Welcome to the Mindset Extended Reality (XR) for digital mental health programme learning resources, which include three series: medical regulation, clinical evidence and lived experience involvement. Mindset-XR is helping to catalyse the growth of immersive digital mental health solutions in the UK, through funding, tailored support and training. It is delivered by Innovate UK and the Health Innovation Network South London (HIN).
This series focuses on medical regulation, with key insights from Hardian Health. Across 10 modules, we provide an accessible introduction to people and companies that want to learn more about medical device regulation, with a focus on XR devices. Each module offers a high level overview of a different topic, including medical device regulation in the UK and EU, core medical device standards and overseas regulation. Each module includes additional resources to support your learning and a quiz to test your understanding.
Outline
Welcome to Module 4: Quality Assurance. In this section, we’re exploring how to apply quality assurance to the development of medical device software and hardware.
What is quality assurance and why should I apply it?
The definition of Quality Assurance and why it is applied.
How do I apply quality assurance?
The role of quality management systems for tracking Quality Assurance.
When should I apply quality assurance?
When to apply for Quality Assurance, who needs to apply and where is it applied.
Multiple choice questions to test your understanding of Quality Assurance.
What is quality assurance and why should I apply it?
To kick off, let’s discuss what is meant by the term quality assurance. It may mean different things to different people, but for the purposes of this discussion it has a formal definition:
Quality Assurance: part of quality management focused on providing confidence that quality requirements will be fulfilled
International Standard ISO 9000:2015 Quality management systems – Fundamentals and vocabulary
Quality Management: coordinated activities to direct and control an organisation with regard to quality
International Standard ISO 9000:2015 Quality management systems – Fundamentals and vocabulary
Quality: degree to which a set of inherent characteristics fulfils requirements
Characteristic: distinguishing feature
Requirement: need or expectation that is stated, generally implied or obligatory
So let’s put all that together in the context of medical devices, which is what this series of modules is about, and considering that you’ve already heard in previous modules about the obligation of manufacturers to meet the regulatory requirements for medical devices.
Quality assurance: the part of [the set of] coordinated activities to direct and control an organisation with regards to [the] degree to which a set of distinguishing features [of the medical device] fulfils the needs or expectation that is [set out in applicable medical device regulations, to assure that medical devices are safe, effective and cybersecure].
So, what is the organisation and what activities must it coordinate, particularly in the development and deployment of the XR tools that this module is particularly interested in?
Organisation
The organisation we are talking about is the medical device manufacturer. Manufacturer itself is a term with a formal, legal, definition. Let’s use the one from the UK Medical Device Regulations (MDR) as it comprehensively illustrates a number of key points:
“manufacturer” means:
the person with responsibility for the design, manufacture, packaging and labelling of a device before it is placed on the market under his own name, regardless of whether these operations are carried out by that person himself or on his behalf by a third party; or
the person with responsibility for the design, manufacture, packaging and labelling of a device before it is placed on the market under his own name, regardless of whether these operations are carried out by that person himself or on his behalf by a third party; or
Noting that the word person in this context is shorthand for natural or legal person, that is an actual human person or a company with the given responsibilities – generally being a limited liability company, for various legal reasons – these are the key points:
If your company develops and/ or deploys software with a medical purpose and labels it with your company name (or indeed your own name as a natural person) then you are a medical device manufacturer.
Note that each NHS Trust is in effect a company in its own right, with the same manufacturing responsibilities as a commercial company. Universities are in the same position of having the same responsibilities if they put their badge or logo on a medical device.
If your company (or NHS Trust, or University) develops and/ or deploys software built by another company, or by subcontracted individuals, and labels it with your company name then you are a medical device manufacturer.
And if you put your logo or badge on supporting hardware, for example AR glasses, you are now the manufacturer of the hardware.
If you install custom software that gives a medical purpose to these glasses, and prevents any other purpose that the glasses could be used for, then you are now also the manufacturer of the hardware. If however you install an app with a medical purpose on the glasses and that app can be used just like a range of other apps that are installed on the glasses, and the glasses remain badged for their original manufacturer, then only your app is a medical device.
Activities
Now we know what the organisation is, what are the activities? At the highest level, we need to coordinate three life cycles:
The clinical development lifecycle (CDLC)
Learn more in module 6.
The product or software technical development lifecycle (PDLC or SDLC)
Learn more in module 8.
Risk management throughout the life cycles
Quality assurance is then applied to coordinate these three life cycles, along with the other activities needed to run an effective company.
How do I apply quality assurance?
Quality assurance is typically applied through the establishment and use of a Quality Management System (QMS).
A QMS has its own definition in ISO 9000 – actually, four definitions: quality, system, quality assurance and management system.
These can be merged as follows:
Quality Management System (QMS): a set of interrelated and interacting elements to establish policy and objectives and to achieve those objectives to direct and control an organisation with regard to degree to which a set of distinguishing features [of the medical device] fulfils the needs or expectation that is [set out in applicable medical device regulations, to assure that medical devices are safe, effective and cybersecure].
Quality Management Systems: Requirements for regulatory purposes
You will be introduced to the international standard ISO 13485:2016 Medical devices — Quality management systems — Requirements for regulatory purposes in Module 5.
We use this standard to set the content of the QMS into a Quality Manual and a set of around 20 procedures. The three key procedures for development and deployment of safe, effective and cyber secure medical device software and hardware are:
Design Control Procedure
Clinical Evaluation Procedure
Risk Management Procedure
The Design Control Procedure governs the Product Development Life Cycle (PDLC) or Software Development Life Cycle (SDLC), splitting it into a series of logical phases:
Planning
Design input
Design output
Design verification
Design validation
Design transfer
The Design Control Procedure also covers:
Design review
Control of change
- Documentation (design and development files)
- Identification and traceability
We’ll cover these phases in more detail in Module 8, when we discuss what standards should be used and how to apply them, along with risk management and how this all interacts with the concepts of clinical evaluation that are covered Module 6 and Module 7.
When should I apply quality assurance?
You should start to apply quality assurance when you start to translate research into development. This is when the possibly divergent ideas for a technological solution to a problem start to converge into a product idea. We apply a Technology Readiness Level (TRL) scale to self-assess this:
Technology Readiness Level (TRL)
The TRL is a scale from 1 to 9, where 1 is the most basic idea and 9 is a product that’s fully developed, put to market and in service. TRL 4 is about the level on this scale when the Design Control, Clinical Evaluation and Risk Management procedures really need to kick-in.
Who needs Quality Assurance and where is it to be applied?
As Quality Management System (QMS) is about running an effective organisation, everyone in the organisation is touched by and touches the Quality Management System and therefore plays a part in quality assurance.
This extends to any subcontractors you use to help develop your technology, any suppliers you buy hardware from – even your web host and any app store are suppliers that can impact the quality of your devices so need to form part of your Quality Assurance through your Quality Management System.
Summary
In this module, Quality Assurance, we looked at the definition of Quality Assurance and how it is applied. We also explored the role of quality management systems and who needs to apply for Quality Assurance. After using this resource, you should have a understanding of the following:
Quality assurance covers coordinated activities to direct and control an organisation with regards to the degree to which a medical device is developed and deployed to be safe, effective and cybersecure.
The key activities to be coordinated are design control, clinical evaluation and risk management.
Design control, clinical evaluation and risk management really need to start once a research idea starts to be translated into a product development.
Quiz
Got questions, comments or feedback?Get in touch with the teamhin.mindset@nhs.net | mike@hardianhealth.com
PowerPoint: Quality Assurance – click to download
Next module – Module 5: What standards apply to medical devices?
Back to Module 3: How are medical devices classified?