DevOps in the Healthcare Industry: Ensuring Quality, Security, and Safety

In the previous article, we spoke about how we architected the DevOps journey for a global OEM customer, identifying their current state of IT development and operations and redefining their transformation paradigm. In this blog, we will discuss a DevOps paradigm in healthcare applications.

DevOps delivers rapid IT services through the combination of automation and agile processes, helping optimize performance and improve collaboration between software development teams, bringing them together to deliver faster results with reliability and quality. Adopting this approach in a healthcare environment, such as medical device software development, is, however, not as straightforward because of stringent regulatory compliance needs.

However, DevOps is a catalyst for successfully developing an application, continuous integration, and deployment. It requires strict audits and approvals before release without compromising the healthcare industry's compliance regulations. Our approach for implementing DevOps, therefore, includes:

Adherence to IEC62304 Standards

We understand that medical device application development is a complex and highly regulated process that requires adherence to strict standards and regulations to ensure patient safety. One of the most critical standards in the medical device industry is the International Electrotechnical Commission (IEC) 62304. The standard outlines the requirements for the development, maintenance, and life-cycle management of software used in medical devices. Understanding, utilizing, and complying with IEC 62304 is crucial for medical device developers to ensure that their products meet the highest safety and performance standards. Therefore, the use of a modern development approach in the healthcare industry is complex and rare as it needs robust process adherence.

We have developed a comprehensive and robust Risk Control Framework for adhering to the principles of IEC62304 through rigorous planning, documentation of requirements, testing and verification, and traceability – to ensure compliance with all relevant regulation standards. This framework ensures that all its principles are adhered to and “evidence” document is generated for future audit purposes . Our Risk Control Framework for DevOps practices provides developer capabilities while delivering software code to production safely and reliably. This covers all the components of the Software Development process of the standards, as shown below:

Automated “Build Breakers” to Improve Quality and Security

Ensuring quality and security is of critical importance during coding. We strive to detect the defects at an early stage which can hamper our code in a later stage, leveraging “build breakers” concept at the Build stage. This means that once a developer triggers a build, the unit testing is done and the Unit test and code coverage threshold is configured to continue the build process. Additionally code quality scan with SonarQube, and an open-source dependency scan with Dependency-check tool is undertaken. If there is a break in any one of these defined threshold results, it will ‘fail’ the build and will be sent back to the developer for further analysis and resolution.

Automate DevOps Practices Using Pipelines

Apart from continuous integration and deployment practices, we also observed the creation of project teams, repositories, and branches take substantial operational challenges with manual errors creeping in. This has led to the development of an Azure pipeline that automates project creation, repositories, boards, and even standard YAML pipelines for project teams for ensuring seamless onboarding. Automated pipelines are a way to build, test, and deploy code and infrastructure in a consistent and reliable manner.

A lot has been achieved in this approach, with some of the benefits listed here:

• Improved code quality and secure coding,
• Improved Healthcare industry compliance,
• Increased frequency of software build,
• Faster feedback from the Software testing process, and
• Improved developer experience by reducing manual operation.

There is still more to do. As we move forward, there is scope to transform DevOps journeys by improving collaboration between developers and operations, including automating software testing using tooling, Documentation as a Code, and a risk-free release strategy into Cloud Foundry. This would help in improving time to market and drive business success for healthcare application providers. As the landscape evolves, the transformation journey will continue to accelerate.