Christin Lindholm

A Snapshot of the State of Practice in Software Development for Medical Devices

The medical device industry is a constantly growing domain which makes use of more and more software products. Given the importance to this industry of dependable software components, rigorous software engineering techniques would seem to have an important role to play. However, in a recent survey of the industry we found a lower than expected rate of adoption of certain sound software engineering practices. To ensure and improve the quality of developed software products, whether they are standalone applications or embedded in complex systems, both the medical device industry as well as software engineers have to take action. Our survey is a first step in this direction and may help in identifying appropriate programs and future research topics.

A Case Study on Software Risk Analysis in Medical Device Development

Software failures in medical devices can lead to catastrophic situations. Therefore is it crucial to handle software related risks when developing medical devices. This paper presents the experiences gained from an ongoing case study with a medical device development organisation. This part of the study focuses on the two first steps of the risk management process, i.e. risk identification and risk analysis. The research is conducted as action research, with the aim of analysing and giving input to the organisation’s introduction of a software risk management process. The risk identification activities focus on user risks based on scenarios describing the expected use of the medical device in its target environment. Challenging problems have been found in the risk management process with respect to definition of the system boundary and system context, the use of scenarios as input to the risk identification and estimation of detectability used during risk assessment.

A case study on software risk analysis and planning in medical device development

Software failures in medical devices can lead to catastrophic situations. Therefore, it is crucial to handle software-related risks when developing medical devices, and there is a need for further analysis of how this type of risk management should be conducted. The objective of this paper is to collect and summarise experiences from conducting risk management with an organisation developing medical devices. Specific focus is put on the first steps of the risk management process, i.e. risk identification, risk analysis, and risk planning. The research is conducted as action research, with the aim of analysing and giving input to the organisation’s introduction of a software risk management process. First, the method was defined based on already available methods and then used. The defined method focuses on user risks, based on scenarios describing the expected use of the medical device in its target environment. During the use of the method, different stakeholders, including intended users, were involved. Results from the case study show that there are challenging problems in the risk management process with respect to definition of the system boundary and system context, the use of scenarios as input to the risk identification, estimation of detectability during risk analysis, and action proposals during risk planning. It can be concluded that the risk management method has potential to be used in the development organisation, although future research is needed with respect to, for example, context limitation and how to allow for flexible updates of the product.

Software Risk Analysis in Medical Device Development

The purpose of risk management in the development of safety-critical software is to eliminate or reduce harmful behaviour. In health-care it is essential to manage risk related to software due to its increased use in medical devices and other computer systems. This paper presents some of the experiences gained from an ongoing case study at a large hospital in Sweden. The study focuses on identification and analysis of risks using scenarios and how effective this approach is. The research is conducted as action research, with the aim of analysing and giving input to the organisations new software risk management process.

Risk identification by physicians and developers - differences investigated in a controlled experiment

Risk management is an important process and risk identification is an important part of this process, especially in development of medical software. This paper presents an experiment where physicians, developers and software developers for medical devices are asked to identify risk in a given scenario describing the procurement of a patient monitoring system. It is concluded that multiple roles and thereby different experiences, will affect the risk identification process. Involving multiple roles, for example users and developers in the risk identification process, will result in a more complete set of identified risks than if only one role is included in the process.

Different conceptions in software project risk assessment

During software project risk management, a number of decisions are taken based on discussions and subjective opinions about the importance of identified risks. In this paper, different peoples opinions about the importance of identified risks are investigated in a controlled experiment through the use of utility functions. Engineering students participated as subjects in the experiment. Differences have been found with respect to the perceived importance, although the experiment could not explain the differences based on undertaken role in a development course.

Introducing usability testing in the risk management process in software development

Human beings make errors and that is nothing that we can avoid completely. We can however lower the risk of people doing wrong in situations where, for example, medical devices are used. The overall objective of the research presented in this paper is to investigate how usability testing can contribute to software risk management process in the medical device domain. Experience has been collected from both the risk management process and usability testing in a development project of a medical device. It can be concluded that usability tests can give valuable input to the risk management process. Usability tests can indicate risks that are not identified in the risk management process and render the possibility to verify if risks with high risk value actually cause the presumed problems.

Involving user perspective in a software risk management process

More and more user groups are using medical devices. Heart starters are, for example, available in public places and used by non‐professionals. Different mobile medical applications, designed to help people manage their own health, are now being added to the medical device spectra. Users handling medical devices make errors, but by involving users in the risk management process, it is possible to lower the risk of these errors. This paper presents an evaluation of the value of complementing a traditional risk management process with an emphasised user perspective. A medical device software risk management framework is being designed, and the risk management process should be regarded as the first part of the framework. The main goal of the evaluated risk management process is to integrate users and user perspective into the risk management process. The results indicate that the use of use cases as input at risk meetings makes the discussions more focused, saving effort and time. When users attend the risk meetings, user perspective and domain knowledge are brought into the process, affecting risk identification and risk assessment. The results also show that the use of usability testing gives valuable input to the risk management process. Copyright