ISO 62366: A Practical Guide to Usability Engineering for Medical Devices

by SysAdmin Misc
Pre

In the regulated landscape of medical devices, the application of usability engineering is not merely a best practice; it is a cornerstone of patient safety, product effectiveness, and regulatory compliance. The international standard ISO 62366 sets out a rigorous framework for applying usability engineering to medical devices, ensuring that devices are designed with the end user in mind and that potential use-related risks are identified and mitigated throughout the development life cycle. This comprehensive guide delves into what ISO 62366 is, how it fits with related standards, and practical steps for implementing ISO 62366 across product programmes in the United Kingdom and beyond.

What is ISO 62366?

ISO 62366, formally titled Medical devices — Application of usability engineering to medical devices, provides a structured process for integrating human factors and usability considerations into the design and development of medical devices. The standard is supported by subsequent refinements and clarifications under versions such as ISO 62366-1:2015, which expands on the core principles and aligns them with current regulatory expectations.

At its essence, ISO 62366 emphasises user-centred design, hazard analysis related to use, and the documentation required to demonstrate that a device can be used safely and effectively by the intended user populations. The standard recognises that usability failures are a major source of use-related hazards and seeks to reduce those hazards through proactive design choices, iterative testing, and robust traceability.

The central aims of ISO 62366

Key aims of ISO 62366 include:

  • Identifying use-related hazards early in development through human factors analysis.
  • Engaging real users and actual use environments in formative and summative usability testing.
  • Establishing a clear linkage between design decisions, user needs, and safety outcomes.
  • Providing a documentation trail that supports regulatory review and post-market surveillance.

ISO 62366, and its evolution in ISO 62366-1, are designed to be compatible with broader risk management frameworks such as ISO 14971, ensuring that usability risks are integrated into the overall risk management process rather than treated as a separate activity.

For organisations manufacturing medical devices in the UK and across Europe, ISO 62366 complements regulatory requirements and other standards. While ISO 14971 governs risk management, ISO 62366 focuses on usability as a critical source of risk. The relationship is synergistic: usability activities feed into risk analysis, control measures are implemented, and evidence is gathered through usability tests to support the device’s technical documentation and regulatory submissions.

In practice, many regulatory bodies and notified bodies look for a coherent usability engineering process that demonstrates how user needs are translated into design decisions, how use-related hazards are identified and mitigated, and how testing validates that the device is safe and effective when used by the intended users in real-world settings.

Implementing ISO 62366 in a medical device programme involves a disciplined sequence of activities that weave usability into the fabric of product development. The following roadmap outlines a practical approach that organisations can adapt to their specific contexts while maintaining alignment with ISO 62366 and ISO 14971.

1. Establish governance and scoping for ISO 62366 activities

Start with clear leadership, define roles and responsibilities for usability engineering, and determine the scope of ISO 62366 implementation for the device family. Decide which devices will undergo usability evaluation, identify target user groups, and establish success criteria for safety and performance under real-use conditions.

2. Define user profiles, use scenarios, and use-related hazards

Develop representative user personas and use scenarios that reflect real-world workflows. Conduct early hazard analyses focusing specifically on use-related hazards that could arise from user interaction, accessibility limitations, or cognitive load. Align these hazards with the broader risk management plan required by ISO 14971 to ensure traceability.

3. Design with usability in mind: iterative design iterations

Incorporate human factors considerations into the design process from the outset. Use iterative design cycles to address usability issues as they surface, refining user interfaces, feedback mechanisms, labeling, and instructional materials.

4. Formative usability evaluations and formative testing

Carry out formative evaluations with representative users in conditions that emulate real use. Gather qualitative and quantitative data to identify usability problems and to iterate on design decisions. Document findings and actions taken to close gaps.

5. Build a robust usability file and documentation trail

Develop a comprehensive usability file alongside the technical documentation. This should capture study protocols, participant demographics, test results, risk mitigations, and design changes linked to use-related hazards. The usability file should form a transparent thread through design history and risk management processes.

6. Summative testing and validation

Conduct summative, or validation, testing with the intended users under conditions that closely mirror real use. This testing level provides evidence that the device can be used safely and effectively in its target environment and supports regulatory filings and post-market expectations.

7. Prepare for regulatory submission and post-market monitoring

Compile ISO 62366 evidence into the regulatory package, ensuring traceability back to user needs, design decisions, and risk controls. Establish post-market surveillance plans to monitor usability performance and to identify any emerging use-related hazards after market launch.

The ISO 62366-1:2015 standard expands on the core ideas of usability engineering, providing more detailed guidance on how to implement the process. It emphasises three foundational elements:

  • Usability engineering process: a structured, repeatable approach to ensure user needs are addressed throughout development.
  • Use-related risk: a focus on hazards triggered by the interaction between user and device, and the mitigation of those hazards.
  • Documentation: thorough records that demonstrate how usability concerns were addressed and how decisions were made.

While the standard is universal, its practical application must be tailored to the device class, patient population, and regulatory environment. For UK manufacturers, aligning with ISO 62366-1 ensures that usability considerations are recognised by regulatory authorities and notified bodies as part of the medical device lifecycle.

Across the medical device sector—diagnostic devices, infusion systems, imaging equipment and digital health tools—organisations apply ISO 62366 in diverse ways. Some common patterns include:

  • Early user research to identify critical use cases and potential hazards before prototype development.
  • Iterative user interface refinement guided by user feedback and task efficiency metrics.
  • Structured usability testing programmes that cover worst-case scenarios, routine use, and emergency workflows.
  • Comprehensive documentation trails that connect design decisions to risk mitigations and usability outcomes.

In addition, many teams integrate ISO 62366 with software life cycle standards such as IEC 62304 for medical device software to ensure that usability considerations extend to software interfaces and interaction logic as well as hardware usability.

The central relationship between ISO 62366 and risk management is that usability engineering is a major source of use-related risks. The standard requires a systematic approach to identify, evaluate, and mitigate these risks. Practically, this means that hazard analysis includes user- or use-context factors, the results inform design changes, and testing demonstrates that residual risks are within acceptable levels.

In many organisations, the risk management file under ISO 14971 is integrated with the usability file so that the overall risk picture reflects both device engineering hazards and use-related hazards. This integrated approach supports a robust demonstration of safety and performance to regulators, clinicians, and patients alike.

Documentation is a crucial part of ISO 62366 compliance. The evidence bundle typically includes:

  • Use profiles, user tasks, and real-world use scenarios.
  • Hazard analyses and use-related risk controls linked to design decisions.
  • Protocol documents for all usability studies, with details on participants, settings, and measurements.
  • Records of iterative design changes triggered by usability findings.
  • Summative usability test results, including statistical analyses and success criteria.
  • Traceability matrices that connect user needs to design features, risk controls, and test outcomes.

Having a well-maintained usability file helps ensure that audits and regulatory reviews can quickly verify that ISO 62366 requirements have been addressed comprehensively.

Usability testing is a core activity in ISO 62366. The goal is to observe real users interacting with the device to uncover problems that could compromise safety or performance. Below are common testing approaches and best practices used in UK and international contexts.

Laboratory usability testing

In controlled settings, participants perform representative tasks while facilitators observe and record difficulties, errors, and time to complete tasks. This approach enables precise measurement and controlled variation of variables.

In-context or field testing

Testing occurs in real care environments or typical practice settings. In-context testing yields high ecological validity and helps capture issues that may not surface in a lab, such as environmental distractions, workflow interruptions, and team communication challenges.

Remote and virtual usability testing

When on-site testing is impractical, remote methods can be useful. Remote tests still emphasise real user interaction with the device, often with screen sharing, think-aloud protocols, and remote facilitators guiding tasks.

Formative versus summative testing

Formative testing informs design iterations and should occur early and frequently. Summative testing provides final evidence of safety and usability before regulatory submission or market release. Both are essential components of ISO 62366-compliant programmes.

Heuristic evaluation and expert reviews

Expert reviews by usability professionals can identify glaring usability issues before user testing. While not a substitute for user testing, heuristic evaluation is a valuable supplementary activity within the ISO 62366 framework.

Even with a clear framework, organisations encounter common hurdles in applying ISO 62366 effectively. Here are practical strategies to navigate these challenges.

  • Ensure representative user participation to avoid biased results. Recruit a diverse cohort that mirrors real-use populations and uses.
  • Link design decisions directly to use-related risk controls to maintain traceability across the design history file and risk management documentation.
  • Balance usability with risk management constraints. Where trade-offs are necessary, document the rationale and alternatives considered.
  • Avoid scope creep by defining a clear usability plan at the project outset and regularly revisiting it as the product evolves.
  • Keep documentation concise, yet complete. Regulatory reviewers expect evidence of methodical thinking, repeatability, and justification for changes.

The landscape of medical devices continues to shift with advances in digital health, software as a medical device, and AI-enabled interfaces. ISO 62366 remains relevant, but practitioners should stay alert to evolving expectations around data privacy, cybersecurity, and the transparency of AI-driven decisions within user interfaces. Manufacturers should consider how ISO 62366, alongside related standards for software life cycle (such as IEC 62304) and data handling, can be harmonised to support safer, more intuitive devices across traditional and digital channels.

For organisations undertaking ISO 62366 compliance or aiming to refresh their usability engineering function, the following practical tips are helpful:

  • Start with a clear usability plan aligned to your product roadmap and regulatory commitments.
  • Embed usability responsibilities within the product team rather than treating it as a separate activity.
  • Engage clinical and operational end-users early to capture authentic use scenarios and context.
  • Document every design decision with a clear link to use-related risk controls and user needs.
  • Plan for iteration: expect to revise interfaces and documentation as new insights emerge from testing.

In discussions and documentation, you may encounter variations such as “ISO 62366” and “62366 ISO”. While the conventional form is ISO 62366, it can be helpful to include reversed or alternative phrasing in internal notes to emphasise the standard’s origin (ISO) and its number (62366). The core concept remains the same: usability engineering for medical devices, guided by a rigorous, user-centred approach that reduces use-related hazards and improves safety and performance.

ISO 62366 provides a powerful, pragmatic framework for integrating usability engineering into every stage of medical device development. By focusing on real users, use scenarios, and use-related risk mitigation, organisations can deliver devices that are not only compliant with regulatory expectations but genuinely safer and more intuitive to use in clinical settings. A disciplined, well-documented approach to ISO 62366—strongly supported by ISO 14971 risk management and, where appropriate, IEC 62304 software life cycle practices—offers a robust foundation for producing medical devices that stand up to regulatory scrutiny and, most importantly, improve patient outcomes.