by R K | Jun 5, 2017 | Life Science Software, Medical Devices
The FDA has announced that it is forming a digital health unit within the Center for Devices and Radiological Health (CDRH). The digital health unit will develop software and technical expertise to assist manufacturers with devices that incorporate digital health technologies, as well as assessing digital health improvements and monitoring and reporting on the digital health premarket review timelines. Digital health includes categories such as mobile health (mHealth), health information technology (IT), wearable devices, telehealth and telemedicine, and personalized medicine. The creation of this unit is part of the Medical Device User Fee Act (MDUFA). MDUFA is the program that authorizes FDA to collect user fees from medical device manufacturers in support of streamlining the regulatory approval process. Negotiations between FDA and the medical device industry regarding the fourth version of MDUFA are currently underway. As part of the negotiation process, FDA proposed to hire technical experts to staff the new digital health unit. In addition to MDUFA, the 21st Century Cures Act requires FDA to develop a framework for evaluating real world evidence. FDA envisions that the digital health unit will monitor and implement the use of real world evidence to support the regulatory approval process. FDA issued a draft guidance in July 2016, Use of Real-World Evidence to Support Regulatory Decision-Making for Medical Devices, that identifies how real world data will be evaluated to determine if it is sufficiently relevant and reliable enough to be used. While the FDA sees the digital health unit as a means of streamlining the regulatory approval process, it also recognizes it will require coordination with industry and other government agencies because digital health touches on... 
by R K | Mar 28, 2017 | Human Factors, Human Factors, IEC 62366
As medical devices become more complex, the FDA will continue to place greater emphasis on ways to improve safety and effectiveness before products are commercialized. One relatively recent method is Human Factors Engineering, also known as Usability Engineering, which is used to identify and mitigate use errors. Of course, this can place additional burdens on manufacturers to justify that their device has accounted for as many of these potential risks as possible. The list below, which is by no means exhaustive, is intended to point you in the right direction as you prepare for meeting FDA requirements for Human Factors Validation Testing. Human Factors should be considered throughout the design and development process, not just when you’re ready to go to market. Formative evaluations, such as focus groups and expert interviews, can and should be conducted throughout the design and development process. These studies usually consist of 5-8 people and can be conducted somewhat informally. Valuable information can be gleaned from formative evaluations, such as design improvements and identification of potential use errors that could be mitigated by making adjustments to the device interface. Additionally, the FDA and other notified bodies often want to see how your design has been influenced based on the results of these studies. Summative evaluations are the formal validation studies conducted for the final version of the device. These studies are your Human Factors Validation Testing that must follow the requirements of the FDA guidance, Applying Human Factors and Usability Engineering to Medical Devices, and the EU standard, IEC 62366-1: Medical devices – Part 1: Application of usability engineering to medical devices. These studies... 
by R K | Feb 21, 2017 | IEC 62304, Life Science Software, Risk Management
We are currently seeing significant technological advances in medical devices, hospital networks and patient care. As medical devices become increasingly interconnected via the Internet, hospital networks, other medical devices, and smartphones, there is an increased risk of exploitation of cybersecurity vulnerabilities, some of which could affect a device’s performance, functionality and safety to the patient. In recent years, researchers have demonstrated the potential threat of medical device and healthcare system hacking. They have been able to tamper with pacemakers, insulin pumps and other devices, which, if hacked, could cause serious harm, including death, to a patient. Recently, the FDA identified cybersecurity vulnerabilities in St. Jude Medical’s implantable cardiac devices and the corresponding Merlin@home Transmitter. These vulnerabilities, if exploited, could allow an unauthorized user, i.e., someone other than the patient’s physician, to remotely access a patient’s RF-enabled implanted cardiac device by altering the Merlin@home Transmitter. While no patients were harmed, this serves as a warning that similar devices containing configurable embedded computer systems can be vulnerable to cybersecurity intrusions and exploits, as well. To address these technological risks, in December 2016, the FDA finalized the guidance, “Postmarket Management of Cybersecurity in Medical Devices.” In reference to the guidance, Suzanne B. Schwartz, M.D., M.B.A., FDA’s Associate Director for Science and Strategic Partnerships, at the Center for Devices and Radiological Health stated that, “manufacturers should build in cybersecurity controls when they design and develop the device to assure proper device performance in the face of cyber threats, and then they should continuously monitor and address cybersecurity concerns once the device is on the market and being used by patients.” The new guidance... by R K | Dec 21, 2016 | FDA Compliance, Life Science Software
There has been a lot of discussion surrounding medical device software and how it should be regulated. Concern about software of this nature will continue to rise to the forefront of conversations because there will be an increasing number of these products in the marketplace. The 21st Century Cures Act specifically addresses which types of medical device software will be exempt from regulation. Section 3060, Clarifying Medical Software Regulation, identifies five categories of medical software that will not be regulated as medical devices by the FDA due to their potential low level of risk to patients. The software categories that may be excluded from device regulation include: Administrative & Operational Software: that provides administrative support of a healthcare facility, such as that for appointment scheduling, health benefit eligibility and processing financial records. While this software is included in the provision, it was not considered a medical device to begin with. Wellness Apps: for maintaining or encouraging a healthy lifestyle that is unrelated to the diagnosis, cure, mitigation, prevention, or treatment of a disease or condition. This is consistent with FDA’s General Wellness and Mobile Medical Applications guidance documents. Electronic Patient Record Software: provided that it is only intended to transfer, store, convert formats or display the equivalent of a medical chart. There are some caveats to this exception, however: Records must be created, stored, transferred or reviewed by healthcare professionals; Records must be part of health information technology certified under section 3001(c)(5) of the Public Health Service Act; and The software must not be intended to interpret or analyze patient data or images for the diagnosis, cure, mitigation, prevention, or... 
by R K | Dec 14, 2016 | FDA Compliance, Medical Devices
Last night, President Obama signed the 21st Century Cures Act into law. Most of what people will be hearing from the media will be focused on the Act’s support of cancer research, mental health policies, brain research to tackle diseases like Alzheimer’s and the funding allocated for these initiatives. However, the 996-page bill also includes major changes that impact the way the FDA regulates drugs, devices and biologics. Those who have spoken out against the Cures Act have done so out of fear of a weakened system that would allow for less rigorous examination of products before they go to market. While there are sections of the act that appear to streamline submission and review processes, until the FDA develops the necessary guidances based on their interpretation of the requirements, the industry will not know what to expect. The best way to approach these pending changes is to become familiar with the areas that might impact your device. The following summarizes provisions relevant to medical device companies: Sec. 3001 Patient Experience Data Under the Cures Act, FDA would be required to include a statement regarding any patient experience data that was used at the time of a drug’s approval. The bill defines patient experience data as “data collected by any persons (including patients, family members and caregivers of patients, patient advocacy organizations, disease research foundations, researchers, and drug manufacturers).” While this section specifically refers to drugs, this may come into play for combination products, as well. This requirement, as well as section 3002, is one to watch to determine if it affects your product commercialization goals. Sec. 3033 Accelerated... 
by R K | Dec 7, 2016 | Human Factors, IEC 62366
In February 2016, the FDA released a guidance entitled, “Applying Human Factors and Usability Engineering to Medical Devices.” The intention of this document, in combination with IEC 62366-1:2015 Part 1: Application of usability engineering to medical devices, is to maximize the safety and effectiveness of devices for intended users, use and use environments. Its purpose is to direct manufacturers to ensure their device user interface has been designed in a manner that will either eliminate or reduce use errors to the greatest extent possible by taking the user, user interface and use environment into consideration during design and development. Human Factors Engineering applies the knowledge of human behaviors, abilities and limitations to the design of the medical device interface. To get a handle on Human Factors Engineering, which you might also hear referred to as Usability Engineering, there are a few terms you should be aware of: User Interface: includes all parts of the device a user will see, hear and touch, including packaging, labeling, training, physical controls and display elements Use Error: a user action – or lack of action – that was different from what the manufacturer expected and could result in harm Critical Task: a task that, if performed incorrectly or not at all, could cause harm to the patient or user The FDA is now requiring several types of device manufacturers (as described in the FDA draft guidance, “List of Highest Priority Devices for Human Factors Review”) to conduct Human Factors Validation Testing. As an industry, we will see an increasing number of manufacturers required to conduct these studies, especially as more devices are available... 
by R K | Sep 7, 2016 | ISO 13485:2016, Medical Devices
In the event that you have not heard, ISO 13485 has undergone a major revision. As a quick recap, ISO 13485:2003 was overhauled by the technical committees in order to align more closely with regulatory requirements. The new version introduces a risk-based approach. This doesn’t mean that the traditional process approach has gone away, it means that risk management and risk analysis are going to play a greater role in how companies manage risk-based decisions related to purchasing, design, development, manufacturing, production control activities and other aspects of the quality management system. Read The New ISO 13485:2016 – Procrastination Can Cost You to learn more about the differences between the versions. What’s the Time Line for Transitioning to ISO 13485:2016? Ultimately, ISO 13485:2016 will replace ISO 13485:2003; however, over the course of the next three years (March 2016-2019), the standards will coexist. This will give manufacturers, notified bodies and regulators time to transition to the new standard. According to a transition planning guidance by ISO, organizations will be accredited for either edition for the first two years of the transition period. After the second year, new accreditation will only be given for ISO 13485:2016. After year three, any existing certification for ISO 13485:2003 will no longer be valid. In reality, this does not give you time to procrastinate. When you see the level of requirements you will have to account for, you will realize that taking necessary action should be a top concern. Preparing for the ISO 13485:2016 Transition Process Step 1: identify resources necessary to help implement the new standard Identify what will be needed (e.g. document review, gap... 
by R K | Aug 31, 2016 | ISO 13485:2016, Medical Devices
ISO 13485 is the international standard medical device companies follow to demonstrate their ability to consistently meet both customer and regulatory requirements with their devices and related services. Regulators worldwide, including the EU, Canada, Australia and Japan, have integrated ISO 13485 into their regulatory requirements. The standard is designed to be used by organizations throughout the lifecycle of a medical device, from conception to production and post-production, including final decommission and disposal. It also covers storage, distribution, installation and servicing and the provision of associated services.1 This standard has created a common understanding between regulators and the industry as to what is required for a quality management system, although many countries will have their own regulatory requirements in addition to ISO. If you are marketing only in the US, compliance to ISO 13485 is not required; however, it does provide your company with a marketing advantage by showing your company’s commitment to quality, continual improvement and bringing safe and effective products to market. Coexisting Standards In March 2016, the third edition of ISO 13485 was released, which was the first major revision in 13 years. Because many countries had either revised or added regulations, ISO determined that an update was necessary to ensure quality management system requirements aligned with regulatory requirements. Ultimately, ISO 13485:2016 will replace ISO 13485:2003; however, over the course of the next three years, the standards will coexist. This will give manufacturers, notified bodies and regulators time to transition to the new standard. According to a transition planning guidance by ISO, organizations will be accredited for either edition for the first two years of the transition... 
by R K | Apr 11, 2016 | Risk Management
The FDA is now trying to track what it’s calling “emerging safety signals.” Recently, a study found a possible link between reduced leaflet mobility in TAVRs and the incidence of stroke in the fall. When people turned to the FDA looking for insight, the agency responded with, “Limited available data do not allow us to fully characterize the causes, incidence, and short- and long-term risks of reduced valve leaflet motion, or to recommend appropriate treatment.” This basically equates to the FDA saying, “I don’t know.” The FDA has recently released a guidance, which will formalize its practice on notifying the public of situations when the agency is monitoring risks that have not yet been fully validated, and therefore, do not have FDA recommendations. Historically, the FDA has communicated important medical device post-market information after having analyzed available data and, in most cases, after having reached decision about relevant recommendations and about whether or not further regulatory action is warranted. According to the guidance, timely communication about emerging signals is intended to provide health care providers, patients, and consumers access to the most current information concerning the benefits and risks of marketed medical devices so they can make informed treatment choices based on all available information. Such communication may also reduce or limit the number of patients exposed to the potential risk while the issue is being further evaluated. Considerations for Determining FDA Public Notification will include: Seriousness of the adverse event(s) relative to the known benefits of the device Magnitude of the risk (e.g., likelihood of occurrence) Magnitude of the benefit Strength of the evidence of a causal relationship... 
by R K | Feb 17, 2016 | FDA Compliance, Quality Management
How Do Laboratory Developed Tests Impact Your Business? The Office of Public Health Strategy and Analysis recently issued a report that reviewed 20 products that relied on Laboratory Developed Tests (LDTs) to determine whether a lack of oversight may have caused actual harm to patients or not. Once, LDTs were relatively simple tests that may not have warranted regulatory compliance. However, these tests are playing an increasingly more important role in healthcare and have become significantly more complex. The concern is that these tests may present with inaccuracies that place patients at what would be considered otherwise avoidable risk. The report found that these 20 products, in fact, may have caused actual harm to patients. In some cases, patients were told they have conditions they do not really have, due to false-positive tests. This led to unnecessary distress and resulted in unneeded treatment. In other cases, the LTDs produced false-negative results, in which life-threatening diseases went undetected. These misdiagnosed patients failed to receive treatments. Additionally, some LTDs provided information with no relevance to the condition they were intended to be used for, and others were linked to treatments based on disproven scientific concepts. Not only do these situations cause harm to patients, but they are also costly to society.(1) The report found that FDA oversight of LTDs is needed to address the following: Lack of evidence supporting the clinical validity of tests Deficient adverse event reporting No premarket review of performance data Unsupported manufacturer claims Inadequate product labeling Lack of transparency Uneven playing field Threats to the scientific integrity of clinical trials No comprehensive listing of all LTDs being used...