Continuous integration and deployment is essential for successful development of devices enabled by artificial intelligence and machine learning.
By Erez Kaminski, Ketryx
It’s no secret that AI-powered medical devices are revolutionizing healthcare, setting new standards for speed, precision, and accuracy in the diagnostics that drive better patient outcomes.
Artificial intelligence (AI) and machine learning (ML) technology is also at the forefront of the shift toward remote care, making it possible to deliver personalized treatments customized to each patient’s unique data, all while extending healthcare beyond traditional clinical settings.
As of August 2024, the FDA has greenlit a staggering 950 AI- and ML-enabled medical devices. With the surge of connected devices and continued investment in AI, the growth of authorized AI-enabled tools shows no signs of slowing down.
But as these complex systems multiply, so do the challenges of ensuring their safety and reliability. Medtech requires a proactive approach, one that tech giants such as Google and Amazon have made central to their continued success. A continuous integration/continuous deployment (CI/CD) strategy that champions frequent updates and adaptations isn’t optional for medtech developers — it’s essential. This piece will outline the best practices for designing CI/CD architectures and offer strategies to navigate the unique challenges of regulated environments.
What is CI/CD?
Before diving into best practices, let’s quickly define CI/CD. It’s a critical component of modern DevOps methodology, relying on incremental code changes to increase the speed of releases while tightening feedback loops across the software development lifecycle.
While the word “speed” often sets off alarm bells in the medtech space, this practice is well aligned with new FDA guidance surrounding “Predetermined Change Control Plans” (PCCP). PCCP empowers medical device manufacturers to implement updates and improvements without the traditional, lengthy and costly process of submitting new premarket applications. While this flexibility is crucial for keeping pace with rapid technological advancements in AI, not all manufacturers are ready to take advantage of it.
Because a given software-as-a-medical-device (SaMD) product can involve hundreds of data sources and thousands of requirements, specs, and tests, implementing CI/CD while still creating and approving all the needed documentation can seem daunting. The following strategies provide a practical approach for getting started.
CI/CD strategy No. 1: Design an architecture built for change
To design an adaptable architecture, you need the flexibility to identify AI/ML subsystems, adjust design controls by adding or removing components, upgrading them, and then reintegrating and retesting the entire system to ensure it can perform its intended use while still meeting risk control standards.
Many medtech companies shudder at this process as it’s traditionally a manual and time-consuming task without CI/CD. However, this flexibility is essential for supporting AI-powered products.
Implementing microservices makes sense for CI/CD pipelines as it allows for independent deployment, versioning, and traceability across different products or projects. Breaking down complex AI applications into smaller manageable services also makes it easier to troubleshoot and update over time. This modular approach allows you to retrain data models or replace services without disrupting the overall system every time you make a change.
Another benefit to this approach is it allows you to allocate and optimize resources based on the specific needs of each service, reducing costs and improving overall performance and reliability.
CI/CD enables teams to independently develop, test, and deliver safe, incremental updates to software through automated integration and delivery pipelines. [Image courtesy of Ketryx]
CI/CD strategy No. 2: Enforce procedures and automatically generate documentation
With the pace of CI/CD, it’s simply not feasible to use traditional, manual workflows that rely on the exchange of spreadsheets and in-person meetings. Rather, your tools and systems should ensure that the right steps are being executed in the right order — with the needed evidence.
To accomplish this objective, you need to automate the logic/rules of your quality management system (QMS) and use them as guardrails to guide developers through the required steps within their native workflows and familiar tools. In setting up your automation, choose tools that integrate with your team’s existing development environments, such as Jira and GitHub, rather than being forced to move data in and out of different systems, potentially introducing human error.
Automating your QMS prevents a project from moving forward unless it is being executed exactly as written in your existing quality standard operating procedures, ensuring compliance. One example can be program gates, but there could be many other procedures that need to be automated. This strategy eliminates the need for manual oversight and the time-intensive meetings that are the enemies of CI/CD.
An additional benefit includes the automatic generation of key FDA documentation such as a design history file (DHF) from the data captured during development to further document real-time compliance and efficiency.
This graphic illustrates how medtechs can ensure quality management and regulatory compliance within medical device software without unnecessary manual efforts. [Image courtesy of Ketryx]
CI/CD strategy No. 3: Maintain end-to-end traceability across dev tools
This last step can’t occur until you’ve built a flexible architecture designed for change. In effect, end-to-end traceability is the byproduct of the first two strategies when you’ve committed to generating traceability and testing evidence directly from your existing DevTools to streamline reporting.
Replacing attempts at manual traceability (e.g., spreadsheets and commitment documents) with an integrated, automated platform reduces errors and delays while resulting in safer software. An automated platform that is context-aware of your risks and regulatory requirements can also be used to automate change impact analysis — a critical, and time-consuming step.
Continuous integration and deployment ensure that medical device software changes are tested, verified, and approved with automated traceability and compliance checks before reaching production. [Image courtesy of Ketryx]
Leveraging automation, end-to-end traceability, and a robust risk management framework empowers manufacturers to transform formerly complex challenges into achievable goals. Adopting CI/CD not only positions your organization to lead the next generation of medical technology but also ensures alignment with evolving FDA standards and patient expectations.
Ketryx founder and CEO Erez Kaminski [Photo courtesy of Ketryx]
How to submit a contribution to MDO
The opinions expressed in this blog post are the author’s only and do not necessarily reflect those of Medical Design & Outsourcing or its employees.
