regulatory and quality system professionals | 919.313.3960
Avoid Common Medical Device Software Development Life Cycle Pitfalls

Avoid Common Medical Device Software Development Life Cycle Pitfalls

Learn Potential Software Development Life Cycle Pitfalls to Pay Attention To IEC 62304 is the international standard that defines software development life cycle requirements for medical device software. IEC 62304 was developed from the perspective that product testing alone is insufficient to ensure patient safety. It provides a common framework for medical device manufacturers to develop software components. Conformance with this standard demonstrates that there is a software development process in place that fulfills the requirements of the Medical Device Directive. If your medical device has software that regulates its functionality in a way that contributes to Basic Safety or Essential Performance, then you will need to comply with IEC 62304. This standard requires all aspects of the Software Development Life Cycle (SDLC) to be managed to ensure patient safety, including: Development and code reviews Risk management Configuration management Incident and bug resolution Validation Maintenance The most common mistake medical device manufacturers make is failing to assess which elements of risk their software mitigates. These are the elements that must be addressed by IEC 62304. For example, what would happen if the creator of a hoist didn’t properly vet the software that signaled the hoist to lower the patient at a certain speed? If a patient were lowered too quickly – or not at all – there would be a risk management nightmare. Since software plays a role in the Basic Safety functions of the hoist, it must comply with 62304’s requirements. Common software functionality manufacturers fail to recognize as IEC 62304 compliance issues include: Alarms and Alerts – often an Essential Performance requirement because they are intended to detect abnormalities Speed & Position...
FDA Issues Final Guidance on Reusable Medical Devices

FDA Issues Final Guidance on Reusable Medical Devices

Endoscopes Linked to “Superbugs” Lead to New FDA Guidance for Reusable Medical Devices UPDATE The FDA has released the slides from their presentation on Reprocessing Medical Devices. Get the slides here. In light of the fatal “superbugs” that have been plaguing hospitals after using endoscopes, the FDA has released new guidance for reusable medical devices. While the risk of getting an infection of this type is low, there is still a risk. With that in mind, the FDA has updated their thinking with the release of Reprocessing Medical Devices in Health Care Settings. The FDA is also intending on putting together an advisory panel to review and discuss the transmission of “superbug” infections via endoscopy procedures. The purpose of the panel is to seek expert scientific and clinical opinion related to reprocessing of duodenoscopes and other endoscopes, as well as automated endoscope reprocessors, based on available scientific information. The committee will make recommendations on: The effectiveness of cleaning, high level disinfection, and sterilization methods; the amount and type of premarket validation data and information needed to support labeling claims and technical instructions; the appropriate use of other risk mitigations, such as surveillance cultures; best practices and guidelines for 3 reprocessing duodenoscopes and endoscopes at user facilities to minimize the transmission of infections; and recommended approaches for ensuring patient safety during ERCP procedures, including a discussion of appropriate patient selection. It will be interesting to note how the regulations will adapt to meet the needs of patients with the increase in antibiotic-resistant...
Don’t Forget Safety Testing and the Value of Risk Management!

Don’t Forget Safety Testing and the Value of Risk Management!

Establish the Safety of Your Medical Device with IEC 60601 Compliance In our experience, the most frequently forgotten aspect of medical device development and commercialization from emerging companies is establishing a safety profile of a product. While clinical data or clinical trials may be necessary for establishing safety for some products, many Class II devices that follow a 510(k) clearance pathway require minimal, if any, clinical data to support safety claims. Once the need for clinical data is either planned for or eliminated, establishing the safety of a medical device through additional testing tends to be less of a priority. Depending on the technology incorporated into your medical device, applicable safety standards need to be identified during the design stages of the product. The most widely accepted benchmark for establishing safety for electrical medical devices is a standard called IEC60601-1, where compliance has become an acceptable means for satisfying electrical safety requirements for the commercialization of electrical medical devices in the European Union. 60601-1 has undergone revision recently. The third edition is enforced now in the EU and the second Edition is currently applicable in the U.S. The FDA will require the use of the third Edition of the standard for new devices as of June 30, 2013. In this new edition of the standard, there is strong emphasis on risk assessment, ISO 14971 and, in the U.S, a focus on device usability as an important factor contributing to the safety of the device. Product testing to 60601-1 is a very technical exercise that involves laboratory testing against the standard by a test house, such as Underwriters Laboratories. If...
Implement 21 CFR Part 820 Controls Early On

Implement 21 CFR Part 820 Controls Early On

Benefits and Risks of Moving to the Cloud Migrating to the Cloud: What are the Benefits? According to the National Institute of Standards and Technology, the cloud is “a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.” Most companies’ IT infrastructure use less than 30% of their capacity. It took years to get the capacity to where it is today, and it takes months to increase capacity. Employing qualified resources to maintain such an infrastructure is difficult and expensive. Cloud providers utilize about 65% of their capacity and can add capacity quickly. In short, cloud providers benefit from economies of scale, which enables them to lower individual usage costs and centralize infrastructure costs. Companies benefit by only paying for what they consume. Companies can increase or decrease their usage rapidly, and can spend less time managing complex IT resources. Not only do efficiency improvements reduce costs, the nature of some costs can change from being capital investment in hardware and infrastructure (CapEx) to a pay-as-you go (OpEx) model. Maximizing IT capacity utilization, improving IT flexibility and responsiveness, and minimizing cost are not the only advantages of the cloud. Collaboration can be one of the most important advantages of cloud computing. Multiple users, from around the world, can collaborate more easily on documents and projects. Because the information is hosted in the cloud, and not on individual computers, business owners can collaborate with external stakeholders in a secure environment with nothing...
Is Your Medical Device a Secret Safety Risk?

Is Your Medical Device a Secret Safety Risk?

WHEN: Thursday February 26th WHERE: Your office TIME: 1.30pm – 3.00pm REGISTER HERE Compliance with IEC 62304 is required for all electromedical devices where basic safety is dependent on software or firmware. But many device companies remain unaware that the devices they manufacture must meet this standard. That may be because there’s confusion stemming from a key guidance, in which the requirement is called both voluntary – and mandatory. To help you unravel the complexities of IEC 62304, Rita King of MethodSense has partnered with FDAnews to present a 90-minute webinar on February 26, 2015 that will clarify who the rule affects, what it requires , and what you need to do to ensure FDA approval of your products. At the heart of the requirement is patient safety – whether or not software impacts on what is called the Essential Performance (EP) of your device – thus putting a patient at risk in the case of a software failure. This level of risk can be hard to discern at the manufacturing level. For example, what would happen if a hoist manufacturer didn’t properly vet the software that signaled it to lower the patient at a certain speed? Lowering a patient too quickly (or not all) can quickly turn into a risk management nightmare, with IEC 62304 regulatory – and legal – implications. Register NOW and you will find out how to secure FDA approval of your device by clearly demonstrating that your product safety testing is adequate. Specifically, you will learn: How to identify the two biggest pitfalls: documentation and software pedigree. How to understand and address 3 significant non-compliance factors: software...