Cleveland Medical Devices Inc.

Company: Cleveland Medical Devices Inc.
Date: 9/17/01
Product: Wireless medical telemetry monitoring systems

No documented corrective and preventative action for software bugs found during retrospective validation. Validation testing revealed several responses that were unexpected and may potentially adversely effect the performance of the Model 15 The above stated inspection revealed that your devices are adulterated within the meaning of Section 501(h) of the Act, in that the methods used in, or the facilities or controls used for the manufacture, packing, storage, or installation of these devices are not in conformance with the Quality System/Good Manufacturing Practice (QS/GMP) Medical Devices Regulation (21 CFR 820) as follows:
9. Crystal-EEG telemetry device. Yet these responses were not evaluated and addressed. These unexpected responses include the software acceptance of a new patient under an existing patients identifier without displaying an error message and four other unexpected responses documented in the Crystal Software Validation document.
10. Software validation report not reviewed, approved and signed.
11. Risk assessment revealed numerous unanticipated risks that have not been addressed. For example, one such risk is that the computer unit may acquire the wrong patients data. There were three possible causes attributed to this failure in the System Risk Assessment document, yet there is no implemented strategy to reduce the risk of these failures.

We are particularly concerned about the Design Control Deficiencies noted under observations numbers 6,9 and 11. Observation 6 pertains to the lack of design validation/verification for each specific operating requirements as reflected in your design index. Observations number 9 and 11 pertain to your failure to address and correct problems with software bugs/errors and defects identified during your retrospective software validation and retrospective risk assessment. These included problems with the software allowing the user to add a new patient under an existing identifier and the computer acquiring the wrong patients data. There were also four other unexpected software defects identified in your Crystal software validation responses which were not addressed by your firm. You indicate these defects will be reviewed in September 2001. However, You provide no justification to support your continued marketing of these products until such time as these defects and deficiencies are corrected or otherwise resolved. Please explain your reasoning in this matter and provide whatever documentation supports your position that these devices are safe to market.

Cincinnati District Office

About the author

Amy enjoys researching and writing about developments in medical technology and how that intersects with US law. She received her J.D. from the University of Florida Levin College of Law in 2020 and now works as a Regulatory Associate for SoftwareCPR®, a general-purpose regulatory consulting firm that is recognized globally for their expertise with standards and national regulations pertaining to medical device, mobile medical app, and HealthIT software.

SoftwareCPR Training Courses:

IEC 62304 and other Emerging Standards Impacting Medical Device Software

Being Agile & Yet Compliant

ISO 14971 SaMD Risk Management

Software Risk Management

Medical Device Cybersecurity

Software Verification

IEC 62366 Usability Process and Documentation

Or just email training@softwarecpr.com for more info.

Corporate Office

15148 Springview St.
Tampa, FL 33624
USA
+1-781-721-2921
Partners located in the US (CA, FL, MA, MN, TX) and Canada.