I A N D A R W I N , C E N T R E F O R G L O B A L E H E A LT H I N N O VA T I O N , U N I V E R S I T Y H E A LT H N E T W O R K , T O R O N T O M H E A LT H S O F T W A R E D E V E L O P M E N T
P L A N • Software Development? • Mobile? • Medical?
1 S O F T W A R E D E V E L O P M E N T: T H E L I N G O
• Software is written by developers in programming languages • Just as poets & writers use natural languages • There are hundreds to choose from • Many ways to categorize programming languages! • by level, by orientation, by purpose, …
L E V E L ( T H I N K “ L E V E R A G E ” ) • Assembler is a very low-level language • C/C++ are medium-level languages • Derivative Objective C used in Mac and iOS dev • Java is a medium- to high-level object-oriented language used in enterprise software (EE) and in mobile (Android) • PHP is a fairly high level language for web apps • Haskell is a very high level functional language but not widely used yet
L A N G U A G E O R I E N TAT I O N • Procedural languages - from 1950s to 1990’s • C, Fortran, PL/1, COBOL, … • Object Oriented - 1990’s to … • C++, ObjectiveC, Java, C# • Includes API or not? • Functional: Haskell, OCaml, Erlang (rare in Mobile) • Scripting…
• Software Devs use different methodologies too • Like: building cars on a factory assembly line vs in a small prototype shop • Cheapest cars are made in factories • Luxury cars in-between • Fastest cars are hand-built (Hennessey Venom: 270 MPH/432kmh, $1,475,000 approx)
• Development usually starts with Requirements Doc • Development Cycles can be long or short • Longest - 6-12 months - “waterfall” • fails big and late • Shortest - 1-2 weeks - “Agile” • fail early and small, correct (steering)
T H E M O B I L E P L AT F O R M S • As Mike O’Dell said (long ago, talking about Unix platforms): • “If you think there will ever be a single platform vendor, you should be out selling pencils.” ☺ • Android • History, Versions, Phones, Tablets, Success • iOS • Not the first but the stylishest • BB10? • Windows Mobile?
A N D R O I D D E V • Full Disclosure: I write books and teach courses on this • The most popular mobile platform worldwide (counting phones, tablets, etc.) • Standard language is Java, but dozens of others (encouraged)
I O S • Apple’s mobile platform for iPhone and iPad • Standard language is Objective C, others possible (discouraged) • HTML5 (PhoneGap etc.) apps work here too
• BlackBerry 7 was based on Java but is orphaned • BlackBerry 10 apps written in C++ or HTML5 • Microsoft Windows Mobile
C R O S S - P L AT F O R M ? • Idea: write once, run on multiple platforms • I have a one-hour talk on Cross-Platform. Summary: • It’s easy to do mediocrly, hard to do well • HTML5 + PhoneGap will get you started; UX issues • Xamarin Mono looks good • See propertycross.com for a great example!
3 M E D I C A L S O F T W A R E
April, 1915 Fail
January 2012 Fail
July 6, 2013 Fail
1980’s Therac-25 Fail
Where does this disaster movie lead? ■ People do stupid things ■ We establish standards and/or pass laws ■ People still do stupid things, but less often ■ Transportation, building, and medicine get greatest scrutiny ■ Not to mention politics, “wars to end all wars”, … ■ We don’t give up on technologies even when they sometimes fail: we must learn and move on ■ For better or worse, we regulate
IEC 62304 ■ "Medical device software: Software life cycle processes" ■ International Electrotechnical Commission, Geneva, Switzerland ■ Mandates a Quality Management System, Risk Mgmt, Software Safety Classification ■ Describes software dev process: planning, requirements, architecture, software design, unit implementation & testing, system testing, release, maintenance. ■ Emphasis on risk management, problem resolution ■ 62304 not a requirement, but a "gold sticker" ■ Due to be updated: 2e due 2014-01-31
ISO 13485:2003 ■ ISO std for "Medical devices: Quality management systems" ■ Adopted as "National Standard of Canada CAN/CSA-ISO 13485:03" ■ Applies to an organization; harmonized with ISO 9000 certification but specific to medical devices ■ Not technically mandatory, but the easiest way to medical device approval for licensing ■ Focus: documenting all the steps of development
13485 Requirements for a Quality Management System ■ Focus is on documentation and risk mitigation ■ Requires: ■ Project charter ■ Product Requirements Document ■ Design and Development Plan ■ Verification/Test Plan ■ Risk Management Plan ■ Design Files History – hardware and software change logs ■ Product Change Management process documentation ■ Extra requirements for implantable devices, sterile devices/supplies, etc., in the medical area. ■ Get expert consultant/auditor involved early!
13485 Requirement for Control ■ Using outside services not under your control ■ Not allowed (unless 13485 certified, or you audit…) ■ e.g., we had to switch from private account on public GitHub.com, to GitHub Enterprise in-house, on our own server ■ In-house contractors ■ OK if individuals are trained in, and agree to follow, 13485 process ■ Outsourcing ■ Possible - Only to reputable companies that are 13485 certified ■ Offshoring ■ A definite no-no as you cannot usually reliably verify their processes
Health Canada ■ Regulations SOR/98-282 ■ supporting Canada's "Food and Drug Act" ■ regulates medical devices ■ Four categories (I is least risk, IV is most); 6 pages of rules ■ Examples: ■ Class I: Physical contact e.g., surgical instruments ■ Class II: Full-time contact, some invasiveness, e.g., contact lenses, ultrasound scanner ■ Class III: More invasive, deep implantation, e.g., orthopedic implants, hemodialysis machines ■ Class IV: Total dependence, e.g., cardiac pacemakers
FDA ■ United States Food and Drug Agency ■ USA Your biggest market? ■ FDA's Center for Devices and Radiological Health (CDRH) regulates Medical Devices ■ Class I: General controls, e.g., surgical instruments ■ Class II: General controls with special controls: performance expectations w/ no harm, e.g., hemodialysis machines ■ Class III: General controls and premarket approval; most risk, e.g., cardiac pacemaker
F D A VA R I E T I E S O F M O B I L E A P P • Peter Weinstein of the Centre describes the FDA listing what types fall into what buckets: • 1. Apps that the FDA regulates • 2. Apps they do not consider medical devices • 3. Apps they will “exercise enforcement discretion” (i.e., FDA will ignore for now) • Examples: • Ignore “apps that enable, during an encounter, a health care provider to access their patient’s personal health record (health information) that is either hosted on a web-based or other platform” • Apps that “Allow health care providers to communicate in a secure and protected method” are NOT medical devices • As usual their approach leans heavily on intended use and risk, but tries to balance these concerns with innovation (bucket #3).
So where does this leave mobile apps? ■ HC: If the medical device can be used normally without the need for the computer or smartphone, then the software on the computer or smartphone is not part of the medical system, is not a medical device, and is therefore not regulated. ■ This is the case for our application bant. The meter can operate without bant, so bant is not medical device. ■ FDA "accessory rule": a smartphone connected to medical device creates a medical system. The software on the computer and/or smartphone is also a medical device and must be licensed. ■ In either country, software providing "decision-making" or "sophisticated decision-support” can be ruled a medical device. E.g. software that recommends a a diagnosis, therapeutic course of action, medications, etc. that could be potentially life-threatening given errors in the software. Such software must be built using a quality system (ISO13485) and obtain a license as a medical device.
Canada Health InfoWay ■ Quasi-government body funded by Govt of Canada ■ In support of adoption of technology, EHR/EMR, etc. ■ "Infoway works as a strategic investor of funds provided by the Federal Government, in collaboration with the provinces and territories." ■ e.g, disburses funding to researchers and startups ■ Certification, testing, working with startups
Continua ■ Works on standards for inter-operability of medical devices and controllers (smartphones, tablets, computers) ■ Holds inter-operability tests around the world ■ All major equipment vendors are on-board with this
IEEE ■ Institute for Electrical and Electronic Engineers publish standards for electronic communications ■ Ethernet ■ 802.11 ■ Currently working on standardization for communication with Insulin Pump and Glucometer, to allows pluggable components in JDRF Artificial Pancreas program ■ Two of these standards being developed by Centre staff!
Organizational Regulations and REB's ■ University and Hospitals have own rules about e.g., experiments ■ Research Ethics Board must approve any experimentation involving human subjects, no matter how simple ■ E.g, we can't even do "coffee shop prototyping" without REB! ■ Unless it's for a new app ■ For existing app, need approval, must document, must use Change Reporting (13485) for resulting changes
W H AT W E ’ V E C O V E R E D • Overview of the development processes • Health Apps can be “medical devices” (regulated) or “other” (unregulated) • Ask a lawyer!!
C E N T R E F O R G L O B A L E H E A LT H I N N O VAT I O N , U H N , T O R O N T O • A research group of ~70 devs, PhDs in HF, engineers, designers, etc. • Part of TGH so lots of MD collaboration • Current projects: • Bant, Medly (x, y and z), Clinical Collab… • Great work environment! • http://ehealthinnovation.org/