Solita RegProof® blog series, part 1: Typical pain points in medical software development and how calm compliance helps
Tuomas GranlundRegOps Development Director, Solita Health
Published 14 Mar 2024
Reading time 9 min
If you want to make a real difference in healthcare, most likely you will end up making regulated medical software. We’re talking about tech breakthroughs in AI, machine learning, IoT, and big data – all working together to make healthcare better!
However, this isn’t just about cool tech – regulated medical software delivers real results. Think about software that assists healthcare workers with complex decisions, systems that monitor patients from afar, and tools that catch health problems early. It’s all about improving healthcare outcomes.
We want to share our experiences in medical software development
We have worked hands-on with medical software in various setups. For instance, we have helped our clients design and develop medical devices, e.g. DigiFinland’s OmaOlo service. For another customer, we helped speed up their release publishing time from 6 months to less than 1 month! And we’ve also taken our own device from concept to market.
Truthfully, when we started developing Oravizio, the traditional ‘waterfall’ approach for medical device software development felt outdated – after all, we’ve had great success stories using modern agile development practices in other domains. As a result, we realised that there had to be a better way, so we dove into researching agile development of medical software. Our aim was not just to create, but to craft an exceptional development experience – one that we could truly take pride in.
Now we want to start sharing what we’ve learned, and that’s why we’re starting a blog series about our journey.
In this first blog post, we’ll discuss some generic and common pain points in medical software development, and how an approach called “calm compliance” can offer a smoother, more efficient path. It’s loosely based on one of the published research papers.
Common pain points
Regulations create an extra burden
Navigating the complex landscape of medical device regulation can be a challenge – there’s no way around it. Regulations are like a maze that can trip up even the most experienced professionals, and the problem can be especially tricky if you’re new to the game. Medical software development demands a whole new level of rigour. Patient safety, security, data integrity, and adherence to comprehensive regulations for quality management systems, risk management, and clinical effectiveness are non-negotiable. It’s easy to feel overwhelmed by the sheer volume of requirements.
This complex set of rules is anything but straightforward. They’re written with complicated legal language and leave some room for interpretation. Trying to figure out exactly what they mean and how to apply them correctly can feel like guesswork. For example, medical software is often classified based on the level of risk it poses to patients. The wording around classification rules can feel vague (e.g., “potential for minor/serious harm”). Companies might misinterpret the classification, leading to underestimating or overestimating regulatory requirements.
Furthermore, one challenge is that even familiar terms can mean different things depending on the field. For instance, the word ‘validation’ gets used a ton in both medical device and software development, but it means something different in each context. In machine learning, ‘validation’ might refer to data curation (data validation) or model tuning (validation). But in medical device development, ‘validation’ means confirming through testing and other objective evidence that your device consistently meets its specifications and fulfils the needs of its intended users. And unfortunately, this isn’t the only term that gets tossed around differently! The key is to be aware of these mixed meanings and to use the words carefully, depending on the situation.
Finally, the tools the development team uses and the compliance rules they need to follow often exist in totally separate worlds. This disconnection is a major pain point. Constantly switching between different applications and performing repetitive manual tasks can seriously mess with productivity and leave teams feeling stressed and frustrated. The tools commonly used in software development are not designed to handle regulated development tasks optimally – they’re not set up to track everything you need to stay compliant. This is why teams often end up spending a lot of time customising development tools.
All this wasted time and energy can translate into delayed projects, even burnouts, and ultimately, a lack of room for innovation. It can be a serious obstacle to creating great medical applications!
Compliance comes as an afterthought
The ‘traditional way’ of managing compliance just doesn’t align well with agile development. Instead of being baked into the process from day one, it often gets pushed to the end, creating a last-minute roadblock that throws everything off track. This can be especially frustrating because agile focuses on delivering features quickly, while the ‘old school’ regulatory approach is all about heavy upfront planning and waterfall-like process controls.
The development team is usually excited about building great new features, but sometimes, those annoying regulatory requirements get overlooked until too late. When documentation on top of that gets scattered across documents and spreadsheets, it is hard to see how all the regulations impact key decisions.
Discovering compliance issues late in the game means costly changes, tight schedules, and a lot of confusion. This reactive approach not only disrupts the flow but also makes it harder to find smart ways to improve your product while staying compliant. This leads to less efficient processes and a less polished result.
The lack of transparency and collaboration in compliance efforts
One might think having a separate compliance team makes things easier, but in fact, it can create a weird disconnection. This separation can make communication and teamwork harder for everyone.
When compliance professionals are totally isolated from the rest of the development process, misunderstandings tend to happen. The very nature of software development lies in making work methods more efficient, and therefore, the development team might accidentally innovate something that breaks the rules. Meanwhile, the compliance folks often have a tough time interpreting the complex regulatory details for the rest of the team. It can be a lot of wasted time and effort, as both sides end up trying to solve the same problems separately.
Compliance professionals are used to seeing those towering piles of paperwork as an output of traditional medical device projects. The old-school way of handling this was with tons of reviews, approvals, and ‘stage gates’ tied to those documents. But here’s the problem: teams must write a lot of stuff based on their best guesses early on because that’s what the document format requires. As the project progresses, they end up redoing the paperwork repeatedly, all through a painful change management process. In the end, having a massive pile of documents doesn’t tell you much about real progress or if you’re making a great product. Therefore, it’s much better to focus on smaller, targeted documentation tasks as you build and trust your team to get the bigger picture right.
The lack of transparency is a recipe for disaster. Important conversations get delayed, projects go off the rails, and you end up with costly fixes and missed deadlines. Worse yet, when compliance is treated like a secret mystery, the development team feels less responsible and understands the whole process even less. Everything gets muddled, and nobody can work the way they’re supposed to.
Tackling the challenges with “calm compliance”
Fortunately, things can be better. Think of calm compliance as a way to build compliance right into the development process. Instead of compliance being the disruptive side task, it becomes part of the everyday workflow. This makes things way less stressful for the team, and medical software development can proceed without the negative impacts typically associated with compliance activities.
Integration with daily tasks – real-time compliance checks
Forget about compliance being this separate, annoying thing you have to worry about. Calm compliance is about making it a natural part of how the product is built. Imagine if the development tools automatically checked for compliance issues as you wrote specifications or checked in code, flagging potential problems, and giving helpful tips.
We have tackled this by focusing on the possibilities of Application Lifecycle Management (ALM), i.e. the process of managing software applications from conception through development, testing, deployment, and maintenance, ensuring efficient and effective delivery of high-quality software products.
For example, our current toolchain includes a freely configurable ALM data validator, which automatically performs checks against the ALM data model and ensures that data model rules are followed. This minimises the possibility of human error and ensures that the traceability between different entities within the ALM, such as software requirements, risks, and verification tests, remains in place. Furthermore, it doesn’t just tell you there’s a problem – it helps you understand what the issue is and how to fix it. That’s the power of calm compliance in action!
Catching compliance issues early can be a game-changer. It means way less time wasted fixing problems at the last minute, unlike the conventional “late discovery” nightmares. By making compliance part of the process, like in the previous example, we ensure that product documentation always stays compliant, even when building new features. We think of it as a constant guide, helping the development team to make confident decisions without getting bogged down.
Clear processes, better tools, and easy to understand guidelines
Process streamlining means that the development team members won’t have to become regulatory experts. It distils all the complex rules into a format the team understands (such as clear, concise process descriptions, practical guidelines and tasks) so they can focus on what they do best – designing and building great software. Plus, this approach ensures the regulatory requirements are interpreted in a way that makes sense for software development and, furthermore, for a specific project, saving time and preventing miscommunications. Wherever possible, compliance tasks get baked into everyday development work, maximising efficiency, and ensuring that those regulatory requirements actually add value.
Minimising boring, often redundant, and accuracy-demanding paperwork tasks makes life easier for the development team. Simple-to-use tools with clear task boards and suitably configured workflows bring in a new level of clarity, reducing frustration and boosting productivity. We aim for a high level of transparency so that practical information is visible to all at a glance, and everyone can stay on the same page. It’s all about faster, smoother collaboration, just like a perfectly organised workbench.
Compliance as the result of shared responsibility
Forget the idea of compliance being one person’s headache. Calm compliance turns things around – shared responsibility gets everyone involved as the whole team understands and owns the responsibility for compliance. This brings all team members, such as designers, developers, managers, and compliance experts, together, fostering better teamwork and a smoother development process. Everyone has a role to play, and success depends on working together.
In the medical device domain, meeting the requirements is a critical part of success. Our approach aims to build a positive attitude towards compliance – instead of a chore, it’s a shared mission that leads to higher-quality products. At best, the development team starts to create new innovative solutions for compliance challenges, which enables us to continuously improve our development framework.
Automate everything you can
Dealing with the endless documentation of medical regulations can slow down progress. Calm compliance aims to compile documents from different data sources and utilise automation to streamline the process. The idea is to integrate documentation tasks into your existing development tools, so a lot of the paperwork gets done as you go, saving time and effort. And, of course, ensuring compliance. We want to make sure that there’s no need to write the same information in several different places, which will also help the maintenance. So, no copy-pasting within the documentation!
Calm compliance already in action
We’ve already taken calm compliance in action by developing a service model to give our customers a competitive edge and take away the pain of developing regulated software. We are stoked about it and gave it a bold name: Solita RegProof®. Our goal is to deliver safe and impactful regulated digital solutions for health and wellbeing, all the way from vision to production and beyond.