Presentation on theme: "Workshop on High Confidence Medical Device Software and Systems (HCMDSS) Research & Roadmap June 2-3, 2005 Philadelphia, PA. Manufacturer/Care-Giver Perspective."— Presentation transcript:
Workshop on High Confidence Medical Device Software and Systems (HCMDSS) Research & Roadmap June 2-3, 2005 Philadelphia, PA. Manufacturer/Care-Giver Perspective David R. Jones Philips Medical Systems
2 David R. Jones Philips Medical Systems High Confidence Medical Device SW & Systems Issues & Challenges SW development/verification/validation practices that drive predictable results The convergence of Information Technology & Biomedical Engineering The real-time patient monitoring and diagnosis continuum Security SW based predictive medicine
3 David R. Jones Philips Medical Systems Software Development & Validation Practices That Drive Predictable Results CMMI (a) Level Heroes/Initial: Level 1 Optimizing: Level 5 Defect Predictability 10-20 Defects/KLOC In delivered code 0.05 Defects/KLOC In delivered code Schedule Predictability Software release schedules slip up to 100% Software releases on schedule 95% of the time Product Predictability Several key features deferred to the next release Product performance delivered meets the Systems Requirement Specification Ref: Real-world benchmarks for PSP, Carnegie Mellon University Software Engineering Institute 1999 (a) : Capability Maturity Model Integrated
4 David R. Jones Philips Medical Systems Software Development & Validation Practices That Drive Predictable Results – and Map To FDA Requirements Ref: Best Practices in Software Design for Medical Devices March, 2004. Presentation by D.R. Jones, T. Shah.
5 David R. Jones Philips Medical Systems IT and Biomedical Our devices are life- critical! Our information systems are mission- critical!
6 David R. Jones Philips Medical Systems IT and Biomedical Different Perspective Life-critical vs. mission-critical Medical devices vs. Information Systems The Biomed links medicine and technology
7 David R. Jones Philips Medical Systems Convergence Medical Technology intertwined with IT Move toward Electronic Medical Record (EMR), Clinical Decision Support Systems (CDSS) requires information flow Devices are an integral part of information flow More regulations and protocol requirements (JCAHO, Leapfrog) drives data movement Desire to integrate data from real-time systems to achieve smart/predictive alarms
8 David R. Jones Philips Medical Systems The Real Time Patient Monitoring And Diagnosis Continuum
9 David R. Jones Philips Medical Systems Security: Today’s Environment Thousands of new vulnerabilities yearly Weekly attacks on the rise Viruses are quick – patch validation is relatively slow Hospitals are public places Hospitals subject to privacy and security regulations
10 David R. Jones Philips Medical Systems Security Risk = Vulnerabilities x Threats Mitigation Vulnerabilities –Flaws or weaknesses in system design, implementation, operation, or management Threats –Malicious inside or outside intruders, accidents Mitigation –Security measures
11 David R. Jones Philips Medical Systems HIPAA Security Rule A regulation, not a standard Goal: develop and maintain the security of all electronic protected health information (PHI). Hospitals must protect against “reasonably anticipated” security threats/disclosure of info Largely administrative, even for security Some technical safeguards are recommended Covered Entities are: –Health Plans –Health Care Providers –Health Care Data Clearing Houses Heath care providers, therefore, ask Medical Device Manufacturers for features and assurances that help them comply
12 David R. Jones Philips Medical Systems Shared Responsibility for Security Vendor role –Risk assess products considering intended user environment –Be sure hospital IT is involved early –Validate patches for critical systems –Understand customer security needs Customer role –Multi-layer strategy to protect information Policy, process, technology risk management, and contingency planning –Firewalls or other network devices are good practice –Follow medical device vendor statements on patching
13 David R. Jones Philips Medical Systems The Role of the FDA With respect to security patching of the OS on certain (regulated) products: The vendor must prove that software still is safe and effective in the presence of the patch Thorough testing under a quality system takes time and effort to prove this, depending on complexity The FDA requires that vendors have a quality system, and that vendors verify changes, including patches.
14 David R. Jones Philips Medical Systems Current Diagnosis and Treatment Process Ref: MEDICAMUNDI 47/1 April 2003
15 David R. Jones Philips Medical Systems Software Based Predictive Medicine Ref: MEDICAMUNDI 47/1 April 2003