Linux in Medical Devices

By Ken Herold

Ken HeroldLinux is the operating system of choice for a wide range of medical devices, from vital sign monitors to hospital bedside “infotainment” systems to complex imaging and scanning equipment. Yet not all Linux is alike. Because patients’ lives may be in the balance, software used in medical devices must meet stringent regulatory guidelines to assure that it will perform as promised, and the provider must be able to pass audits of its development methodologies. Trying to cobble together solutions from pure Linux without commercial support puts the burdens of testing, validation, documentation and compliance on the device manufacturers and their developers – an onerous, time consuming and complex process that can turn “free” Linux into a very costly proposition.

There are, of course, commercial vendors of Linux who provide value-added, stabilized versions of the open source software, along with board support packages. Service, support and documentation levels, however, vary widely among them.  Some chip vendors provide software solely to drive processor sales and with many vendors, the relationship ends with the sale.

The Advantages – and Challenges – of Open Source

As an operating system, Linux has all of the advantages that open source presents. It’s free and can be modified and redistributed under the GNU General Public License (GPL). It has been widely adopted and embraced by thousands of developers. As a result, it’s easy to find developers who use it frequently and know it intimately. Linux also enjoys the support of all major hardware manufacturers and runs on virtually any processor. On top of that, it has a large ecosystem of board and software providers that use proven toolchains. And it is known for exceptional graphics support, including popular frameworks such as Qt and Android – important for device screens that require clarity and legibility.

For all its advantages, however, using Linux in a medical device also poses a number of challenges.

Any medical device marketed in the United States is regulated by the Center for Device and Radiological Health (CDRH), a branch of the Food and Drug Administration (FDA). Whether or not the device maker is claiming compliance to the medical device software standard IEC 62304, they must follow several FDA guidance documents.  Accordingly, Linux should be treated as Software of Unknown Provenance (SOUP) or Off-the-Shelf (OTS) software.  The FDA also makes it clear the burden of ensuring safe and reliable performance does not end with product launch. When evaluating operating systems, planning for bug fixes and security updates for the entire lifecycle of the product is mandatory.

Regulatory Perspective for Premarket Submissions

Medical devices and their components must undergo a hazard analysis, typically performed by the manufacturer. The purpose is not to try and predict a likelihood of failure, but to analyze the effect on the patient in the event of failure. The content for documentation of OTS software depends on the results of the hazard analysis performed. There are two levels of documentation, “basic” and “special”. 

To oversimplify the “Guidance for Industry, FDA Reviewers and Compliance on Off-The-Shelf Software Use in Medical Devices,” the more stringent “special” level may require an audit to establish:

  • Assurance of development process: the vendor can demonstrate a proven, repeatable development process that adheres to best practices.
  • Assurance of V & V for Linux: the vendor has performed verification and validation in accordance with accepted industry standards, and the results meet the manufacturer’s requirements.
  • Maintenance and support plan for lifecycle (upgrades, bug fixes, patches): the vendor should have an ongoing maintenance and support plan, and offer the option of an extended support agreement if the projected life cycle of the product is longer than standard support for that release of Linux.

Choosing a commercial Linux vendor that can satisfy these requirements is essential.  The vendor must be able to supply the right level of documentation. As the FDA recommends, the device maker should not hesitate to conduct an audit if there is any concern about the vendor’s development methodology.

Wind River Linux has been subjected to a number of such audits and completed them all successfully. 

For additional information from Wind River, visit http://www.facebook.com/WindRiverSystems.  

4 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>