Software in Medical Devices – Update for Q1/Q2 2024 The past year, as in previous…

Software in Medical Devices – Update for Q3/Q4 2024
Software in Medical Devices – Update for Q3/Q4 2024
The past year, as in previous years, life has not been easy for many reasons. According to an EY report, equity investment in medical device companies fell to its lowest point in seven years, declining 27% to $13.8 billion.
We have finally seen the FDA moving forward with new standards. The MDR/IVDR is still happening but is moving slowly. There is a major backup in getting to the notified body.
This is a continuation of the software updates I have been sending out. Please check out all the references for download and/or purchase. If you have any questions, please contact us.
Software is everywhere in medical devices and IVDs. The FDA and CE are becoming more pedantic in how they review and relate to software. The number of companies getting into the field is growing and the amount of software being developed for medical devices is exceptionally large (especially the number of companies involved with AI/ML).
There is an emphasis on “digital health” where the FDA is fast-tracking many devices (even though it is only software, it is still a medical device). Just because it is software only, doesn’t mean that you are free from all the regulations. This includes a quality management system, risk analysis, etc.
The FDA has finally gotten over the cybersecurity “overkill” when reviewing the submission. The FDA has gone back to giving out deficiencies in the software aspects of the submission (even when not warranted).
Software Recalls Q3-Q4/2024
We have been following the recalls and there are a growing number of recalls listed where software played a role in the recall. It is interesting to note that software has been the leading cause of recalls in the FDA for the past 15 years. This trend does not look like it will change.
The following are additional examples of recalls involving software directly as listed on the FDA website, including Israeli developed software. There may be more but classified not under software. There are a large number of class I recalls after patients were severely injured. The descriptions given for the recall are taken from the FDA database. For further details on the recalls, you can check them out on the FDA’s recall database.
Please note that the content for each recall is taken from the FDA database and is not our content.
- Baxter Healthcare Corporation, Welch Allyn Life2000 Ventilation System, Class I – The Life2000 ventilator may fail to initiate the Low Gas Pressure alarm if the pressure gas source (Life2000 compressor, oxygen cylinder or wall source) is not supplied to the ventilator before initiating therapy.
- Securitas Healthcare, Arial Server Software, Class I – Certain software versions will not notify end users of calls initiated by call points with the Arial Emergency and Nurse Call System.
- Nova Biomedical Corporation, StatStrip Glucose Hospital Meter System, Class I – A software bug within the Gen 2 StatStrip Hospital Meter firmware leads to transmission of erroneous glucose patient test results to a healthcare institution’s data management system (DMS) at healthcare sites using WiFi if a user navigates to the Review Results screen while the meter is in the process of transmitting the current glucose test result to the DMS. The risk of this software defect is erroneously high or low glucose results being documented in a patient’s medical record, which may lead to incorrect treatment.
- Fresenius Kabi USA, Ivenix Infusion System (IIS), Class I – The software has anomalies that have the potential to cause alarms, nonfunctioning pump, or unresponsive screen while continuing therapy. These could cause serious patient harm or death.
- Datascope, Cardiosave Rescue Intra-Aortic Balloon Pump, Class I – Firm has developed a software correction (Revision D.01) for outside the US to mitigate product problems that pose a risk of hemodynamic instability and failure of transmission of clinical data in Cardiosave Hybrid and Cardiosave Rescue Intra-Aortic Balloon Pump devices.
- Braemar Manufacturing, Monitoring Service Application, Class I – Not all Electrocardiogram (ECG) events received July 2022-July 2024 were not properly routed and subsequently reviewed due to an analysis step being disabled with the monitoring service application software.
- Securitas Healthcare, Arial Server Software, Class II – Certain software versions will not notify end users of calls initiated by call points with the Arial Emergency and Nurse Call System.
- Shimadzu Corporation Medical Systems Division, Trinias unity, Digital Angiography System with Catheterization Table, Class II – If digital angiography system is used with a specific catheterization table and the operator directs simultaneous movement of the table and the C-arm using direct memory, then direct memory button is released, the table may continue to move, which the operator can stop by pressing the stop button.
- GE Healthcare, Centricity Universal Viewer Zero Footprint Client, Class II – Footprint Client (ZFP) versions v6.0 SP9.x and SP10.x where the latest addended report is not shown by default to the user. The issue occurs when the addendum is created on the same day as the original report but at a different time, and only when launched on the following browsers: Internet Explorer 10, Internet Explorer 11 and Firefox.
- Ortho-Clinical Diagnostics, VITROS Immunodiagnostic, Class II – It was confirmed that fibrinogen in patient plasma samples precipitates out of solution upon the addition of folate stabilizer reagent as part of the pre-treatment process causing the increase in “TM5-4MB” condition codes which lead to a delay of results.
- Echonous, Kosmos on iOS impacting iOS, Class II – Ultrasound system has a bug in affected iOS software, which after DICOM export, can cause inaccuracy in postprocessed measurements done in 3rd party software, such as PACS or other post-processing software, which may lead to inaccurate diagnoses or treatment.
- 3M Company – Health Care Business, Clarity Precision Grip Attachments, Class II – Attachments may not mate with the tooth as intended in the digital treatment design.
- LivaNova Deutschland, Essenz HLM, Class II – Heart-Lung Machine GUI touchscreen may go dark for 10-15 seconds, safety/performance functions remain operational before reset, control maintained through backup control panel, but second reset may occur, may lead to gas blender standby, then gas blender must be reactivated using user interface on blender, sensors deactivated until new case started; GUI reset can lead to Hypoxia and Hypoperfusion.
- Shimadzu Corporation Medical Systems Division, SONIALVISION G4 is a multi-purpose X-ray R/F system, Class II – X-ray R/F system software with certain versions of the control board may occasionally fail to display images when switching from Fluoroscopy mode to Radiography mode, which may lead to the possibility of delay or cancellation of the examination.
- Becton, Dickinson and Company, FACSDuet Premium Sample Preparation System, Class II – Sample preparation system with software may cause: 1) Multidispense feature enabled with 2-tube assay: Specimen volume dispensed into tube1 at least 3% higher than volume in tube2, or 2) Absolute counts calculated using Trucount Tubes: increased volume in tube1 may result in 20% higher absolute counts in tube 1 than tube 2; could result in additional blood collection, delayed results/patient therapy.
- Fisher & Paykel Healthcare, PT301US Airvo 3 Respiratory Support Device, Class II – Due to a software issue, affected devices that are set up with High Pressure Oxygen (HPO), if the flow alignment alarm occurs, the device will deliver room air only. If this happens, a patient my experience oxygen desaturation that could lead to hypoxia.
- Medtronic Neuromodulation, Medtronic Handset with Communicator, Class II – A subset of the handsets within the kit may not be able to complete the pairing process with the communicator upon initial setup.
- CareFusion 303, MedStation ES, Class II – If automated dispensing cabinets have specific software versions, and Component Manager was configured to “installed mode”, and software patch KB 5033688 was installed in the production environment, then this will lead to an error that prevents the user from accessing the dispensing software application, which may delay accessing medication.
- Mint Medical, mint Lesion, Class II – Some software versions have a malfunction where they may show incorrect orientation labels for a specific subset of DICOM images.
- Siemens Healthcare Diagnostics, epoch NXS Host, Class II – Siemens Healthcare Diagnostics is recalling their epoch Blood Analysis System because of a software malfunction that occurs when specific criteria are met that can result in the incorrect patient name being assigned to a blood measurement by the device if the user of the device does not ensure verification of the correct patient name. The software malfunction has the potential to impact patient safety via misdiagnosis and/or mistreatment by a clinician if the wrong patient information is saved with the test result from the subject device.
- Micro-X, MICRO-X Rover Mobile X-ray System, Class II – Shots were terminated by the mAs integrator; however, the 4 ms exposure time did not allow enough tolerance to achieve diagnostic exposures due to variations in hardware and how different timers are started.
- CareFusion 303, BD Pyxis MedStation ES 7 Drawer Auxiliary Tower, Class II – Due to a software issue, automated dispensing cabinet devices may open the wrong cubie pocket or position, which can lead to: 1) Unintended and incorrect medication removal, or 2) Potential for a different medication (medication pulled in error) to be refilled/loaded, which may lead to may lead to low inventory or a stockout.
- Siemens Healthcare Diagnostics, Atellica CI Analyzer, Class II – Potential that the IMT Diluent volume remaining (% remaining) does not decrease as expected on the Atellica CI Analyzer, potentially leading to the IMT Diluent being empty while still displaying that volume is remaining. In this case Sodium (Na), Potassium (K) and Chloride (Cl) test results may be falsely elevated. Quality Control materials demonstrate the same behavior.
- Becton Dickinson & Co, BACTEC 9240 System, Class II – BD confirmed that product service credentials used by some BD technical support teams to access certain BD products were accessed by an unauthorized actor. Until these product service credentials are updated, there is a risk of unauthorized access that may impact the confidentiality, integrity and/or availability of the relevant products and associated data.
- Philips Medical Systems Technologies, Vue PACS Diagnostic Viewer with Vue PACS client, Class II – A software issue affecting Philips Vue PACS may cause incorrect ischemic map and table value calculations when using the export function in the Perfusion Application for a Siemens CT perfusion study, resulting in misdiagnosis due to incorrect ischemic map and table values.
- Topcon Medical Systems, IMAGEnet 6 Ophthalmic Data System, Class II – The overlay of visual field test locations on a probability map, as presented in IMAGEnet 6 in the so-called “Hood Report”, is not appropriate as it can imply a structure/function correlation for which clinical evidence is not provided.
- Baxter Healthcare Corporation, Hillrom Welch Allyn Q-Stress Cardiac Stress Testing System, Class II – There is the potential for exam files being assigned duplicate Unique Identifiers (UIDs). If the system receiving the DICOM file (e.g., Picture Archiving and Communication System (PACS)) relies solely on the UID to accept exams, this could lead to a mismatch of the patients identification with their physiological data.
- Canon Medical System, Cartesion Prime Digital PET-CT, Class II – When PET-CT system is executing reconstruction, if PET acquisition for another patient is performed (or PET reconstruction for another patient is performed from raw data processing), PET reconstruction control processing may hang up and PET reconstruction may stop as a result, which may necessitate repeat PET/CT examinations.
- Medtronic Navigation, StealthStation S8, Class II – Due to two software anomalies that can occur within a spine procedure. Two issues are: 1. Navigation Orientation – when lateral orientation radiographic images are taken, information may appear flipped when utilizing the system (180 degree flipped). 2. Pop-up Message – when using CT+Fluouroscopy images with a slice spacing thickness greater than 2mm, the system does not display a pop-up message indicating the slice spacing is not optimal.
- Agfa Healthcare, Enterprise Imaging XERO Viewer, Class II – Software defect, when an image has non-square pixel spacing, the reference/localizer line is incorrectly placed on the scout image in the XERO Viewet, may display the incorrect crosshair/line position on the non-coplanar/scout image with respect to the axial slice location. Inaccurate placement of reference lines or crosshairs have potential risk of misdiagnosis or mistreatment due to unintended shifts in the display of anatomical locations.
- Philips North America, Patient Information Center iX, Class II – During extended operation of the MX40 with the PIC iX, the DHCP (Dynamic Host Configuration Protocol) lease can expire on the MX40. If the DHCP lease expires while the device is offline, upon reconnecting with the PIC iX, a new IP address will be assigned to the MX40. The PIC iX will not recognize the new IP address after reconnecting and therefore the expecting settings sync fails.
- Beckman Coulter, Dxl 9000 Access Immunoassay Analyzer, Class II – When the DxI 9000 Access Immunoassay Analyzer with system software version 1.16.2 and prior is configured to automatically request a calibration order, the instrument can process the order with expired calibrator material. If the calibration curve is generated with an expired calibration material lot, this may lead to a hazardous situation of erroneously high or low patient results reported to the physicians.
- BioFire Diagnostics, FILMARRAY Gastrointestinal (GI) Panel, Class II – The firm has identified an increased risk of obtaining false positive Cryptosporidium results from customers using the BIOFIRE FILMARRAY Gastrointestinal (GI) Panel.
- Hologic, Selenia Dimensions/ 3Dimensions-Digital breast tomosynthesis, Class II – Identified an issue with Selenia Dimensions 1.12.0 and 3Dimensions 2.3.0 system software when used in combination with C-View software in which the quality of the final C-View synthesized 2D image is impacted and may appear blurry and result in misdiagnosis with the possibility being a false negative diagnosis.
- Siemens Medical Solutions USA, ACUSON Maple 1.0 Diagnostic Ultrasound System, Class II – If ultrasound systems with software, are changed from factory default to : 1) Milliliters per second (ml/sec, mL/sec) or 2) Milliliters per minute (ml/min, mL/min); then systems will perform incorrect unit conversion of liters to milliliters using multiplier 100 instead of 1000, resulting values 10x smaller than actual, which could contribute misdiagnosis or negatively influence patient management.
- Hitachi America, PROBEAT, Class II – During positioning within the system’s 3D to 3D matching mode while transferring CBCT images, when the Float Image Selection button is pressed, it may display CBCT images that are insufficient in number.
- CareFusion 303, BD Pyxis QFill Replenishment Station, Class II – Due to software issue, there is a potential when a restock label is printed for a medication stored in a non-CUBIE location, the incorrect bin for the medication is printed on the label.
- Schiller, CARDIOVIT AT-180, Class II – Potential for high-frequency signal artifacts is recorded during an ECG acquisition performed by CARDIOVIT AT-180 electrocardiographs.
- Beckman Coulter, DxI 9000 Access Immunoassay Analyzer, Class II – When a DxI 9000 Access Immunoassay Analyzer is connected to a Laboratory Automation System (LAS) and is running with the system software versions 1.17.0 and below, the analyzer does not send a message to the LAS when the sample wheel is full, and the LAS continues sending samples despite the limited capacity to process new samples. Therefore, sample tests may be aliquoted but not processed when the number of tests associated with onboard patient samples exceeds the throughput limit. If this issue occurs test results are flagged with a sample wheel timeout (SWT) error flag, and there may be a delay in reporting test results which could lead to a delay in patient treatment.
- Beckman Coulter Mishima K.K., DxC 500 AU Clinical Chemistry Analyzer, Class II – Due to a software issues, after the instrument processes 250 racks cumulatively, any subsequent racks with samples requiring rerun/reflex will be held in the Sample Handler’s Buffer area and error code “9000” will be reported. This issue may cause a delay of results.
- Abbott Laboratories, Alinity hq Analyzer, Class II – 1) If Complete Blood Count with differential and reticulocyte(CBC+Diff+Retic) sample is run, then immediately following on same rack CBC+Diff sample is run, then falsely low red blood cell count may occur, generating falsely high Mean Cell Hemoglobin(MCH)/MCHC and falsely low hematocrit results. 2) Cell events may be incorrectly counted as basophil(BASO), resulting in increased BASO and %BASO counts.
- Boston Scientific Neuromodulation, WAVEWRITER ALPHA: Model: SC-1216, Class II – Spinal Cord Stimulation (SCS) Implantable Pulse Generator (IPG) may experience routine system check during IPG charging, which may cause device reset, which may lead to transient loss of stimulation; patients may experience undesired sensations when therapy turns off for approx. 10-15 seconds and then back on, which may lead patient to request surgical intervention for replacement or revision.
- Philips North America, IntelliVue Patient Monitor MX400, Class II – Philips lntelliVue Patient Monitors MX400/450/500/550 Shipped or Upgraded with Incorrect Software Options. Changes were made to reflect some options becoming standard capabilities for software-version N.x. In the process, the entitlements of software options MOS, M06, and M20 were removed for software versions L.x and M.x. As a result of these changes Patient Monitors manufactured with or updated to the latest versions of software L.x or M.x will not offer the capabilities> Mmonitors with software version K.x may experience this issue too, due to software version K being out of support and the devices being provided with L.x entitlements offered by software options MOS, M06, and M20. Potential for incorrect or delayed treatment for the patient.
- Medivance, Arctic Sun Temperature Management Systems, Class II – If temperature management system fails to reach correct target water temperature while device is operating in patient control mode, due to sudden patient temperature changes/interruption in water flow/blockage of air flow by an obstruction or dirty filter, then system may not alert, and alarm absence may lead to hypothermia or hyperthermia, so a software update will be released to correct issue.
- Siemens Medical Solutions USA, Sensis Vibe systems, Class II – If the Sensis documentation functionality is used during adding of once-per-study reporting events (e.g., Type 1 events, as further defined in the administrator manual), the possibility exists that the application could crash.
- Alcon Research, Surgical Image Guidance Functionality, Class II – After surgery initiation, while using surgical image guidance, if significant eye rotation/movement occurs, a software anomaly may cause re-establishment of incorrect new registration angle, range indicator will display incorrectly, which could result in incorrect placement of toric IOL axis, which could cause astigmatic error under/over correction resulting in decreased uncorrected visual acuity.
- Qiagen Sciences, QIAcube Connect MDx, Class II – Heater shaker module does not perform heating if the temperature is set below 40C for static incubation steps when running IVD protocol QIAamp DSP DNA Mini Kit (cat. no. 61304), Protocol: Isolation of genomic DNA from Gram-positive bacteria (Script filename: Kt_name_Bacteria (Gram+) or rY’east_Enzymatic Lysis_ V2) which could potentially cause delayed or erroneous results depending on the downstream assay.
- Abbott Medical, Abbott Liberta RC, Class II – Deep brain stimulation system will first turn off after approximately 50 days after the system is activated and subsequently, this same action will recur approximately every 50 days thereafter. This unexpected loss of stimulation may result in loss of therapy.
- Beckman Coulter, DxI 9000 Access Immunoassay Analyzer, Class II – Beckman Coulter is recalling their DxI 9000 Access Immunoassay Analyzers, an in vitro diagnostic device used for the quantitative, semi-quantitative, or qualitative determination of various analyte concentrations found in human body fluids, by correction. The reason for the recall is: Beckman Coulter has determined that the DxI 9000 Access Immunoassay analyzer accepts calibrator values scanned from multiple calibrator cards when an operator configures a new calibrator lot. The analyzer accepts the calibrator lot values from any scanned calibrator card, regardless of the assay test code or calibrator material lot number. The software is not validating the integrity of each calibrator barcode scanned to ensure they are all from the same calibrator card. This includes all software versions and all DxI 9000 instruments that are currently in the field. This issue does not impact calibrator material with 2D calibrator card barcodes. This may cause a failed calibration curve. The health risk to patients is dependent upon the analytes that could be impacted by the error, to include receiving delayed or erroneous results.
- Siemens AG/Siemens Healthcare, ARTIS, Class II – A potential issue with ARTIS icono systems equipped with a small detector and a corresponding collimator (model # 10843101) was identified. In very rare situations, the first x-ray release following patient registration may be performed with incorrect copper prefiltration. If the described issue occurs, the applied radiation dose rate may be higher than intended by the user.
- Aerin Medical, Aerin Medical VivAer Stylus, Class II – Some units in a single production lot were programmed incorrectly which will result in the VivAer Stylus being incorrectly recognized as RhinAer Stylus when connected to the Aerin Console.
- Medtronic Neuromodulation, SynchroMed II Model 8637 and SynchroMed III Model 8667 implantable pumps, Class II – Software issues were identified in application version 2.x.
- Angiodynamics, AURYON LASER SYSTEM, Class II – Potential for procedural delays or interruptions during use of the Auryon Atherectomy System due to the Auryon Atherectomy System not advancing to the Activation (Ready) mode.
- Abbott Medical, Merlin PCS 3650 programmer, Class II – Due to a programmer software anomaly, during finalizing of the leadless pacemaker system, a specific sequence of programmer actions combined with a loss of telemetry during a small window (<2 seconds) may cause the finalization step to fail. If this occurs, the Programmer displays a loss of telemetry detected window, and there is no pacing.
- Philips North America, Philips Smart-Hopping, Class II – The following four issues are included: 1. Certain Channel Settings may result in an Access Point preventing a connected client device from roaming to another Access Point potentially causing the client device to appear to drop out from the network. 2. if the Access Point experiences a disconnection from the Access Point Controller exceeding 4 minutes, the Access Point may not transition through the desired state to all for clean reconnection of the client radio link. 3. Potential to experience higher than expected data dropouts, device disassociations/reassociations for their wireless clients, and frequent “Loss of AP” alerts. 4. Potential for the Smart-hopping Access Point is affected by a software issue where the Access Point will resent after 82.85 days when the frame counter reaches its limit. This causes the latest synchronization check to fail and potential for loss of patient data.
- Philips North America, Spectral CT and Spectral CT Plus, Class II – Potential for a plan box not updated issue during Interventional procedure with Spectral CT that may lead to a collision with the operator or with the needle placed inside the patient, and an incorrect patient ID software issue that may lead to misdiagnosis.
- CHANGE HEALTHCARE CANADA, McKesson Cardiology Hemo, Class II – A potential issue has been identified in Change Healthcare Cardiology Hemo where incorrect data entry can lead to inaccurate hemodynamic calculations, potentially resulting in misdiagnosis and inappropriate treatment. This issue occurs when the unit of measurement (UOM) for hemoglobin is configured in a way that differs from the users understanding.
- Zyno Medical, Z-800 Infusion System, Class III – For the Z-800WF pumps, the WiFi software was not compatible with the pump software that had been loaded in accordance with ongoing correction Z-1183-2024.
- Abbott Medical, Merlin@home with the MerlinOnDemand capability Transmitter, Class III – Due to heart transmitter not being able to upgrade to the current software version in the field after experiencing a power interruption during a prior over-the-wire software download.
Clinical Decision Support Software Frequently Asked Questions (FAQs)
Clinical Decision Support (CDS) software are important tools in modern health care. While some CDS software has been excluded from the definition of a medical device by the 21st Century Cures Act (Cures Act), many software functions continue to meet the definition of a medical device and are the focus of the FDA regulatory oversight. Because a wide variety of software can be described as “decision support,” understanding the regulatory requirements that may apply to such software can be challenging. The FDA’s FAQs released are based on the final guidance, “Clinical Decision Support Software” from September 2022.
A-List: Prioritized Guidance Documents that CDRH Intends to Publish in FY2025
Final Guidance Topics
- Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions Guidance for Industry and Food and Drug Administration Staff
- Laboratory Developed Tests: Enforcement Discretion Policy Regarding Special Controls
- Marketing Submission Recommendations for a Predetermined Change Control Plan for Artificial Intelligence-Enabled Device Software Functions
- Use of Real-World Evidence to Support Regulatory Decision-Making for Medical Devices (revision)
Draft Guidance Topics
- Artificial Intelligence-Enabled Device Software Functions: Lifecycle Management Considerations and Pre-market Submission Recommendations
- Enforcement Discretion Policy for Certain Laboratory Developed Tests for Unmet Needs: Frequently Asked Question
B-List: Guidance Documents that CDRH Intends to Publish, as Guidance Development Resources Permit, in FY2024
Final Guidance Topics
- Computer Software Assurance for Production and Quality System Software
- Draft Guidance Topics
- Policy for Regulatory Status of Device Software Functions (revision of Policy for Device Software Functions and Mobile Medical Applications)
DOD Finalizes Cybersecurity Maturity Model Certification Program Requirements
The US Department of Defense (DOD) finalized a rule that takes the next steps toward fully implementing the Cybersecurity Maturity Model Certification (CMMC) 2.0 program in November 2024. This rule formalizes compliance requirements that will soon be a prerequisite for most contractors and subcontractors that wish to support defense contracts. Contracting officers will begin incorporating these compliance requirements once a new Defense Federal Acquisition Regulation Supplement (DFARS) clause is finalized next year.
The question here is when will the FDA follow suite?
FDA Recognized Consensus Standards
The following are some of the consensus standards recognized by the FDA in this second half of 2024:
- CVSS v4.0, Common Vulnerability Scoring System version 4.0
- ISO/IEEE 11073-10701 First Edition, Health informatics – Device interoperability Part 10701: Point-of-care medical device communication – Metric provisioning by participants in a Service-oriented Device Connectivity (SDC) system
- ISO/IEEE 11073-10701-2022, IEEE Standard for Health Informatics – Device Interoperability – Part 10701: Point-of-Care Medical Device Communication – Metric Provisioning by Participants in a Service-Oriented Device Connectivity (SDC) System
- NEMA, PS 3.1 – 3.20 2024e, Digital Imaging and Communications in Medicine (DICOM) Set
Marketing Submission Recommendations for a Predetermined Change Control Plan for Artificial Intelligence-Enabled Device Software Functions
FDA issued this guidance on December 4, 2024. This guidance is intended to provide a forward-thinking approach to promoting the development of safe and effective AI enabled devices.
Artificial Intelligence-Enabled Device Software Functions: Lifecycle Management and Marketing Submission Recommendations
FDA issued this draft guidance the beginning of 2025 for comments. This guidance provides recommendations on the contents of marketing submissions for devices 115 that include AI-enabled device software functions including documentation and information that 116 will support FDA’s review.
Data Normalization Challenges and Mitigations in Software Bill of Materials Processing
MITRE issued on 24 Oct 2024, this white paper. This white paper is directed at medical-device-sector stakeholders, discussing data normalization challenges and recommended mitigations for producing software bills of materials (SBOMs), ingesting SBOMs at scale, and related issues.
Digital Certificate Management for Medical Devices
This article was published in the Journal of Clinical Engineering on 12 Oct 2024. This article provides an introduction on the role of digital certificates to secure and manage access to medical devices, including potential issues and digital certificate management considerations.
Global Unique Device Identification Database (GUDID)
The FDA issued in December 2024 the GUDID guidance. This guidance provides the FDA’s recommendations on the information necessary for labelers submitting data to GUDID.
Select Updates for the Premarket Cybersecurity Guidance: Section 524B of the FD&C Act
The FDA issued this draft guidance on 13 March 2024. The Premarket Cybersecurity Guidance, in its current form, remains the FDA’s current thinking on this topic until this draft guidance is finalized. Only then will the finalized version of Section II of this draft guidance be added as Section VII of the Premarket Cybersecurity Guidance. The FDA intends to incorporate the updates proposed in this draft guidance into the Premarket Cybersecurity Guidance as one final guidance document after obtaining and considering public comment on these proposed select updates. The sections of the existing Premarket Cybersecurity Guidance that are unaffected by these proposed updates are not intended to be substantively changed, with the exception of technical edits for consistency.
Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions – Update
The guidance “Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions” was released 27 September 2023, and we have consistently received feedback from the FDA on submissions made.
The past few submissions have been smoother in the FDA review because we leaned how to present the information to the FDA. As the FDA continues to evolve in dealing with cybersecurity issues, we have to be responsive and give them when they request.
Examples of the deficiencies include the following:
- Provide threat modeling using a threat modeling methodology
- Provide a cybersecurity risk assessment (i.e., CVSS, IEEE 11073-40101-2020, NIST SP 800-30)
- How the device detects, monitors, logs, and/or alerts users of security compromise
- Provide a reasonable assurance that the device and related systems are cybersecure
- Describe the end-to-end process for delivering updates to the device
- Describe the end-to-end process for deploying updates from the cloud environment including any risks identified and mitigations implemented
- Provide a SBOM
- Provide security testing, including, but may not be limited to, requirement verification testing, static and dynamic code analysis, malformed input (fuzz) testing, vulnerability scanning, and penetration testing
- Provide a plan to monitor, identify, and address, as appropriate, in a reasonable time, post market cybersecurity vulnerabilities and exploits, including coordinated vulnerability disclosure and related procedures
- Provide cybersecurity labeling for the user
We are expecting the FDA to treat the cybersecurity as a known entity and to stop handing out deficiencies wholesale.
eSTAR Submissions
The FDA now requires all submissions to be submitted electronically using eSTAR. The software elements of the eSTAR are based on the Content of Premarket Submissions for Device Software Functions guidance. The cybersecurity elements of the eSTAR are based on the Quality System Considerations and Content of Premarket Submissions guidance.
Its important to understand the eSTAR template as documents attached to the wrong line will lead to a deficiency. We recommend having software experts prepare these sections and attachment.
How Frequently Can you Release Medical Device Software?
We have been asked numerous times by our clients: “How frequently can we release our medical-device software?” Usually, the person asking is a software-engineer who has used agile in another field and is used to frequent rapid releases.
The short answer is: You can release software updates as frequently as you want so as long as:
- The changes don’t require regulatory submissions
- You can produce all of the necessary design change documentation.
In practice, we’ve seen software development firms who can release updates as quickly as every two weeks. Usually, however, monthly or quarterly releases are more realistic.
If you need more information on this, please contact us.
IEC 62304 Update
There is work in reconvening the committee but this is a slow process. We’ll keep you informed if anything happens.
Tools to Investigate
We are recommending the use of various tools in order to make the FDA/CE happy and, at the same time, improve the quality of the software. These tools include (but definitely not limited to):
- Defect management
- Code control
- Static code analysis
- Dynamic code analysis
- Unit and integration testing
- Continuous integration
- Penetration testing
- Functional safety
- SBOM
When choosing the tools, check the local support. Even though everyone offers Internet support, nothing beats having the support done locally by someone who has the experience and speaks your language. For further information concerning the tools, please feel free to contact us and we’ll refer you to the tool vendors with the tools you need.
Various tools to think about (they cost a little money but will save much more):
- Static Code Analysis – Parasoft, Coverity, Polyspace, SonarQube, Axivion, PQRA, Klocwork, Grammatech, LDRA, IAR C-STAT
- SBOM – MergeBase, FOSSA, Sonatype, Insignary, Snyk
- Defect management – Jira, Asana, Azure DevOps
- Unit & integration testing – Cantata
- Safe embedded operating systems – Seggar RTOS
If you need more information on the tools and where to purchase them (with support), please contact us.
Summary
There are many ways to screw up your software in the medical device whether it is embedded in dedicated hardware (also known as SiMD – Software in a Medical Device) or stand-alone health software (also known as SaMD – Software as a Medical Device). It doesn’t take too much talent to do this (as we all know) and companies are doing it daily. Many companies mess up royally and don’t know how to get out of the mess. In many cases, they don’t even know that they are in deep trouble until the recall is issued.
You can work properly without breaking the bank. There are many ways to handle the software development/maintenance life cycle and the software validation.
If there are any questions or requests, please feel free to contact us.
Mike