By

Brian Pate
Our partner Windi Hary and I annotated a recent FDA Warning Letter.  There is much one can learn from Warning Letters and we highly encourage our clients to make review and analysis of warning letters a regular part of your quality program. Click here to download this teaching aid:  Warning Letter - iRhythm Technologies, Inc...
Read More
The FDA completed its review of an Automated Ejection Fraction SaMD De Novo leading to a new Class II code, ‘QVD.’  The FDA notice follows including the special controls. FDA Notice Re: DEN220063 Trade/Device Name: Caption Interpretation Automated Ejection Fraction Software Regulation Number: 21 CFR 892.2055 Regulation Name: Radiological machine learning-based quantitative imaging software with...
Read More
I cannot agree more … “The more you can divide up the behavior of your app into components, the more effectively you can test that the behavior of your code meets the reference standards in all particulars as your project grows and changes. For a large project with many components, you’ll need to run a large number of tests to test...
Read More
Just a few thoughts on metrics … specifically software metric.  A software metric defines a standard way of measuring some attribute of the software development process or an attribute of a software component. A software metric allows us to compare and evaluate one process or component with another, and plan to improve quality of a...
Read More
A course dedicated to “SaMD Risk Management Training?” Yes and much more! More discussion on Risk Management Training between our General Manager, Brian Pate, and our Partner, Dr. Peter Rech, regarding our January 2023 public training course on the application of ISO 14971 and IEC 62304 to system risk analysis and software risk analysis.  Our...
Read More
Since October is Cybersecurity Awareness Month, the US FDA released a new video to provide ideas and approaches for Healthcare Professionals (HCP) discuss and explain to patients, the concepts and methods for cybersecurity with regard to  interconnected medical devices.   The video titled, “xx,” is designed to promote, and perhaps facilitate, communication  between HCPs and patients....
Read More
I recently spoke with Dr. Peter Rech about the 2019 update to ISO 14971 as he and I prepare for our upcoming public training course on January 9-11, 2023, in Tampa, Florida USA.  Registration information can be found at this post: 14971 Risk Management Training Course If you would like more information on applying IEC 62304...
Read More
(Tampa, FL, September 28, 2022) – Crisis Prevention and Recovery, LLC is taking proactive steps to minimize impact to our clients from the landfall of Hurricane Ian in Southwest Florida.  With our corporate office in Tampa, Florida, it is likely that there could be loss of electrical power and/or internet in the next 24 to 72...
Read More
Recently, a new cybersecurity standard, IEC 81001-5-1:2021, Health software and health IT systems safety, effectiveness and security – Part 5-1: Security – Activities in the product life cycle, was released.  As the name implies, this standard addresses the overall software development lifecycle (SDLC) with regard to cybersecurity activities.  For medical device manufacturers, this is very...
Read More
FDA is requesting input on patient safety, including best practices to promote patient safety, education, and competency, associated with Non-Medical Device Software – software excluded from the medical device definition by the 21st Century Cures Act.  Software professionals should take this opportunity to explain the risks associated with non-medical device software interacting with medical device...
Read More
FDA has released a new draft of Premarket Cybersecurity in Medical Devices:  Quality System Considerations and Content of Premarket Submissions.  Per the scope, this 2022 FDA Premarket Cybersecurity Guidance “is applicable to devices that contain software (including firmware) or programmable logic, as well as software as a medical device (SaMD). The guidance is not limited to devices...
Read More
When developing medical devices, a manufacturer may have difficulty knowing when (or what) the transition from research phase activities to design controls has begun.  Often this is due to the nature of research itself - one is exploring a concept or design approach that may or may not pan out in the end.  The US...
Read More
AAMI Post Market Risk Management Report
Read More
This post discusses some code review basics - concepts and inspection ideas that one might use when performing a code review.  A code review is a technical verification activity.  The purpose is most often to identify coding errors against the design intent - one is verifying that the code actually accomplishes what that author intended....
Read More
Nothing software specific in this guidance, Manufacture-of-Blood-Components-Using-Pathogen-Reduction-Device-2021, but in the future one might envision that the validation and quality control could be automated by software. Purpose of the document is to provide guidance to establishments that collect or process blood and blood components, with recommendations for implementing a pathogen reduction device for the manufacture of...
Read More
Software of Unknown Provenance SOUP.  It is likely that you are familiar with the acronym, SOUP, in relation to medical device and Health IT software.  The medical device software standard IEC 62304, defines SOUP as a “software item that is: already developed and generally available and that has not been developed for the purpose of being...
Read More
You may be interested in attending the FDA Virtual Public Workshop, “Transparency of Artificial Intelligence/Machine Learning-enabled Medical Devices,” planned for October 14, 2021.   Info on attending:  https://www.fda.gov/medical-devices/workshops-conferences-medical-devices/virtual-public-workshop-transparency-artificial-intelligencemachine-learning-enabled-medical-devices  
Read More
IEC 62304 and Emerging Standards for Medical Device and Health IT Software DATES:  Oct 19-21, 2021 Clock time each day:  8:30 am – 4:30 pm US Pacific COST: 3 Full Days for $2,100.00 (Early Bird discount: $1595 thru September 1, 2021) Special FDA / Government rate:  $500 (contact us at training@softwarecpr.com to qualify) Multi-student discounts available....
Read More
Probabilistic Genotyping Used for Criminal Prosecution In a recent article published on The Markup, software that is used to match DNA in criminal prosecution has come under scrutiny.  The software implements what is known as probabilistic genotyping, a method used when analyzing data that contains a mixture of DNA from multiple people.  The software uses complex...
Read More
Most medical device manufacturers use many, many software programs, systems, or services to automate quality system This software is not to be confused with product software - that is, software that runs as part of a medical device.  Medical device in this context could be custom hardware devices or Software as a Medical Device (SaMD)....
Read More
One of the most important references in creating a software development lifecycle process to assure software quality is the FDA guidance document, “General Principles of Software Validation.”  This guidance document has been around for many years.  The current version, 2.0, was released in 2002.  To many in the industry, this guidance is simply referred to...
Read More
As the use of Artificial Intelligence (AI) and machine learning methods expand in medical devices and HealthIT software, an oft asked question is whether the data sets used for training should be retained as part of the design history file (DHF) or other long term storage mechanisms.  SoftwareCPR partners Alan Kusinitz, Sherman Eagles, John Murray,...
Read More
Having trouble keeping up with standards activity? You are not alone!  The pace of new and emerging standards creates a challenge for even the most organized and well staffed software and quality assurance teams.  Whether it is digital health, risk management, software process, usability, or the ever challenging cybersecurity, being aware and understanding upcoming changes...
Read More
In addition to information on existing standards, the SoftwareCPR Standards Navigator subscription keeps you up to date on new standards activity and gives you expert insight into future changes to existing standards.  Draft standards are available on a limited basis to subscribers to provide input to SoftwareCPR for the purpose of developing a position or...
Read More
An excellent overview of the challenges and benefits of the Microservices architectural style of software application development.  While many of the factors discussed by the author (Dr. André Fachat, published January 30, 2019), these same factors can affect the safety and efficacy of a medical devices using this style.  The article consists of two parts:...
Read More
IEC 62304 and Emerging Standards for Medical Device and Health IT Software DATES:  April 6-8, 2021 Clock time each day:  8:30 am – 4:30 pm US EDT COST: 3 Full Days for $2,100.00 (Early Bird discount extended! $1795 thru April 3rd) Multi-student discounts available. Register at EventZilla:  https://events.eventzilla.net/e/2021-softwarecpr–iec-62304-and-emerging-standards-and-fda-expectations-for-medical-device-and-health-it-software-2138790469 This 62304 Public Training Course provides a...
Read More
(March 1, 2021)— Mike Russell has joined Crisis Prevention and Recovery LLC (DBA SoftwareCPR ®) as a Partner. He is not new to the firm and industry, having assisted on many engagements in the last decade as an Affiliated Expert. He was also on the TIR working group that created the AAMI TIR45- 2012 Technical...
Read More
This content is only available to our Premium subscribers. See our Subscribe page for information on subscriptions. ISO 14971 was updated and released in 2019.  We previously discussed the internal debate regarding ISO 14917 in this post ISO 14971 versus the EU Commission. There are several items to consider with the new update: Section 10.1 - “The manufacturer...
Read More
At SoftwareCPR today, we honor our consultants that are also veterans who served in our US military! John Murray – US Navy Mike Russell – US Air Force Greg Sandoe – US Marine Corps Jordan Pate – US Army Paul Felten – US Army Thank you for your service!
Read More
Understanding OTS and SOUP is very important in every lifecycle stages of medical device and HealthIT software development.  In the late 1990’s, the US FDA first published guidance documentation on the use of Off-The-Shelf (OTS) software in medical devices (or sometimes referred to as “OTSS”).  At that time, OTSS generally accounted for a very small...
Read More
This content is only available to our Premium subscribers. See our Subscribe page for information on subscriptions. Raffaele Caliri and Jordan Pate have recently updated our 62366-1 Assessment Checklist to align with the 2020 amendment.  This version of the standard has been pared down a bit and looks a lot different than the familiar 2008 version...
Read More
62304 Public Training Course DATES:  September 22-24, 2020 (Registration is open through September 21, 2020 as seats remain.) COST: 3 Full Days for $2,100.00 Company Discount:  First two students at full price and then 10% off for any others (up to course size limit) This 62304 Public Training Course provides a clear understanding of the...
Read More
SoftwareCPR August 2020 Newsletter has been published.  FDA news, regulatory updates, new SoftwareCPR content, software recalls, and software warning letters.
Read More
My Software Is a Medical Device … if that’s you, check out this upcoming webinar.  Our very own John Murray will participate in a webinar on August 25, 2020, and join a roundtable discussion with Bakul Patel, Director, Division of Digital Health at FDA.  Shawnnah Monterrey, CEO @BeanStock Ventures will moderate the discussion. You can...
Read More
(July 13, 2020) Amy Sellers, of Tampa, FL, USA, has joined SoftwareCPR as a Regulatory Associate.  Amy recently received her J.D. from the University of Florida Levin College of Law. She has experience in regulatory pathway decisions, including analysis of intended use and product claims, as well as analysis of design changes against US regulations...
Read More
This content is only available to our Premium subscribers.  See our Subscribe page for information on subscriptions. You are likely aware of the CAPA process overall and how it fits in to the quality management system for a medical device manufacturer or supplier.  Just the name itself, corrective and preventive action, describes one of the...
Read More
FDA released a new guidance document titled, “Nonbinding Feedback After Certain FDA Inspections of Device Establishments, Guidance for Industry and Food and Drug Administration Staff.  This guidance was issued on April 22, 2020.  The background on the guidance states, “Timely nonbinding feedback can help device firms determine whether proposed actions to address inspectional observations are...
Read More
U.S. Food and Drug Administration (FDA) issued this immediately in effect guidance: Enforcement Policy for Infusion Pumps and Accessories During the Coronavirus Disease 2019 (COVID- 19) Public Health Emergency.  FDA believes the policy set forth in this guidance may help address these urgent public health concerns by helping to expand the availability and remote capabilities...
Read More
On February 25-26, 2020 the U.S. Food and Drug Administration (FDA) held a public workshop to discuss the “Evolving Role of Artificial Intelligence in Radiological Imaging.” The comment period for the public workshop is extended to June 30, 2020, in response to requests for an extension to allow stakeholders additional time to submit comments.
Read More
Today (25 March 2020), the Commission announced that work on a proposal to postpone the date of application for the Medical Device Regulation (MDR) for one year is ongoing. The decision was reached with patient health and safety as a guiding principle.  
Read More
FDA has issued a final order to reclassify: medical image analyzers applied to mammography breast cancer ultrasound breast lesions radiograph lung nodules radiograph dental caries detection all which are post-amendments class III devices (regulated under product code MYN), into class II (special controls), subject to premarket notification. These devices are intended to direct the clinician’s...
Read More
December 26, 2019 Excerpts from warning letter of interest to software professionals: “The inspection also revealed that your … LED light therapy devices are adulterated within the meaning of section 501(h) of the Act, 21 U.S.C. § 351(h), in that the methods used in, or the facilities or controls used for, their manufacture, packing, storage,...
Read More
Kicking off the new year with regulatory and standards updates.  New public courses in 2020!
Read More
FDA is raising awareness among health care providers and facility staff that cybersecurity vulnerabilities in certain GE Healthcare Clinical Information Central Stations and Telemetry Servers may introduce risks to patients while being monitored.  Per the FDA notice: “A security firm has identified several vulnerabilities in certain GE Healthcare Clinical Information Center workstations and Telemetry Servers,...
Read More
This "FDA GPSV Traceability Expectations" post is only available to Premium subscribers. See our Subscribe page for information on subscriptions. Going way back to the late 1990's, FDA had an expectation that safe and effective software would require a well thought out development lifecycle that includes many activities designed to ensure the correctness and robustness...
Read More
How do I know if my device or my software is a medical device? Watch this helpful video and learn about the 513(g) process as well.  SoftwareCPR can help you plan your regulatory strategy and handle your regulatory submissions.  We would be delighted to help!
Read More
62304 Public Training Course DATES:  February 4-6, 2020 (REGISTRATION extended through January 18, 2020) COST: 3 Full Days for $2,595.00 (Registration extended through 1/18/2020) Volume Discount:  $450 off for 4 or more students from same company Register Now:  https://events.eventzilla.net/e/2020-softwarecpr-62304-and-emerging-software-standards-training-course–sunnyvale-ca-2138757731 This 62304 Public Training Course provides a clear understanding of the 62304 standard for medical device software,...
Read More
The Institute of Electrical and Electronics Engineers (IEEE) has approved a proposal to develop a standard for safety considerations in automated vehicle (AV) decision-making.  Purportedly, the “forthcoming IEEE standard will provide a useful tool to answer the question of what it means for an AV to drive safely,” according to the lead convener.  With technology...
Read More
ISO 14971 Risk Analysis Identifying safety risks in medical devices is a challenging and laborious process.  The process standard, ISO 14971, is a systematic, total product risk management lifecycle process to identify, control, and evaluate risk, where risk is defined as the combination of severity of the harm (to people, property, or environment) and probability...
Read More
This new draft guidance explains when a Type V DMF may be used to submit information regarding a combination product for which the Center for Drug Evaluation and Research (CDER) has primary jurisdiction (i.e., CDER-led combination product) and the device portion has electronics and/or software that is planned to be used as a platform, that is,...
Read More
1 2 3

SoftwareCPR Training Courses:

Risk Management (Public or Private)

Our newly updated ISO 14971:2019 Medical Device Risk Management, A Software Organization’s Perspective training course is now open for scheduling!

  • Coverage of ISO 14971:2019, IEC 62304; amd1, and IEC/TR 80002-1.
  • System level hazards analysis – mapping to software, cybersecurity, and usability
  • Why FMEA is incomplete for medical device risk management.
  • How to perform software hazards analysis.
  • And more!

3-days onsite with group exercises, quizzes, examples, Q&A.

Instructors: Dr. Peter Rech, Brian Pate

Next public offering:  TBD

 

Being Agile & Yet Compliant (Public or Private)

Our SoftwareCPR unique approach to incorporating agile and lean engineering to your medical device software process training course is now open for scheduling!

  • Agile principles that align well with medical
  • Backlog management
  • Agile risk management
  • Incremental and iterative software development lifecycle management
  •  Frequent release management
  • And more!

2-days onsite with group exercises, quizzes, examples, Q&A.

Instructors: Mike Russell, Ron Baerg

Next public offering:  TBD

 

Medical Device Cybersecurity (Public or Private)

This course takes a deep dive into the US FDA expectations for cybersecurity activities in the product development process with central focus on the cybersecurity risk analysis process. Overall approach will be tied to relevant standards and FDA guidance documentation. The course will follow the ISO 14971:2019 framework for overall structure but utilize IEC 62304, IEC 81001-5-1, and AAMI TIR57 for specific details regarding cybersecurity planning, risk characterization, threat modeling, and control strategies.

2-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Dr Peter Rech, 2nd instructor (optional)

Next public offering:  TBD

 

IEC 62304 and other emerging standards for Medical Device and HealthIT Software (Public or Private)

Our flagship course for preparing regulatory, quality, engineering, operations, and others for the activities and documentation expected for IEC 62304 conformance and for FDA expectations. The goal is to educate on the intent and purpose so that the participants are able to make informed decisions in the future.  Focus is not simply what the standard says, but what is meant and discuss examples and approaches one might implement to comply.  Special deep discount pricing available to FDA attendees and other regulators.

3-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Brian Pate, 2nd instructor (optional)

Next public offering:  TBD

 

Corporate Office

15148 Springview St.
Tampa, FL 33624
USA
+1-781-721-2921
Partners located in the US (CA, FL, MA, MN, TX) and Canada.