Software in Medical Devices – Update for Q1 & Q2 2016

Software in Medical Devices – Update for Q1 & Q2 2016

This is a continuation of the software updates I have been sending out. Please check out all of the references to download and/or to purchase.

Software Recalls Q1 and Q2/2016

We have been following the recalls and there were a growing number of recalls that are listed where software played a role in the recall. The following are additional examples of recalls involving software directly as listed on the FDA website. There were almost 60 recalls in this quarter relating to software, including 3 class I recalls. There may be more but classified not under software directly.

Brainlab Cranial Image-Guided Surgery Sys, Class I – Brainlab is recalling the Cranial IGS System due to potential inaccuracies in the display by the navigation system compared to the patient anatomy. This could lead to inaccurate, ineffective medical procedures, and serious life-threatening injuries including death.
Dräger, Medical Emergency Ventilators, Class I – Dräger is recalling the Oxylog Emergency Transport Ventilators because an electrical issue may cause the device to stop working if the control knobs (adjustment potentiometers) are not regularly used. If the device operator does not intervene, the patient may not receive enough oxygen and could suffer serious adverse health consequences, including injury or death.
Dräger, Critical Care Ventilator, Class I – The battery capacity of the optional PS500 power supply unit for the Infinity (ACS) Workstation Critical and Neonatal Care was rapidly and unexpectedly reduced, despite using the most recent power supply firmware version 1.50 released in November 2015 (recall Z-0436-2016). The batteries were prematurely discharged, even though an adequate battery charge status was displayed on the device.
Accu-Chek, Inform II Base Unit, Class II – Accu-Chek Inform II Base Unit might produce physical transmission errors in the form of data loss in the communication between the meter and the Data Management Systems (DMS). The issue can lead to the data loss or in the worst case to an erroneous assignment of the patient data (patient mismatch). The issue will only occur at sites using POTCT1-A communication via USB.
McKesson, Horizon Medical Imaging, Class II – McKesson has identified a design deficiency where under rare circumstances, imported images/studies may re-use a non-unique image directory. This issue may cause incorrect images to be displayed for a patient.
Puritan, Bennett 980 Ventilator System, Class II – Graphical user interface (GUI) unresponsive to touch and Loss of primary ventilation under certain circumstances. Covidien Respiratory and Monitoring Solutions, now a part of Medtronic, issued a field corrective action notice for two issues on all models of Puritan Bennett 980 (PB980) ventilator.
Siemens, Syngo Dynamics, Class II – Siemens’ conducting a recall due to a potential issue when using the measurement package of the VA10 version of Syngo
CHG Hospital Beds, Spirit TM Select Bed, Class II – It was identified that in some situations the bed exit alarm may not function as intended. The software code for the bed exit system has the potential to auto-reset erroneously. In some situations, the software code does not allow enough time for the weight value to fall to zero once the patient egresses from the bed, in which case, the bed has the potential to reset the bed exit alarm.
Ortho-Clinical Diagnostics, VITROS 250 Chemistry Systems, Class II – Increased U90-382 or 6LU condition codes generated by VITROS 250, 350, 5,1 FS, 4600 and 5600 Chemistry Systems when using Calibrator Kit 9, Lot 954. A trend of complaints regarding customer’s actions following U90-382 or 6LU condition codes was noted.
Philips, Allura Xper, Class II – Upon initiating Fluoroscopy the user may encounter a user message Fluoro failed.
Philips, Trilogy, Class II – Phillips only listed a software Issue as the reason and the FDA determined cause is Software design.
Spacelab, Healthcare Xhibit Central Station, Class II – The firm has received one report of values for patient height and weight being switched when input at the Xhibit Central Station, Model 96102, causing a bedside monitor Body Surface Area (BSA) calculation to be in error.
Olympus Scientific Solutions Americas, Delta XRF Analyzer, Class II –Olympus only listed a software Issue as the reason.
GE, Precision MPi, Class II – It was discovered that the Remote Touch Panel (RTP) of the GE Precision MPi X-ray system may not always boot up as intended and needs to be updated to properly accomplish its intended purpose.
Philips, Healthcare PIIC Classic Upgrade, Class II – Reconstructed ECG leads viewed or printed at the Information Center iX may misrepresent the ECG waveform in specific leads.
IntelliVue Info Center iX, Class II – Reconstructed ECG leads viewed or printed at the Information Center iX may misrepresent the ECG waveform in specific leads.
Siemens, Syngo Plaza, Class II – Siemens is releasing an updated software version to address several software issues including RGB images will show “?” since calculation of HU is not possible; save as option enabled; changes in access for loading studies; breast region is now properly fitted to segment boundary when clicking fit breast to screen.
Siemens, Software for Syngo Dynamics, Class II – Siemens is releasing a software update that addresses an issue of mixing data from multiple patients. In rare situations, echo trend graphs may mix data from multiple patients.
Varian Medical Systems, Eclipse Treatment Planning System, Class II – When using PBC 11.0.31 to calculate the dose for a conventional arc field with more than 100 segments for Eclipse versions 11.0, 13.0, 13.5 or 13.6, the displayed dose does not correspond to the calculated Monitor Units (MU). Potential for unintended radiation exposure.
Bio-Rad Laboratories, EVOLIS Microplate System, Class II – The error “Washer Reagent Clean Fluid” level low alarmed, which prompted the customer to open the system drawer. When the system drawer was opened the customer noted the plate transport was still running and as a consequence the plate was pushed off the plate transporter.
CareFusion 303, Jadak Barcode Scanner, OTS/SOUP problem, Class II – Customers reported issues when scanning medications with the When a user scans a medication using the affected barcode scanner, information on a different medication could be communicated to the Pyxis product.
Merge Healthcare, RadSuite, Class II – Potential incorrect Standardized Uptake Values (SUV) measurements in e that is calculating improperly in some cases. This can result in an incorrect dose calculation.
Toshiba, INFX-8000V Bi-Plane X-Ray, Class II – When a fontal DA (Digital Angiography) acquisition was done, scattered x-ray came into the dose meter on the lateral side. As a result, the dose meter sent a minus value to the software. Consequently, the software defined the data as an “abnormal value” and it stopped displaying dose data and the dose data was lost. The following message was displayed, “Dose meter abnormal, Dose info disabled”.
Mindray, Panorama Patient Monitoring Network, Class II – An issue with the Panorama Central Station may cause the system to spontaneously restart. This may occur after about 49 days of continuous operation. On restart, monitoring will be lost for about 2.5 minutes. Settings and configurations are maintained.
Elekta Oncentra Radiation Therapy Planning, Class II – When using the option “Tumor Overlap Fraction” in VMAT planning it has been observed that in rare cases the system does include an organ at risk as target volume. This could result in open MLC, and open jaws in areas away from the target volume.
Natus Neurology DBA Excel Tech., Quantum with NeuroWorks Software, Class II – During an internal testing, Natus identified that in Neuro Works 8.1 with Quantum hardware, the incoming signal is displayed with reversed polarity.
Philips, Lumify Diagnostic Ultrasound, Class II – Color Flow direction is displayed incorrectly in Lumify 1.0. The system displayed Color Flow direction does not correctly represent the annotated Color Bar or Velocity Markers. (e.g.) When the Color Bar conveys that Red is to be displayed for color flow toward the Transducer, the system displays Blue for color flow toward the Transducer. This could result in misdiagnosis in some studies.
Vidco, Remote Patient Monitoring System, Class II – Testing at customer site showed unit Remote Patient Monitoring System MDP2040-0100 in a continuous trap condition, not allowing system to reset and reboot. Two customers recently complained of the system freezing and it could only be restarted if the user re-applied power.
Merge Healthcare, Cardio, Class II – Merge Healthcare sent out Merge HEMO V10.0 & Merge CARDIO V10.1 software to 3 customers before the product was completely validated in house.
Elekta, MOSAIQ Oncology Information System, Class II – Incorrect drug dosage due to “Age Limit” and patient weight data item issue.
Intuitive Surgical, EndoWrist Stapler, Class II – Potential for unexpected motion of the Xi Stapler jaws on the da Vinci Xi System with p5 software relating to a combination of the p5 software and the surgeon quickly transitioning from the clamp to the fire pedal during use.

Were these software recalls due to insufficient testing? Were they due to not following the SDLC Procedure? Your guess is as good as mine.

Warning Letters

PCA Laboratories, Ltd. – 1. Failure to have computerized systems with sufficient controls to prevent unauthorized access or changes to data. During the inspection, FDA investigators discovered a lack of basic laboratory controls to prevent changes to your firm’s electronically stored data. Your firm relied on incomplete records to evaluate the quality of your drugs and to determine whether your drugs conformed with established specifications and standards. Our investigators found that your firm routinely re-tested samples without justification, and deleted analytical data. We observed systemic data manipulation across your facility, including actions taken by multiple analysts, on multiple pieces of testing equipment, and for multiple drugs. . . . . . .
This inspection revealed that these devices are adulterated within the meaning of section 501(h) of the Act, 21 U.S.C. § 351(h), in that the methods used in, or the facilities or controls used for, their manufacture, packing, storage, or installation are not in conformity with the current good manufacturing practice requirements of the Quality System regulation found at Title 21, Code of Federal Regulations (CFR), Part 820. Failure to adequately validate software used as part of production and quality systems for its intended use according to an established protocol, as required by 21 CFR 820.70(i). . . . . . . . .

Factors to Consider Regarding Benefit-Risk in Medical Device Product Availability, Compliance, and Enforcement Decisions

The FDA issued on 16/6/16 the draft guidance: Factors to Consider Regarding Benefit-Risk in Medical Device Product Availability, Compliance, and Enforcement Decisions. This draft defines FDA’s approach to evaluate the Risk- Benefit relationship when evaluating information about medical devices.

CDRH Fiscal Year 2016 (FY 2016) Proposed Guidance Development and Focused Retrospective Review of Final Guidance

The following is the prioritized medical device guidance documents that the Agency intends to publish in FY 2016 (“A-list”):

Final Guidance Topics

General Wellness Products
Medical Device Accessories
Benefit-Risk Factors to Consider when Reviewing IDE Submissions
UDI Direct Marking
Adaptive Design for Medical Device Clinical Studies
Incorporating Patient Preferences into Medical Devices Premarket Approvals, Humanitarian Device Exemptions, and De Novo Classifications
Applying Human Factors & Usability Engineering to Optimize Medical Device Design
Policy for Regulatory Oversight of Laboratory Developed Tests (LDTs)
Submission and Review of Sterility Information for Devices Labeled as Sterile
Use of ISO 10993-1, Biological Evaluation of Medical Devices Part I: Evaluation and Testing (Biocompatibility)
Postmarket Surveillance Studies Under Section 522 of the Food, Drug, and Cosmetic Act
Medical Device Reporting (MDR) for Manufacturers

Draft Guidance Topics

Medical Device Decision Support Software
Use of Symbols in Labeling
510(k) Modifications
Software Modifications
510(k) Third Party Review Program
Companion Diagnostics Co-Development
Use of Real-World Observational Patient Data to Support Decision Making for Medical Devices
UDI Convenience Kit
Public Notification of Emerging Postmarket Medical Device Signals

The following is the device guidance documents that the Agency intends to publish, as the Agency’s guidance-development resources permit each in FY 2016 (“B-list”):

Final Guidance Topics

Reporting of Computational Modeling Studies in Medical Device Submissions
Blood Glucose Monitoring Test Systems for Prescription Point-of-Care Use
Self-Monitoring Blood Glucose Meters for Over-the-Counter Use
Radiation Biodosimetry Devices
Finalizing existing draft guidance

Draft Guidance Topics

Medical Device Interoperability
Patient Access to Information
Evaluation and Reporting of Age, Race, and Ethnicity Data in Medical Device Clinical Studies
Patient Matched Instrumentation for Orthopedics
Dual 510(k) and Clinical Laboratory Improvement Amendments Act (CLIA) Waiver by Application
Defining the Unique Device Identifier (UDI)
Critical to Quality Information for Abdominal Surgical Mesh Devices
Critical to Quality Information for Hydrophilic Coated and Hydrophobic Coated Vascular and Neurological Devices

FDA Lays Out Final Guidance on Post-Market Surveillance Requirements

The FDA have issued the final guidance on 16/5/16 on Post-Market Surveillance Requirements.

FDA Issues Technical Guidance for Medical Devices using 3-D Printing

The FDA have issued a draft guidance on 10/5/16 on the requirements for additive manufacturing, which is a fancy name for 3D printing.

FDA Issues final guidance on Applying Human Factors and Usability Engineering to Medical Devices

The FDA have issued the final guidance on 3/2/16 on Applying Human Factors and Usability Engineering to Medical Devices which replaces the draft guidance from 21/6/11.

http://www.fda.gov/medicaldevices/newsevents/workshopsconferences/ucm484392.htm

FDA Issues Draft Priority Devices for Human Factors Review

The FDA have issued the final guidance on 3/2/16 on which devices have highest priority for human factors review. This is important for all submitting 510(K)s knowing whether you are a priority candidate for review or not.

https://docs.google.com/viewer?url=http%3A%2F%2Fwww.fda.gov%2Fdownloads%2Fmedicaldevices%2Fdeviceregulationandguidance%2Fguidancedocuments%2Fuc m484097.pdf

FDA Issues Draft Display Devices for Diagnostic Radiology

FDA issued a draft guidance dated 9/2/16 for Display Devices for Diagnostic Radiology. This guidance may cause some confusion since software for medical imaging is outside its scope and described in a much earlier separate guidance. The new guidance focuses on physical display devices but includes the software/firmware embedded in these devices. The guidance indicates these devices are Class II requiring a 510(k) although most simple Medical Image Management software devices do not require 510(k)s based on the other guidances. Appendix B of the new guidance discusses Device modifications and states changes in graphics drivers and calibration software most likely would not require a new 510(k). The guidance also discusses Device Bundling in 510(k) submissions in Appendix C. Section 7 defines specific physical laboratory testing to perform and Section VIII provides extensive specifics and labeling requirements.

www.fda.gov/downloads/medicaldevices/deviceregulationandguidance/guidancedocuments/ucm484914.pdf

CareFusion Pyxis Homeland Security Alert

On March 29, 2016 the US Department of Homeland Security issued an Advisory regarding the Carefusion Pyxis SupplyStation System Vulnerabilities that would only require an attacker with low skills. Please note the list of mitigations included in this alert.

Last update I mentioned that the FDA has issued a safety communication to health care facilities using the Hospira Symbiq Infusion System regarding cybersecurity vulnerabilities.

https://ics-cert.us-cert.gov/advisories/ICSMA-16-089-01

ISO 13485:2016 and Software Validation

Section 4.1.6 – General Requirements: The standard requires validation of all computer software that is used as part of the quality system. While it has never been a requirement of ISO 13485, software validation has long been discussed in the industry, and not without some controversy. For example, questions arise like, “What if you use an Excel spreadsheet to control a process? Do you have to validate that spreadsheet?” Sometimes organizations don’t even know where to begin with software validation — what to validate and how to validate it.

Under these revisions, computer software can be used for, but is not limited to, product design, testing, production, labeling, distribution, inventory control, data management, complaint handling, equipment calibration and maintenance, and corrective and preventive action. If software involves or affects the quality system, you need to validate it. Plus, you need to have a very specific justification for how you validated that software, keeping records associated with what you did and demonstrating that the software tool is doing what it’s supposed to.

Section 7.1 – Product Realization: A note was added asking organizations to look at IEC-62304, which is a guidance related to software lifecycle processes. If your device incorporates software, the guidance wants you to look at all the different lifecycles of that software, so you’re planning ahead of time for future changes.

FDA Use of EHR data in Clinical Investigations

The FDA issued a draft guidance entitled: Use of Electronic Health Record Data in Clinical Investigations. This draft addresses a variety of issues including EHRs certified by ONC, data modifications, audit trails, informed consent, and privacy and security.

https://www.fda.gov/regulatory-information/search-fda-guidance-documents/use-electronic-health-record-data-clinical-investigations-guidance-industry

EU Data Protection Regulation

EU regulation 2016/679 of the European Parliament and of the Council from 27/4/16 applies to all companies collecting and processing personal data in the EU and does include medical devices. There is NO grandfathering under the GDPR, so in May 2018 all existing systems must be able to meet these requirements. It specifically lists genetic data and biometric data as sensitive personal data.

Developers (both medical device and health products that are not regulated as medical devices that collect or process personal data) will be under specific obligations to introduce data protection by design and default into their systems.

http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=EN

US Regulators Launch Online Tool for Mobile Medical App Developers

The US Federal Trade Commission (FTC) has published an online tool designed to help developers of mobile medical and telehealth apps determine which laws and regulations pertain to their products. The tool presents a series of questions for developers to see whether they must comply with one or more of the following US laws:

Health Insurance Portability and Accountability Act (HIPAA), enforced by the US Department of Health & Human Services
Food, Drug & Cosmetic Act, enforced by the FDA
Federal Trade Commission Act, enforced by the FTC
Health Breach Notification Rule, enforced by the FTC

https://www.ftc.gov/tips-advice/business-center/guidance/mobile-health-apps-interactive-tool?source=govdelivery&utm_medium=email&utm_source=govdelivery

Three Bills Affecting FDA Medical Device Oversight Advance in US Senate

Proposed legislation targeting the Food and Drug Administration’s medical device premarket review processes as well as the scope of the agency’s oversight over medical software are now closer to approval in the US Senate.

The FDA and CE have not changed their attitude towards software validation and, if anything, expect companies to be fully compliant with the guidelines and regulations. There have been numerous guidelines added lately, including cybersecurity, etc. The amount of recalls due to software is growing and will impact the FDA’s decision to monitor software changes after receiving clearance.

There are many ways to handle the software development/maintenance life cycle and the software validation. If there are any questions or requests, please feel free to contact us.

Mike

Download the Full Update

Related Posts