Process of Designing Robust, Dependable, Safe and Secure Software for Medical Devices: Point of Care Testing Device as a Case Study


This paper presents a holistic methodology for the design of medical device software, which encompasses of a new way of eliciting requirements, system design process, security design guideline, cloud architecture design, combinatorial testing process and agile project management. The paper uses point of care diagnostics as a case study where the software and hardware must be robust, reliable to provide accurate diagnosis of diseases. As software and software intensive systems are becoming increasingly complex, the impact of failures can lead to significant property damage, or damage to the environment. Within the medical diagnostic device software domain such failures can result in misdiagnosis leading to clinical complications and in some cases death. Software faults can arise due to the interaction among the software, the hardware, third party software and the operating environment. Unanticipated environmental changes and latent coding errors lead to operation faults despite of the fact that usually a significant effort has been expended in the design, verification and validation of the software system. It is becoming increasingly more apparent that one needs to adopt different approaches, which will guarantee that a complex software system meets all safety, security, and reliability requirements, in addition to complying with standards such as IEC 62304. There are many initiatives taken to develop safety and security critical systems, at different development phases and in different contexts, ranging from infrastructure design to device design. Different approaches are implemented to design error free software for safety critical systems. By adopting the strategies and processes presented in this paper one can overcome the challenges in developing error free software for medical devices (or safety critical systems).

Share and Cite:

S. Tulasidas, R. Mackay, P. Craw, C. Hudson, V. Gkatzidou and W. Balachandran, "Process of Designing Robust, Dependable, Safe and Secure Software for Medical Devices: Point of Care Testing Device as a Case Study," Journal of Software Engineering and Applications, Vol. 6 No. 9A, 2013, pp. 1-13. doi: 10.4236/jsea.2013.69A001.

Conflicts of Interest

The authors declare no conflicts of interest.


[1] A. N. Srivastava and J. Schumann, “Software Health Management: A Necessity for Safety Critical Systems,” Innovations in Systems and Software Engineering, 2013, pp. 1-15, In Press.
[2] S. Wang, A. Ayoub, R. Ivanov, O. Sokolsky and I. Lee, “Contract-Based Blame Assignment by Trace Analysis,” Proceedings of the 2nd ACM International Conference on High Confidence Networked Systems, Philadelphia, April 2013, pp. 117-126. doi:10.1145/2461446.2461463
[3] R. H. Birkhahn, E. Haines, W. Wen, L. Reddy, W. M. Briggs and P. A. Datillo, “Estimating the Clinical Impact of Bringing a Multimarker Cardiac Panel to the Bedside in the ED,” The American Journal of Emergency Medicine, Vol. 29, No. 3, 2011, pp. 304-308. doi:10.1016/j.ajem.2009.12.007
[4] L. V. Dommelen, F. H. V. Tiel, S. Ouburg, et al., “Alarmingly Poor Performance in Chlamydia Trachomatis Point of Care Testing,” Sexually Transmitted Infections, Vol. 86, No. 5, 2010, pp. 355-359. doi:10. 1136/sti. 2010.042598
[5] J. M. S. Alonso and D. M. M. Pereira, “Medical Software Requirements at the New Cuban Regulations for Evaluation and State Control of Medical Devices,” IFMBE Proceedings on Biomedical Engineering CLAIB, Habana, 16-21 May 2011, pp. 433-435.
[6] R. F. Goldsmith, “Discovering Real Business Requirements for Software Project Success,” 2004
[7] Y. Yan, S. Liu, Q. Zhang and H. Wu, “Analysis of Medical Device Recall Reports in FDA Database in 2005-2006,” IFMBE Proceedings, 2013, pp. 766-769.
[8] S. Kierkegaard and P. Kierkegaard, “Danger to Public Health: Medical Devices, Toxicity, Virus and Fraud,” Computer Law and Security Review, Vol. 29, No. 1, 2013, pp. 13-27. doi:10. 1016/j.clsr.2012.11.006
[9] National Health Service Infrastructure UK. rkoverview.cfm
[10] Canada Health Infoway, 2012.
[11] A Notation to Describe Behavior of Complex and Dynamic Systems, University Of Ottawa. http://www.
[12] G. Holl, D. Thaller, P. Grünbacher and C. Elsner, “Managing Emerging Configuration Dependencies in Multi Product Lines,” Proceedings of the 6th International Workshop on Variability Modeling of Software-Intensive Systems, Leipzig, 25-27 January 2012, pp. 3-10.
[13] B. Ostermaier, M. Kovatsch and S. Santini, “Connecting Things to the Web Using Programmable Low-Power WiFi Modules,” Proceedings of the 2nd International Workshop on Web of Things, San Francisco, 16 June 2011.
[14] C. Ruz, F. Baude and B. Sauvan, “Component-Based Generic Approach for Reconfigurable Management of Component-Based SOA Applications,” Proceedings of the 3rd International Workshop on Monitoring, Adaptation and Beyond, 2010, pp. 25-32.
[15] S. Bono, A. Rubin, A. Stubblefield and M. Green, “Security through Legality,” Communications of the ACM, Vol. 49, No. 6, 2006, pp. 41-43. doi:10.1145/1132469.1132499
[16] M. McKay, “Best Practices in Automation Security,” IEEE Cement Industry Technical Conference, San Antonio, 14-17 May 2012, pp. 1-15.
[17] US Food and Drug Administration Certification Authority. http://www. fda. gov/MedicalDevices/ DeviceRegulationandGuiance/UniqueDeviceIdentification/ucm054169.htm
[18] M. F. Johansen, o. Haugen and F. Fleurey, “Bow Tie Testing—A Testing Pattern for Product Lines,” Proceedings of the 16th European Conference on Pattern Languages of Programs, Irsee, 13-17 July 2011.
[19] V. A. de Santiago Júnior and N. L. Vijaykumar, “Generating Model-based Test Cases from Natural Language Requirements for Space Application Software,” Software Quality Journal, Vol. 20, No. 1, 2012, pp. 77-143. doi:10.1007/s11219-011-9155-6
[20] J. Natarajan, J. Wells, A. Chatterjee and A. Singh, “Distributed Comparison Test Driven Multiprocessor Speedtuning: Targeting Performance Gains under Extreme Process Variations,” Proceedings of the Asian Test Symposium, 20-23 November 2011, New Delhi, pp. 154-160.
[21] C. Nie and H. Leung, “The Minimal Failure-Causing Schema of Combinatorial Testing,” ACM Transactions on Software Engineering and Methodology, Vol. 20, No. 4, 2011, Article No. 2. doi:10.1145/2000799.2000801
[22] I. Segall, R. Tzoref-Brill and E. Farchi, “Using Binary Decision Diagrams for Combinatorial Test Design,” Proceedings of the 2011 International Symposium on Software Testing and Analysis, Toronto, 17-21 July 2011, pp. 254-264. doi:10.1145/2001420.2001451
[23] R. N. Kacker, D. R. Kuhn, Y. Lei and J. F. Lawrence, “Combinatorial Testing for Software: An Adaptation of Design of Experiments,” Measurement, 2013, In Press. doi:10.1016/j.measurement. 2013.02.021
[24] M. I. Capel and L. E. M. Morales, “A Formal Compositional Verification Approach for Safety-Critical Systems Correctness: Model-Checking Based Methodological Approach to Automatically Verify Safety Critical Systems Software,” Proceedings of the 14th International Conference on Enterprise Information Systems, Wroclaw, 28 June 2012, pp. 105-112.
[25] Test Design Tool, HEXAWISE.
[26] Agile Project Management Process Alliance, 2013.
[27] Agile Project Management Process, 12 Principles, 2013.
[28] K. Gary, A. Enquobahrie, L. Ibanez, P. Cheng, Z. Yaniv, K. Cleary and J. Heidenreich, “Agile Methods for Open Source Safety-Critical Software,” Software: Practice and Experience, Vol. 41, No. 9, 2011, pp. 945-962. doi:10.1002/spe.1075
[29] M. Taromirad and R. F. Paige, “Agile Requirements Traceability Using Domain-Specific Modelling Languages,” Proceedings of the 2012 Extreme Modeling Workshop, Innsbruck, 1 October 2012, pp. 45-50.

Copyright © 2023 by authors and Scientific Research Publishing Inc.

Creative Commons License

This work and the related PDF file are licensed under a Creative Commons Attribution 4.0 International License.