Skip to content

Software in Medical Devices – Update for Q3/Q4 2023

Software in Medical Devices – Update for Q3/Q4 2023

The past year, as in previous years, life has not been that easy from many distinct aspects. We have finally seen the FDA moving forwards with new standards. The MDR is still happening but moving slowly as there is a major backup in getting to the notified body.

This is a continuation of the software updates I have been sending out. Please check out all the references to download and/or to purchase. If you have any questions, please contact us.

Software is everywhere in medical devices and IVDs. The FDA and CE are becoming more pedantic on how they review and relate to software. The number of companies getting into the field is growing and the amount of software being developed for medical is exceptionally large.

There is still an emphasis on “digital health” where the FDA is fast-tracking many devices (even though it is only software, it is still a medical device). Just because it is software only, this doesn’t mean that you are free from all the regulations, including a quality management system, risk analysis, etc.

The past 3 – 4 months has seen a dramatic increase in deficiencies from the FDA for all submissions on all aspects of cybersecurity. The FDA started with the deficiencies even before the new guidance was published (you can ask how they can do that – and the answer is, simply, that they did).

 

Software Recalls Q3-Q4/2023

We have been following the recalls and there are a growing number of recalls that are listed where software played a role in the recall. It is interesting to note that software is the leading cause of recalls in the FDA for the past 10 years. This trend does not look like it will change.

The following are additional examples of recalls involving software directly as listed on the FDA website, including Israeli developed software. There may be more but not classified under software. There are a large number of class I recalls after patients were severely injured and even died. The descriptions given for the recall are taken from the FDA database. For further details on the recalls, you can check them out on the FDA’s recall database.

Please note that the content for each recall is taken from the FDA database and is not our content.

  • Eitan Medical, Sapphire Infusion Pumps, Class I – Infusion Pumps with affected software revision may fail to detect air in line, which may lead to air embolism.
  • Inpeco S.A., Roche Cobas 8000 and Cobas PRO Interface Module, Class II – Firmware of the Interface Module with Roche Cobas 8000 and Cobas PRO (CO8 IM) may lead to a delayed sample tube processing.
  • Insulet Customer Care, Omnipod 5 App, Class I – The bolus calculator is not recording the decimal point if it is the first value entered when changing a bolus dose. This may lead to an over-delivery of insulin to the user if the user does not recognize the error on the bolus calculator screen or the confirmation screen prior to starting the bolus.
  • Hamilton Medical, Hamilton T1 Ventilator, Class I – Due to a software anomaly after approximately 91 days of cumulative use, the ventilator may stop and enter the ambient mode without prior notice.
  • Baxter Healthcare, Novum IQ Syringe infusion system, Class I – Baxter is issuing an Urgent Medical Device Correction for the Novum IQ Syringe Pump. Baxter identified that after multiple downstream occlusion alarms, the pump may display an Infusion Complete alarm even though uninfused fluid remains in the syringe.
  • Abbott Medical, Proclaim Plus 5 Implantable Pulse Generator, Class I – Firm has received complaints from patients who are unable to exit MRI (Magnetic Resonance Imaging) mode on their IPGs (Implantable Pulse Generators).
  • Baxter Healthcare, SIGMA Spectrum Infusion Pump, Class I – A medical device correction is being issued for SIGMA Spectrum Infusion System (V8 Platform) and Spectrum IQ Infusion System with Dose IQ Safety Software infusion pumps due to an increase in reported false upstream occlusion alarms following upgrades to software versions v8.01.01 and v9.02.01.
  • Medtronic, SynchroMed, Model A10, Class II – The previous software application version (1.1.300) is missing a decimal separator (a comma) for parameter range guidance values displayed on some of the programming screens: Catheter, Reservoir, Infusion, Bolus, myPTM, and Alarm.
  • Bebig Isotopentechnik, SagiPlan 2.2 Brachyterapy Treatment Planning System, Class II – Due to software malfunction, numerical values may be rounded resulting in inaccurate measurements.
  • Acclarent, TruDi Navigation System, Class II – When using affected curette and software, there is a discrepancy between the actual curette tip location and the location displayed on navigation systems intended for use during surgical procedures of the Ear Nose and Throat (ENT) and ENT skull base surgery, which may cause delayed/prolonged surgery, cerebrospinal fluid leak, visual impairment, or skull base structural damage.
  • Blue Belt Technologies, Real Intelligence CORI RI.KNEE v2.0 TKA, Class II – CORI software was missing a planning stage that appears in cases of significant knee deformation (outside of the range of 3 degrees valgus to 7 degrees varus) when the surgeon chooses to define the femoral rotational reference via the posterior condylar axis.
  • Insulet, Omnipod 5 Automated Insulin Delivery System, Class II – An error message was received when using the Omnipod 5 App on compatible smartphones that prevented phone control users from controlling the Omnipod 5 Automated Insulin Delivery System from their Omnipod 5 App which may cause a delay in therapy. To reduce the volume of inquiries Insulet was receiving from customers, an email was sent to all phone control users and the cause of the error message was resolved by reverting to prior certificates on the Insulet cloud to secure communications between the Omnipod 5 App software and the Insulet Cloud. This issue was limited to only certain compatible Android smartphones and did not affect the Omnipod 5 Pods or the dedicated locked-down Controller provided by Insulet. All other Omnipod 5 users were still able to manage their insulin with the device without use of the smartphone app and affected users were able to switch to the locked-down control provided to all users when they initiated the device during the time the App was unavailable to them. Further, the Omnipod itself continued to deliver insulin as per its pre-programmed settings so although affected users who did not have the locked-down controller readily available may not have been able to command insulin boluses during this time, they continued to receive basal insulin without interruption. Lastly, users of the Omnipod 5 were advised during training to always have backup supplies ready in the event of a device malfunction which would include alternative means to deliver insulin subcutaneously until the issue is resolved to minimize disruption to their insulin regimen. There were 2,168 complaints received out of 7,838 users with the Android compatible smartphones affected and 9 MDRs were submitted, however, there were no serious injuries reported or reports of erroneous results as the primary issue was a delay in therapy. This defect cannot cause false results that could negatively impact patients.
  • Abbott Diabetes Care, FreeStyle Libre 2 Readers, Class II – If blood glucose monitoring system users attempt to start a new sensor, when the old sensor wasn’t used for the full 14-day wear time, then the reader may display “Incompatible Sensor” message. If users don’t have the previous sensor, or FreeStyle Libre 2 app, or the sensor’s full wear time hasn’t ended, users may be unable to start a new sensor, which could result in no or delayed glucose
  • Covidien, Valleylab FT10, Class II – Due to software issue, New systems may exhibit an error which may prohibit use of new systems resulting in system being inoperable.
  • Medtronic Neuromodulation, Model 97745 Controller, Class II – Units distributed in Korea and Turkey that did not have the correct firmware installed to support the user interface in the local language.
  • Getinge USA Sales, Meera Mobile Operating Table, Class II – Under certain conditions, an issue might prevent the device from performing as intended. A specific sequence of commands on the control unit activates the traction drive and triggers an unintended driving (autodrive) of max. 7 sec. may result in the following reasonably foreseeable injury or damage to the health of patients and/or users.
  • Virtual Radiologic, vRad PACS with Mammography, Class II – The error resulted in intermittent failure of current (primary) radiology study images not displaying to the interpreting teleradiologist.
  • CareFusion 303, BD Pyxis CII Safe ES, Class II – When global edit is used to update multiple formulary properties simultaneously, the following properties: 1) Require Lot Number on Recall, 2) Access Destruction Bin (Witness), 3) Add to Destruction Bin (Count/Empty), 4) CII Safe Stock Out Notice are, without user warning, overwritten to the value NO , which could result in diversion of controlled substances from the automated dispensing cabinet.
  • Greiner Bio-One North America, Vacuette Tube, Class II – Tubes have missing additive/anticoagulant resulting in clotting in most cases. A completely clotted sample would lead to no results being reported, which could lead to a delay in treatment or diagnosis. An erroneous glucose or lactose result from a partially clotted sample could lead to inappropriate treatment.
  • Abbott Diabetes Care, FreeStyle Libre 3 App, Class II – If using affected glucose monitoring app on Android 13 Operating System, extended periods of signal loss may be experienced, due to app not connected, which could impact ability to receive glucose reading/alarms, which could lead to undetected low or high glucose, which could result in delayed treatment: not taking insulin (for high glucose), or not taking glucose (for low glucose) when required.
  • Philips North America, Patient Information Center iX, Class II – Push notifications may fail to send to the user under certain conditions. This could potentially result in patient harm due to delay in detection of a change in patient condition.
  • Philips North America, Spectral CT 7500, Class II – Multiple software issues that affect device functionality.
  • Baxter Healthcare, XScribe CP Cardiac Stress Testing System, Class II – Potential distortion identified in electrocardiogram (ECG) readings when the Source Consistency Filter (SCF) is enabled.
  • Siemens Medical Solutions, Sensis Vibe Hemo, Class II – The possibility of the Sensis documentation functionality application to crash.
  • WOM World Of Medicine, Aquilex Fluid Control System, Class II – The display of inflow volume can reach its limit of 30,000 ml during long procedure and the inflow volume display will freeze at the maximum value while the deficit will start counting backwards until 0 ml is reached and may result in fluid overload.
  • Abbott Laboratories, Alinity ci-series System Control Module, Class II – There are potential performance issues found in the Alinity ci-series System software versions 3.4.0 and lower, including: 1) SCC Reagent load error during daily maintenance; 2) Sample Laboratory Report error; 3) Customer requests mechanism to prevent user error when creating new lots of value assigned Calibrators; 4) Error in processing tests after CCCintController encountered an error with the assay information downloaded from SCC; 5) The assay editor does not correctly check sample dilution total volume limits; 6) User-Applied Labels not adhering to Reagent Bottles; 7) ICT Module did not expire after warranty was exceeded. These performance issues could lead to erroneous results for multiple analytes.
  • Siemens Healthcare Diagnostics, epoc NXS Host Blood Analysis System, Class II – Siemens Healthcare Diagnostics has confirmed a potential issue that could occur under certain conditions, a software problem is causing erroneous results to be printed. When the results are run on the epoc NXS Host and Delete Blood Tests feature is enabled, the results that are generated at the time of testing are correct; however, when this issue occurs, results that are printed, saved and/or transferred to a data manager, may include unselected analytes that are from a previous patient or QC test. The worst possible outcome may result in a failure to diagnose hyperkalemia, due to an erroneous depressed potassium level or inappropriate treatment to hyperglycemia due to erroneous glucose reading.
  • Philips Customer Care Solutions, CT x-ray system, Class II – Three software issues affecting incorrect image display, error interpreting patient images due to image reporting, and patient exposure to incorrect image/function during clinical use.
  • Change Healthcare, Stratus Imaging PACS 1.4, Class II – Under certain circumstances, information from HL7 messages received by Stratus PACS/Imaging Share systems has been incorrectly associated with another patient’s study.
  • Auris Health, Monarch Platform, Class II – There is the potential that software issues may result in flipped image of the virtual Bronchoscope view.
  • Abiomed, Automated Impella Controller, Class II – Pump not detected as connected to controller due to software issue.
  • Leoni Cia Cable Systems, ORION System with software OSS, Class II – Users of the patient positioning system ORION System can be faced with a sudden short-term acceleration or with an unintended short-distance movement when the movements are again allowed after an unforeseen interruption signal of motion may result in a collision of the patient with another stationary component of the treatment room.
  • Medtronic Navigation, StealthStation S8 Application, Class II – Due to a software anomaly which potentially could result in the surgical planning data shifting to an unintended location.
  • Philips Ultrasound, Affiniti 70, Class II – There is the potential that diagnostic ultrasound systems operating with software version 10.0 may present a delayed image instead of a real time image.
  • Siemens Medical Solutions, Siemens Cios Alpha (VA30) mobile fluoroscopic C-arm X-ray System, Class II – Software issue for Cios Alpha, Cios Flow, and Cios Spin VA30 systems, fulfillment of new requirements from DIN and IEC standards for Cios VA30 systems required may result in patient misdiagnosis/repeat exposure.
  • GE Healthcare, Universal Viewer Workflow Manager, Class II – When using Universal Viewer or Centricity Universal Viewer with Workflow Manager (WFM), if a third-party reporting application is used to launch exams, it could display information on a different patient than WFM and the Viewer.
  • Olea Medical, Functional MR, Class II – When exporting regions of interest in DICOM SEGMENTATION format, when simultaneously exporting multiple volumes of interest, a functional magnetic resonance software bug may cause file contents and associated series descriptions to not match, which could lead to a misinterpretation of clinical data.
  • Mazor Robotics, MAZOR X robotic guidance system, Class II – The notice explained the anomalies to be corrected and the potential health hazards associated with the anomalies.
  • Beckman Coulter, DxI 9000 Access Immunoassay Analyzer, Class II – The firm has investigated and confirmed that when DxI 9000 is connected to Laboratory Information System (LIS, host), the sample barcode presented may be ignored and replaced with a sample ID that was previously in the same rack and position. This will cause a delay of result to the sample currently presented to the system (Sample B) and may result in an erroneous test result for the prior sample (Sample A), which gets associated with the results of sample B.
  • Medtronic Neuromodulation, Restore Clinician Programmer Application Software, Class II – The original version of the A71100 Restore Clinician Programmer Application has been identified to have a compatibility issue with some legacy clinician programmer software resulting in the programmer having an inability to establish communication with the implanted neurostimulators.
  • GE Medical Systems China, F2-01 Frame physiological patient monitor, Class II – here is a potential interruption of data communication between E-modules inserted in the F2-01 Frame and CARESCAPE ONE and CARESCAPE Canvas 1000 patient monitors if the F2-01 Frame has not been powered down within the last 120 days.
  • Philips North America, EarlyVue VS30 Vitals Monitor, Class II – A software issue prevents the monitor from alarming when the high/low acoustic respiration rate (RRa) limits are violated.
  • Exocad, exoplan version 3.1 Rijeka Software, Class II – A software library filtering error has been discovered which occurs when users are using the Step-by-Step Full Drill Protocol export functionality of exoplan 3.1 Rijeka. When a guided surgery treatment approach is selected, along with a Step-by-Step Full Drill Protocol export implant library, exoplan software does not filter out unsupported sleeve height positions for a particular sub-full drill protocol and instead shows ALL possible sleeve height positions for all sub-full drill protocols. The use of an improper sleeve height position in a surgical guide could result in patient injury.
  • Siemens Medical Solutions, ACUSON Redwood 2.0 ultrasound systems, Class II – If a user-generated preset for an 18L6 transducer created on a 1.0 ultrasound system is used with a 2.0 ultrasound system, the 2.0 ultrasound system will display underestimated measurement results when using an 18L6 transducer and viewing in the Dual format visualization function, which may lead to misdiagnosis of a patient’s condition or influence patient management decisions in a negative way.
  • Boston Scientific, EMBLEM MRI S-ICD Pulse Generator Model A219, Class II – There is a potential for a rare interaction between the EMBLEM S-ICD and LATITUDE communicator, which may cause S-ICD sensing disablement for a 24-hour interval.
  • Hamamatsu, NanoZoomer S360MD Slide scanner system, Class II – If the wrong barcode information is recorded in the NDPi file, a pathologist may refer to the whole slide image (WSI) of a different patient.
  • Beckman Coulter Biomedical, DxA Automation System, Class II – A software defect in the DxA Automation System may cause tests to be run on patient samples in tube types not compatible with the requested test, leading to erroneous patient results.
  • Becton Dickinson, BD Synapsys Informatics Solution, Class II – There is a risk of mis-association of patient demographic data for users who choose to report results manually when their Service Control Unit (SCU) is operating near capacity and are using save actions (Skip, Final Discard, Mark as Read, Save) to process patient results rapidly.
  • Staar Surgical, EVO+VISIAN Implantable Collamer Lens, Class II – There is a potential that intraocular implant devices may not meet specifications.
  • Boston Scientific, 3120 ZOOM LATITUDE Programmer/Recorder/Monitor, Class II – The software application on the Programmer/Recorder/Monitor (PRM) for Implantable Pulse Generators will display certain diagnostic dates incorrectly, with a year in the 1990s.
  • Medtronic Neuromodulation, SynchroMed II Model 8637-40 Programmable pump, Class II – Medtronic recently identified that if the SynchroMed II pump switches into telemetry mode due to electromagnetic interference (EMI) from an MRI scan, while the pump is sounding an alarm, the pump will not resume drug delivery after leaving the MRI magnetic field, which is inconsistent with the current labeling.
  • Siemens Healthcare Diagnostics, RAPIDPoint 500 Systems Measurement Cartridge, Class II – RAPIDPoint 500 Systems Measurement Cartridges (with lactate) has the potential to affect the Sodium (Na+) sensor to produce a negative bias that could result in serious injury due to a delayed diagnosis of hypernatremia or unnecessary intervention for hyponatremia and result in iatrogenic hypernatremia especially if the true sodium result is near the thresholds of severe alterations, as well as cause a Question Result —–? error flag for multiple electrolytes on patient samples and quality control that may cause a delay of diagnosis or treatment.
  • R. Bard, Sensica Urine Output System, Class II – BD (C.R. Bard) has received user complaints reporting that when the device was connected to WiFi/Internet, the time displayed on the Sensica device changed during a patient monitoring session which resulted in 1) incorrect time displayed on the monitoring screen, 2) incorrect hour block timestamps on the monitoring screen, 3) incorrect hour timestamps on data screens, and 4) incorrect catheter use time.
  • Ortho-Clinical Diagnostics, VITROS XT 7600 Integrated System, Class II – During planned monitoring of data post-release of Software Version 3.8.0 an increased occurrence of software issues relating to unresponsive subsystems, unresponsive user interface (sometimes referred to as a screen freeze), and/or printer disconnections was identified. The consequence of these issues would be a delay in reporting results due to the required system shutdowns to recover the system. This delay in reporting results could occur during any assay, including which the speed of the result is deemed critical or STAT and could result in a delay of treatment in a patient. Due to the release strategy of this software version, the user could not update the system but a field engineer had to manually install each affected system.
  • Elekta, Versa HD, Class II – Elekta has identified that if the microswitch within the middle arm is incorrectly setup, there is a potential for an uncontrolled extension of iViewGT / XVI detector arms. When the detector arm is fully deployed there is no risk of uncontrolled extension.
  • Siemens Healthcare Diagnostics, RAPIDPOINT 500 Blood Gas System, Class II – There are potential drug interferences from Perhexiline Maleate or Atomoxetine Hydrochloride that may cause falsely elevated sodium results reported on the RAPIDPoint 500 and RAPIDPoint 500e Blood Gas Systems. The erroneous sodium levels with positive bias may lead to unrecognized hyponatremia and/or the inappropriate treatment of hypernatremia may lead to iatrogenic hyponatremia, resulted in a delay in patient diagnosis and optimal patient management.
  • Convergent Dental, Solea Models 2.0 and 3.0 Laser Surgical Instrument, Class II – It has been found that potential unintended laser activation can occur without foot pedal depression.
  • Philips North America, Spectral CT on Rails, Class II – This recall is part of a 2-issue recall for the same system. When using the IVC needle position button, on the IVC control box during a series of scans, the plan box may not move to the desired needle position. This issue could result in the gantry moving to a location the operator does not expect. If this occurs, it presents a risk that the scan could occur at an incorrect location, or that the unintended motion of the gantry could cause a collision with the user or needle. The other part of the recall involves a software crash when the CCT foot pedal is activated (as described in RES ID93363).
  • Philips Customer Care Solutions Center, Big Bore RT with software version, Class II – or oncology users: If the user performed off-set reconstruction on CT device a shift could be observed on the contouring area of the primary and secondary images sets when using image fusion (on TPS) and incorrect coordinates may be sent to TPS system when using absolute patient marking. This may lead to incorrect radiation therapy planning and possible growth or spread of cancer due to incorrect early treatment regimen. For radiology users: If the user performed off-set reconstruction on CT devices, after multiple acquisitions, the Relate Position could be inaccurate. This could lead to incorrect diagnosis and treatment.
  • Smiths Medical ASD, Medfusion Syringe Pump, Class II – A force sensor in the occlusion detector may drift out of calibration leading to increased occlusion detection times, false occlusion alarms, or a System Failure Alarm. If the force sensor calibration shift is large enough, the pump will display a System Failure Alarm (including Force Sensor BGND Test, Force Sensor Bridge Test, or Force Sensor Test). However, if the calibration shift is not large enough to trigger a System Failure Alarm, the threshold to detect an occlusion may increase, increasing the time to occlusion detection, or the threshold may decrease, leading to false occlusion alarms. Although shifts in the force sensor calibration may occur over time with any device, an increased potential for such shifts has been reported in devices produced before April 2022 due to mechanical interference between parts of the plunger head assembly. Out of an abundance of caution, we are notifying all customers of this potential issue.
  • Baxter Healthcare Corporation, Epiphany Cardio Server E3 ECG Management System Servers, Class II – Epiphany is issuing an Urgent Medical Device Correction for the Cardio Server E3 ECG Management System software listed below due to a report of the caliper tool becoming non-responsive, preventing the caliper function from being used temporarily on software versions v6.1.x, v6.2.x, and v7.0.x of the E3 user interface.
  • Philips North America, Patient Information Center iX with Software, Class II – Surveillance Crash Caused by Intel Graphics Driver Error-with a blank screen and subsequently require a manual reboot of the hardware to restart and continue central patient monitoring. Potential for a delay in the detection of a change or deterioration in the condition of one or more patients.
  • Instrumentation Laboratory, ACL TOP Family 50 Series Models, Class II – Sample misidentification could occur under specific conditions and patient management altered based on an incorrectly assigned result.
  • PTW-FREIBURG, BeamAdjust software, Class II – Generated calibration file will not be correct in case of a relative calibration of an OCTAVIUS Detector 1000 or OCTAVIUS Detector 1600, if a Tiff file or a DICOM data set is used as reference matrix. Therefore, the measurement result will be incorrect by using such a calibration file.
  • Datascope, Cardiosave Hybrid Intra-Aortic Balloon Pumps, Class II – Users were experiencing a failure in the IAB Fiber Optic Sensor input on the IABP when inserting the Intra-Aortic Balloon Fiber Optic connector.
  • Philips Medical Systems Nederland, Wireless Foot Switch, Class II – Loss of availability of the wireless foot switch during procedures.
  • Siemens Healthcare Diagnostics, epoc BGEM Crea Test Card with epoc Host SW, Class II – There is potential for discrepant high glucose results in samples with glucose results on the lower end of the reportable range.
  • Skytron, GS70 Salus Surgical Table, Class II – When the control of the operating table was used in Bluetooth mode, the operating table continued moving even after releasing the button on the control. Originally, the root cause was thought to be confined to Bluetooth/wireless communications between the control pendant and the surgical table. However, during investigation, Mizuho discovered that the failure could be replicated even in wired mode if communication between the pendant and table were somehow interrupted. The root cause appears to be: if communication between the controller and table is interrupted while a button is pressed, the table does not know if/when a button is released. This occurs in wireless or wired mode.
  • Raysearch Laboratories, RayCare software, Class II – An issue was found in Software RayCare 5A, 5B, 6A, including service packs, where an allergy warning against medication substance (drug ingredient) will not be displayed as expected under certain circumstances.
  • Stryker, SurgiCount+ Software Application, Class II – Potential for current software to miscount when scanning in multiple sponge-products from the same unique sponge-pack type.
  • Philips North America, MR 7700 Magnetic Resonance (MR) system, Class II – The system operator is able to bypass the SmokeDetector Interlock system locking mechanism after a smoke detection by power cycling the system.
  • Abiomed, Impella Connect, Class II – The following features have been disabled from the web-based portal because the FDA has not evaluated these features for safety and effectiveness: Notifications via email feature; AIC alarm color on case tile feature; Sort case tiles by AIC alarm color feature; Pump metric display on case tile feature.

 

Regulatory Considerations for Prescription Drug Use-Related Software

The FDA issued in September 2023 this draft guidance – Regulatory Considerations for Prescription Drug Use-Related Software. This guidance describes how the FDA intends to apply its drug labeling authorities to certain software outputs that are disseminated by or on behalf of a drug sponsor for use with a prescription drug or a prescription drug-led, drug-device combination product.

https://www.fda.gov/media/172165/download

 

Deep flaws in FDA oversight of medical devices — and patient harm — exposed in lawsuits and records

KFF Health News has investigated various medical devices’ malfunctions. The investigation has found that most medical devices, including many implants, are now cleared for sale by the FDA without tests for safety or effectiveness. Instead, manufacturers must simply show they have “substantial equivalence” to a product already in the marketplace — an approval process some experts view as vastly overused and fraught with risks.

An example given is the Medtronic insulin pumps. The pumps allegedly dispensed too much, or too little, insulin have been blamed for contributing to at least a dozen patient deaths, according to lawsuits filed since 2019. Some cases have been settled under confidential terms, while others are pending or have been dismissed.

 

Using Artificial Intelligence & Machine Learning in the Development of Drug & Biological Products

The FDA has issued a discussion paper on Using Artificial Intelligence & Machine Learning in the Development of Drug & Biological Products. This discussion paper will serve as a basis for future guidances.

https://www.fda.gov/media/167973/download

 

India Enacts New Privacy Law: The Digital Personal Data Protection Act

In August, India enacted its new privacy law—the Digital Personal Data Protection Act, 2023 (DPDP Act). Once in effect, the DPDP Act will replace the relevant provisions of the Information Technology Act, 2000, Information Technology (Amendment) Act, 2008, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

 

Cybersecurity in Medical Devices: Refuse to Accept Policy for Cyber Devices and Related Systems Under Section 524B of the FD&C Act

The FDA/CDRH released on 30/3/23 the Refuse to Accept Policy for Cyber Devices and Related Systems Under Section 524B of the FD&C Act. The guidance is part of the 2023 Omnibus budget bill which amended the Federal Food, Drug and Cosmetic Act (FDCA) by adding section 524B, Ensuring Cybersecurity of Devices. The guidance outlines the recent statutory requirements relating to cybersecurity assurances that must be included in device submissions.

  • Under section 524B, sponsors making a submission or application of devices that meet the definition of a “cyber device” must now undergo the following steps to ensure that the device meets cybersecurity requirements:
  • Submit a plan to monitor, identify and address postmarket cybersecurity vulnerabilities and exploits including coordinated vulnerability disclosure and related procedures.
  • Design, develop and maintain processes and procedures to provide a reasonable assurance that the device and related systems are cybersecure, and make available postmarket updates and patches to address device vulnerabilities.
  • Provide a software bill of materials (SBOM), including commercial, open-source and off-the-shelf software components.
  • Comply with any other cybersecurity requirements the Secretary may mandate through regulation.

The guidance define a “cyber device” as one that includes: software validated, installed, or authorized by the sponsor as a device, or in a device that has the ability to connect to the internet and contains any technological characteristics that could be vulnerable to cybersecurity threats.

In order to provide a transition period, the FDA intends not to refuse to accept (RTA) premarket submissions for cyber devices that do not comply with section 524B until October 1, 2023.

https://www.fda.gov/media/166614/download

 

Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions

The FDA released on 27 September the anticipated guidance on cybersecurity – Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions. This release of this guidance was expected and did not disappoint in its content. It is similar to the draft guidance released in 2022. As such, in all submissions since June, the FDA has been giving deficiencies in cybersecurity, even though the guidance was not yet released. The deficiencies were based on the draft version and required remediation.

Examples of the deficiencies include the following:

  • Provide a threat modeling using a threat modeling methodology
  • Provide a cybersecurity risk assessment (i.e., CVSS, IEEE 11073-40101-2020, NIST SP 800-30)
  • How the device detects, monitors, logs, and/or alerts users of security compromise
  • Provide a reasonable assurance that the device and related systems are cybersecure
  • Describe the end-to-end process for delivering updates to the device
  • Describe the end-to-end process for deploying updates from the cloud environment including any risks identified and mitigations implemented
  • Provide a SBOM
  • Provide security testing, including, but may not be limited to, requirement verification testing, static and dynamic code analysis, malformed input (fuzz) testing, vulnerability scanning, and penetration testing
  • Provide a plan to monitor, identify, and address, as appropriate, in a reasonable time, postmarket cybersecurity vulnerabilities and exploits, including coordinated vulnerability disclosure and related procedures
  • Provide cybersecurity labeling for the user

https://www.fda.gov/media/119933/download

 

Content of Premarket Submissions for Device Software Functions

The FDA has finally released the Content of Premarket Submissions for Device Software Functions guidance on 14/6/23. This guidance covers:

  • firmware and other means for software-based control of medical devices
  • stand-alone software applications
  • software intended to be operated on general-purpose computing platforms
  • dedicated hardware/software medical devices
  • accessories to medical devices when those accessories contain or are composed of software

The guidance applies to the following submissions of software (either as part of a device or as the device):

  • Premarket Notification (510(k))
  • De Novo Classification Request
  • Premarket Approval Application (PMA)
  • Investigational Device Exemption (IDE)
  • Humanitarian Device Exemption (HDE)
  • Biologics License Application (BLA)

The level of documentation is based on the device’s intended use and does away with the Level of Concern (LOC). There are two levels of documentation:

  • Basic Documentation
  • Enhanced Documentation

According to the guidance, Enhanced Documentation should be provided for any premarket submission that includes device software functions, where any of the following factors apply:

  • The device is a constituent part of a combination product.
  • The device (a) is intended to test blood donations for transfusion-transmitted infections; or (b) is used to determine donor and recipient compatibility or (c) is a Blood Establishment Computer Software.
  • The device is classified as class III.
  • A failure or latent flaw of the device software function(s) could present a probable risk of death or serious injury, either to a patient, user of the device, or others in the environment of use. These risk(s) should be assessed prior to implementation of risk control measures.

If the device does not meet the criteria for Enhanced Documentation, then it should be submitted as Basic Documentation.

https://www.fda.gov/media/153781/download?attachment

 

FDA Recognized Consensus Standards

The following are some of the consensus standards recognized by the FDA in 2023:

  • NEMA PS 3.1 – 3.20 2023e Digital Imaging and Communications in Medicine (DICOM) Set
  • ISO IEC IEEE  29119-1 Second edition 2022-01, Software and systems engineering – Software testing – Part 1: General concepts
  • ANSI AAMI  2700-2-1:2022, Medical devices and medical systems – Essential safety and performance requirements for equipment comprising the patient-centric integrated clinical environment (ICE): Part 2-1: Particular requirements for forensic data logging
  • ANSI AAMI  SW96:2023, Standard for medical device security – Security risk management for device manufacturers

 

Congressional Watchdog Will Launch Inquiry Into FDA Oversight of Medical Device Recalls

It was reported that Congressional investigators are launching an inquiry into the FDA’s oversight of medical device recalls for the first time in years following reports that the agency failed to issue warnings about breathing machines capable of sending hazardous particles and fumes into the lungs of patients.

 

FDA’s Proposed Rule Regarding Laboratory Developed Test

FDA is proposing to amend its regulations to make explicit that IVDs are devices under the FD&C Act including when the manufacturer of the IVD is a laboratory. This amendment would reflect that the device definition in the FD&C Act does not differentiate between entities manufacturing the device, and would provide further clarity, including for stakeholders affected by the accompanying changes to FDA’s general enforcement discretion approach for LDTs. This has a major impact on

 

Assessing the Credibility of Computational Modeling and Simulation in Medical Device Submissions

The FDA issued on 17 November 2023 its final guidance – Assessing the Credibility of Computational Modeling and Simulation in Medical Device Submissions. The guidance gives the FDA’s recommendations on a risk-informed framework for credibility assessment of computational modeling and simulation (CM&S) used in medical device regulatory submissions.

https://www.fda.gov/media/154985/download

 

Enforcement Policy for Non-Invasive Remote Monitoring Devices Used to Support Patient Monitoring

The FDA issued on 19 October 2023 its final guidance – Enforcement Policy for Non-Invasive Remote Monitoring Devices Used to Support Patient Monitoring. Non-invasive remote monitoring devices are used to acquire patient physiological data without the need for in-clinic visits and facilitate patient management by healthcare providers while reducing the need for in-office or in-hospital services. The policy set forth in this guidance was initially intended to facilitate patient monitoring while reducing patient and healthcare provider contact and exposure to COVID-19 by helping to expand the availability and capability of noninvasive remote monitoring devices during the COVID-19 pandemic. It was noted that at this time, based on the current understanding of the risks of these devices, the FDA does not intend to object to limited modifications to the indications, functionality, or hardware or software of certain non-invasive remote monitoring devices that are used to support patient monitoring without prior submission of a premarket notification where such submission would be required when the modification does not create undue risk and does not directly affect the physiological parameter measurement algorithm.

https://www.fda.gov/media/136290/download

 

Off-The-Shelf Software Use in Medical Devices

The FDA issued on 11 August 2023 its updated guidance – Off-The-Shelf Software Use in Medical Devices. This guidance enhances the previous version with additional information on OTS software required for the submission. There are additional considerations listed for OTS software concerning:

  • maintenance and obsolescence
  • operating systems, drivers and utilities
  • LANs and other networks
  • Innovative technologies

https://www.fda.gov/media/71794/download

 

Technical Considerations for Medical Devices with Physiologic Closed-Loop Control Technology

The FDA issued on 29 September 2023 the final guidance – Technical Considerations for Medical Devices with Physiologic Closed-Loop Control Technology. A physiologic closed-loop controlled (PCLC) device is a system consisting of sensors, actuators, and control algorithms that adjusts or maintains a physiologic variable through automatic adjustments to delivery or removal of energy or article (e.g., drugs or liquid or gas regulated as a medical device) using feedback from a physiologic-measuring sensor(s).

https://www.fda.gov/media/154994/download

 

Use of Real-World Evidence to Support Regulatory Decision-Making for Medical Devices

The FDA issued on 19 December 2023 the draft guidance – Use of Real-World Evidence to Support Regulatory Decision-Making for Medical Devices. The purpose of this draft guidance is to clarify how the FDA evaluates real-world data to determine whether they are of sufficient quality for generating real-world evidence that can be used in FDA regulatory decision-making for medical devices. This draft guidance also provides expanded recommendations to sponsors considering using real-world evidence to support a regulatory submission for medical devices.

https://www.fda.gov/media/174819/download

 

Using Artificial Intelligence & Machine Learning in the Development of Drug & Biological Products

The FDA has published this discussion paper – Using Artificial Intelligence & Machine Learning in the Development of Drug & Biological Products. The FDA has published this document in order to facilitate a discussion with stakeholders on the use of artificial intelligence (AI) and machine learning (ML) in drug development, including in the development of medical devices intended to be used with drugs, to help inform the regulatory landscape in this area.

https://www.fda.gov/media/167973/download

 

Electronic Submission Template for Medical Device 510(k) Submissions

On 19 October 2023, the FDA issued its final guidance – Electronic Submission Template for Medical Device 510(k) Submissions. This document provides guidance on the FDA’s interpretation of the statutory requirement for electronic submissions solely in electronic format.

https://www.fda.gov/media/152429/download

 

Electronic Submission Template for Medical Device De Novo Requests

On 29 September 2023, the FDA issued the draft guidance – Electronic Submission Template for Medical Device De Novo Requests.

https://www.fda.gov/media/172450/download

 

A-List: Prioritized Guidance Documents that CDRH Intends to Publish in FY2024

Final Guidance Topics

  • Marketing Submission Recommendations for A Predetermined Change Control Plan for Artificial Intelligence/Machine Learning (AI/ML)-Enabled Device Software Functions

Draft Guidance Topics

  • Artificial Intelligence/Machine Learning (AI/ML)-enabled Device Software Functions: Lifecycle Management Considerations and Premarket Submission Recommendations
  • Select Updates for Premarket Cybersecurity Guidance: Cyber Devices
  • Use of Real-World Evidence to Support Regulatory Decision-Making for Medical Devices (revision)
  • Pulse Oximeters – Assessing Clinical and Scientific Evidence (revision)
  • Predetermined Change Control Plans for Medical Devices
  • Factors FDA Intends to Consider in Issuing an Enforcement Policy for Unapproved Tests Under a Declaration Under Section 564
  • Basic Safety and Essential Performance of Medical Electrical Equipment, Medical Electrical Systems, and Laboratory Medical Equipment – Standards Specific Information for the Accreditation Scheme for Conformity Assessment (ASCA) Program (revision)
  • Patient Preference Information – Voluntary Submission, Review in Premarket Approval Applications, Humanitarian Device Exemption Applications, and De Novo Requests, and Inclusion in Decision Summaries and Device Labeling (revision)

 

B-List: Guidance Documents that CDRH Intends to Publish, as Guidance Development Resources Permit, in FY2024

Final Guidance Topics

  • Computer Software Assurance for Production and Quality System Software

Draft Guidance Topics

  • 3D Printing Medical Devices at the Point of Care

 

MDCG 2023-4 – Medical Device Software (MDSW) – Hardware combinations Guidance on MDSW intended to work in combination with hardware or hardware components

The Medical Device Coordination Group (MDCG) issued on 18 October 2023 the guidance – MDCG 2023-4 – Medical Device Software (MDSW) – Hardware combinations Guidance on MDSW intended to work in combination with hardware or hardware components. This guidance provides examples and clarifications on which requirements apply when hardware or hardware components incorporate and collect data, which serves as input for the software.

https://health.ec.europa.eu/system/files/2023-10/md_mdcg_2023-4_software_en.pdf

 

 How Frequently Can you Release Medical Device Software?

We have been asked numerous times by our clients: “How frequently can we release our medical-device software?” Usually, the person asking is a software-engineer who has used agile in another field and is used to frequent rapid releases.

The short answer is: You can release software updates as frequently as you want so long as:

  • The changes don’t require regulatory submissions
  • You can produce all of the necessary design change documentation.

In practice, we’ve seen software development firms who can release updates as quickly as every two weeks. Usually, however, monthly or quarterly releases are more realistic.

If you need more information on this, please contact us.

 

IEC 62304 Update

There is work in reconvening the committee but this is a slow process. We’ll keep you informed if anything happens.

 

Tools to Investigate

We are recommending the use of various tools in order to make the FDA/CE happy and, at the same time, improve the quality of the software. These tools include (but definitely not limited to):

  • Defect management
  • Code control
  • Static code analysis
  • Dynamic code analysis
  • Unit and integration testing
  • Continuous integration
  • Penetration testing
  • Functional safety
  • SBOM

When choosing the tools, check the local support. Even though everyone offers Internet support, nothing beats having the support done locally by someone who has the experience and speaks your language. For further information concerning the tools, please feel free to contact us and we’ll refer you to the tool vendors with the tools you need.

Various tools to think about (they cost a little money but will save much more):

  • Static Code Analysis – Parasoft, Coverity, Polyspace, SonarQube, Axivion, PQRA, Klocwork, Grammatech, LDRA, IAR C-STAT
  • SBOM – Merge Base, FOSSA, SonaType, Insignary, Snyk
  • Defect management – Jira, Asana, Azure DevOps
  • Unit & integration testing – Cantata
  • Safe embedded operating systems – Seggar RTOS

If you need more information on the tools and where to purchase them (with support), please contact us.

 

Summary

There are many ways to screw up your software in the medical device whether it is embedded in dedicated hardware (also known as SiMD – Software in a Medical Device) or stand-alone health software (also known as SaMD – Software as a Medical Device). It doesn’t take too much talent to do this (as we all know) and companies are doing it daily. Many companies mess up royally and don’t know how to get out of the mess. In many cases, they don’t even know that they are in deep trouble until the recall is issued.

You can work properly without breaking the bank. There are many ways to handle the software development/maintenance life cycle and the software validation.

If there are any questions or requests, please feel free to contact us.

Mike

Download the Full Update
Back To Top
Search