Workshop on High Confidence Medical Device Software and

Systems (HCMDSS)Research & Roadmap

June 2-3, 2005 Philadelphia, PA.

Manufacturer/Care-Giver PerspectiveDavid R. Jones

Philips Medical Systems

2David R. JonesPhilips Medical Systems

High Confidence Medical Device SW & Systems Issues & Challenges

• SW development/verification/validation practices that drive predictable results

• The convergence of Information Technology & Biomedical Engineering

• The real-time patient monitoring and diagnosis continuum

• Security• SW based predictive medicine

3David R. JonesPhilips Medical Systems

Software Development & Validation Practices That Drive

Predictable ResultsCMMI(a) LevelHeroes/Initial: Level 1

Optimizing: Level 5

Defect Predictability

10-20 Defects/KLOCIn delivered code

0.05 Defects/KLOC In delivered code

Schedule Predictability

Software releaseschedules slip

up to 100%

Software releaseson schedule 95% of

the time

Product Predictability

Several key features deferred to the next

release

Product performance delivered meets the

Systems Requirement Specification

Ref: Real-world benchmarks for PSP, Carnegie Mellon University Software Engineering Institute 1999

(a) : Capability Maturity Model Integrated

4David R. JonesPhilips Medical Systems

Software Development & Validation Practices That Drive Predictable Results –

and Map To FDA Requirements21 CFR 820

Subparts

Sub-Part Description

CMMI Process Areas

CMMI

Maturity Levels

B Quality System Requirements Organizational Training Organizational Process Definition

Organizational Process Focus Integrated Project Management

3 3 3 3

C Design Controls Requirements Management Requirements Development

Technical Solution Product Integration

Verification& Validation Risk Management

2 3 3 3 3 3

D Document Controls Configuration Management 2 E Purchasing Controls Supplier Agreement Management

Integrated Supplier Management 2 3

F Identification & Traceability Project Monitoring and Control Measurement & Analysis

2 2

G Production & Process Controls Organizational Process Focus Organizational Process Definition

Organizational Process Performance Organizational Innovation /Deployment Process & Product Quality Assurance

3 3 4 5 2

H Acceptance Activities Supplier Agreement Management Integrated Supplier Management

Verification& Validation

2 2 3

I Non-conforming Products Process & Product Quality Assurance Decision Analysis & Resolution

2 3

J Corrective & Preventive Action Measurement & Analysis Decision Analysis & Resolution Causal Analysis & Resolution

2 3 5

K Labeling & Packaging Control Process & Product Quality Assurance 2 L Handling, Storage, Distribution & Installation Process & Product Quality Assurance 2 M Records Configuration Management 2 N Servicing Technical solution 3 O Statistical Techniques Quantitative Project Management

Measurement & Analysis 4 2

Ref: Best Practices in Software Design for Medical Devices March, 2004. Presentation by D.R. Jones, T. Shah.

5David R. JonesPhilips Medical Systems

IT and Biomedical

Our devices are life-critical!

Our information systems are

mission-critical!

6David R. JonesPhilips Medical Systems

IT and Biomedical

• Different Perspective

• Life-critical vs.mission-critical

• Medical devices vs. Information Systems

• The Biomed links medicine and technology

7David R. JonesPhilips Medical Systems

Convergence

• Medical Technology intertwined with IT• Move toward Electronic Medical Record

(EMR), Clinical Decision Support Systems (CDSS) requires information flow

• Devices are an integral part of information flow

• More regulations and protocol requirements (JCAHO, Leapfrog) drives data movement

• Desire to integrate data from real-time systems to achieve smart/predictive alarms

8David R. JonesPhilips Medical Systems

The Real Time Patient Monitoring And Diagnosis Continuum

Monitoring &Diagnostics

ofReal Time

InstrumentedPatients

Department/EnterpriseIT Systems

Data Capture& Storage

Closed loop feedback Driven by Interoperability &

Common Standards Requirements

Patient Monitoring Clinical Measurements

Observations Charting Quality Assurance Admit/Discharge/Transfer Staffing Very long-term data storage

9David R. JonesPhilips Medical Systems

Security: Today’s Environment

• Thousands of new vulnerabilities yearly• Weekly attacks on the rise• Viruses are quick – patch validation is relatively

slow• Hospitals are public places• Hospitals subject to privacy and security

regulations

10David R. JonesPhilips Medical Systems

Security Risk = Vulnerabilities x Threats

Mitigation• Vulnerabilities– Flaws or weaknesses in system design,

implementation, operation, or management

• Threats– Malicious inside or outside intruders,

accidents• Mitigation

– Security measures

11David R. JonesPhilips Medical Systems

HIPAA Security Rule

• A regulation, not a standard• Goal: develop and maintain the security of all electronic

protected health information (PHI).• Hospitals must protect against “reasonably anticipated”

security threats/disclosure of info• Largely administrative, even for security• Some technical safeguards are recommended• Covered Entities are:

– Health Plans – Health Care Providers – Health Care Data Clearing Houses

• Heath care providers, therefore, ask Medical Device Manufacturers for features and assurances that help them comply

12David R. JonesPhilips Medical Systems

Shared Responsibility for Security

• Vendor role– Risk assess products

considering intended user environment

– Be sure hospital IT is involved early

– Validate patches for critical systems

– Understand customer security needs

• Customer role– Multi-layer strategy to

protect information• Policy, process,

technology • risk management, and

contingency planning– Firewalls or other

network devices are good practice

– Follow medical device vendor statements on patching

13David R. JonesPhilips Medical Systems

The Role of the FDAWith respect to security patching of the OS on

certain (regulated) products:

• The vendor must prove that software still is safe and effective in the presence of the patch

• Thorough testing under a quality system takes time and effort to prove this, depending on complexity

• The FDA requires that vendors have a quality system, and that vendors verify changes, including patches.

14David R. JonesPhilips Medical Systems

ScreeningDiagnosis &

StagingTreatment &Monitoring

Follow-up

Unspecificmarkers

POC imaging Mammography

Diagnosticimaging

Biopsies

Surgery Cath tab Radiation

therapy

Diagnosticimaging

Unspecificmarker

To

day

Developingmolecularsignature

Firstsymptoms

Progressingdisease

Progress of Disease

Current Diagnosis and Treatment Process

Ref: MEDICAMUNDI 47/1 April 2003

15David R. JonesPhilips Medical Systems

Software Based Predictive Medicine

ScreeningDiagnosis &

StagingTreatment &Monitoring Follow-up

ScreeningDiagnosis &

StagingFollow-up

Treatment &Monitoring

Unspecificmarkers

POC imaging Mammography

Diagnosticimaging

Biopsies

Surgery Cath tab Radiation

therapy

Diagnosticimaging

Unspecificmarker

Specificmarkers (MDx)

Molecular imaging Quantitative

imaging Whole-body

imaging Comp. Aided

Diagnostics.

Min. invasivesurgery

Local/targeted drugdelivery

Drug tracing Tissue analysis

(MDx)

Non-invasive andquantitativeimaging

Molecular imaging Molecular

diagnostics (MDx)

To

day

To

mo

rro

w

Geneticpredisposition

DNA mutations

Developingmolecularsignature

Firstsymptoms

Progressingdisease

Progress of Disease

Ref: MEDICAMUNDI 47/1 April 2003