医疗器械开发商的五大赌注

Executive SummaryAs new digital technology drives advancement in a wide range of industries,the medical device segment in particular is witnessing the importance ofinnovation. A 2024 study by McKinsey & Company found that 67% of healthcareleaders recognize the importance of long-term technology investments.And with increased investment in digital transformation and R&D, med tech leaders are focusing on moderndevelopment methods and ways to deliver more innovation — for example, shifting from manual techniques andnondigital technology to more digital processes, such as machine learning and artificial intelligence — to powermedical processes and improve healthcare. According to the World Economic Forum, $1.3 trillion was invested intechnology transformation projects in 2022, an instance of more than 10% YoY growth.To keep up with the market, medical device companies need to invest in new development methods and digitaltechnology. Wind River®experts recommend a strong set of actions that medical device developers can adopt tosucceed in creating new technologies to advance healthcare in the digital era:•Effectively manage risk throughout the software development lifecycle (SDLC)•Develop an extensible platform•Automate everything•Proactively manage cybersecurity threats•Adequately secure the data1.McKinsey & Company, “Faster, Smarter, Bolder: How Midtenure CFOs Shift into a Higher Gear,” 2024,www.mckinsey.com/capabilities/strategy-and-corporate-finance/our-insights/2.World Economic Forum, "How Digital Transformation Is Driving Action in Healthcare," 2022,www.weforum.org/agenda/2022/09/health-information-system-digital-transformation-healthcare 12 The software development lifecycle, or SDLC, is a cost-effective, time-efficient process that software developers follow to design and createhigh-quality software. As medical device developers plan, design, anddevelop their software, they need to manage the risks associated with thepeople, systems, and assets that interface with the device throughout itslifecycle. A negative outcome can affect everything from a patient’s health,life, and privacy to the operation and integrity of a medical facility. Develop-ment teams must outline and analyze each risk, prioritize those that matter,and develop an appropriate mitigation plan by creating practical plans toaddress them. Furthermore, teams need to consider all risks, whether thesoftware was developed in house or obtained from a third party.IEC 62304One key risk lies in medical device functional safety and the ability toobtain safety certification to protect patients, doctors, and the medicalsystem. Advances in medical device technologies enable more effec-tive diagnosis, monitoring, and treatment of illnesses. However, thesetechnologies add complexities to medical device development andtesting. IEC 62304 sets forth comprehensive guidelines for developmentand maintenance of software in medical devices. Having been adoptedby both the United States and the European Union, IEC 62304 guidelineshave become a standard medical device regulatory requirement and abenchmark for compliance. It establishes a set of processes, activities,and tasks within a common framework to ensure the safety and effec-tiveness of the medical device software development lifecycle pertainingto three different classes labeled A, B, and C.1. Effectively Manage RiskThroughout the SoftwareDevelopment Lifecycle Software of Unknown Provenance (SOUP)In addition to understanding the medical device SDLC processes and com-pliance requirements (i.e., IEC 62304), developers need to know how to dealwith SOUP — software of unknown provenance. This is software that wasn’twritten by the developer or device team but is generally available and usable,such as open source software, Linux, a utility software, or commercial softwarelibraries. In most cases, this software has not been developed specifically foruse within a medical device system. Adequate documentation of the devel-opment standards is not available to support and satisfy the standards set byIEC 62304, making it difficult to ensure that the software will meet compliancerequirements. Utilizing SOUP as part of the medical device system calls for thedevelopment team to consider, account for, and work through the following:•Application use case:How this software will be used with themedical systems•Robustness:How the software enhances or changes the device operation•Lifecycle management:How to manage bugs and updates supplied froma third party•Failure:How to address the failure modes of the software•Community development process:How updates and changes are aremade for open system software•Defect management:The process provided by the software developers formanaging defects•CVE management:Upstream management of common vulnerabilities andexposures (CVEs) when they are newly discovered•Component management:Managing different components of the soft-ware to meet requirements•Obsolescence/EOL:Understanding and managing