Do Not Fear Open Source Software in Medical Devices or Mission-Critical Healthcare IT Systems

I spent the past few days in Boston at the Harvard Medical School Conference Center speaking audiences at the Medical Device Connectivity Conference (I presented lectures on how to design next-generation medical devices and gateways). Many people that attended my lectures showed a great deal of trepidation when I brought up the fact that they should use open source software (OSS) to reduce cost and potentially increase the quality of their devices; the most common excuse I heard was that the regulatory compliance folks wouldn’t allow OSS or that the FDA would disapprove.

Having taken part in numerous regulated medical device development efforts that included open source software, including the world’s largest medical devices with a 510(k), I know for a fact that the FDA doesn’t have anything against open source software in particular (as long as you can prove safety). So, the problem in most cases likely stems from a lack of experience with open source in the regulatory compliance groups within companies. I thought I’d take this opportunity to write up a quick summary of how R&D groups should properly experiment with and include open source software in safety-critical systems.

Step 1: Understand open source licensing, remove the fear of IP loss

Fear starts from a the lack of understanding that open source licenses allow for inclusion in your device(s) without harming intellectual property (IP) rights or proprietary claims. There’s no need to fear that somehow if you include open source you’ll accidentally relinquish proprietary IP. If you’re not sure which licenses to use, start with the Apache Software License (ASL), Mozilla Public License (MPL) or LGPL, all of which are friendly enough to use in commercial software.

Step 2: Understand where code is coming from and what test harnesses included

To help remove fear from your regulatory groups, keep track of precisely where you’re getting the OSS code from. Also, try and focus on incorporating OSS that already contains good test harnesses so you can prove to yourself, your QA teams, and your regulatory teams that the software works for its intended uses.

Step 3: Get in touch with the open source developers

If you’re going to rely on some OSS, get in touch with the developers. Most OSS developers are quite community oriented and usually helpful; in case your regulatory or QA folks have questions you’ll be able to answer them easily if you’re in touch with the original developers. Also, if you need changes, some developers will likely be available for hire for making changes or helping with validation.

Step 4: Connect to the revision control system of the open source project

My general recommendation is that you not download binaries for OSS projects; instead, connect directly to the Subversion, Git, CVS, Mercurial, or other revision control system (RCS) the OSS project developers are using. You should get used to various RCS systems and not just the one you’re using in your own shop. It’s much easier to know precisely what lines of code, modules, etc. are changing when you’re directly connected to the RCS.

Step 5: Create your own binaries

As soon as you’re connected to the revision control system of the OSS project, build your own binaries using the existing make or build scripts. If there are no make or build scripts you should not use the OSS (if you have other choices) or you can create your own.

Step 6: Create a process to securely sign the binaries

When you create your own binaries you’ll want to make sure you digitally sign the binaries and ensure that your devices / gateways have firmware or other software that verifies the binaries.

Step 7: Create your own deployment packages

If you’re running on Windows you’ll want to create *.msi packages; on RedHat create RPMs, on Debian / Ubuntu create *.deb packages, etc. You will want to have a proper package management approach that your QA and regulatory folks can have confidence in and easily understand.

Step 8: Create a process to test the binaries using code coverage tools

This step could be done before or after step 6 but you’ll want to be sure you run the test harnesses with code coverage turned on; that way, you’ll know what test coverage you can achieve in the various OSS packages you’ll build. Try not to go to your regulatory folks and say “we can trust OSS package X” without some sort of real evidence – test harnesses and code coverage tools are good starts.

Step 9: Keep an eye on changes coming in from the source and retest regularly

Figure out how you’ll ensure that packages stay up to date and will be regularly tested (with code coverage); you might want to read an RSS feed, get regular e-mail notifications from forums, etc. Each time the code changes you probably don’t want to upgrade immediately but you’ll want to stay abreast of the updates.

Step 10: Review your process with the compliance officers and get their buy in

Share with your QA and regulatory folks your process early and often — they’ll have more confidence in your process when the process is documented, scripted, and easy to understand and follow.

Conclusion

If you do things “properly” and follow a good solid process then the compliance officers can (hopefully) be convinced that the code can be trusted. If you’re getting push back, put your questions here and I’ll help out as best I can. The more proprietary software we create in medical devices, the less interoperable they will be so it’s time we get our regulatory folks on board.

Comments welcome below … what kinds of questions do you get from your compliance folks?

How To Choose The Right Dentist: Try These 6 Simple Steps

How Dental Trends Can Help Differentiate Your Practice

Tips To Teach Healthcare Workers About Managing Stress

Working From Home In Healthcare: Can You Adapt To Remote Work?

Why Meal Planning Is Good for Your Budget & Your Health

How Do I Become A Clinical Documentation Specialist?

How To Get Capital For New Equipment For Your Healthcare Business

Financial Benefits For People Suffering From Dementia

4 Tips For Home Health Care Agencies To Survive The Worker Shortage

Top Tips For A More Eco-Friendly Healthcare Facility

Why Mobile Apps Are Indispensable For Telemedicine

Why It’s Key To Take Care Of Medical Debt To Avoid Health Issues Later

Where Does Blockchain Fit Into Healthcare?

The Challenges Associated With IoT Healthcare Implementation

How To Use SMS To Increase Customer Satisfaction In Healthcare

Top 5 Advantages Of A Heart Rate Monitor – For Workouts And Daily Life

Patient Misidentification: Just How Damaging Is It?

Dealing With A Health Crisis? Avoid Medical Identity Theft With These Tips

7 Reasons You Need Digital Marketing For Your Medical Practice

Why It’s Key To Take Care Of Medical Debt To Avoid Health Issues Later

How To Use SMS To Increase Customer Satisfaction In Healthcare

Top 5 Advantages Of A Heart Rate Monitor – For Workouts And Daily Life

Google Fitness Platform And The Future Of Fitness Apps

Essential Apps for Tracking Health and Wellness

Why You Need To Know The Risks Of Self-Diagnosis

Technological Advancements in The Medical Field That You Should Keep An Eye On

mHealth Apps And Digital Doctors: The Future Of The Healthcare Sector?

EHR For Rural Hospitals: Criteria And Access

7 Tips To Make Sure Your Medical Practice Is Found Online

4 Top Reasons Why App Developers Love Apple Health Records API

Should Healthcare Care About Branding?

How can Healthcare Professionals Manage their Reputation Online

Where Does Blockchain Fit Into Healthcare?

5 Noteworthy Signs You Are Addicted To Technology

The Roles And Responsibilities Of An Audiologist

8 Ways Technology Has Changed The Healthcare Industry

The Roles And Responsibilities Of An Audiologist

5 Healthcare Technologies Transforming Aging In Place

Here’s Why Plastic Surgery Shouldn’t Be Taboo Anymore

How Tech And Medical Equipment Is Changing The Patient Approach

Origin of Popular Surgeries

7 Beneficial Ways Technology Can Impact Your Fitness

Is Virtual Reality the Next Big Thing for Mental Health?

Patient Engagement Helps Healthcare Systems And Patient Outcomes

How To Choose The Right Dentist: Try These 6 Simple Steps

Dealing With A Health Crisis? Avoid Medical Identity Theft With These Tips

The Muddled Relationship Between Your Health Initiatives and Credit Score

How to Get Started with Volunteering to Take Care of Animals Abroad

What The CVS Healthcare Expansion Means For Medical Practices

The Roles And Responsibilities Of An Audiologist

Could New Chronic Care Treatments Help Manage Your Arthritis?

4 Tips for People Who Are Dealing with Debilitating Illnesses

5 Tips for a Healthy Pregnancy

3 Things To Consider When Looking For A Heart Doctor

The Value And Criticism Of Robot-Assisted Heart Surgery

Here’s What To Know About Sleep And Heart Health

Is It Time to See a Cardiologist?

Pros and Cons of Dental Implant You Should Know

Benefits And Common Questions About Dental Implants

Try These Dental Hygiene Tips For A Healthy Lifestyle

11 Overlooked Flossing and Brushing Mistakes that Cause Oral Health Issues

Take These 4 Important Steps For Healthy And Happy Aging

Living Alone When You’ve Been Diagnosed With Alzheimer’s

A Guide To Healthy Aging And Happier Golden Years

10 Early Dementia Signs You Need To Be Aware Of

Why You Should Consider Group Exercise For Weight Loss

Here’s Why To Choose A Home Gym For Your Fitness Routine

How Serious Is Sugar Addiction, And Should You Be Worried About It?

5 Ways Meditation Can Help You With Weight Loss

A Guide to Caring for Bunions

5 Best Exercises to Strengthen Your Lower Back

Here’s Everything You Need to Know About Sciatica

Your Guide to Foot Gains: The 7 Best Foot Exercises for Stronger and More Flexible Feet

5 Tips for a Healthy Pregnancy

3 Nutritious Foods To Eat During Your Second Trimester Of Pregnancy

A High Fiber Diet During Pregnancy May Reduce Celiac Risk In Children

Radiology as an Enterprise Model for Collaboration

Relationship Between Clinical Decision Support Systems (CDSS) & Radiology Must Evolve

Diagnostic Reading #33: Five Must-Read Articles from the Past Week

2015 CPT Coding Changes and Your Radiology Practice