Right, but unless you fuck up pretty badly software is not going to kill a patient directly (barring, say, pacemaker software).
We had to do a risk analysis review recently, and figured that unless you physically dropped one of our servers onto a patient you couldn't directly cause harm.
Anyways, you'd be a lot less concerned with regulation if you knew how brainfucked and unscientific the whole field of medicine seems to be--it's not as far along as you might expect/hope.
Yeah, I'm familiar with that--note again that that was a combination of hardware and software, and that the perhaps leading cause of actual damage was the omission of a mechanical safety interlock that existed on earlier models; with that interlock, the buggy software wouldn't have mattered.
There is a difference between embedded systems or devices (pacemakers, imaging devices, etc.) and EMR/records/data mining software.
The regulations are all calibrated to defend against a Therac-25 (well, sort of) and seemingly not to deal with modern software development or deployment.
We had to do a risk analysis review recently, and figured that unless you physically dropped one of our servers onto a patient you couldn't directly cause harm.
Anyways, you'd be a lot less concerned with regulation if you knew how brainfucked and unscientific the whole field of medicine seems to be--it's not as far along as you might expect/hope.