16th January 2017

Expert advice from Blackwood Embedded Solutions: Developing your healthcare app the right way

How to start your medical device software or healthcare application development the right way.

With dozens of new healthcare applications (apps) and medical devices available almost daily, we spoke to Anthony Giles, Managing Director of Blackwood Embedded Solutions, about how medical companies can ensure their products get to market safely and quickly.

“The level of innovation and application of technology in healthcare is encouraging to see for any product developer. Equally impressive is the ability of these devices to communicate with a number of different systems across the internet including those found within hospitals.

“However, we are also seeing a sharp rise in the number of ‘healthcare apps’ entering the market that are then used as medical applications due to their cost.”

These non-traditional uses of applications and devices are resulting in more challenges for manufacturers and the recently raised class-action suit against popular activity-tracker, Fitbit, should serve as a warning call to get things right from the beginning says Mr Giles.

“The Medicines and Healthcare products Regulatory Agency (MHRA) says that if an app is used for a medical purpose, it should be CE marked. Sadly we are regularly seeing apps purposefully called health apps to get around medical device regulations. The problem with this approach is that this results in the release of applications and products before they are rigorously and properly tested as would be required with medical products with a CE mark.”

Add to that the increased frequency and risk from cyber-attacks globally and Mr Giles strongly suggests that medical product designers and developers ask themselves as a matter of urgency whether it is realistic to expect a product to be ready within six months.

“Within six months, the maximum you should reasonably expect is a good prototype, most probably without any paperwork or verification and validation completed.

“Moreover the principles behind the IEC62304 software design process, addresses many of the patient safety and cybersecurity issues, by implementing good design practice.”

In considering the impact on your new product design, Mr Giles suggests companies start by looking carefully at the following guidance documents:

MHRA guidance on medical device stand-alone software including apps*
for deciding whether your app is a medical device or consumer health app
FDA Guidance for the Content of Premarket Submissions for Software Contained in Medical Devices** – this provides an easy to follow tick box questionnaire to correctly identify the software Safety Class required for the device early on in the project
FDA General principles of software validation*** – overview of the software design life cycle for medical devices
FDA Content of Premarket Submissions for Management of Cybersecurity in Medical Devices****
FDA guidance on Off the shelf Software use in Medical Devices*****

Cookie	Duration	Description
ARRAffinity	session	ARRAffinity cookie is set by Azure app service, and allows the service to choose the right instance established by a user to deliver subsequent requests made by that user.
ARRAffinitySameSite	session	This cookie is set by Windows Azure cloud, and is used for load balancing to make sure the visitor page requests are routed to the same server in any browsing session.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
DYNSRV	session	This cookie is used for load balancing purposes to decide which server to send the visitor.
ep201	30 minutes	This cookie is set by Wufoo for load balancing, site traffic and preventing site abuse.
exp_csrf_token	past	This cookie is used for the purpose of website security that is Cross-Site-Request forgery prevention. It is used to identify the trusted web traffic.
JSESSIONID	session	The JSESSIONID cookie is used by New Relic to store a session identifier so that New Relic can monitor session counts for an application.
PHPSESSID	session	This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
exp_last_activity	1 year	This cookie is used by the website Content Management System. This cookie is used to record the time of last page load.
exp_last_visit	1 year	This cookie is used by the website Content Management System. This cookie is used to store the last visit date of the registered users.
exp_stashid	session	This cookie is set by the provider ExpressionEngine. This cookie is used for page caching. The cookie creates a unique ID which is used to determine the current state of the website and actions performed by the visitor.
vuid	2 years	Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos to the website.

Cookie	Duration	Description
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.

Cookie	Duration	Description
CSPSESSIONID-SP-8443-UP-redirects-	session	No description available.
EMSSESSIONID	session	No description
ep202	3 months	This cookie is set by the provider Surveymonkey. This cookie is used for statistical analysis and website optmization. It gathers information on user's interaction with the SurveyMonkey- Widget on thewebsite.
GS_GROUP	1 month	No description available.
GS_RESTRICT	session	No description available.
GS_REVENUE_LOC	1 month	No description available.
PERSIST-COOKIE-ENC	session	No description available.
ppwp_wp_session	30 minutes	No description
SKTID	1 year	No description
SQ_SYSTEM_SESSION	session	No description available.

Select categories:

Select categories:

News & Opportunities

Sign up to our newsletter

Expert advice from Blackwood Embedded Solutions: Developing your healthcare app the right way

Join the conversation

Helpful information

Subscribe to our Mediwales newsletter