Because it doesn't work that way. You can't validate the framework, you have to validate the product
Actually you have to validate the iteration of the product. So if your software changed significantly enough from version 1.0 to 2.0, enough that the results of processing data may have changed, now you have the pleasure of going back to validate the entire product to ensure it still works as expected instead of just doing a software verification.
Sucks, but it's the price of safety.
One of the stories I love to tell from my medical device days was spending about 6 weeks getting the validation procedure document for a software build machine approved and then spending all of 5 minutes actually building the product (which had to be separately validated), never to use the build machine again. Now, that's crossing the line into stupidity!
We're talking about two different things. Safety is the lack of Hazard that a Device presents to the Patient (or Operator). If the device doesn't exist, then there's no Safety issue.
What you are talking about is access to medical care, which is an entirely different topic
Actually you have to validate the iteration of the product. So if your software changed significantly enough from version 1.0 to 2.0, enough that the results of processing data may have changed, now you have the pleasure of going back to validate the entire product to ensure it still works as expected instead of just doing a software verification.
Sucks, but it's the price of safety.
One of the stories I love to tell from my medical device days was spending about 6 weeks getting the validation procedure document for a software build machine approved and then spending all of 5 minutes actually building the product (which had to be separately validated), never to use the build machine again. Now, that's crossing the line into stupidity!