There is a shared responsibility among technology providers, end users, and the U.S. regulatory system to ensure that Health IT software is used safely and effectively. To this end, it is important that software used in medical devices and electronic health record (EHR) systems is designed to operate safely and reliably. At Quandary Peak, we apply our software development knowledge of risk-based process frameworks and design controls, user-centered design, and knowledge of modern agile languages and development processes to provide audits, reviews, software analyses and expert testimony in this complex and fast-changing space.

What We Do

At Quandary Peak, we:

  • Draw on our extensive experience designing and analyzing safety- and mission-critical software, including systems in the medical domain.
  • Help our clients analyze embedded and real-time medical systems.
  • Utilize the latest formal analyses to establish whether a complex medical software system was appropriately constructed to meet its stringent requirements.
  • Establish whether the root cause of medical malpractice was defective software or misuse by a medical practitioner.


What We Know
  • Compliance and audit reviews for EHRs
  • Corporate Integrity Agreements
  • EHR accreditation through certified testing bodies (ONC-ATCB’s)
  • FDA-regulated devices and 510k submissions
  • CFR Part 820 (Quality System Regulation), CFR Part 11, ISO 13485
  • Electronic health records (EHR) and electronic medical records (EMR)
  • HIPAA and privacy regulations
  • Risk Management Frameworks such as ISO 14971
  • IEC 60601, IEC/ISO 62304


We know medical software and devices.

We offer trusted and independent analysis in the changing world of EHR software standards and regulations. We serve as independent auditors for government and non-government organizations in the EHR space and have represented hospitals and EHR vendors cases relating the EMR/EHR software, CARF-accredited software, blood donation management software, medical device failure analysis, and more.

  • FDA-Regulated Medical Devices: We have managed and implemented the software development and compliance program for FDA-regulated medical devices. Our experience with the FDA 510(k) Pre-Market Application (PMA) process, Quality System Regulations (QSR), 21 CFR Part 820, and other regulatory requirements adds value to our clients in the medical device industry.
  • EMR and EHR Systems: Our experts know the medical office software industry, and the changing environment in which it operates. Electronic Medical Record (EMR) and Electronic Health Record (EHR) systems are seeing maximum adoption while also dealing with the changes brought about by the Afforable Care Act (ACA) and Meaningful Use. We understand the software used in all aspects of the provider/patient/practice interaction, from front-office clerical and scheduling, to doctor-patient encounters, to billing and claims management. Our recent work for major EHR vendors, hospitals, the ONC and the Office of Inspector General (OIG) regarding patient safety have been at the forefront of this complex and important industry.Our understanding of Meaningful Use, the 21st Century Cares Act, HIPAA, medical software standards and groups (ISO, IEC, IEEE, ANSI, AAMI), IDC-9/10 codes, PCT Codes, HL-7, patient safety and risk management frameworks, SDLC and quality testing methodologies, the Affordable Care Act (ACA), Medicare, Medicaid and private insurance reimbursements, serving as independent consultative experts, CARF accreditation, and more brings value to our clients in the field of medical office software.
  • Health Information Exchanges: The Health Information Technology for Economic and Clinical Health (HITECH) Act establishes the general goal of building national standards for exchange of healthcare information. Initiatives to reach these goals are being developed and rolled out by the Office of the National Coordinator for Health Information Technology’s (ONC) Office of Science & Technology (OST).
    Standardization, security and openness are the cornerstones of the HIE programs, and are accomplished through standardized medical/technical terminology, use of existing HL7 standards in HL7, Privacy and secure transport using secure email protocols, National Institute of Standards and Technology (NIST)-adopted encryption standards, and open and accessible application programming interfaces (APIs). Clients working with HIEs, hospitals, and the hospital vendor and services industry benefit from our HIE industry experience.
  • Mobile Healthcare and Smart-Health Devices: The rapid growth in embedded systems for healthcare devices has been brought about by the convergence of preventative health and wellness program with wearable, always-connected computing. Web and mobile patient portals, portable health devices, and wellness apps are all changing the way in which people interact with the healthcare system and their own health goals. Technical innovation, along with a focus on preventive care under the Affordable Care Act of 2012 have driven developments in this area to new heights.
    Our direct experience with the technologies used to build these systems adds value to customers’ with all kinds of software intellectual property and regulatory challenges, including patents, trade secret and confidential information, regulatory, service level agreements, software development agreements, and licensing agreements.

Speak with an Expert Today