Meet us at ITB Berlin and Transform, 5 — 7 March 2024!

Let’s build something great together

    A Comprehensive Guide to Software Development in Healthcare

    Julia Teryokhina, Senior Presales Engineering Manager

    December 19, 2023

    The union of IT and healthcare has brought medicine to a new qualitative level.

    Medical services have become more accessible: you no longer need a face-to-face appointment with a doctor; instead, you can use telemedicine software and get the necessary advice online. With diagnostic tools from the Internet of Medical Things  (IoMT) subset, you can perform remote monitoring of your health. The past pandemic has highlighted the significance of prioritizing one’s well-being. The Zoomer generation as a whole advocates a health-conscious and eco-friendly lifestyle. All these factors point to one conclusion: healthcare software development is more relevant than ever.

    According to Precedence Research, the global medical software development market size is valued at $28.66 billion in 2022 and is expected to reach approximately $77.43 billion by 2032. [1]

    Now, what do you need to start your own software development in healthcare?

    Challenges of software development in the healthcare industry

    Before you start developing a healthcare application, it’s crucial to understand all the nuances involved. Healthcare software development often requires mandatory certification that evaluates the software safety of the end users. Skipping important steps when creating such a product may, at best, lead to its reclassification as a Wellness application. At worst, it might lead to looking for new investments to fix the issues and once again pursue obtaining the coveted CE mark. In addition to direct cash investment, time to market is an essential factor to consider.

    According to publicly available data, between 75%[2] and 98%[3] of healthcare startups fail. Reasons vary, but certification issues stand out as a primary concern, which, in turn, slows down the delivery of software to end users.

    The gold standard for healthcare software development

    Does any medical software require certification from a notified body? Some healthcare applications can undergo self-certification, while others do not need to be certified at all.

    For example, an electronic health record (EHR) system exclusively used for retrieving, storing, or archiving medical data does not require certification. However, if the software is used for personal diagnosis and/or prescribing a personalized treatment plan, it is already classified as a medical device and, therefore, must comply with IEC 62304[4]. IEC 62304 is a gold medical software development standard adopted in the European Union and the United States.

    Healthcare software development in accordance with IEC 62304 ensures that it is created within a defined and controlled environment. Such a development process should align with requirements aligned with the software safety class.

    Safety classification in healthcare software development

    To determine the need for certification, the software developer must specify a safety class (A, B, or C) for their healthcare application. The safety class is based on the risk of harm the software may cause to the end user. According to IEC 62304 the following classification is used:

    • Class A: The software cannot cause any damage or injury;
    • Class B: Software may cause minor injury;
    • Class C: Software can cause serious injury or even death.
    Does medical software require certification?

    Class A software can be self-certified. To obtain the CE mark, it is enough to declare adherence to the IEC 62304 standard and publish a control document that lists the main points of compliance with the requirements.

    Class B software requires the participation of a notified body to confirm that the software development process complies with the requirements of IEC 62304.

    In the case of class C, the notified body will thoroughly analyze the development process and design documentation and check the software itself.

    When a software product bears the CE mark, it indicates that it has passed the necessary assessments and is safe for use.

    Essential documentation for developing medical software

    The IEC 62304 standard governs the healthcare software development process. Specific project documentation confirms that all necessary steps have been completed. Depending on the assigned safety class, the following set of documents is required:

    Document

    Class A

    Class B

    Class C

    Software development planning

    yes

    yes

    yes

    Software requirements analysis

    yes

    yes

    yes

    Software architectural design

    yes

    yes

    Software detailed design

    yes

    Software unit implementation

    yes

    yes

    yes

    Software unit verification

    yes

    yes

    Software integration and integration testing

    yes

    yes

    Software system testing

    yes

    yes

    yes

    Software release

    yes

    yes

    yes

    Each document should have a clear structure and be created as the project progresses, as recommended by IEC 62304. For example, before you start medical software development, you should have a software development plan. Before formulating the project’s scope, you should define the software requirements. Of course, these documents will not be set in stone; they might be updated according to changing project requirements. However, having them in place makes healthcare software development more manageable.

    As a last resort, documentation may be recreated before certification to showcase that the overall development is aligned with the guidelines.

    Local regulations on software development for healthcare

    The IEC 62304 standard governs the medical software development process. Additionally, it is crucial to consider standards such as:

    • IEC 60601-1 specifies network, software interfaces, and hardware requirements;
    • IEC 62366 specifies usability requirements for the development of medical devices.

    However, beyond the development process, you must also remember that the final product must comply with local legislation. If you produce software for EU residents, it must comply with the GDPR. When using healthcare software in the US, it must be HIPAA compliant, and if the application processes children’s data, checking for CAPTA compliance is advisable. In the US, there are variations in the requirements for medical software, even at the state level. Therefore, when starting healthcare software development, it is better to rely on professionals familiar with the nuances of implementing such products for a specific region.

    SOUP and OTS components used in healthcare software development

    Today, development cannot be done without integration with third-party software. However, it is not always known whether the integrated component meets the required standards.

    For healthcare software development, third-party components fall into certain categories:

    • Off-The-Shelf Software (OTS Software): A publicly available software component used by a medical device manufacturer, where the manufacturer cannot claim complete control over the software life cycle;
    • Commercial off-the-shelf software (COTS software): OTS software supplied by a commercial vendor;
    • Software of Unknown Provenance (SOUP Software): A widely available software component not explicitly designed for integration into a medical device or previously developed software lacking corresponding development records.

    Certain components can be both SOUP and OTS. To integrate such third-party software, the developer must assess the risks and the overall software safety class. All such integrations should be reflected in the software architectural design, along with a rationale for choosing particular components.

    Testing specifics in healthcare software solutions development

    Although the IEC 62304 standard provides a clearly defined procedure for testing medical software, it is worth touching on a few more points, that may not be immediately obvious:

    • For a successful release, you will need several sets of data for testing:
        • Stub data that contains no sensitive patient data or other confidential information and can be accessed by any team member. It must be prepared before development starts;
        • Real test data may already contain sensitive information, meaning that access rights must be defined for it. Software developers and QA engineers may use stubs (test data) if they lack access to real data. However, team members, including the business analyst, solution architect, project manager, and possibly the QA lead, must be able to analyze real data in advance to design the proper data model and conduct final testing. The absence of real data at the development stage is fraught with failure when testing the product with real users. These can range from trivial user interface errors (like poorly formatted text or not fitting into a label or is and therefore unreadable) to more critical errors when saving data to the database;

    • The project roadmap should include alpha and beta testing with real users. No matter how professional the contractor is, user acceptance testing should involve the target audience. Since what is convenient for technical specialists may be completely unobvious and inconvenient for real users;
    • While not explicitly required when developing medical software, test cases are highly recommended to create and maintain. Depending on the safety class, the cost of an error in medical software may be too high, causing harm to human health and life. This means the development team must consider all possible negative scenarios and ensure that the software handles unusual situations correctly. The same goes for cybersecurity testing healthcare systems must be as secure as possible from hacking. A backdoor can give attackers control of the application and pose a risk to the patient’s health.

    Hosting for medical software development

    The correct choice of hosting provider also affects the success of software development in the medical field. While a small mobile application without a server part may not cause hosting concerns — simply uploading it to Google Play or the App Store suffices — once your software has a server side, several crucial factors come into play:

    • Hosting availability (or total uptime) to ensure access to healthcare services; this factor might be quite important for hospital management software;
    • Existing services (e.g., Kubernetes) for system self-recovery;
    • Availability of hacking protection to guarantee data security;
    • Hosting compliance with required standards (for example, GDPR or HIPAA).

    Maintaining a balance between the above requirements and the associated hosting costs is equally important.

    Winning 12-step strategy for healthcare software development

    To successfully launch a healthcare startup and stay on budget, the following action plan should be implemented:

    1. First, define the core concept of the software being developed, emphasizing the killer feature that sets it apart from the competitors. Integrations with third-party components can replace everything else at the initial stage. At the same time, it is essential to consider the specifics of using SOAP and OTS.

    2. Next, determine the target audience. In software development in healthcare, the age of the end users should be considered very carefully, especially when adhering to legal restrictions for minors. A parent mode is essential if the final product is intended for children. Otherwise, we will have to exclude kids at the registration step.

    3. To validate the software idea for potential investment and present it to stakeholders, create a clickable UI prototype in Figma or InvisionApp. By visualizing the requirements, you can validate the idea itself.

    4. Work on the software requirements analysis (according to IEC 62304) along with the clickable prototype. Since most current software development is based on Agile methodology, the requirements specification will be updated as the project progresses. However, for a stable release, it is crucial to freeze requirements changes at least a month before user acceptance testing.

    5. Once the specification and user interface design are approved, start working on the architectural design required for the Class B and Class C software. This step enables stakeholders to calculate the total cost of ownership.

    6. Meanwhile, the project manager is supposed to plan the project milestones and deliverables and approve the final roadmap with the customer.

    7. It is recommended to start healthcare software development with the riskiest features to verify the key business idea of the project and ensure smooth integration with third-party components. This means common features such as registration and login can be postponed for later.

    8. Prepare a limited group of real users for user acceptance testing in advance. This is especially true for testing the alpha version since it may still contain bugs. The beta version may be available to a broader group of real, sometimes even casual, users. During alpha and beta testing, the crucial goal is to collect user feedback and fix the most critical issues.

    9. Conduct security and load testing to ensure the software’s reliability and fault tolerance.

    10.  Establish isolated environments to conduct different types of testing and carefully plan the expenses to support them at the architectural design step. The TEST environment will only be available to the development team to test the implemented changes iteratively. The STAGE environment should only be used for user acceptance testing. The PROD environment is intended for final releases. All these environments require isolated hosting, i.e., they use separate resources (such as memory, file storage, and database).

    11.  Finalize the necessary documentation and undergo certification for software with safety classes B or C.

    12.  Maintain a support team from the very launch of the product to handle user feedback promptly.

    Steps 3-5 look aligned with the Waterfall methodology but are crucial for smooth healthcare software development and effective management of the project budget.

    Bonus: Ideas for startups in healthcare

    Despite the ongoing evolution of healthcare software solutions development over decades, the space for startups in this field remains open. Moreover, the introduction of AI has impeded advancements in health software development. Here are some thoughts from Timspark on what kind of software can be designed for healthcare:

    B2C healthcare solutions

    Thanks to the widespread adoption of smartphones and other wearable devices, people can use apps to track their health; for example, mobile phone sensors can be used for posturography. Meanwhile, artificial intelligence solutions assist doctors in creating personalized treatment plans. A tireless AI-powered personal assistant can support seniors 24?7. Digital front door in healthcare can help patients receive better services promptly.

    B2B healthcare solutions

    Clinics and labs have diverse software needs, ranging from applications that track the movement of rare equipment around a clinic to computer vision that monitors seriously ill patients and recognizes their emotions 24/7. Particular attention is paid to clinical software development, aiding doctors in identifying dangerous deviations in patients’ health. Many of those healthcare solutions lie in the field of AI technologies.

    Launching a project in healthcare software development?

    Would you like to dive into hospital software development, or are you wondering how to build a healthcare technology platform? We would be happy if our article became your guide to launching your first startup. However, due to the text’s brevity, we couldn’t address all the intricacies of healthcare software design. Therefore, we’re eager to assist you in your ventures by staffing your team with the necessary software developers or completely taking over the implementation of the project. Our leading experts will help you optimize costs and guide you through the entire software development lifecycle.

    Looking for a healthcare software development company?

    References

    1. Healthcare Software As A Service Market. Precedence Research, 2022.
    2. What Leads to Company Underperformance & Failure?  TTi Health Research & Economics, 2021.
    3. Startup Failure and Success Rates: 2023 Research.  StartupTalky, 2023.
    4. IEC 62304:2006. Medical device software. ISO, 2021.