Member insights: Actual quality is the best measure of quality
The true measure of medical device quality lies in safety and effectiveness
Randy Horton, Chief Solutions Officer at Orthogonal, and Ian Sutcliffe, Principal SA HCLS Compliance and Medical Devices at Amazon Web Services, co-authored this article.
For a deeper dive into this topic, read the full article here.
Bridging the divide between software and med tech
The med tech industry faces challenges integrating modern software development with traditional medical device design. Software and med tech professionals often clash over compliance documentation. Software teams see excessive documentation as unnecessary, while med tech teams emphasize its importance for safety and effectiveness. However, the gap is narrower than it appears. High-performing software teams already follow best practices like test-driven development and continuous integration. By integrating a risk-based approach, they can align with compliance requirements without compromising efficiency.
Quality vs. compliance in medical devices
A high-quality medical device functions safely and effectively as intended. Regulations, quality systems and compliance frameworks exist to ensure this, but they are merely proxies for achieving true quality. Over time, organizations can drift from focusing on quality to solely on compliance. This shift can lead to inefficiencies where compliance activities detract from quality improvement.
Med tech compliance structures were originally designed for physical engineering disciplines, where product consistency was controlled through structured processes. However, software is inherently flexible and constantly evolving, making traditional quality management systems less effective. Applying rigid compliance methods to software-driven devices can slow innovation without necessarily improving safety or effectiveness.
Redefining software quality in med tech
Due to high-profile cybersecurity breaches and system failures, med tech professionals often view software as unreliable. However, top tech companies like Google and Amazon achieve near-perfect uptime using advanced quality assurance techniques. Software quality is not inherently inferior; it is optimized differently based on user expectations.
Software engineering has long embraced rigorous quality methodologies, but they differ from traditional med tech approaches. Agile development focuses on incremental improvements, continuous testing, and automation to enhance reliability. These methods ensure that the software remains adaptable while maintaining a high standard of performance. By understanding this distinction, med tech organizations can adopt modern software quality practices without compromising safety or regulatory integrity.
Modernizing compliance with automation and data
Many med tech compliance processes remain document-centric, relying on Word documents, PDFs and spreadsheets. However, modern software companies use data-driven systems that provide real-time traceability. Automated logging ensures accuracy and eliminates human error associated with manual checklists.
For instance, automated scripts can perform daily checks and log results instead of manually verifying cybersecurity configurations. This approach is more reliable and provides a real-time, auditable compliance record. The reluctance to embrace such methods often stems from regulatory comfort with traditional documentation rather than from any actual advantage of static documents.
Infrastructure as code: A case study in efficiency
Traditional compliance methods require extensive standard operating procedures for IT infrastructure. With Infrastructure as Code (IaC), configurations are stored as version-controlled scripts, ensuring consistency without outdated documentation. This approach allows automatic updates and real-time verification, significantly reducing errors.
Similarly, test records and installation and operational qualifications can be captured as structured data instead of static documents. This transition enhances traceability, reduces redundancy and enables automation in quality management. Rather than replacing compliance processes, automation strengthens them by providing consistent, verifiable records with minimal manual effort.
Overcoming resistance: Merging software and compliance mindsets
Resistance to change arises because software and compliance teams approach quality from different perspectives. Regulatory professionals rely on established documentation practices, while software teams favor automation. Bridging this divide requires mutual understanding:
- Regulatory teams must recognize that code, logs and automated records can be as reliable as traditional documents.
- Software teams must appreciate the need for structured compliance records and automate them where possible. Instead of forcing software teams to conform to outdated compliance processes, med tech should integrate modern automation techniques to maintain traceable, audit-ready documentation without unnecessary manual effort. The key is not to replace traditional compliance but to enhance it using proven scalable software methodologies.
The future of med tech: Data-centric compliance
Software-driven medical devices are the future, and compliance must evolve. The shift from document-centric to data-driven compliance is a natural progression that enhances quality assurance while maintaining regulatory integrity.
Med tech organizations should:
- Regulatory teams: Learn about DevOps, automated logging and IaC to embrace new documentation formats.
- Software teams: Understand the necessity of regulatory snapshots and structured compliance checkpoints. By combining automation with structured compliance frameworks, med tech can achieve true quality by ensuring that medical devices are safe, effective and ready for the future.
About Orthogonal
Orthogonal is a software development consulting firm that believes in improving patient outcomes faster. They do this by helping med tech firms build and evolve their Software as a Medical Device (SaMD) and digital ecosystems faster.