17
Sep
2001

Cleveland Medical Devices Inc.

0

Company: Cleveland Medical Devices Inc.
Date: 9/17/01
Product: Wireless medical telemetry monitoring systems

No documented corrective and preventative action for software bugs found during retrospective validation. Validation testing revealed several responses that were unexpected and may potentially adversely effect the performance of the Model 15 The above stated inspection revealed that your devices are adulterated within the meaning of Section 501(h) of the Act, in that the methods used in, or the facilities or controls used for the manufacture, packing, storage, or installation of these devices are not in conformance with the Quality System/Good Manufacturing Practice (QS/GMP) Medical Devices Regulation (21 CFR 820) as follows:
9. Crystal-EEG telemetry device. Yet these responses were not evaluated and addressed. These unexpected responses include the software acceptance of a new patient under an existing patients identifier without displaying an error message and four other unexpected responses documented in the Crystal Software Validation document.
10. Software validation report not reviewed, approved and signed.
11. Risk assessment revealed numerous unanticipated risks that have not been addressed. For example, one such risk is that the computer unit may acquire the wrong patients data. There were three possible causes attributed to this failure in the System Risk Assessment document, yet there is no implemented strategy to reduce the risk of these failures.

We are particularly concerned about the Design Control Deficiencies noted under observations numbers 6,9 and 11. Observation 6 pertains to the lack of design validation/verification for each specific operating requirements as reflected in your design index. Observations number 9 and 11 pertain to your failure to address and correct problems with software bugs/errors and defects identified during your retrospective software validation and retrospective risk assessment. These included problems with the software allowing the user to add a new patient under an existing identifier and the computer acquiring the wrong patients data. There were also four other unexpected software defects identified in your Crystal software validation responses which were not addressed by your firm. You indicate these defects will be reviewed in September 2001. However, You provide no justification to support your continued marketing of these products until such time as these defects and deficiencies are corrected or otherwise resolved. Please explain your reasoning in this matter and provide whatever documentation supports your position that these devices are safe to market.

Cincinnati District Office

About the author

Amy enjoys researching and writing about developments in medical technology and how that intersects with US law. She received her J.D. from the University of Florida Levin College of Law in 2020 and now works as a Regulatory Associate for SoftwareCPR®, a general-purpose regulatory consulting firm that is recognized globally for their expertise with standards and national regulations pertaining to medical device, mobile medical app, and HealthIT software.

SoftwareCPR Training Courses:

IEC 62304 and other emerging standards for Medical Device and HealthIT Software

Our flagship course for preparing regulatory, quality, engineering, operations, and others for the activities and documentation expected for IEC 62304 conformance and for FDA expectations. The goal is to educate on the intent and purpose so that the participants are able to make informed decisions in the future.  Focus is not simply what the standard says, but what is meant and discuss examples and approaches one might implement to comply.  Special deep discount pricing available to FDA attendees and other regulators.

3-days with group exercises, quizzes, examples, Q&A.

Instructor: Brian Pate

Next public offering:  June 24-26, 2025 (Virtual, Live)

For private, in-house courses, please contact us.

Email training@softwarecpr.com for more info.

 

 

Being Agile & Yet Compliant (Public)

Our SoftwareCPR unique approach to incorporating agile and lean engineering to your medical device software process training course is now open for registration!

  • Agile principles that align well with medical
  • Backlog management
  • Agile risk management
  • Incremental and iterative software development lifecycle management
  •  Frequent release management
  • And more!

3 days virtual (Zoom) with group exercises, quizzes, examples, Q&A.

Lead Instructor: Mike Russell

Next public offerings:

  • TBD
See our post titled: 1st Quarter 2025 Agile Compliant Courses Scheduled

 

Medical Device Cybersecurity (Public or Private)

This course takes a deep dive into the US FDA expectations for cybersecurity activities in the product development process with central focus on the cybersecurity risk analysis process. Overall approach will be tied to relevant standards and FDA guidance documentation. The course will follow the ISO 14971:2019 framework for overall structure but utilize IEC 62304, IEC 81001-5-1, and AAMI TIR57 for specific details regarding cybersecurity planning, risk characterization, threat modeling, and control strategies.

2-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Dr Peter Rech, 2nd instructor (optional)

Next public offering:  TBD

Corporate Office

15148 Springview St.
Tampa, FL 33624
USA
+1-781-721-2921
office@softwarecpr.com
Partners located in the US (CA, FL, MA, MN, TX) and Canada.