Skip to content

Software in Medical Devices – Update for Q1/Q2 2018

Software in Medical Devices – Update for Q1/Q2 2018

 This is a continuation of the software updates I have been sending out.  Please check out all the references to download and/or to purchase. If you have any questions, please contact us.

Software is everywhere in medical devices and IVDs. The FDA and CE are becoming more pedantic on how they review and relate to software. The number of companies getting into the field is growing and the amount of software being developed for medical is very large.

Software Recalls Q1-Q2 /2018

We have been following the recalls and there were a growing number of recalls that are listed where software played a role in the recall. The following are additional examples of recalls involving software directly as listed on the FDA website. There were over 110 recalls in this period relating to software, including a class 2 recall. There may be more but classified not under software directly.

  • Draeger Jaundice Meter JM-103, Class I – The device is intended for use in hospitals, clinics or doctor s offices under a physician s supervision / direction to assist clinicians in monitoring of newborn infants. The device is not intended as a standalone for diagnosis of hyperbilirubinemia. It is to be used in conjunction with other clinical signs and laboratory measurements. Users have misinterpreted the display for out of range measurement indicated by the blinking” —” to mean a zero measurement.
  • Apollo Anesthesia Machine, Class II – In the event of a fault, the S-ORC module would not prevent setting an N2O flow that would result in a hypoxic mixture from being dosed to the patient. Potential adverse outcomes include death of the patient.
  • CARESCAPE R860 Ventilators, Class II – Potential for the display processor to experience an unexpected failure.
  • CritiCore Automated Urine Monitor, Class II – Issues identified with the monitor including urine output measurement errors, temperature measurement errors and undesired alarms.
  • Cyberonics VNS Therapy Programmer, Class II – During these programming events, the miscalculations can lead to: ” Delivery of more stimulation than intended, resulting in painful stimulation or other common side effects (Model 106 only); ” No stimulation in the case of device disablement (Burst Watchdog Timeout), resulting in no therapy to the patient (Model 106 only); ” Delivery of less stimulation than intended, resulting in therapeutic settings not being achieved within device specification (Models 103, 104, 105, or 106); and/or ” Delays or absence of the 75% and 50% battery life indicators displayed by the programming software (Models 103, 104, 105, or 106).
  • Fabius GS MRI Anesthesia Machine, Class II – The device may be able to dose 100% N2O. In the event of a fault, the S-ORC module would not prevent setting an N2O flow that would result in a hypoxic mixture from being dosed to the patient. Potential adverse outcomes include death of the patient.
  • CellaVision DM Software, Class II – A software malfunction was found where WBC, RBC and PLT comments added after a slide is signed, are not sent to the LIS. This can only occur where customers process multiple slides per blood sample.
  • Sonialvision Safire II, Class II – When selecting serial radiography with a pulse rate of 7.5fps (including selecting a preset or changing the pulse rate using a temporary edit function) it was observed the indicated “irradiation time” on the X-ray Generator Console, as well as the “integral dose” on the external console of fluoroscopy, were reset to 0. There has been one report of this event.
  • AdaPTinsight Software, Class II – IBA is initiating this recall to address an issue identified with AdaPTinsight software and to reduce risk related to this problem.
  • GE Centricity Universal Viewer, Class II – Potential that one or more image series may be missing from an exam without a user warning displayed in the viewer.
  • NordicNeuroLab AS nordicBrainEx 0, Class II – The system provides analysis and visualization capabilities of dynamic MRI data of the brain, presenting the derived properties and parameters in a clinically useful context. An error was discovered in the interpretation of certain DICOM header tags that may lead to incorrect orientation labeling, and thus and indirect left-right, up-down or anterior-posterior flipping of images.
  • Invivo Xper Flex Cardio Physiomonitoring System, Class II – While in Full Disclosure playback, a user may inadvertently close the Full Disclosure Control Window using the ESC key function, instead of pressing the X icon in the upper right corner of this window.
  • Baxter Prismaflex 20 US, Class II – Baxter Healthcare will be installing new firmware on all Prismaflex control units to address the potential for a small number of these units to exhibit a failure mode with the pump module electronics. The failure mode may result in a Voltage Out of Range malfunction alarm, which causes the device to enter a safe state and become inoperable until it is serviced. Baxter will be releasing new firmware that will prevent the malfunction from occurring.
  • Draeger Infinity Acute Care System, Class II – Software anomaly resulting in the loss of patient settings and stored patient data.
  • Philips Xper Flex, Class II – The real-time numeric value for ventricular end- diastolic pressure (EDP) displayed on the Live Display may be inaccurate. Because ventricular pressure monitoring is only performed in the cardiac catheterization procedure room using the FC2010 device, the FC2020 device, which is used in the Pre or Post-Op Holding Areas, is not impacted by this issue.
  • Siemens SOMATOM Definition AS, Class II – There is a potential risk of unnecessary radiation exposure due to a software issue found in the CARE Dose4D algorithm implemented in Siemens Healthineers CT scanners of types SOMATOM Definition AS, SOMATOM Definition DS, SOMATOM Definition Edge, SOMATOM Definition Flash and SOMATOM Force.
  • Siemens SOMATOM Force CT Diagnostic System, Class II – There is a potential risk of unnecessary radiation exposure due to a software issue found in the CARE Dose4D algorithm implemented in Siemens Healthineers CT scanners of types SOMATOM Definition AS, SOMATOM Definition DS, SOMATOM Definition Edge, SOMATOM Definition Flash and SOMATOM Force.
  • FlexLab Laboratory Automation System, Class II – Module may freeze without generating user warning. There is a potential risk in delay of sample processing, leading to delayed delivery of test results to patients.
  • Siemens ACUSON SC2000 Ultrasound, Class II – The ECG signal may flatline due to electromagnetic interference during the use of electrosurgical equipment.
  • Siemens Syngo Plaza Software, Class II – Software upgrade to correct format of study dates and issues with Legacy Presentation States (annotations) in order to prevent potential patient misdiagnosis.
  • Siemens plaza software VB10A, Class II – The software is a Picture Archiving and Communication System (PACS) intended to display, process, read, report, communicate, distribute, store and archive digital medical images. It supports the physician in diagnosis and treatment planning. Syngo.plaza also supports storage and archiving of DICOM Structured reports. In a comprehensive imaging syngo.plaza integrates Hospital/Radiology Information Systems (HIS/RIS) to enable customer specific workflows.
  • AQURE System, Class II – The AQURE system is intended to let allow the management of analytical devices and operator profiles. The user can associate patient data with test data. The system shows test results. The system receives data from connected devices at the point-of care or laboratory. It can send test results to the HIS/LIS. The system lets the user send commands to selected devices. The system uses data related to the performance of devices, to tell users of issues to be managed. There is a potential problem relating to the AQURE System, versions 2.3.0 and 2.3.1, that may result in patient mix-up.
  • Roche OMNI S2 and S4 Systems, Class II – The systems are a fully automated critical care analyzer intended to be used for the measurement of pH, PCO2, PO2, sodium, potassium, ionized calcium, chloride, hematocrit, glucose, lactate, urea/BUN, total hemoglobin, oxygen saturation, oxyhemoglobin, deoxyhemoglobin, carboxyhemoglobin, and methemoglobin in samples of whole blood, serum, plasma, and aqueous solutions as appropriate. The software responsible for starting scheduled AutoQC measurements (scheduler) will not activate.
  • Hitachi MHI-TM2000 Linear Accelerator System, Class II – The Linear Accelerator System is intended for radiation therapy of lesions, tumors and conditions anywhere in the body where radiation treatment is indicated. Due to a system controller software anomaly, the patient positioning deviation correction may not be applied and may result in the wrong part of the patient being irradiated.
  • PerkenElmer Specimen Gate Screening Center, Class II – The Specimen Gate Screening Center is used for data management of neonatal screening test results and demographics by qualified laboratory personnel in newborn screening programs. Potential errors in patient results generated by the Screening Center product that include both false negative and false positive results.
  • Philips Allura Xper, Class II – The Allura Xper ED series is intended for use on human patients to perform: Vascular, cardiovascular and neurovascular imaging applications, including diagnostic, interventional and minimally invasive procedures. After continuous operation for more than one and a half days, the image on the large screen monitor may freeze for approximately 15 seconds after which the system will restore itself.
  • Siemens Perspective, Class II – The system is intended to produce cross-sections images of the body by computer reconstruction of x-ray transmission data. To inform customers of possible incorrect tube current calculations by the CARE Dose4D algorithm for head scans based on p.a. (posterior-anterior) or a.p. (anterior-posterior) topograms. Depending on the geometrical shape of the skull bone, it may happen in rare cases that the calculated dose distribution is not appropriate and could lead to unnecessary radiation exposure.
  • Siemens Biograph Horizon, Class II – Software Nuclear medicine/ x ray diagnostic scanner. Error introduced into PET images acquired and reconstructed with VJ20A software. Array values are indexed improperly when the norm file is created during QC. During data reconstruction, incorrect values are being applied. This can lead to a gradient in the image. The severity of the error is directly related to the positioning of the PET QC phantom relative to the center of the field of view.
  • GE Healthcare Lunar, Class II – Provides an estimate of BMD (Bone Marrow Density) at the lumbar spine and proximal femur regions. This BMD value can then be compared to a reference population at the sole discretion of the physician. Under certain conditions, when using DICOM Worklist along with DICOM MPPS, a report for a bone density exam may be sent to PACS with the incorrect patient information in the DICOM header. The correct patient information will be listed on the DICOM report image; however, the report may appear under a different patients name in the PACS.
  • Philips Ingenuity TF PET/CT, Class II – The device is an integrated diagnostic X-ray Computed Tomography (CT) and Positron Emission Tomography (PET) system suitable for a wide range of diagnostic applications. The device utilizes the CT technology to obtain anatomic images of the human body and PET technology to obtain functional images of the human body. Following a period of inactivity, the mass storage device may cause the acquisition console to become unresponsive. This may prevent an acquisition from proceeding.
  • AQUIOS CL Flow Cytometer System, Class II – The AQUIOS CL Flow Cytometer system is an automated analyzer that use a no-wash sample preparation process. The device may process the same sample with two different sample IDs and sample information while using the single tube loader, which has the potential for erroneous results due to the mis- identification.
  • Fresenius Liberty Select Cycler, Class II – The device is indicated for acute and chronic peritoneal dialysis. The recalling firm identified a software issue related to the Patient Line Check (PLC) which may result in an increased risk of Overfill (also known as Increased Intraperitoneal Volume, IIPV). Overfill/IIPV may result in serious injury or death.
  • HomeSafe AutoAlert Pendant, Class II – A programing error in some Model FD100 HomeSafe AutoAlert Pendants will render the fall detection feature inoperable.
  • IntelliVue X3 Patient Monitor, Class II – The NBP measurement of Intellivue X3 Patient Monitor shows intermittently only mean values instead of the diastolic and systolic blood pressure values. This is caused by a falsely detected NBP cuff, which is leading to wrong internal NBP setting. Furthermore, occasionally the Monitor shows the Check Touch Input message and the monitor is inoperable with the touch interface.
  • iQ200 Series Urine Microscopy Analyzer, Class II – The company determined that there is a potential for under-reporting casts in this Urine Microscopy Analyzer. This can occur if per high-power field (/HPF) units of measurement for casts are selected in the iQ200 software, but the abnormal threshold and/or grading format is set up based on reporting per low-power field (/LPF)* or *per microliter. This may occur during initial method validation or if settings are altered after the initial validation.
  • DynaCad Software, Class II – The MR Analysis software consists of DynaCad Breast, DynaCad Prostate, and DynaCad Advanced PK for other MR analyses modules. Following update from 3.3 to 3.5 of the DynaCAD software it was noted that the Ktrans map was not rendered correctly on the DynaCad Client. The defect causes the pharmacokinetic (PK) color maps to display incorrectly when viewed from remote DynaCAD client computers and could result in visually underestimating calculated Ktrans, Kep, and iAUGC values. The defect also impacts DynaCAD s on-the-fly calculation of Apparent Diffusion Coefficient (ADC) maps. If the ADC values are computed on-the-fly by DynaCAD, the ADC values and colors will also display incorrectly if viewed on a remote DynaCAD client.
  • Fresenius 2008 K2 Hemodialysis Machine, Class II – When the recirculation ultrafiltration (UF) Goal is set to a value greater than 200ml in service mode and the user starts a treatment using the SLED (Sustained Low Efficiency Dialysis) program the display will show an invalid message and the UF pump will run at the recirculation UF rate which may be up to 4000ml/hour. The SLED program is required to limit the UF rate to a maximum of 1000 ml/hour.
  • GE Healthcare Centricity PACS, Class II – This device receives medical images (including mammograms) and data from various imaging sources. Images and data can be stored, communicated, processed and displayed within the system or across computer networks at distributed locations. A database handling error could occur during the image acquisition process affecting the completeness of acquired images with Centricity PACS-IW. There is a potential that one or more image series (i.e. all images within an image set) may be missing from an exam without indication to the user. While this is rare, this can occur with imaging studies that consist of a very small number of images per series.
  • Phadia Prime Software, Class II – The company informs all Phadia 250 system operators performing EliA Assays not to use the function OK to All in any version of Phadia Prime, up to and including 1.4, when rejecting and retesting samples with any EliA assay.
  • Prismaflex Control Unit, Class II – The firm has received reports of device operators failing to adhere to instructions for use pertaining to the safe unloading of disposable sets from the Prismaflex Control Unit. Additionally, for software versions 5.10 and 6.10, the programmed syringe size for the syringe pump may revert to safe default values unintentionally.
  • Raysearch Laboratories Ray Station, Class II – Software issue with Center Beam in Field functionality. Issue can result in incorrect treatment volume delivered to patient.
  • Siemens ACUSON SC2000, Class II –The ECG signal may flatline due to electromagnetic interference during the use of electrosurgical equipment.
  • Jude Proclaim DRG Implantable Pulse Generator, Class II – The firm received complaints of error messages that occurred during routine impedance checks on Proclaim DRG IPGs, model 3664. Some complaints were also associated with transient over stimulation which created discomfort for the patients.
  • Medfusion Syringe Pumps, Class II – Certain Medfusion Syringe Pump Models, Series 3100, 3500, and 4000, may not recognize or may misidentify loaded medication syringes. The inability of a pump to recognize a syringe (i.e. the size of the syringe is unknown to the pump) results in an inability to complete pump programming. Misidentification of a syringe is where the pump misinterprets the syringe size.
  • Philips HeartStart XL+ Defibrillator/Monitor, Class II – The update of device software includes enhancements to the Operational Checks, event logs, and troubleshooting messages that provide as complete of information as needed to users on device readiness.
  • Siemens ACUSON SC2000 Ultrasound System, Class II – The system also provides the ability to measure anatomical structures and calculation packages that provide information to the clinician that may be used adjunctively with other medical data obtained by a physician for clinical diagnosis purposes. The application may underestimate the EROA (Effective Regurgitant Orifice Area) in comparison to the same patient results obtained with the 4Z1c volume transthoracic echocardiography transducer.
  • Abbott i-STAT DE Handheld Module, Class II – Issues resulting from upgrade to software version 2.8: (1) Location, operator, stored patient lists will not update, and (2) Customized Reference Ranges, Action Ranges, and Custom Reportable Ranges are reset to factory default values. No erroneous results are generated as a result of this issue.
  • Mindray Anesthesia Delivery Systems, Class II – A software issue may result in the previous settings being applied instead of the default settings or the unit may skip the startup leak test.
  • Philips Network Firewall, Class II – The device provides the following: Port Filtering Stateful Packet Inspection Default Protection Policies These default policies trust all outgoing traffic and do not allow any incoming traffic. Firewall installed with Philips IntelliVue Information Center iX or Information Center Classic may have a defective component, which may result in loss of connection to the Information Center iX. The defect involves the clock signal component within the firewall. This component has a high probability of failing in appliances that have been running for greater than 18 months. If the clock signal component were to fail, the firewall will stop functioning, will not boot, and is not recoverable. This failure will result in loss of communication between devices that are separated by the firewall, which may cause the Information Center to reboot.
  • Fresenius 2008T, Hemodialysis Delivery System, Class II – While reviewing documentation for the next software release of the 2008T, an R&D technician identified that setting the UF goal to ‘0’ introduces a discrepancy between the UF rate displayed and the actual UF pump rate. The software anomaly is also applicable to the 2008T Machines that contained the 2.63 Bug Fix per DCAF 17-088. 2008T Upgrade kits that contained the 2.63 Bug Fix are also affected. Additionally, SW version 2.64 (in design freeze) is also impacted by this anomaly.
  • Philips All PIIC iX Surveillance Stations, Class II – Once a surveillance station is restarted on January 1, 2018 or later, the station will be unable to perform patient discharge and transfer operations. Any subsequent attempt to perform these operations will cause the station to restart, resulting in a short period of loss of monitoring at the Surveillance station during such restart. Until this issue can be corrected, users should avoid intentionally restarting their Surveillance stations in 2018.
  • Philips digital x-ray detectorProGrade R1, Class II – If the WiFi connection between the SkyPlate detector and HP transfer point is weak, an image may fail to transfer from the SkyPlate detector to the system. The image remains in the memory of the detector, but cannot be transferred wirelessly or by use of the backup cable. To continue, the operator can reset the SkyPlate detector by removing its batteries, but the acquired image is lost and a re-take is necessary.
  • Zoll 731 Series Ventilators, Class II – A software anomaly in the 731-software version 05/20/00, was identified, which can lead to a user inadvertently changing device settings.
  • Fuji Computed Radiography Mammography Suite, Class II – The software assigns a unique ID number to every image study but very rarely, with the acquisition workstation software versions, O, VS.1, VS.2 , V6.0, V6.1, and V7.0, the system may assign the same ID number to a new set of images that was already assigned to the previous set of images due to the error in ID number generation logic. If an Image with this error (with duplicate ID number) Is transmitted to PACS, it may overwrite the image already stored on PACS.
  • OCULUS Pentacam AXL, Model 70100, Software, Class II – The device software versions have an anomaly which may produce an erroneous marking for the quality specification value.
  • Protura Software with Eleckta interface, Class II – When an error message remains displayed and is not cleared in the Protura software with the Elekta pedestal coordinates, moving the pedestal could cause the Protura software to not update with the pedestal location and buffers the pedestal movement history.
  • Roche Cobas 8000 Modular Series, Class II – A software failure may incorrectly set the system settings to “default” settings, creating a risk of incorrect results.
  • ROSA Brain and Spine Systems, Class II – Computer-assisted surgical device. Intended for the spatial positioning and orientation of instrument holders to be used by neurosurgeons. Robot arm being sent to the wrong position.
  • Accu-Chek Connect Diabetes Management App, Class II –Certain iOS and Android App versions contain a program error (bug) in the Bolus Advisor feature. Due to a software bug, when the OS region of the phone setting is changed, the unit of measure within the app may unexpectedly change. This creates a risk the app might not transfer the blood glucose result or the user might not correctly input numerical values for carbohydrate used for bolus advice.
  • Philips Ingenuity TF PET/CT, Class II – A software issue causes PET reconstructions to fail intermittently. It was determined that reconstructions fail due to a negative table position (-1 value is inserted) in the raw data list file, rather than the actual table position. This error has been found to occur in two scenarios: 1) When the system operator cancels an acquisition a. The error will occur every time a scan is cancelled by the operator. 2) Couch position requests within the software sequence were delayed. The error occurs intermittently, but has been found to occur more frequently when the gantry s network is heavily loaded with multiple retrospective reconstructions running in parallel. The error manifests to the technologist by an error message and Failed status on the Reconstruction Monitor and the error message Result {0} failed to reconstruct” on the Acquisition Workflow window during reconstruction after the patient scan has been completed. In both scenarios, the acquisition data will not be able to be reconstructed and will therefore be unusable.
  • Philips Brilliance 64 Ct xray system, Class II – Numerous issues related to software Brilliance iCT 1.6 software version.
  • Spacelabs Healthcare Xhibit Telemetry Receiv, Class II Spacelabs has received multiple complaints reporting telemetry beds dropping off the Spacelabs Central Station resulting in a loss of monitoring.
  • Edwards Hemosphere System, Class II – Pre-procedural issues related to software defects.
  • GE Healthcare Carescape Software, Class II – CARESCAPE Central Station (CSCS) software version 0.2 units may experience unexpected NO COMM (No Communication) and network communication issues after boot-up or system restart.
  • Metrotom 800 (130kV CT scanner) Industrial, Class II – Due to a software error, it was observed that when the user closes the access door, the system will resume its scan cycle automatically, instead of the user initiating x-ray generation from the control panel.
  • Roche / Hitachi MODULAR Analyzer Systems, Class II – A software malfunction can occur on the cobas e 411 and Elecsys 2010 analyzers in the Sample& Control data file which may lead to a potential data mismatch.
  • MyCareLink Smart Patient Monitors, Class II – Patients monitored on two (2) or more implanted Medtronic heart devices in the Medtronic CareLink Network may have potential impact on the ability to remotely monitor the patient’s heart devices. Potential impacts could lead to missed CareAlert notifications or device reports.
  • Cobas c 6000 MODULAR Series System, Class II – Roche has confirmed that a possible sample mismatch issue may occur on the MODULAR ANALYTICS E 170 module, cobas e 601 analyzer, or cobas e 602 analyzer due to a software limitation.
  • Phadia 1000 Instrument, Class II – The “Retry” command does not function properly which could cause a shortage of Wash and Rinse solution and affect assay performance and test results.
  • RayStation Product Usage, Class II – This is a software system designed for treatment planning and analysis of radiation therapy. The treatment plans provide treatment unit set-up parameters and estimates of dose distributions expected during the proposed treatment, and may be used to administer treatments after review and approval by the intended user.
  • Orthoscan Mobile Mini C-arm system, Class II – The company discovered during investigation of a non-standard work flow a non- conformity of the devices. Specifically, the system software allows a user to activate the Digital Zoom feature in the course of taking a live image exposing a larger x-ray field than can be viewed by the user.

FDA Proposed Reclassification of MIMS
FDA issued a proposed order to down-classify certain radiological medical image analyzers, which includes computer-assisted detection devices for mammography breast cancer, ultrasound breast lesions, radiograph lung nodules, and radiograph dental caries detection devices, from class III to class II devices. If finalized, this proposed order will reclassify computer-assisted detection devices for certain radiological applications from Class III devices requiring premarket approval, to Class II devices, requiring a less burdensome premarket notification (510(k)) with special controls.

FDA Draft Multifunction Device Guidance           
FDA issued a draft guidance dated April 27, 2018 titled: “Multiple Function Device Products: Policy and Considerations”. This guidance expands on

This guidance clarifies when and how FDA intends to assess the impact of other functions that are not the subject of a premarket review on the safety and effectiveness of a device function subject to FDA review. It stresses that the potential impact of unregulated functions on safety and effectiveness of regulated functions will still be assessed so the degree of design segregation to minimize potential side affects is considered important. This is consistent with concepts from AAMI TIR32 and IEC 80002-1 for Medical Device Software Risk Management. It also explicilty states that functionality that legally meets the definition of a medical device but that is under FDA enforcement discretion will be treated the same as unreglated functions. If an unregulated function could adversely impact the regulated functions Section VII identifies additional information to be provided in a premarket submission. This includes Architecture and Design detail adequate to understand potential side affects of the unregulated functions and specific risk analysis.

https://www.fda.gov/ucm/groups/fdagov-public/@fdagov-meddev-gen/documents/document/ucm605683.pdf

US GDPR Law
US legislatures are following the European Union’s lead for defining data protection. California just passed a sweeping new consumer data protection law, giving California consumers more control over how their personal data is used by businesses operating in California, and providing for civil damages and fines against businesses that violate the law’s personal data protection requirements. We will have to see how this affects the medical healthcare information.

IEC 62304 2nd Edition draft for Committee Vote
A committee draft for vote of IEC 62304 Ed 2: Health Software – Software life cycle processes has been circulated for ballot. Edition 2 expands the scope of IEC 62304 to include health software that is not regulated as a medical device, and the title has been changed accordingly. This will be the last opportunity to make technical changes.

ISO 13485:2016 Update
In March 2016 the ISO published the ISO 13485:2016 standard for medical device quality management. It is mentioned numerous times in the standard that for software applications  used in the quality system, used for the monitoring and measurement of requirements and used in production and service provision, the organization needs to document procedures for the validation of the application of computer software. As numerous companies have already been audited for ISO 13485:2016, it is coming to light that the auditors are requiring the companies to show compliance with the standard, and show how they are validating the software applications. This includes all software applications, including Excel spreadsheets developed in the company.

FDA Responses to 510K Submissions – Software
We are still receiving responses from the FDA concerning their software.  This means that this is becoming the state of the practice for the FDA. These responses relate to the run-time testing, and cybersecurity. Below is shown the wording received from the FDA in all the cases:

  1. The submission did not include information on the tools, such as static analysis tools, that you used to detect run-time errors. This information is needed to assess whether good coding practices have been implemented to prevent common coding errors which may adversely affect the safety of the device. Please provide this information. For any such tool used, please identify what error types the tool detects, your method and process of applying the tool(s), and a summary report and/or conclusion about the results. Note: some common run-time errors are:
  • Un-initialized variables
  • Type mismatches
  • Memory leaks
  • Buffer over/under flow
  • Dead and unreachable code
  • Memory/heap corruption
  • Unexpected termination
  • Non-terminating loops
  • Dangerous Functions Cast
  • Illegal manipulation of pointers
  • Division by zero
  • Race conditions
  1. The information security and cybersecurity of the device is needed to evaluate the cybersecurity risks and the associated controls. The FDA has been asking for the cybersecurity even from devices that have no connectivity.
  • Please discuss in detail, information on your design considerations, including mitigations pertaining to intentional and unintentional cybersecurity risks including:
  • A specific list of all cybersecurity risks that were considered in your design.
  • A specific list and justification for all cybersecurity controls that you established, and the justification as to why such controls are Please provide the evidence that the controls perform as intended.
  • Please ensure that you address information confidentiality, integrity and availability.
  • Please incorporate, as appropriate, the information identified here in your Hazard Analysis.

We are highly recommending to clients several remediations:

  • SSC Class B/Moderate LOC – software require tools to test the software for run-time errors. We are recommending using static code analysis tools. There are low end tools that should be used, e.g., Source Code Analysis package for medical device companies from Parasoft (C/C++, C#/VB.NET, Java), Microsoft Visual Studio 2013 Static Code Analysis (C/C++), IAR C-STAT static analysis (C/C++), etc.
  • SSC Class C/Major LOC/Special Guidance/PMA – FDA will ask for a SCA report. We highly recommend using one of the tools that we know the FDA has evaluated. A partial list of these tools is Parasoft, Coverity, Polyspace, PQRA, Klocwork, Grammatech and LDRA.
  • A cybersecurity report should be prepared for submission to the FDA based upon the threat analysis.

When choosing a SCA tools, check the local support. Even though everyone offers Internet support, nothing beats having the support done locally by someone who has the experience and speaks your language.

Summary

There are many ways to screw up your software in the medical device. It doesn’t take too much talent to do this and companies are doing it daily. Many companies mess up royally and don’t know how to get out of the mess. In many cases, they don’t even know that they are in deep trouble.

You can work properly without breaking the bank. There are many ways to handle the software development/maintenance life cycle and the software validation.

If there are any questions or requests, please feel free to contact us.

Mike

 

Download the Full Update
Back To Top
Search