Understanding the UOUP (User Interface of Unknown Provenance) section of IEC 62366 -1:2015
From a regulatory standpoint the differences between IEC 62366:2007 and IEC 62366 -1:2015 are minimal, with all the same boxes needing to be ticked. However, it is clear from reading the documentation that the whole process has been streamlined, using more familiar language and on the whole a more usable standard. Probably a good thing from a usability document, I guess! The biggest unknown was Fig. 5.10 User Interface of Unknown Provenance (UOUP).
What is UOUP?
In essence UOUP is a backdoor to help grandfather in older user interfaces that have already been commercialized prior to the 2015 publication and any other products that have not undergone the IEC 62366 critique.
Many medical device manufacturers utilize components in their systems, such as a computer mouse, which obviously has not passed a “Usability Engineering Process” according to IEC 62366, or they have existing products without problems in the market for decades and would like certification, or they would like to make a minor change to the UI of something more recent. Until 2015 these user interfaces would have to go through the entire IEC 62366 process as part of the standard approval process. Now they are allowed to go through a shortened, simplified usability engineering process in which the risks associated with the usability of the component are assessed, as part of this assessment the manufacturer must also rely on information already available from the market such as adverse event reports or consumer review boards.
This simplified process can be applied to three scenarios:
- Legacy medical devices that are already on the market and have not been developed using the process according to IEC 62366:2007
- Legacy medical devices that require only minor changes and were not originally developed using IEC 62366:2007
- Medical devices containing a commercially available component which was not developed in accordance with IEC 62366: 2007. One example was the above-mentioned mouse.
What is the simplified process?
The simplifications are essentially that some of the steps of the usability engineering process, as required by IEC 62366, can be omitted. These steps are:
- The usability specification
- The usability verification
- The usability validation plan
- The usability validation itself
To this end, the feedback must be evaluated in every form as to whether it contains information on risks due to lack of usability. Sources of information include, but are not limited to:
- Reports from the service
- Customer complaints
- Notification by authorities
- Calls to hotlines
- Observations
Manufacturers are not allowed to omit the so-called “application specification”, i.e. the purpose of the function as well as the main operating functions.
What is the UOUP process?
- A Use Specification (like in 5.1 of the new standard) needs to be established.
- A review of post-production information is required. The review looks particularly at use errors, hazardous situations and any other risk and safety related incidents or near incidents. Think of it as an analogous device or predicate device review with a focus on safety.
- Hazards and hazardous situations related to usability need to be reviewed. This is done by reviewing the risk analysis of the device with the UOUP, identifying and documenting all hazards.
- Using the hazards and hazardous situations identified in point 3, risk control measures need to be implemented to insure all risks are mitigated to an acceptable level as indicated by the risk assessment. If this means making changes to the UOUP or the user interface being developed, so be it.
- A residual risk evaluation protocol must then be established based on ISO 14971 6.4.
What happens if the UI fails ANY part of 5 step UOUP process?
If any part of the UOUP process is unattainable OR if it is determined that changes to any part of the user interface are required to reduce risk to an acceptable level, those changes shall not be considered UOUP and shall be subject to the requirements of sections 5.1 through 5.9 of the 2015 standard.
In essence, UOUP only applies if the user interface is going to remain exactly the same. If even one new risk is established, the user interface will have to undergo the entire process of the sections 5.1 to 5.9 of the 2015 standard.
Why is it called UOUP and not UIUP?
I have no idea!
Image credit: Microsoft
Niall Redmond is a StarFish Medical Industrial Designer. He brings 15 years of cross industry experience and a sense of humor to a wide variety of medical device projects. He is picky about the acronym format.
Why is it called UOUP? What is UIUP?
Hey Mum,
UOUP is the acronym for User Interface Of Unknown Provenance. Although I don’t have a solid answer to the question; why it is UOUP instead of UIUP? my best guess is the entire document IEC 62366 is about Usability and User Interfaces and so they highlighted “Of Unknown Provenance” and bundled the User Interface into 1 letter.
As a side bar I personally feel UIUP would have been a more intuitive acronym. Perhaps it’s a usability fail from their usability document ha ha ha.
Isn’t it merely family resemblance – UOUP rhymes with it’s close cousin SOUP (Software Of Unknown Provenance)
If I create a SAMD (Standalone software) Baas type device that uses AI and Algorithm to assess images but connects via API to any client device is IEC62366-1 applicable or do I address the Client as UOUP?
I have no control over the type of client users use the only thing I ensure is customers can via an api submit images and then gain a report after analysis?
Hi Martin,
Without having more information it’s hard to give a concrete answer. It sounds like the area of the medical device you are concerned with is only accessible via your client’s local device and not actually part of the physical system you are designing. Unless you can restrict access to the client device and in turn validate the device, you cannot apply the IEC usability engineering process to it, be it standard or UOUP. How can you review details of a user interface you have no control over or access to? You can’t!
All that said, the purpose of usability engineering is to create safe devices and the usability engineering process is a great place to start, whether you feel it is a requirement or not. If you are in doubt you should incorporate as many of the usability engineering steps as possible into the design of the aforementioned unknown user interfaces. Look at risks and hazardous use scenarios, identify POF,s or critical tasks, set in place mitigations and preform formative evaluation all along the way in order to mitigate and learn what is safe and works and what doesn’t. And, of course, record all this information.
If you would like more insight or can provide more specifics on the device you are talking about, I am more than happy to help.
If the UI is designed based on 62366-1:2007, does that mean we have to apply principles in 62366-1:2015 to the UI or does that become UOUP?
No, if it’s designed using 62366 2007 you still need to incorporate 62366 2015/16 (unless otherwise specified) and not UOUP. UOUP is literally for things you can’t get information on. You should have all the information for the device you designed using the 2007 version, right? In essence the building blocks are all the same for 2007/2015/UOUP. They are interested in identifying specifications, risks and hazards, iterative usability testing and final summative testing.
If you have any further questions or require further clarification I am happy to answer. Hope this helps.
Hello Niall Redmond,
Can you please suggest on how to write a UOUP report, Is thier a work instruction on how to write a report/ Does any ISO standard mention on how to write this UOUP Report.
Please Suggest.
Hi Naveen,
Yes, there is a work instruction. Annex C of IEC 62366-1:2015 is the work instruction for UOUP.
Regarding the format of the report, there is no one format for report writing that is accepted. For consistency, I would suggest writing it in the same format as you are writing the rest of your reports, i.e. introduction, scope, objective etc. etc. followed by the required information in C.2.1 to C.2.5 of Annex C of IEC 62366-1:2015.
I hope this helps.
Hi Adam,
I’ll tell you the same think I tell everybody with questions such as this. The purpose of human factors engineering is to create safe and usable devices. The purpose of UOUP is to prevent unsafe devices from getting grandfathered in. If you are designing a device and you have a UOUP weather it’s from 2006 or 2016 you should look at it from a safety and usability perspective. Can you guarantee its safe and usable? Would you feel comfortable putting a device you have no greater understanding than “I think its safe” into the market as part of a medical device? I hope not! In this case you should go through the process of UOUP for the specific component. The process is very straightforward and in reality all things you should be doing as part of your device development anyway, regardless of whether it is mandated or not.
I hope this helps. If you would like to have a more in-depth discussion about please contact StarFish Medical, I am happy to talk any time.
Regards,
Niall Redmond