By

Brian Pate
One of the cornerstones of a quality management system is the integrity of the quality system records. It should go without saying how critical it is for these records to be truthful, accurate, and genuine. Fraudulent data can lead to an unsafe medical device, or a medical device that does not fully achieve its intended...
Read More
Solving Problems Another great “soft skill” I learned from a mentor early in my career was knowing when to ask questions. You know, how long should I dig, research and investigate, before seeking the help of others? Some may gravitate toward spending too much time trying to find answers or solutions when it would have...
Read More
Interesting list from the Central Digital and Data Office of the U.K. Government on using open source development. They provide a handy checklist of things to consider when deciding on open source or proprietary software. https://www.gov.uk/guidance/be-open-and-use-open-source
Read More
What does the US FDA expect in a premarket submission for description of the software design?  In the recent June 2023 Guidance for Industry and Food and Drug Administration Staff titled, “Content of Premarket Submissions for Device Software Functions,” the FDA gives the following guidance. For lower risk devices, the manufacturer is not required to...
Read More
The Open Worldwide Application Security Project (OWASP) released a white paper titled OWASP Top 10 for LLM.  The introduction states, The frenzy of interest of Large Language Models (LLMs) following of mass-market pre- trained chatbots in late 2022 has been remarkable. Businesses, eager to harness the potential of LLMs, are rapidly integrating them into their...
Read More
A former employee forges FDA clearance letters at a Philadelphia-area medical device manufacturer.  Peter Stoll III pleaded guilty to one felony count of violating the Federal Food, Drug, and Cosmetic Act (FDCA) by causing the introduction of misbranded and adulterated medical devices into interstate commerce, in violation of 21 United States Code, Section 331(a) and 331(a)(2). ...
Read More
Software risk analysis requires consideration of both the development process itself and the runtime environment.
Read More
The recent FDA guidance, Content of Premarket Submissions for Device Software Functions (June 14, 2023), points out that software design is a prospective activity and should not be done in an ad-hoc or last-minute approach.
Read More
#software #capa … Should a #medicaldevices manufacturer treat potential software design issues any different than any other product #quality issue?
Read More
FDA released a draft guidance document for patient matched guides for orthopedic implants.  The guidance provides recommendations to manufacturers regarding the design-and-production process for these types of devices.  Patient matched guides, as the name implies, are unique to the patient and are created to assist pre-surgical planning.  The clinician is better able to visualize proper...
Read More
The US regulations for design controls have requirements for design and development planning.  In fact, a design and development plan is an indication that a manufacturer has “exited” research phase activities and entered the development phase, and thus, design controls should be in place.  The regulation, 21 CFR 820.30(b), specifically states: Design and development planning....
Read More
In March 2023, FDA released a draft guidance on Part 11 Application to Clinical Investigations.  The specific introduction in the guidance stated: This document provides guidance to sponsors, clinical investigators, institutional review boards(IRBs), contract research organizations (CROs), and other interested parties on the use of electronic systems, electronic records, and electronic signatures in clinical investigations...
Read More
FDA releases Final Guidance on Content of Premarket Submissions for Device Software Functions.  This final guidance provides requirements for the recommended documentation manufacturers should include in premarket submissions for the FDA’s evaluation of the safety and effectiveness of device software functions. The guidance replaces the FDA’s Guidance for the Guidance for the Content of Premarket...
Read More
Tampa, FL, May 10, 2023.  Crisis Prevention and Recovery, LLC, dba SoftwareCPR® announced today that Windi has joined SoftwareCPR® as a Partner. In her role, Windi will lead the expert regulatory and quality team, bringing a unique client-side perspective for both US, Canada, UK/EU, and Japan markets. Windi’s career path is one marked by a...
Read More
Our partner Windi Hary and I annotated a recent FDA Warning Letter.  There is much one can learn from Warning Letters and we highly encourage our clients to make review and analysis of warning letters a regular part of your quality program. Click here to download this teaching aid:  Warning Letter – iRhythm Technologies, Inc...
Read More
The FDA completed its review of an Automated Ejection Fraction SaMD De Novo leading to a new Class II code, ‘QVD.’  The FDA notice follows including the special controls. FDA Notice Re: DEN220063 Trade/Device Name: Caption Interpretation Automated Ejection Fraction Software Regulation Number: 21 CFR 892.2055 Regulation Name: Radiological machine learning-based quantitative imaging software with...
Read More
I cannot agree more … “The more you can divide up the behavior of your app into components, the more effectively you can test that the behavior of your code meets the reference standards in all particulars as your project grows and changes. For a large project with many components, you’ll need to run a large number of tests to test...
Read More
This Playbook was prepared by The MITRE Corporation and the Medical Device Innovation Consortium using funds from the U.S. Food and Drug Administration in November 2021.  Download playbook here:  Playbook-for-Threat-Modeling-Medical-Devices-2021 The playbook is not prescriptive in that it does not describe one approach to be used when threat modeling medical devices. It is intended to...
Read More
Just a few thoughts on metrics … specifically software metric.  A software metric defines a standard way of measuring some attribute of the software development process or an attribute of a software component. A software metric allows us to compare and evaluate one process or component with another, and plan to improve quality of a...
Read More
A course dedicated to “SaMD Risk Management Training?” Yes and much more! More discussion on Risk Management Training between our General Manager, Brian Pate, and our Partner, Dr. Peter Rech, regarding our January 2023 public training course on the application of ISO 14971 and IEC 62304 to system risk analysis and software risk analysis.  Our...
Read More
Since October is Cybersecurity Awareness Month, the US FDA released a new video to provide ideas and approaches for Healthcare Professionals (HCP) discuss and explain to patients, the concepts and methods for cybersecurity with regard to  interconnected medical devices.   The video titled, “xx,” is designed to promote, and perhaps facilitate, communication  between HCPs and patients....
Read More
I recently spoke with Dr. Peter Rech about the 2019 update to ISO 14971 as he and I prepare for our upcoming public training course on January 9-11, 2023, in Tampa, Florida USA.  Registration information can be found at this post: 14971 Risk Management Training Course If you would like more information on applying IEC 62304...
Read More
(Tampa, FL, September 28, 2022) – Crisis Prevention and Recovery, LLC is taking proactive steps to minimize impact to our clients from the landfall of Hurricane Ian in Southwest Florida.  With our corporate office in Tampa, Florida, it is likely that there could be loss of electrical power and/or internet in the next 24 to 72...
Read More
Recently, a new cybersecurity standard, IEC 81001-5-1:2021, Health software and health IT systems safety, effectiveness and security – Part 5-1: Security – Activities in the product life cycle, was released.  As the name implies, this standard addresses the overall software development lifecycle (SDLC) with regard to cybersecurity activities.  For medical device manufacturers, this is very...
Read More
FDA is requesting input on patient safety, including best practices to promote patient safety, education, and competency, associated with Non-Medical Device Software – software excluded from the medical device definition by the 21st Century Cures Act.  Software professionals should take this opportunity to explain the risks associated with non-medical device software interacting with medical device...
Read More
FDA has released a new draft of Premarket Cybersecurity in Medical Devices:  Quality System Considerations and Content of Premarket Submissions.  Per the scope, this 2022 FDA Premarket Cybersecurity Guidance “is applicable to devices that contain software (including firmware) or programmable logic, as well as software as a medical device (SaMD). The guidance is not limited to devices...
Read More
When developing medical devices, a manufacturer may have difficulty knowing when (or what) the transition from research phase activities to design controls has begun.  Often this is due to the nature of research itself – one is exploring a concept or design approach that may or may not pan out in the end.  The US...
Read More
AAMI Post Market Risk Management Report
Read More
This post discusses some code review basics – concepts and inspection ideas that one might use when performing a code review.  A code review is a technical verification activity.  The purpose is most often to identify coding errors against the design intent – one is verifying that the code actually accomplishes what that author intended....
Read More
Nothing software specific in this guidance, Manufacture-of-Blood-Components-Using-Pathogen-Reduction-Device-2021, but in the future one might envision that the validation and quality control could be automated by software. Purpose of the document is to provide guidance to establishments that collect or process blood and blood components, with recommendations for implementing a pathogen reduction device for the manufacture of...
Read More
Software of Unknown Provenance SOUP.  It is likely that you are familiar with the acronym, SOUP, in relation to medical device and Health IT software.  The medical device software standard IEC 62304, defines SOUP as a “software item that is: already developed and generally available and that has not been developed for the purpose of being...
Read More
You may be interested in attending the FDA Virtual Public Workshop, “Transparency of Artificial Intelligence/Machine Learning-enabled Medical Devices,” planned for October 14, 2021.   Info on attending:  https://www.fda.gov/medical-devices/workshops-conferences-medical-devices/virtual-public-workshop-transparency-artificial-intelligencemachine-learning-enabled-medical-devices  
Read More
IEC 62304 and Emerging Standards for Medical Device and Health IT Software DATES:  Oct 19-21, 2021 Clock time each day:  8:30 am – 4:30 pm US Pacific COST: 3 Full Days for $2,100.00 (Early Bird discount: $1595 thru September 1, 2021) Special FDA / Government rate:  $500 (contact us at training@softwarecpr.com to qualify) Multi-student discounts available....
Read More
Probabilistic Genotyping Used for Criminal Prosecution In a recent article published on The Markup, software that is used to match DNA in criminal prosecution has come under scrutiny.  The software implements what is known as probabilistic genotyping, a method used when analyzing data that contains a mixture of DNA from multiple people.  The software uses complex...
Read More
Most medical device manufacturers use many, many software programs, systems, or services to automate quality system This software is not to be confused with product software – that is, software that runs as part of a medical device.  Medical device in this context could be custom hardware devices or Software as a Medical Device (SaMD)....
Read More
One of the most important references in creating a software development lifecycle process to assure software quality is the FDA guidance document, “General Principles of Software Validation.”  This guidance document has been around for many years.  The current version, 2.0, was released in 2002.  To many in the industry, this guidance is simply referred to...
Read More
As the use of Artificial Intelligence (AI) and machine learning methods expand in medical devices and HealthIT software, an oft asked question is whether the data sets used for training should be retained as part of the design history file (DHF) or other long term storage mechanisms.  SoftwareCPR partners Alan Kusinitz, Sherman Eagles, John Murray,...
Read More
Having trouble keeping up with standards activity? You are not alone!  The pace of new and emerging standards creates a challenge for even the most organized and well staffed software and quality assurance teams.  Whether it is digital health, risk management, software process, usability, or the ever challenging cybersecurity, being aware and understanding upcoming changes...
Read More
In addition to information on existing standards, the SoftwareCPR Standards Navigator subscription keeps you up to date on new standards activity and gives you expert insight into future changes to existing standards.  Draft standards are available on a limited basis to subscribers to provide input to SoftwareCPR for the purpose of developing a position or...
Read More
An excellent overview of the challenges and benefits of the Microservices architectural style of software application development.  While many of the factors discussed by the author (Dr. André Fachat, published January 30, 2019), these same factors can affect the safety and efficacy of a medical devices using this style.  The article consists of two parts:...
Read More
IEC 62304 and Emerging Standards for Medical Device and Health IT Software DATES:  April 6-8, 2021 Clock time each day:  8:30 am – 4:30 pm US EDT COST: 3 Full Days for $2,100.00 (Early Bird discount extended! $1795 thru April 3rd) Multi-student discounts available. Register at EventZilla:  https://events.eventzilla.net/e/2021-softwarecpr–iec-62304-and-emerging-standards-and-fda-expectations-for-medical-device-and-health-it-software-2138790469 This 62304 Public Training Course provides a...
Read More
(March 1, 2021)— Mike Russell has joined Crisis Prevention and Recovery LLC (DBA SoftwareCPR ®) as a Partner. He is not new to the firm and industry, having assisted on many engagements in the last decade as an Affiliated Expert. He was also on the TIR working group that created the AAMI TIR45- 2012 Technical...
Read More
This content is only available to our Premium subscribers. See our Subscribe page for information on subscriptions. ISO 14971 was updated and released in 2019.  We previously discussed the internal debate regarding ISO 14917 in this post ISO 14971 versus the EU Commission. There are several items to consider with the new update: Section 10.1 – “The manufacturer...
Read More
At SoftwareCPR today, we honor our consultants that are also veterans who served in our US military! John Murray – US Navy Mike Russell – US Air Force Greg Sandoe – US Marine Corps Jordan Pate – US Army Paul Felten – US Army Thank you for your service!
Read More
Understanding OTS and SOUP is very important in every lifecycle stages of medical device and HealthIT software development.  In the late 1990’s, the US FDA first published guidance documentation on the use of Off-The-Shelf (OTS) software in medical devices (or sometimes referred to as “OTSS”).  At that time, OTSS generally accounted for a very small...
Read More
This content is only available to our Premium subscribers. See our Subscribe page for information on subscriptions. Raffaele Caliri and Jordan Pate have recently updated our 62366-1 Assessment Checklist to align with the 2020 amendment.  This version of the standard has been pared down a bit and looks a lot different than the familiar 2008 version...
Read More
62304 Public Training Course DATES:  September 22-24, 2020 (Registration is open through September 21, 2020 as seats remain.) COST: 3 Full Days for $2,100.00 Company Discount:  First two students at full price and then 10% off for any others (up to course size limit) This 62304 Public Training Course provides a clear understanding of the...
Read More
SoftwareCPR August 2020 Newsletter has been published.  FDA news, regulatory updates, new SoftwareCPR content, software recalls, and software warning letters.
Read More
My Software Is a Medical Device … if that’s you, check out this upcoming webinar.  Our very own John Murray will participate in a webinar on August 25, 2020, and join a roundtable discussion with Bakul Patel, Director, Division of Digital Health at FDA.  Shawnnah Monterrey, CEO @BeanStock Ventures will moderate the discussion. You can...
Read More
(July 13, 2020) Amy Sellers, of Tampa, FL, USA, has joined SoftwareCPR as a Regulatory Associate.  Amy recently received her J.D. from the University of Florida Levin College of Law. She has experience in regulatory pathway decisions, including analysis of intended use and product claims, as well as analysis of design changes against US regulations...
Read More
1 2 3

SoftwareCPR Training Courses:

IEC 62304 and other emerging standards for Medical Device and HealthIT Software

Our flagship course for preparing regulatory, quality, engineering, operations, and others for the activities and documentation expected for IEC 62304 conformance and for FDA expectations. The goal is to educate on the intent and purpose so that the participants are able to make informed decisions in the future.  Focus is not simply what the standard says, but what is meant and discuss examples and approaches one might implement to comply.  Special deep discount pricing available to FDA attendees and other regulators.

3-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Brian Pate

Next public offering:  TBD

Email training@softwarecpr.com to request a special pre-registration discount.  Limited number of pre-registration coupons.

Registration Link:

TBD

 


 

Being Agile & Yet Compliant (Public or Private)

Our SoftwareCPR unique approach to incorporating agile and lean engineering to your medical device software process training course is now open for scheduling!

  • Agile principles that align well with medical
  • Backlog management
  • Agile risk management
  • Incremental and iterative software development lifecycle management
  •  Frequent release management
  • And more!

2-days onsite (4 days virtual) with group exercises, quizzes, examples, Q&A.

Instructors: Mike Russell, Ron Baerg

Next public offering: March 7 & 28, 2024

Virtual via Zoom

Registration Link:

Register Now

 


 

Medical Device Cybersecurity (Public or Private)

This course takes a deep dive into the US FDA expectations for cybersecurity activities in the product development process with central focus on the cybersecurity risk analysis process. Overall approach will be tied to relevant standards and FDA guidance documentation. The course will follow the ISO 14971:2019 framework for overall structure but utilize IEC 62304, IEC 81001-5-1, and AAMI TIR57 for specific details regarding cybersecurity planning, risk characterization, threat modeling, and control strategies.

2-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Dr Peter Rech, 2nd instructor (optional)

Next public offering:  TBD

Corporate Office

15148 Springview St.
Tampa, FL 33624
USA
+1-781-721-2921
Partners located in the US (CA, FL, MA, MN, TX) and Canada.