The Therapeutic Goods Administration yesterday singled out “poorly performing apps” as a target for its new Action Plan for Medical Devices, designed to restore public confidence in technologies being used by and in patients across the country.
Released today, the action plan said “poorly performing apps may pose a significant consumer risk. It will examine ways to better monitor device cybersecurity risks. The TGA will provide clearer guidance to industry on cybersecurity requirements for medical devices and the IT systems they connect with.”
These comments only touch the tip of the iceberg of what is a huge problem with app development for interfacing with safety-critical devices. It is good to see cybersecurity risks highlighted, but the larger problem with many apps is also that they simply don’t work properly.
The issue is that many app developers come from a consumer or business orientation that typically sources data from easily-accessed cloud-based information repositories. They are generally not qualified software engineers and have no knowledge of, or experience, with regulatory standards like IEC 62304 for medical device software development.
The level of design rigour for a medical app is an order of magnitude higher than for a simple consumer app
“When you need an app to connect directly with a real-world device in a safety-critical situation, the required level of design rigour is an order of magnitude higher than for a simple consumer app,” according to Genesys’ Chief Operations Officer Jon Eggins.
“Systems integration is much more difficult. Not only do you need an understanding of how to create a secure connection that authenticates the user and the device itself, but you also need a robust understanding of the range of communication technologies and protocols that connect the app to the backend systems, to guarantee uncorrupted data transfer.”
The depth of knowledge and software development skill required to build stable applications for connection to actual devices was highlighted by the recent spectacular collapse of Appster. There were multiple media reports of Appster clients saying their apps did not deliver on the functionality required or costs escalating dramatically with requests for minor feature adjustments.
A key issue Genesys regularly sees with apps is around the stability of the application, which needs to be free of bugs and crashes. A key difference to normal cloud-connected apps is that there needs to be immediate identification and association of physical devices with seamless connection and reconnection.
Scalability is another issue, particularly when evolving the product from minimum viable product to a fully-featured commercial offering. Scaling often requires the ability to easily and securely connect more devices, more patient sessions or other features without needing to redevelop the underlying software architecture every time.
“What is lacking with the shonky app developers is a disciplined approach to software engineering’” Jon said. “Data models need to be modular and communication should be compartmentalised at a systems level to allow reliable product evolution.”
People contemplating the development of devices that require an app should be asking product designers for evidence of quality procedures that ensure that software is robust and reliable. A good developer will have modular software that is proven, underpinning application-specific code that is independently tested and verified by other team members.
“It’s one thing to create an app to find the nearest coffee shop. It’s another thing entirely to create an app that performs reliably as you are treating a patient with serious problems,” Jon said.
The TGA Action Plan for Medical Devices can be found at https://www.tga.gov.au/publication/action-plan-medical-devices
For more information, contact Jon Eggins at Genesys on 02 9496 8900 or j.eggins@genesysdesign.com.au
Comments