European Union: Is Your Medical Device Software Compliant With The New EU Standards?

The IEC 62304 standard ¹ specifies life cycle requirements for the development of medical software and software within medical devices. It is a standard that is harmonized between the European Union (EU) and the United States (US). This standard spells out a risk-based decision model on when the use of Software Of Unknown Pedigree (SOUP) is acceptable. The standard was developed from the perspective that product testing alone is insufficient to ensure patient safety when software is involved.

The standard requires all aspects of the software development life cycle to be scrutinized, including: 1) development, 2) risk management, 3) configuration, 4) problem resolution, and 5) maintenance.

So, when do you have to comply with the standard? The good news is that this standard is voluntary. Unfortunately, however, the answer is really not that simple. For example, if the medical device falls into any of the following categories, you likely will be subject to at least the IEC 62304 standard: FDA regulatory compliance with IEC 60601-1 Amendment 1 ², 2) reliance upon software to perform basic safety functions (BSF), or 3) reliance upon software for essential performance (EP).

Unfortunately, almost all medical devices utilizing software will be subject to one of these categories. In particular, the "basic safety functions" is a trap that may capture more than one would expect under the traditional view of patient safety, i.e., it is not merely limited to the operation of the device.

Common missed features that are subject to IEC 62304 include alarms/alerts, speed and position sensors, and algorithms that may be used for physiological monitoring.  One mechanism for compliance with IEC 62304 is the development of a risk management file. One drawback to this approach is the potential discoverability of these documents since these studies tend to be conducted by third-party providers.  In addition, this file will be disclosed to a test lab and could be a public disclosure of these features. This public disclosure may put potentially patentable software at risk.  Thus, it is essential to involve counsel early in this process.  

Footnotes

1 "Medical device software – Software life cycle processes." INTERNATIONAL IEC STANDARD 62304 First edition 2006-05. International Electrotechnical Commission. Retrieved 2 June 2012.

2 IEC 60601-1 addresses critical safety issues, including electrical shocks and mechanical hazards.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.