correcting potential problems before they get worse and shut down a process.
“Industry 4.0 is a goal for manufacturers to aspire toward and is particularly relevant to North American and European manufacturers, who want to stay at the forefront of global manufacturing competitiveness and quality,” said Randunz.
Software will be at the forefront of all these advancements.
The demand for mobile, wearable, wireless, connected, and IoT for medical devices has already resulted in a surge of medical smart systems and software. But this surge brings some cautionary advice from Willett.
“Not all companies creating these products are aware of the stringent requirements needed for quality and compliance, nor understand the full gamut of testing and validation needed associated with their product’s patient risk,” she stated.
Therefore good design, streamlined clinical execution and data, regulatory oversight, and overall quality management are needed more than ever across a device company’s enterprise. “This has not always been the case over the years, where automated software to help in these operational areas has been disparate, duplicative, and not visible,” added Willett. “As the industry turns to expand its business model with service-based solutions, the data which documents the success of healthcare delivery—and the software that collects it—will be as important as the product device itself.”
Mark Crawford is a full-time freelance business and marketing/communications writer based in Madison, Wis. His clients range from startups to global manufacturing leaders. He also writes a variety of feature articles for regional and national publications and is the author of five books. Contact him at firstname.lastname@example.org.