Skip to content

Software in Medical Devices – Update for Q3/Q4 2022

Software in Medical Devices – Update for Q3/Q4 2022

This is a continuation of the software updates I have been sending out. Please check out all the references to download and/or to purchase. If you have any questions, please contact us.

Software is everywhere in medical devices. The FDA and CE are becoming more pedantic on how they review and relate to software. The number of companies getting into the field is growing and the amount of software being developed for medical is exceptionally large.

The is an emphasis on “digital health” where the FDA is fast-tracking many devices (even though it is only software, it is still a medical device). Just because it is software only, this doesn’t mean that you are free from all the regulations, including a quality management system, risk analysis, etc.

AI/ML is also taking a lead in the FDA’s efforts to standardize how to relate to this technology as it is becoming more prevalent in many submissions.

We have received indications that the FDA is starting up its visits abroad and is planning on coming to Israel to audit a number of companies starting in March 2023. Some of these audits are follow-ups on PMA submissions that were cleared during the Covid period and some are QSIT. The audits may be directed (based on information the FDA has on recalls or other issues) or not (standard audit with no agenda). Either way, the FDA is raising the stakes and we all have to realize that the FDA can audit any company.

Additionally, we have found that various notified bodies (NBs) have become very picky in their audits. They are looking into the software and are very pedantic in the resolutions, including the CAPAs resulting from the findings.

We recommend to get your act together starting now (and continuing to maintain your act), so when the FDA/NB does come down on you, you should be able to pass the audit with flying colors.

 

Software Recalls Q3-Q4/2022

We have been following the recalls and there were a growing number of recalls that are listed where software played a role in the recall. It is interesting to note that software is the leading cause of recalls in the FDA for the past 10 years. This trend does not look like it will change.

The following are additional examples of recalls involving software directly as listed on the FDA website, including Israeli developed software. There may be more but classified not under software. There are a number of class I recalls after patients were severely injured and even died. The descriptions given for the recall are taken from the FDA database. For further details on the recalls, you can check them out on the FDA’s recall database.

  • Fresenius Kabi USA, Ivenix Infusion System (IIS), Class I – The display screen may become frozen and unresponsive to user input, triggering an alarm that is evidenced by a buzzer sound and flashing red LEDs as a secondary notification. However, as the screen goes blank it does not indicate an alarm condition or respond. This issue leads to temporary cessation of flow of a medication or fluid, requiring immediate intervention by the clinician.
  • Baxter Healthcare, ABACUS TPN (Total Parenteral Nutrition) Calculation software, Class I – There is a potential risk of medication error when using specific Abacus Order Entry & Calculation software.
  • Getinge USA Sales, Maquet Critical Care AB/Getinge, Class I – Ventilators may generate a combination of alarms which may result in loss of communication, technical alarms being triggered, and loss of ventilation. If the device stops ventilating due to this issue, it may lead to hypoventilation and consequently desaturation, with patient outcomes including hypoxemia and hypoxic injury, which might result in circulatory failure.
  • Baxter Healthcare, Hillrom Centrella Hospital Bed with WatchCare Incontinence Management System, Class I – Radio frequency emission from a functioning WatchCare device may potentially impact other devices (including, but not limited to telemetry devices, bladder scanner, fetal monitor/doppler, infusion pumps, and insulin pumps).
  • Smiths Medical ASD, Medfusion Syringe Pump Model, Class I – Multiple issues with the potential for interruption of therapy or over-infusion: 1. Primary Audible Alarm (PAA), 2. Unanticipated Depleted Battery Alarms, 3. Time Base Alarm, 4. Intermittent Volume Over Time (IVOT) – Infusion Continues after System Failure, 5. Clearing of Program Volume Delivered (PVD), 6. False Alarm for Rate Below Recommended Minimum for Syringe Size, 7. Incorrect Bolus or Loading Dose Time Display, 8. Domain Name Server (DNS) Port 1001.
  • Getinge USA Sales, Getinge Flow-e Anesthesia System, Class I – Due to a software bug, under certain conditions, pressure cannot be built up resulting in no ventilation. If gas delivery is stopped, a sustained decrease in delivered O2 concentration may lead to hypoventilation and hypoxia.
  • Cardiac Assist, LifeSPARC System, Class I – A software update (v1.1.5) has been developed to address the issue of Critical Failure which can occur on the LifeSPARC Controller. The Critical Failure was first addressed in the firm’s recall initiated July 21, 2022. During the Critical Failure, the software freezes or crashes and the screen does not display data.
  • Canon Medical System, Canon Aplio ultrasound system, Class II – After completion, ultrasound system’s Stress Echo may not terminate if user does not manually terminate the protocol. During next patient exam, an abnormal confirmation message will be displayed “Same view was saved in this phase. Do you use this image with StressEcho Review?” If “no”, acquired images not saved, and if “yes” images assigned to the previous patient; could cause treatment delay.
  • Intuitive Surgical, da Vinci X (IS4200) and Xi (IS4000) systems, Class II – Inadvertent energy delivery from surgical system instrument if 1) Force bipolar and bipolar instruments installed on system 2) Force bipolar connected to Force Triad generator, bipolar not connected to generator 3) Yellow pedal associated with force bipolar is pressed, released with head in surgeon console 4) Blue pedal associated with bipolar is pressed, resulting in force bipolar energy delivery.
  • Philips North America, DigitalDiagnost C50, Class II – Following a system restart where the Table Height 2 (TH2) is the default setting and then switched to Wallstand VS2, operators will see an incorrect orientation of the image on the first examination due to an issue in the firmware of the Wallstand VS2 board. The system will rotate the amplimat field selection by 90 degrees. The wrong amplimat field selection may cause an incorrect dose of radiation to occur. Additionally, the anatomic position markers may become mispositioned and could potentially be associated with the opposite side of the anatomy. (Added 1/3/2023), Expansion of the root cause to include incorrect amplimat field selection by 90 degrees following the first exposure using Wallstand VS2 and a subsequent system restart. Previously, this issue only occurred following a system restart where the Table Height 2 (TH2) is the default setting.
  • Spacelabs Healthcare, Xhibit Telemetry Receiver, Class II – Software related alarm escalation defect occurs after approximately 25 days of continuous use. Technical alarm escalation for the following alarms, signal loss, all leads off, low battery, SpO2 sensor off, and signal interference, does not occur in the telemetry receiver as specified. Caregiver may not respond to the initial technical alarm and may not be aware of the continuing technical failure.
  • Sight Diagnostics, Sight OLO Automated Hematology Analyzer, Class II – The default reference ranges for MCH, MCHC, and RDW for age group “Child 2-11y” are mixed up and incorrectly displayed on OLO devices running software version 2.63, 2.63.1, and 2.63.1.1. Due to the issue, results may incorrectly appear to be within or outside the reference range.
  • Baxter Healthcare, NaviCare Nurse Call/Voalte Nurse Call, Class II – An issue has been identified with Phillips (Emergin) and Longleaf non relay (Connexall, Vocera, Cerner) wireless integrations used with NaviCare/Voalte Nurse Call, software versions 3.9.100 through 3.9.300. Calls placed from a push button call device, such as a push button switch, call cord, or from the push buttons on a room audio station, will be canceled on the nurse call system when the call is answered at the wireless phone, regardless of the call priority.
  • Siemens Medical Solutions, Sensis Programmable Diagnostic Compute, Class II – Siemens has become aware of three potential software issues with AXIOM Sensis or Sensis/ Sensis Lite systems. This may lead to a hazardous situation for patients if treatment cannot be continued on the system and treatment needs to be continued on an alternate system.
  • GE Medical Systems, Centricity PACS-IW with Universal Viewer version 5.0, Class II – There is the potential that after installation of the IAS tool, some studies can remain hidden without user notification. Access to those hidden studies requires GE Healthcare assistance, which can result in a delay in reading the study.
  • Boston Scientific, GreenLight HPSEA Laser Fibers, Class II – Several complaints were received for the affected lot; users received a “Fiber type does not match card type” error message on the GreenLight XPS Laser console, necessitating the replacement of the laser fiber and fiber card. This may result in prolonged procedure while the fiber is being replaced.
  • Medtronic MiniMed, Guardian iOS app (MMT-8200) and Guardian Android app (MMT-8201), Class II – An app, part of a continuous glucose monitoring system, for use with smartphone devices may automatically log out from CareLink, then the app is not able to upload data. When logged out, linked care partners will not receive SMS notifications (could result in hypoglycemia or hyperglycemia), and sensor glucose values will also not be sent to the InPen app.
  • Raysearch Laboratories, RayStation 9B SP1, Class II – An issue with propagation of treatment course information from RayStation with RayTreat to RayCare has been identified. During some workflows, information may not be propagated to RayCare.
  • Siemens Medical Solutions, Programmable Diagnostic Computer, Class II – The firm will be performing a software update to address a software error which affects the listed products. This correction addresses four potential software issues: 1) “PASSWORD STORE CORRUPTED” error message during system boot; 2) Subsystem crash during examination; 3) Dialog Monitor Computer (DMC) application crash while loading a study; and 4) Software crash due to system internal timeout. Issue 1 may lead to a delay or interruption of procedure. Issues 2, 3, and 4 may result in delay in starting or continuing the examination, and may also prevent the operator from starting or continuing a study.
  • Elekta, Oncentra Brachy radiation therapy planning system software, Class II – A reconstruction error may occur when using the Catheter Bending functionality in Applicator Modeling or Implant Modeling.
  • Companion Medical, InPen Diabetes Management App, Class II – Diabetes management app may crash immediately upon opening, while using the app and/or while app is running in the background, which may lead to inability to use the app. An error message may be displayed indicating the app has stopped or isn’t responding. After the crash, a present dose reminder is not displayed, which may lead to delayed insulin therapy and potentially resulting in hyperglycemia.
  • Siemens Medical Solutions, ARTISTE, ONCOR and PRIMUS with syngo RT Therapist, Class II – When selecting the site fraction group for treatment, the User may select the wrong site for treatment, and potentially deliver the dose to wrong isocenter.
  • Sedecal, Soltus, Class II – Due to un-commanded movement of mobile x-ray unit.
  • Siemens Medical Solutions, ARTIS pheno, Class II – Siemens has become aware of three potential software issues with ARTIS pheno systems with software version VE10B. This may lead to a hazardous situation for patients if treatment cannot be continued on the system and treatment needs to be continued on an alternate system.
  • Ambra Support, Ambra PACS, Ambra ProViewer, Class II – A race condition between the storage system and services database has the potential to revert edits made to patient information upon first ingestion of a study.
  • Zap Surgical Systems, ZAP-X Radiosurgery System, Class II – Software issue identified in cases of initial patient setup with large (greater-than-or-equal-to 1.5 degrees) rotational deviations, between digitally reconstructed radiographs, and pre-delivery X-ray images. In these cases the transitional alignment algorithm may incorrectly calculate the new treatment table offset values, leading to an incorrect position for the subsequent treatment isocenter.
  • Canon Medical System, INFX-8000V, Class II – The fluoroscopic dose rate might exceed the conforming value during biplane fluoroscopy.
  • Oculus Optikgeraete, Pentacam HR REF 70900, Class II – Due to a software issue, IOL calculator printout often does not accurately reflect the alignment axis and incision position when planning toric IOLs.
  • bioMerieux, VITEK 2 Software and MYLA Software, Class II – There are 7 reported software anomalies that may affect use of the device.
  • Aggredyne, AggreGuide A-100 Instrument, Class II – The firm identified a software design issue where the improper shut down of the instrument resulted in speeds.csv file contents of the software version 5.1 being erased. Due to this issue, the target RPM for the assay is 0and the motor output required to achieve this RPM is also 0. Therefore, when the assay is run, the software applies 0 Volts to the motor and performs a 0 RPM assay. Because of this, there is no mixing of the blood with agonist and no moving of aggregates happens in front of the optical detectors. The resulting PAI is 0 and the result is displayed as Low.
  • Roche Diagnostics Operations, cobas e801 Immunoassay Analyzer, Class II – Software issue resulting in signals and sample test results of Pre-Wash tests being impacted. The following assays are considered impacted by the issue: Anti-HAV2, Anti-HBc IgM, IGF-1, Myogloin, Rubella IgG, and Toxo IgG.
  • Aesculap Implant Systems, Aeos¿ Robotic Digital Microscope, Class II – Application error problems: Rebalance scope message: 1.Rebalancing process 2.Usage of Robot Recovery: 3. Autofocus not available.
  • Jude Medical, Merlin PCS 3650 programmer Model 3330 software, Class II – There is a potential for programmer software (Merlin PCS) and remote monitoring software application (Merlin.net) to display overestimated predicted battery longevity for certain pacemakers.
  • Jude Medical, Merlin.net model MN5000 Software, Class II – The Merlin 2 PCS model MER3700 is a portable, dedicated programming system designed to interrogate, program, display data from, and test Abbott Medical implantable medical devices during implant and follow-up.
  • NordicNeuroLab, nordicBrainEX, Class II – When exporting merged results from the BOLD, DSC, and DCE modules of nordicBrainEx, where both the underlay and overlay originated from a multiframe dataset, the resulting output may have left/right sides flipped.
  • GE Healthcare, Centricity PACS, Class II – The Event Notification Manager (ENM) functionality for certain products does not process notifications for study modifications performed on post verified exams.
  • Ivenix, Ivenix Infusion System, Class II – Downstream occlusion alarm is sometimes immediately followed by a pump problem alarm.
  • Siemens Medical Solutions, syngo Application software, Class II – After CT image data from Toshiba is loaded, image mirroring can occur along the horizontal and vertical image axes. If this error occurs, the patient orientation/position may be misinterpreted and result in inappropriate treatment, even if the incorrect visualization is obvious.
  • GE Healthcare, Centricity Universal Viewer Zero Footprint, Class II – Potential to display inaccurate measurements on images in Centricity Universal Viewer Zero Footprint Client (ZFP).
  • Radiometer Medical, ABL800 Flex Analyzer, Class II – There is a potential for sporadic incidents of positive and negative biases for analyzer systems configured with cNa+, cCa+, and cK+.
  • GE Medical Systems, B125M Patient Monitor, Class II – GE Healthcare has become aware that if certain B1x5P / B1x5M patient monitors use “mmHg” or “kPa” as the unit for CO2 measurement, the displayed value for CO2 measurement can be inaccurate when used in a location that is not at or near sea level.
  • Spectranetics, Philips Laser System, Class II – Laser System may detect Error 106 or Error 108 System Failures that will cause the system to enter non-recoverable safe state. The user will not be able to proceed until the error is cleared. May result in initiation of treatment delay and/or treatment beyond initial scope and/or unable to treat patient.
  • Shanghai United Imaging Healthcare, Positron Emission Tomography and Computed Tomography System, Class II – The wireless VSM module of a mobile PET/CT system, operating in an environment with strong Wi-Fi signals, may experience ECG signal and respiratory signal loss due to Wi-Fi interference. ECG and respiratory signal loss during acquisition can result in the failure of ECG and respiratory-gated reconstruction of the PET scan, which may require rescanning of the patient.
  • Tandem Diabetes Care, t:slim X2 insulin pump, Class II – Insulin pumps may have the following issues: 1) Malfunction 6 Non-Volatile Memory, 2) Inaccurate (Fluctuating) Battery Life Display, 3) Touchscreen Staying On, 4) Unexpected Open Loop, that can be mitigated with a software update. Issues could result in hypoglycemia, hyperglycemia or diabetic ketoacidosis.
  • Philips Medical Systems, Pinnacle3 Radiation Therapy Planning System, Class II – When computing a radiation dose in the system, the exported dose information is incorrect when there is more than one beam attached to the prescription and certain options are selected on the Edit Prescription screen.
  • Meridian Bioscience, Revogene, Class II – When a run is aborted, the cooling period protection does not occur and the user is able to open the lid prior to the completion of the cooling period, exposing the user to heated instrument components. Incidental contact with heated instrument components may result in an injury such as minor burns.
  • Siemens Medical Solutions, Sensis Vibe Combo, Class II – Sensis/Sensis Vibe SoftwareVD12A, the ComboBox may encounter a disconnect of its communication during the first patient examination of the day or after a longer period of inactivity to the Sensis Vibe system resulting in no vital signs being available.
  • Breas Medical, Vivo 45LS Ventilator, Class II – A forced shutdown of one of the processors did not generate a watch dog alarm, would develop into a failure AND the instructions to monitor a ventilator dependent patient are NOT followed, the health consequences could potentially be Permanent impairment or life threatening if medical intervention is not obtained.
  • Spectranetics, Philips Laser System, Class II – The LAS-100 Laser system may detect an inoperable hardware component during power up, which results in an error code and the system not being operable until code is cleared..
  • Qiagen Sciences, QIAcube Connect MDx, Class II – During the “Load tip racks and enzymes” step of the run set-up, the info screen indicates “minimal volume to be loaded”, but the indicated volume is instead the exact volume that should be loaded. Misunderstanding the guidance may lead to over diluted, under diluted, or improperly lysed sample, which in turn could lead to false negative or false positive results.

 

Policy for Device Software Functions and Mobile Medical Applications

The FDA updated the Policy for Device Software Functions and Mobile Medical Applications Guidance for Industry and Food and Drug Administration Staff, September 28, 2022. The FDA is issuing this guidance document to inform manufacturers, distributors, and other entities about how FDA intends to apply its regulatory authorities to select software functions intended for use on mobile platforms (mobile applications or “mobile apps”) or on general-purpose computing platforms.

https://www.fda.gov/media/80958/download

 

Clinical Decision Support Software

The FDA released the final guidance on  Clinical Decision Support Software – Guidance for Industry and Food and Drug Administration Staff, September 28,2022.  This guidance gives clear understandings of which Clinical Decision Support Software are medical devices and which are not.

https://www.fda.gov/media/109618/download

 

IEC 81001-5-1:2021, Health software and health IT systems safety, effectiveness and security – Part 5-1: Security – Activities in the product life cycle

Recently, a new cybersecurity standard, IEC 81001-5-1:2021, Health software and health IT systems safety, effectiveness and security – Part 5-1: Security – Activities in the product life cycle, was released.  As the name implies, this standard addresses the overall software development lifecycle (SDLC) with regard to cybersecurity activities. For medical device manufacturers, this is very helpful and when combined with IEC 62304 can make for a complete set of SDLC activities for managing both safety risks and cybersecurity risks.

 

Computer Software Assurance for Production and Quality System Software

The FDA released a draft guidance on Computer Software Assurance for Production and Quality System Software –  Draft Guidance for Industry and Food and Drug Administration Staff, September 13,2022. This guidance provides recommendations on computer software assurance for computers and automated data processing systems used as part of medical device production or the quality system.

https://www.fda.gov/media/161521/download

MDDS

The FDA updated the guidance on Medical Device Data Systems, Medical Image Storage Devices, and Medical Image Communications Devices – Guidance for Industry and Food and Drug Administration Staff, September 28,2022.  This guidance gives the foundation for such intercommunication in hardware and software, typically referred to as medical device data systems (MDDS) that transfer, store, convert formats, or display medical device data and results. This guidance provides the FDA’s current thinking for MDDS, as well as medical image storage devices and medical image communications devices, to provide clarity and predictability for manufacturers on these devices.

https://www.fda.gov/media/88572/download

 

Cybersecurity Playbook for Health Care Organizations

The FDA Updated the Cybersecurity Playbook for Health Care Organizations in November 2022. The playbook outlines how hospitals and other HDOs can develop a cybersecurity preparedness and response framework.

https://mlfpcontent.s3.us-east-2.amazonaws.com/wp-content/uploads/20221115140324/pr-2022-3034-medical-device-cybersecurity-regional-preparedness-response-playbook.pdf

 

Guidance on the Application of ISO 14971 to Artificial Intelligence and Machine Learning (AAMI CR34971:2022)

The AAMI released the consensus report “Guidance on the Application of ISO 14971 to Artificial Intelligence and Machine Learning” (AAMI CR34971:2022). The report provides guidance to assist those who are applying ISO 14971 to regulated AI medical technologies. It can be purchased at the AAMI store.

 

Computer-Assisted Detection Devices Applied to Radiology Images and Radiology Device Data – Premarket Notification [510(k)] Submissions

The FDA updated the guidance on Computer-Assisted Detection Devices Applied to Radiology Images and Radiology Device Data – Premarket Notification [510(k)] Submissions, Guidance for Industry and Food and Drug Administration Staff, September 28,2022.  This guidance document provides FDA’s recommendations regarding premarket notification (510(k)) submissions for computer-assisted detection (CADe) devices applied to radiology images and radiology device data.

https://www.fda.gov/media/77635/download

 

Clinical Performance Assessment: Considerations for Computer-Assisted Detection Devices Applied to Radiology Images and Radiology Device Data in Premarket Notification (510(k)) Submissions

The FDA updated the guidance on Clinical Performance Assessment: Considerations for Computer-Assisted Detection Devices Applied to Radiology Images and Radiology Device Data in Premarket Notification (510(k)) Submissions – Guidance for Industry and Food and Drug Administration Staff, issued September 28,2022.

https://www.fda.gov/media/77642/download

 

Display Devices for Diagnostic Radiology

The FDA updated the guidance on  Display Devices for Diagnostic Radiology – Guidance for Industry and Food and Drug Administration Staff, September 28,2022.

https://www.fda.gov/media/95527/download

 

Technical Performance Assessment of Quantitative Imaging in Radiological Device Premarket Submissions

The FDA released the final guidance on  Technical Performance Assessment of Quantitative Imaging in Radiological Device Premarket Submissions – Guidance for Industry and Food and Drug Administration Staff, June 16,2022.

https://www.fda.gov/media/123271/download

 

Content of Human Factors Information in Medical Device Marketing Submissions

The FDA released a draft guidance on  Content of Human Factors Information in Medical Device Marketing Submissions –  Draft Guidance for Industry and Food and Drug Administration Staff December 9,2022.

https://www.fda.gov/media/163694/download

 

Expected Guidance Documents to be Published in FY 2023

A List – Final Guidance Topics:

  • Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions
  • Content of Premarket Submissions for Device Software Functions
  • Remanufacturing of Medical Devices
  • Transition Plan for Medical Devices That Fall Within Enforcement Policies Issued During the Coronavirus Disease 2019 (COVID-19) Public Health Emergency
  • Transition Plan for Medical Devices Issued Emergency Use Authorizations (EUAs) During the Coronavirus Disease 2019 (COVID-19) Public Health Emergency
  • Fostering Medical Device Improvement: FDA Activities and Engagement with the Voluntary Improvement Program
  • Breakthrough Devices Program (revised)

 

A List – Draft Guidance Topics:

  • Marketing Submission Recommendations for A Change Control Plan for Artificial Intelligence/Machine Learning (AI/ML)-Enabled Device Software Functions
  • Voluntary Malfunction Summary Reporting (VMSR) Medical Device Reporting (MDR) for Manufacturers
  • Clinical Considerations for Medical Device Premarket Submissions Targeting Opioid Use Disorder
  • Select Updates for Guidance for the Breakthrough Devices Program
  • Electronic Submission Template for De Novo Request Submissions

 

B List – Draft Guidance Topics:

  • Marketing Submission Recommendations for A Change Control Plan for Artificial Intelligence/Machine Learning (AI/ML)-Enabled Device Software Functions
  • Evaluation of Sex-Specific and Gender-Specific Data in Medical Device Clinical Studies (revision of Evaluation of Sex-Specific Data in Medical Device Clinical Studies)
  • Basic Safety and Essential Performance of Medical Electrical Equipment, Medical Electrical Systems, and Laboratory Medical Equipment – Standards Specific Information for the Accreditation Scheme for Conformity Assessment (ASCA) Pilot Program

 

 

FDA Recognized Consensus Standards

The following are some of the consensus standards recognized by the FDA in 2022:

 

Manual on Borderline and Classification in the Community Regulatory Framework for Medical Devices

The European Commission has updated the Manual in September 2022 on borderline and classification in the community regulatory framework for medical devices. The Borderline Manual is intended to assist manufacturers in determining whether their product falls within the definition of a medical device.

https://health.ec.europa.eu/system/files/2020-08/md_borderline_manual_05_2019_en_0.pdf

 

Cybersecurity in Medical Devices

The FDA released a draft guidance on  Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions – Guidance for Industry, Investigators, and Other Stakeholders, April 8, 2021 and has not yet finalized this guidance.  We are expecting the FDA to finalize the guidance in 2023 and do not yet know if this will come into effect immediately of there will be a grace period.

https://www.fda.gov/media/119933/download

 

IEC 62304 Update

As mentioned last couple of updates, the IEC 62304 draft that was in the works has been rejected. The working group disbanded itself and there is a new working group being organized. This means that IEC 62304:2006 + Amd1:2015 will remain valid for some more years to come. So, in other words, nothing new to report.

 

Content of Premarket Submissions for Device Software Functions

We are expecting that this guidance will soon be approved and will come into effect and replace the Guidance for the Content of Premarket Submissions for Software Contained in Medical Devices from May 2005.

This guidance is intended to cover:

  • firmware and other means for software-based control of medical devices
  • stand-alone software applications
  • software intended to be operated on general-purpose computing platforms
  • dedicated hardware/software medical devices
  • accessories to medical devices when those accessories contain or are composed of software

The draft guidance applies to the following submissions of software (either as part of a device or as the device):

  • Premarket Notification (510(k))
  • De Novo Classification Request
  • Premarket Approval Application (PMA)
  • Investigational Device Exemption (IDE)
  • Humanitarian Device Exemption (HDE)
  • Biologics License Application (BLA).

The level of documentation is based on the device’s intended use and does away with the Level of Concern (LOC). There are two levels of documentation:

  • Basic Documentation
  • Enhanced Documentation

According to the guidance, Enhanced Documentation should be provided for any premarket submission that includes device software functions, where any of the following factors apply:

  • The device is a constituent part of a combination product.
  • The device (a) is intended to test blood donations for transfusion-transmitted infections; or (b) is used to determine donor and recipient compatibility or (c) is a Blood Establishment Computer Software.
  • The device is classified as class III.
  • A failure or latent flaw of the device software function(s) could present a probable risk of death or serious injury, either to a patient, user of the device, or others in the environment of use. These risk(s) should be assessed prior to implementation of risk control measures.

https://www.fda.gov/regulatory-information/search-fda-guidance-documents/content-premarket-submissions-device-software-functions

 

Document Management

Many companies are working with various document management systems. Some are better than others and some are just bad. We recommend companies looking into these tools to evaluate the tools by speaking to real users (not the ones who purchased the tool as they are committed regardless how good or bad the tool is). Make sure that you have support and the capability to customize the tool for your processes. Remember, these tools together with their customizations, must be validated. All updates require a re-validation (at least on the changes).

 

When and How to Use Sub-contractors for Software Development

There are pluses and minuses in using sub-contractors to develop the software of a medical device. If the company is a start-up, it usually doesn’t have the resources to develop quality software. In this case, the decision to use a sub-contractor comes easy. It makes sense to use a good sub-contractor to develop the software. The question arises, what to allow the sub-contractor to do and how to control the work being done.

When discussing the project with the sub-contractor, he will swear that he knows what the regulatory bodies want, he knows the standards, he knows how to develop the code according to required guidelines, he knows how to write the documents, he knows how to validate the software, etc.

It’s very probable that the sub-contractor has worked on a few projects that have cleared the FDA/CE. The clearance can be due to good software documentation produced or due to more luck than experience, as the reviewer did not review the documentation in depth.

Additionally, the sub-contractor will tell you he can write the software requirements and validate them. Would you let the cat watch the cream? As you know what is required, you should write the software requirements specifications. If the sub-contractor writes the software requirements, they will reflect what the software does and not what you require from the software.

Accordingly, you should also validate the software according to the requirements. You know what is expected and this way, you can make sure the software meets the formal requirements defined.

You should also have a SOW (Statement of Work) with the sub-contractor detailing the scope of work, documentation standards, participation in audits (internal, external) if required, implementation documentation (unit test summaries, integration test summaries, code review summaries, verification testing summaries, etc.) on your forms (not the sub-contractor’s forms), etc.

The sub-contractor should be trained according to your SDLC procedure (even if they tell you that they are certified). You do not want your external auditor (FDA/NB) deciding that they want to audit your sub-contractor.

Sub-contractors developing software (firmware, mobile, cloud, AI, etc.) who are looking to expand their portfolio and get deeper into medical devices are invited to contact me to find out what is required from them and how they can get their message to the companies looking for software development.

 

FDA Responses to 510K Submissions – Software

We are still receiving responses from the FDA concerning their software. This means that this is becoming the state of the practice for the FDA. These responses relate to the run-time testing, and cybersecurity. Below is shown the wording received from the FDA in most of the cases:

 

  1. The submission did not include information on the tools, such as static analysis tools, that you used to detect run-time errors. This information is needed to assess whether good coding practices have been implemented to prevent common coding errors which may adversely affect the safety of the device. Please provide this information. For any such tool used, please identify what error types the tool detects, your method and process of applying the tool(s), and a summary report and/or conclusion about the results. Note: some common run-time errors are:
    1. Un-initialized variables
    2. Type mismatches
    3. Memory leaks
    4. Buffer over/under flow
    5. Dead and unreachable code
    6. Memory/heap corruption
    7. Unexpected termination
    8. Non-terminating loops
    9. Dangerous Functions Cast
    10. Illegal manipulation of pointers
    11. Division by zero
    12. Race conditions

 

  1. The information security and cybersecurity of the device is needed to evaluate the cybersecurity risks and the associated controls. The FDA has been asking for the cybersecurity even from devices that have no connectivity.
    1. Please discuss in detail, information on your design considerations, including mitigations pertaining to intentional and unintentional cybersecurity risks including:
    2. A specific list of all cybersecurity risks that were considered in your design.
    3. A specific list and justification for all cybersecurity controls that you established, and the justification as to why such controls are adequate. Please provide the evidence that the controls perform as intended.
    4. Please ensure that you address information confidentiality, integrity, and availability.
    5. Please incorporate, as appropriate, the information identified here in your Hazard Analysis.

 

  1. The FDA has been reading the software documentation, including the Risk Analysis, SRS, SDD, STD, STR, Traceability Report, OTS Report, Cybersecurity, etc. They have been raising issues as shown in the following:
    1. SRS: contradictions and not containing information necessary to understand the requirements for your device software; requirements related to programming language requirements or to the interfaces.
    2. SDD: high-level architecture and does not include the level of detail expected for software architecture; does not include information necessary to ensure that your software is safe and effective for the intended use of the device; missing information for all the third-party devices used by your system.
    3. Traceability Report: traceability documentation does not link between requirements to the hazards
    4. Testing: it doesn’t include a summary of the static analysis, examples of unit integration testing, and a summary of the results.

 

We are highly recommending to clients several remediations:

  • SSC Class B/Moderate LOC – software require tools to test the software for run-time errors. We are recommending using static code analysis tools. There are low end tools that should be used, e.g., Source Code Analysis package for medical device companies from Parasoft (C/C++, Java, C#/VB.NET), Microsoft Visual Studio Static Code Analysis (C/C++), IAR C-STAT static analysis (C/C++), etc.
  • SSC Class C/Major LOC/Special Guidance/PMA – FDA will ask for a SCA report. We highly recommend using one of the tools that we know the FDA has evaluated. A partial list of these tools is Parasoft, Coverity, Polyspace, PQRA, Klocwork, Grammatech, LDRA, etc.
  • A cybersecurity report should be prepared for submission to the FDA based upon the threat analysis.
  • Using tools for cybersecurity testing, penetration testing, etc.

When choosing SCA and cybersecurity tools, check the local support. Even though everyone offers Internet support, nothing beats having the support done locally by someone who has the experience and speaks your language.

 

Summary

There are many ways to screw up your software in the medical device whether it is embedded in dedicated hardware (also known as SiMD – Software in a Medical Device) or stand-alone health software (also known as SaMD – Software as a Medical Device). It doesn’t take too much talent to do this (as we all know) and companies are doing it daily. Many companies mess up royally and don’t know how to get out of the mess. In many cases, they don’t even know that they are in deep trouble until the recall is issued.

You can work properly without breaking the bank. There are many ways to handle the software development/maintenance life cycle and the software validation.

If there are any questions or requests, please feel free to contact us.

 

Mike

Download the Full Update
Back To Top
Search