What Is Software Development for Medical Devices? [Expert Guide]

In 2020, we started a partnership with a US manufacturer of medical IoT hardware, particularly ECG heart monitoring devices and pulse oximeters. The organization approached us as an experienced healthcare software vendor to help them with medical device software development to expand their range of digital services and provide a platform integrated with the company's pulse oximeters and IoT devices. We accepted the client's request and successfully launched the product.

We, at Cleveroad, know all the nuances of medical device software. Therefore, in this article, we will tell you how to develop software as a medical device, what types and complexities such solutions have, and disclose other critical aspects you should know about.

Medical device software is designed for use in medical devices and healthcare systems. Regardless of the physical device for which the software is created, it performs medical functions such as diagnosis, treatment, monitoring, or recommendations for medical use.

Medical device software development is in demand in modern medicine due to growing usage of wearable devices, smart devices, and IoT-enabled systems. The work mechanism of such software may vary depending on the type of equipment and its specific functions. However, it has a few standard steps that are the same for most systems. Let's examine how medical device software typically works:

There are two basic types of medical device software that differ in technology and development: Software as a Medical Device (SaMD) and embedded systems.

Embedded medical software is designed to work inside medical devices and is integrated directly into their hardware. It allows medical equipment to perform their functions without connecting to external computers or servers.

Software as a Medical Device (SaMD) covers all programs that do not require special medical equipment. Software in this context is a medical device treated and regulated by the same rules and standards as other medical devices, such as medical instruments or apparatus. Such software can be integrated with embedded systems and dedicated medical devices.

Before starting medical device software development, there are several essential aspects you should take care of:

Medical devices often collect and process sensitive medical data such as patient histories, test results, personal data, etc. A security breach of this data can lead to confidential information leakage, patient identification, or even the possibility of unauthorized access to the device.

To ensure robust healthcare data security, your software as a medical device developer should use powerful data encryption certificates that equip the software with strong authentication (e.g., passwords, biometrics) and access control (differentiation of rights). Moreover, you should consider the possibility of training your staff through educational materials, such as tutorials, webinars, user guides, etc.and initiate regular security audits.

We use a variety of approaches to ensure the protection of Personal Health Information (PHI), including access control, automatic logouts, activity tracking, secure data storage, industry-standard data encryption and secure data transmission under HL7, HTTPS, and WebRTC.

Medical devices are subject to strict regulations that vary in various regions. For example, they include:

• United States: FDA, HIPAA, HITECH, etc.
• European Union: EMA, MDR, GDPR, etc.
• Canada: PIPEDA, CMDR, etc.
• Australia: TGA, Privacy Act, etc.
• United Kingdom: MHRA, Data Protection Act, etc.
• International regulations: International Medical Device Regulators Forum (IMDRF) and International Organization for Standardization (ISO).

Certification and regulatory challenges in medical device software development requires a complex approach to software development life cycle, risk management and software verification and validation activities. To overcome this challenge, contact a software provider who specializes in creating regulatory-compliant medical software. Your IT partner will research your region's medical regulations and standards and consider them during software development for medical devices. Noncompliance with these regulations can result in denial of certification, fines, and legal problems.

Our team has hands-on experience in developing legislation-based software development, ensuring compliance with various healthcare regulations, such as HIPAA, PIPEDA, GDPR, FDA, FHIR, DICOM, etc.

Some healthcare regulations (FDA, MDR, CMDR, TGA, etc.) require building of medical device software under a certified Quality Management System (QMS). Such a system is also critical for liability considerations. If there is an incident involving a medical device, having a certified QMS will indicate that you have taken all necessary measures to ensure the quality and safety of the medical device.

Furthermore, if you plan to provide a SaaS-based medical device solution, QMS is required for market acceptance. Without confirmation that the medical device has passed QMS validation, selling your solution to healthcare providers will be difficult or impossible.

By the way, we, at Cleveroad, had experience developing a Quality Management System for our US-based clients.The development team created a B2B SaaS solution that automates core processes and document flow needed for medical device’s production FDA and ISO certification. QMS meets all US regulations and the FDA 21 CFR 820, 21 CFR 11, ISO 13485:2016, and MDSAP requirements for medical devices and their production.

Here's an opinion of our client about their successful cooperation experience with Cleverod on Quality management system engineering

Medical devices and systems may exchange information using different communication protocols and data formats (e.g., HL7, DICOM, MDC). Additionally, devices might communicate via Bluetooth, Wi-Fi, or proprietary protocols, each tailored to specific requirements. Incompatibility can create challenges when integrating medical device software with other systems, especially if they were developed by different vendors or on various technology platforms. Interactions between devices and systems require compliance with specific standards to ensure data is exchanged correctly and without errors.

To address this issue, your software provider will begin the medical device software development process by conducting interoperability tests between your medical software and other systems. In case of inconsistencies, they can help you with integrating HL7, DICOM, or IHE - standards that ensure interoperability and allow for efficient data exchange.

Medical device software development is technically complex due to the unique requirements and features accompanying medical applications. Medical devices and systems require processing large amounts of data, implementing complex algorithms, and ensuring high performance and reliability. In addition, such devices often operate in critical medical scenarios where errors and failures can severely affect patients' health.

The key to successfully overcoming this and other complexities is to work with an experienced software provider with expertise in medical device software development. A reliable IT partner can help you through the research and planning phase, identify requirements, and build medical device software that meets all industry regulations.

Medical device software development is a complicated process that requires a deep understanding of the peculiarities of such solutions. Let's consider the main steps you should pass to successfully deliver software as a medical device and integrate it into your business processes.

Medical device software development requires a deep understanding of the regulatory requirements, so studying this issue before creating such a solution is crucial. The main regulations governing medical device software are the FDA for the US and the EMA for the EU. Let's explore their requirements:

US FDA requirements include:

• FDA Guidance on Software as a Medical Device (SaMD)
• FDA Guidance on Off-the-Shelf Software Use in Medical Devices
• FDA Guidance on Medical Device Data Systems (MDDS)

European Union (EU) requirements include:

• Medical Device Regulation (MDR)
• In Vitro Diagnostic Regulation (IVDR)
• EN ISO 13485 for QMS
• EN ISO 14971 for risk management

Australian requirements include:

• Therapeutic Goods Administration (TGA)

Compliance with these regulations is mandatory for medical device software authorization. Therefore, your IT vendor should carefully review and follow these regulations throughout the product development and certification.

Market and user requirements research is another significant step in medical device software development. Start with analyzing existing products to determine their advantages and disadvantages. You can also study trends and innovations in the medical field.

Moreover, understanding the needs of the target users is also essential. You can talk to your employees to understand their pains and needs that could be addressed by such type of software. Creating software usage scenarios also helps better understand the application context and user needs. Your software provider can help you with market research, the business environment and processes analysis. Then, your vendor will form product requirements to address these needs and determine which points are critical for successful medical device app development.

Finding an experienced tech vendor is critical for successful medical device software development. To choose the best IT partner, you should conduct market research and determine your selection criteria, then review the portfolios and references of potential vendors. Make sure they have experience in the medical industry, meet healthcare industry standards and regulations, and have certifications (e.g. AWS Security Certificate, A-CSPO certificate, etc.) to prove their expertise. Also, discuss their approaches to development and data safety and negotiate a contract with clearly defined terms and conditions. Choosing an experienced vendor will ensure a successful and secure medical device app implementation.

Here is our client's opinion left on Clutch on the successful cooperation with Cleveroad

Planning stage is a key for successful software development for medical devices. During this phase, your software provider conducts a detailed analysis of all medical software details, including user needs, functional and non-functional requirements, 3rd-party integrations, and implementation plan. Developers also consider system architecture to ensure effective integration with other medical systems and high performance and reliability. One example of a suitable architecture for such solutions is the Microservices Architecture, which involves breaking down the application into smaller, independent services that can be developed, deployed, and scaled individually.

Also, at this stage the Solution Architect defines crucial security requirements to ensure solution’s and medical data safety. The specialist analyzes and implements all domain regulations requirements depending on your region and takes into account security measures such as data encryption, user authentication, audit trails, and secure communication protocols.

Design is another essential part of the planning stage. The team of UI/UX designers works on developing the user interface, considering usability and convenient navigation for the medical staff. Passing the planning phase allows the team to determine the medical device software's engineering timeline, project’s estimate , and the most important tech details, resulting in faster and more efficient medical solution development.

Medical device software development involves building core modules and features during two-week sprints. Developers consider regulatory requirements, ensure data security and confidentiality, and integration with other medical systems. Depending on your needs, your software provider can offer you two main approaches to medical device software development:

If you want to build SaaS-based medical device software, it’s better to start by Minimum Viable Product (MVP) version. MVP development implies creating the minimum required functionality of the system before it can be released. This approach lets you quickly introduce medical device software to potential users and gather feedback for subsequent improvements and updates. Later, you can ask your vendor to gradually extend the product's functionality based on user feedback and new requirements.

In case you need to integrate medical device software into your healthcare systems, the team will develop a Proof of Concept (POC). This approach allows testing the feasibility of a successful solution’s integration to ensure that medical device software functions properly and is compatible with your business environment. In this case, developers build a limited prototype to demonstrate basic functionality and interoperability with one of your systems.

Here are the examples of systems your medical device software can be integrated with:

• Remote Patient Monitoring (RPM)
• Electronic Health Records (EHR)
• Hospital Information Systems (HIS)
• Pharmacy Management Systems
• Clinic Management Systems, etc.

The tech stack for medical device software development can include the combination of several technologies (based on our experience):

• Integrated health tech solutions with wearables, mobile, and IoT devices
• Front-end development: Angular, React, Vue, Node.js, and Core JavaScript
• Embedded coding languages: C, C++, Python, MicroPython, Java
• Debug Devices and Software (Debugger)
• Emulators
• Testing Software and Devices
• Cloud development: Azure, AWS, Digital Ocean, Google
• Middleware and additional modules: 3D imaging, 3D printing, AI, ML, AR/VR, medical SaaS, etc.
• Supportive Software: C#, Node.js, JavaScript, TypeScript, Dart, PHP, and SQL
• Integrated Development Environments (IDE) and Compiler

Once software for medical device development and testing are complete, your software vendor will prepare the product for release, including creating a user guide, assisting with staff training, and providing you with all documentation. Your IT partner will also help implement or integrate the medical device software.

Once the system runs, you should continuously monitor its performance. Monitoring allows you to identify possible problems and deficiencies that need to be corrected. It is equally essential to keep the medical device system compliant with industry regulatory requirements and perform mandatory updates to ensure safety and security.

The software provider offers reliable technical support to medical device app users. The team of specialists promptly responds to requests and helps solve technical issues, minimizing possible downtime. In addition, the provider regularly releases updates and fixes that eliminate bugs, improve functionality, and ensure product security.

Your software provider will also help you with updates and improvements based on user feedback. This process keeps your medical software up-to-date, ensuring that it is reliable and meets the high standards of the medical industry.

Selecting a reliable software provider is a key factor influencing the success of medical device software development. Let's look at the main points you should consider when looking for an IT partner to make the best choice.

1. Experience and expertise. Ensure that the company has a background in medical software development and relevant technical skills. The IT partner should understand the requirements of regulatory organizations such as the FDA and EMA, and follow medical standards and regulations, such as HIPAA, GDPR, PIPEDA, etc.

2. Portfolio and references. Examine the company's portfolio and reviews from their clients. It will help you assess the quality and success of past healthcare projects and determine if their experience matches your requirements. To find real reviews, you can use platforms like Clutch.

3. Security and privacy. Ensure the software provider you choose follows security and privacy regulations for patient data and medical information. Also, check whether the selected company signs a Non-Disclosure Agreement (NDA).

4. Development methodology. Familiarize yourself with the methodology used by selected software providers. Agile methodology will be the best option for medical devices software development, as it provides higher flexibility and better quality. We adhere to Agile and Scrum methods, promoting frequent communication, rapid changes adoption, and high customer engagement.

5. Collaboration options available. Consider if the software vendor can offer you the cooperation model you need to ensure the company can provide the required employees. Cleveroad offers flexible cooperation models: time & material, dedicated team, fixed workscope and team augmentation.

Finding qualified software as a medical device developer in your region may be challenging, so it’s good to consider outsourcing. By outsourcing software development for medical devices, you can make up for the lack of experienced professionals, as you will have access to talented experts worldwide.

What's more, you can significantly reduce costs by choosing the cooperation model suitable for your needs:

Outstaffing

This collaboration model allows you to hire several specialists from the team of an outsourced software provider to complement your in-house team. For example, if you need 1 developer, 1 QA engineer, and 1 designer, you can ask the vendor to provide you with these employees. This way, you can get the missing expertise quickly, optimizing the cost for hiring and maintaining in-house staff. If you choose this model, you are responsible for the project and development control.

Dedicated development team

This cooperation model allows you to hire an entire development team to work together from the planning phase to the release. With a dedicated team, you can outsource product development to experts with minimal involvement in the development process. If you choose this model, the provider is responsible for the delivery project and product quality. You monitor the quality and project deadlines. Moreover, choosing this model allows you to significantly reduce costs, as you do not need to spend money on administrative needs.

Our team has 11+ years of experience creating healthcare and telemedicine solutions. Now, we would like to present you some examples of medical device solutions that we have built for our clients:

Our client is a US-based manufacturer that provides medical practitioners with IoT devices, namely ECG heart monitors and pulse oximeters. The company approached us to develop an IoT-enabled system, allowing users to evaluate ECG and check oxygen concentration in their blood from mobile devices.in real-time. To address the client's business needs, we:

• Built a mobile telecare solution for tracking heart rate and blood oxygen levels from a user's smartphone
• Ensured stable connection between the application and the client's IoT devices via Bluetooth
• Ensured that the software meets the requirements of the 510(k) FDA Medical Device Registration and is HIPAA compliant to allow the app to store and process Personal Health Information (PHI) data

The solution consists of iOS and Android mobile apps connected to IoT devices via Bluetooth. The system can interact with one of the client's devices (heart rate monitor or EKG monitor) or both simultaneously. Among the key functions of the solution are data synchronization between IoT devices and the mobile applications, personal Health Information from the ECG monitor, the history of all measurements, personal Health Information on oxygen saturation, direct and secure report sending.

Another of our medical project was executed for a US-based company that provides an IoT-based telecare solution for tracking human hydration levels. The company approached us for IoT-based system hydration monitoring in real time. We helped our client to: :

• Create a medical device software and integrated it with the existing hardware IoT product
• Build system architecture complying with 510(k) FDA Medical Device Registration regulation
• Ensure the capability for integration with customer's PaaS for synchronizing and storing data

Key modules of the solution include data synchronization, hydration level measuring via the sensor, and hydration calculation. We continue our partnership with the client to provide ongoing support, upgrades, and maintenance of the developed solution.

If you need a professional IT partner for medical device software development, the Cleveroad team is ready to assist you. We have helped healthcare organizations create turnkey products and simplify digital transformation for over 11 years. Our expertise includes the development of EHR, EMR/EPR, patient portals, Hospital Management Software (HMS), telemedicine systems, and other medical software solutions.

By choosing Cleveroad, you will get the following benefits:

• Practical experience in healthcare software development, including EHR/EMR systems, Remote Patient Monitoring solutions, Quality Management Systems, telecare solutions, etc.
• Experience in creating healthcare and telehealth software compliant with industry security and regulatory standards, such as HIPAA, GDPR, FDA, PIPEDA, EMA, etc.
• Expertise in integrating medical software with 3rd-party tools, such as Kareo, Intermedica, Twilio, Vonage, MedlinePlus, etc.
• On-demand services: full-cycle development, from-scratch engineering, IT consulting, legacy software modernization, managed IT services, etc.
• Consultation from our Healthcare subject matter experts as to the development and implementation of medical device software
• Signing a Non-Disclosure Agreement (NDA) per your request to protect intellectual property and maintain confidentiality
• Flexible cooperation models: team augmentation, dedicated development team, fixed workscope, and time & materials.