Discovery for Regulatory Submission and Technical Design of Wound Treatment Device Apps

About Our Client

The Client is a European startup developing an electromagnetic medical device for wound treatment.

Looking for a Reliable Vendor for Compliant Medical Device Software Development

In its initial form, the Client’s device was a basic hardware solution without any accompanying software for treatment management or progress tracking. The Client wanted to equip its product with web and mobile apps for medical staff, primarily nurses. The apps would connect to the medical device via Bluetooth or Wi-Fi, allowing users to send commands to the device, play pre-designed therapy programs (binary files encoding electromagnetic wave sequences) for specific wound types, and log completed procedures.

Lacking the required competencies in-house, the Client started looking for a vendor that could develop web and mobile apps for its device. The vendor had to be experienced in developing software for medical devices and achieving compliance with healthcare industry standards and regulations. In particular, as the Client planned to sell the medical device globally — starting with the European and US markets — it required adherence to EMA, GDPR, FDA, and HIPAA requirements.

The Client initially chose to partner with a software development company with which it was already familiar. However, that collaboration failed to meet the Client’s expectations. Seeking a reliable vendor to establish a long-term partnership, the Client turned to ScienceSoft. To avoid another misstep, the Client rigorously assessed our team’s qualifications through several interviews, including in-person meetings. ScienceSoft’s commitment to achieving project success no matter what solidified the Client’s decision to choose us as its development partner.

Navigating Vague Software Requirements and Preparing a Regulatory Dossier

The project started with a discovery phase. Initially, ScienceSoft proposed a six-week timeline to complete that stage, but the Client preferred a slower pace and requested to extend it to three months. ScienceSoft’s discovery team consisted of a project manager, a compliance officer, a solution architect, and an experienced business analyst who doubled as a healthcare IT consultant.

A significant challenge was that the Client’s original software requirements specification was vague, presenting several potential solutions without precise details. The key problems included:

• Nesting issues: there were no transparent hierarchical relationships between high-level and low-level requirements.
• Overlapping queries: multiple requirements covered similar or identical functionalities, causing redundancy and potential conflicts.
• Disproportionality: some requirements were overly broad, while others were too narrow.

As a result, ScienceSoft’s team had to decompose and significantly rework the original requirements. Additionally, to prepare the Client for EMA and FDA submissions as well as ensure the solution’s compliance with GDPR and HIPAA regulations, the team needed to follow strict guidelines on software development and documentation. During the discovery phase, ScienceSoft’s team prepared 25 documents, which were organized into two groups of deliverables to clearly show the Client what was needed for the regulatory submission and what had to serve as internal project documentation.

Regulatory Submission Package Deliverables

ScienceSoft designed this part of documentation specifically for submission to the regulatory bodies. The documents are compiled into a regulatory dossier containing all essential information required for regulatory review, ensuring that the Client can meet strict compliance standards.

• An overview of key software features, inputs (types of patient data entered into the apps, control commands sent to the device, etc.), outputs (therapy results, procedure logs, system notifications), hardware platforms (the medical device and mobile/web app environments), etc.
• Risk management documentation, including a risk assessment plan and a comprehensive risk mitigation plan.
• A complete Software requirements specification (SRS) organized for traceability with respect to other software documentation elements.
• Solution architecture diagrams illustrating the solution’s modules, layers, interfaces, and relationships between them, including interactions with external systems or peripherals.
• Software design specification (SDS) detailing the technical aspects of software functionality and mapping the design back to the SRS to ensure alignment with the intended use, features, safety, and effectiveness requirements.
• Requirement traceability matrix establishing the relationships between various requirements and their corresponding design, implementation, and testing activities, ensuring that all requirements are met throughout the project lifecycle.
• A project charter summarizing the development lifecycle, configuration management, and change management plans and establishing the project’s overall objectives, scope, and governance. It includes charters for the software purpose and scope, glossary, references, and project team. It also covers project communication, documentation, requirements management, software and project risk management, configuration management, quality management, security management, and verification and validation plans.
• A draft of the IEC 62304 Declaration of Conformity ensuring compliance with IEC 62304:2006/Amd1:2015, covering the planning of software development, verification, risk management, documentation, configuration management, and maintenance processes. As a globally recognized consensus standard, IEC 62304 simplifies submissions to both the US and European regulatory bodies.
• A draft of cybersecurity documentation based on the FDA’s most recent Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submission guide. It includes a cybersecurity risk management report featuring drafts of the threat model, a cybersecurity risk assessment, a security traceability matrix, architecture views, security requirements, and cybersecurity testing and management plans.
• A draft of verification and validation documentation with an overview of testing activities at unit, integration, and system levels.

Software Development Roadmap Deliverables

Separately, ScienceSoft assembled the documentation required for smooth software delivery, focusing on internal planning and project management. This document package ensures that the Client and the chosen development team clearly understand the project’s objectives, features, and tasks. By separating these deliverables from the regulatory submission package, ScienceSoft provided distinct resources to support project execution while maintaining compliance with industry standards.

• A high-level overview of the software architecture describing the core components of the system, including hardware, software, databases, networks, and services, and their interactions.
• A comprehensive list of the solution’s features, prioritized based on impact, feasibility, and alignment with the Client’s business objectives.
• A prioritized list of development tasks for the first sprint, presented in the form of user stories.
• Technical documentation on the planned integrations and interaction points within the solution.
• Draft documentation of system entities defined according to the FHIR format, including diagrams and descriptions of their relationships.
• A comparison of the proposed development infrastructure, including CI/CD services and tools, with an analysis of their advantages, disadvantages, and total cost of ownership.
• Use case documentation that organizes the software requirements by describing how users interact with the solution in different scenarios.
• Prototypes of three key user flows in the form of flowcharts illustrating the sequence of user actions within the system, highlighting critical interactions and decision points.
• Low-fidelity UI prototypes and wireframes in the form of sketches representing the layout and structure of the user interface for early UX visualization.
• The first set of UI design files (including mockups, graphics, and style guides) showcasing the selected visual aesthetics for the apps.
• A schema outlining various user roles and the corresponding access controls.
• A list of security requirements covering data protection, user authentication, and compliance needs.
• A draft document listing potential product risks and assessing their impact.
• An updated preliminary version of the project roadmap, outlining key milestones, development phases, task dependencies, and timelines to ensure the project stays on schedule and aligns with business objectives throughout the development process.
• Summaries of the meetings held to clarify the requirements.

Holistic Software Documentation Bundle for Strategic Clarity and Regulatory Readiness

In three months, the Client received 25 deliverables that clarified the original mobile and web app requirements and laid out a clear project roadmap. The comprehensive documentation was instrumental in preparing the Client for future EMA and FDA submission, improving the chances of approval for the planned software development once an early working version of the system is ready.

In the future, the startup also plans to upgrade the solution by adding personalized wound treatment programs and enabling its interoperability with EHR systems. Satisfied with the outcome of the discovery phase, the Client is ready to entrust both the software development and the new functionality design to ScienceSoft.

Technologies and Tools

Microsoft Office, Jira, Confluence, SharePoint.