By

Alan Kusinitz
http://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/UCM512648.pdf
Read More
http://www.fda.gov/MedicalDevices/DigitalHealth/ucm512245.htm
Read More
See the item on the MDR Trilogue Agreement for further explanation.  The text for the IVD draft is a the link provided here: EU IVDR.
Read More
This document is the result of an industry-led initiative of the European Commission. It is targeted at app developers and its purpose is to foster justified trust among users of mHealth apps which process personal data. Standards Navigator Draft Health Code of Conduct
Read More
/docs/scpred/standardsnavigator/EU_Data_Protection_Regulation.pdf
Read More
/docs/scpred/SoftwareCPR-Newsletter052016.pdf
Read More
/docs/scpred/SoftwareCPR-LatestNewsletter.htm
Read More
http://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/ucm504091.pdf
Read More
The US FDA issued a draft guidance entitled: “Use of Electronic Health Record Data in Clinical Investigations”. This draft addresses a variety of issues including EHRs certified by ONC, data modifications, audit trials, informed consent, and Privacy and Security. The full draft guidance can be found at the following link: FDA_Use_of_EHR_Data_in_Clinical_Investigations
Read More
http://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/UCM268141.pdf
Read More
http://www.gpo.gov/fdsys/pkg/FR-2016-04-04/html/2016-07467.htm
Read More
http://www.gpo.gov/fdsys/pkg/FR-2016-04-04/html/2016-07467.htm
Read More
On March 29, 2016, the US Department of Homeland Security issued an Advisory regarding the Carefusion Pyxis SupplyStation System Vulnerabilities that would only require an attacker with low skills.  Specific mitigations listed in the Advisory include: Isolate affected products from the Internet and untrusted systems; however, if additional connectivity is required, use a VPN solution....
Read More
The link provided is our revised checklist for changes in Amendment 1. You will need to login as a paid subscriber to download this checklist.
Read More
Amendment 1 of” “IEC 62304 Medical device software — Software Life cycle processes” was issued in 2015. Although the focus of the Amendment was to include a special provision for Legacy software as well as clarifications and changes to Safety Classification, a number of other substantive changes were made.including significant additional requirements for Class A...
Read More
/docs/scpred/FDA-2015WL-483DataPresentationV_1312016.pdf
Read More
/docs/scpred/FDA-2015WL-483DataPresentationV_1312016.pdf
Read More
The Final Draft International Standard was approved at the end of 2015 and will be submitted for publication. The standard is expected to be published by the end of March 2016.  A three year transition period has been proposed.
Read More
http://www.fda.gov/downloads/medicaldevices/deviceregulationandguidance/guidancedocuments/ucm484914.pdf
Read More
/docs/FDAhighestprioritydevices4humanfactorsreview0216.pdf
Read More
NOTE: This is for historical reference as a final guidance was issued Sept 2017 and is posted separately. FDA issued a new draft guidance entitled “Design Considerations and Pre- market Submission Recommendations for Interoperable Medical Devices”. This guidance addresses medical devices that exchange information whether wired or wireless including through the internet. It includes unidirectional...
Read More
FDA held a two day public cybersecurity workshop Jan 20-21,2016.   See the output, including links to the webcasts, from the workshop sessions.
Read More
Sherman Eagles of SoftwareCPR expects increased standards and regulatory activity related to Software and HealthIT in 2016. Here are some of the areas to watch: IEC 82304-1 Health Software: General requirements for safety will be completed during the first half of 2016. It is intended that this standard be harmonized in the EU, but it...
Read More
Note:  This draft is OBSOLETE and included only for historical reference only.  Look for the final draft elsewhere on this site. To view the guidance click this link:  2016-01-FDA Post market Cybersecurity draft guidance This guidance references a number of Presidential Executive Orders related to critical infrastructure and cybersecurity as a driving force for FDA’s increased oversight...
Read More
FDA held a public workshop, “Collaborative Approaches for Medical Device and Healthcare Cybersecurity,” October 21-22, 2014, in partnership with the Department of Homeland Security. The program book issued by FDA after the workshop was held is at the link provided. It contains information on the sessions, objectives, and speaker biographies. Sherman Eagles of SoftwareCPR® was...
Read More
This content is only available to Premium and higher subscribers.  See our Subscribe page for information on subscriptions. It contains a training aid that provides an overview comparison between the 2015 Amendment of IEC 62304 and FDA requirements based on 62304 Safety Classes. SCPRed_SoftwareCPR-FDA-62304SafetyClasscomparisonTrainingAide
Read More
http://www.fda.gov/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/ucm467223.htm
Read More
The International Society of Pharmaceutical Engineering publishes the Good Automated Practices Guides including GAMP from 2008 which coverscomputer system validation in general and a number of more recent guides on topics ranging from mobile apps to IT infrastructure control. The current list of available guides is: GAMP® 5: A Risk-Based Approach to Compliant GxP Computerized...
Read More
In July 2015 an amendment was issued to IEC 62304. While this amendment was focused on additions for Legacy software and clarifications to the use of risk in safety classification keep in mind that a number of other smaller changes and additions were made. Some of the more significant ones include: 1. Reduction in the...
Read More
In July 2015 an amendment was issued to IEC 62304. While this amendment was focused on additions for legacy software and clarifications to the use of risk in safety classification, keep in mind that a number of other smaller changes and additions were made. Some of the more significant ones include: Reduction in the exemptions...
Read More
http://www.fda.gov/downloads/medicaldevices/deviceregulationandguidance/guidancedocuments/ucm313794.pdf
Read More
Although FDA’s Device Center tends to exempt many Mobile Medical Apps from regualtion FDA’s Drug Center has its own approach. Our current understanding is that mobile apps distributed with drugs are considered part of a combination product in many cases and the Drug Center will review the MMApp information as part of the product approval...
Read More
http://www.fda.gov/MedicalDevices/NewsEvents/WorkshopsConferences/ucm468246.htm
Read More
A new International Medical Device Regulators Forum (IMDRF) document was finalized.  It is Software as a Medical Device (SaMD): Application of Quality Management System.  The objective of the document is to provide guidance on the application of existing standardized and generally accepted QMS practices to SaMD. View the document at this link:  imdrf-tech-151002-samd-qms
Read More
Paul Felten of SoftwareCPR has successfully passed the ISTQB Agile Tester Certification exam. The ISTQB Agile Tester certification was created to account for new emerging practices and methodology changes in the software testing industry. Based on the foundation level syllabus, this certification ensures that software testers and professional alike have the necessary knowledge and skills...
Read More
http://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/UniqueDeviceIdentification/GlobalUDIDatabaseGUDID/UCM396595.pdf
Read More
http://www.fda.gov/MedicalDevices/NewsEvents/WorkshopsConferences/ucm457581.htm
Read More
https://www.federalregister.gov/articles/2015/10/16/2015-25597/2015-edition-health-information-technology-certification-criteria-2015-edition-base-electronic
Read More
https://www.federalregister.gov/articles/2015/10/16/2015-25597/2015-edition-health-information-technology-certification-criteria-2015-edition-base-electronic
Read More
FDA has a series of training videos and slide presentations referred to as CDRHLearn. Under the Special Technical Topics is an IT and Software Section which lists 3 topics: Digital Health, Premarket Cybersecurity Information, and CDRH Regulated Software.
Read More
The U.S. FBI issued a Public Service Announcement on the Internet of Things that includes, “Criminals can also gain access to unprotected devices used in home health care, such as those used to collect and transmit personal monitoring data or time-dispense medicines. Once criminals have breached such devices, they have access to any personal or...
Read More
FDA maintains a webpage for its educational modules referred to as “CDRH Learn.”  Specialty Technical Topics provides a list with a section for IT and Software that includes three modules on Digital Health, Cybersecurity information in premarket submissions, and CDRH regulated software.
Read More
http://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/UCM459917.pdf
Read More
http://www.softwarecpr.com/feedbackframepage.htm
Read More
http://www.gpo.gov/fdsys/pkg/FR-2015-08-18/html/2015-20309.htm
Read More
/docs/FDApremarketclassificationcodexemptionsAug2015.pdf
Read More
Interesting write up: “How Medical Tech Gave a Patient a Massive Overdose”.  The article can be found at https://www.healthleadersmedia.com/innovation/how-medical-tech-gave-patient-massive-overdose
Read More
The National Institute of Science of Technology issued Version 1 of its framework for improving cybersecurity for critical infrastructure including health care. The full press release is at the link provided.
Read More
FDA issued a safety communication to health care facilities using the Hospira Symbiq Infusion System regarding cybersecurity vulnerabilities. FDA is advising facilities to seek alternative infusion systems. In the interim, it is recommended the systems be disconnected from networks and maintain the drug libraries by updating manually along with other recommendations. An article regarding the...
Read More
http://www.consumer.ftc.gov/blog/can-your-app-really-do
Read More
In August 2014, the Australian Therapeutic Goods Authority (TGA) gave a presentation on its approach to software regulation of medical devices.  This is a short and very clear high level presentation that explains the TGA’s focus and use of relevant standards such as 62304 as well as its focus on safety and risk management. View...
Read More
/docs/scpred/SoftwareCPR-NewsletterJune15.pdf
Read More
FDA issued a final version of its Universal Device Identification rule in 2013 and this rule is posted in the softwarecpr.com library. FDA also created and updates a webpage devoted to implementation of this rule (which will take place over seven years with higher risk devices sooner and lower risk devices at the end).
Read More
The International Medical Device Regulators Forum (IMDRF) SaMD draft of a quality system for Software as a Medical Device is available for public comment.
Read More
Link updated December 2018. In November 2014, Health Canada began requiring electronic submissions of license applications for Class III and Class IV medical Devices entitled: “Guidance for Industry: Formatting of Class III and Class IV Licence Applications (Electronic and Paper Formats)” File # 14-112992-741. Certain types of CDs and DVDs are specified along with information...
Read More
FDA issued a Medwatch alert for infusion pumps May 13, 2015, regarding security vulnerabilities in Hospira’s LifeCare PCA3 and PCA5 Infusion Pump Systems.  A researcher has shown that exploiting the vulnerabilities could allow an unauthorized user to remotely modify the dosage delivered.  Homeland security was previously working with Hospira about this vulnerability (we reported on...
Read More
Hospira Lifecare PCA infusion pump running “SW ver 412” does not require authentication for Telnet sessions, which allows remote attackers to gain root privileges via TCP port 23.  The U.S. Department of Homeland Security has been working with Hospira to get this resolved and Hospira will be performing a recall to correct this.
Read More
AAMI published an article entitled: “Best Practices in Applying Medical Device Risk Management Terminology” in its Spring 2015 Horizons publication. Alan Kusinitz, Founder of SoftwareCPR, co-authored this article and a reprint is provided with the permission of AAMI at the link provided. This is for your personal reference not for wider distribution due to the...
Read More
Crisis Prevention and Recovery, LLC (CPR) is excited to announce the formation of a new business speciality, HumanFactorsCPR. HumanFactorsCPR is the fourth business speciality under the CPR brand, joining SoftwareCPR, ValidationCPR, and RegulatoryCPR. “One of the most attractive features of our new HumanFactorsCPR services is our capability to bridge the risk analysis process with the...
Read More
http://www.ecri.org/press/Pages/Alarms-Health-IT-Patient-Violence-2015-Top-10-Patient-Safety-Concerns.aspx
Read More
The Joint Commission, the nation’s largest accreditation organization for hospitals offers a free one hour online course entitled “Investigating and Preventing Health Information Technology-Related Patient Safety Events” at the link provided. https://www.jointcommission.org/topics/free_online_education_courses.aspx
Read More
The draft of the US ONC proposed 2015 HealthIT ceritfication requirements rule is at the link provided. The final will be published March 30, 2015. This new version requires use of a quality system and states: “….QMS established by the federal government and SDOs include FDA’s quality system regulation in 21 CFR part 820, ISO...
Read More
/Docs/2015-ONCHITCertificationCriteriaPrePubVersion06612.pdf
Read More
Stan Hamilton and Brian Pate of SoftwareCPR offer the following tip. As risk managers, we often struggle to draw the line for inclusion of foreseeable misuse. We ask questions like what is credible, and how far must you go? When performing risk analysis, we decide if it is credible enough to list as a hazard...
Read More
The International Medical Device Regulators Forum (IMDRF) in which FDA participates continues to publish many documents including several related to software.
Read More
FDA issued a revision to its “Mobile Medical Applications” Guidance Feb 9, 2015. The revision was to make this guidance consistent with the final “Medical Image Storage Devices, and Medical Image Communications Devices” guidance. Specific changes are FDA’s exercising of enforcement discretion to exempt MDDS and some Mobile Medical Apps from compliance the FDA regualtion....
Read More
FDA issued a final version of its guidance for “Medical Device Data Systems, Medical Image Storage Devices, and Medical Image Communications Devices.” The document is dated February 9, 2015, although it was issued several days prior. This guidance is very significant as it states FDA is exercising discretion and not requiring compliance to the recent...
Read More
The Federal Advisory Committee calendar of meetings is at the link provided. Attendance or downloading of material for most of these meetings is open to the public.
Read More
HIT Implementation, Usability and Safety Workgroup meeting on Friday, February 6, 2015 – SoftwareCPR® Partners Sherman Eagles and Alan Kusinitz gave a presentation at ONC’s request with recommendations on an approach to HealthIT provider quality systems regulation and standards. In addition to providing background on quality systems, SoftwareCPR® recommended that a standard or guidance be...
Read More
AAMI has filed a Project Initiation Notice with ANSI for a new standard on Application of Quality Management Principles and Practices to Health IT. The notice was published in the ANSI Standards Action publication on January 23. The notice is reproduced below. BSR/AAMI HIT2000-201x, Application of Quality Management Principles and Practices to Health IT Stakeholders:...
Read More
AAMI has filed a Project Initiation Notice with ANSI for a new standard on Application of Quality Management Principles and Practices to Health IT. The notice was published in the ANSI Standards Action publication on January 23. The notice is reproduced below. BSR/AAMI HIT2000-201x, Application of Quality Management Principles and Practices to Health IT (new...
Read More
FDA added the following standards to their recognized standards list and published the new recognitions January 2015. IEC TR 80001-2-5 2014. Application of risk management for IT networks incorporating medical devices–Part 2-5: Application guidance–Guidance on distributed alarm systems. IEEE Std 11073-10425- Health informatics 2014. Personal health device comunication, Part 10425: Device Specialization–Continuous Glucose Monitor (CGM)....
Read More
This draft was replaced by a final guidance in August 2016. It is provided here for historical comparison only. FDA issued a draft “General Wellness: Policy for Low Risk Devices” guidance on January 20, 2015. This draft policy continues to redefine the borderline for FDA regulation/non-regulation of Health IT along with their MDDS and MMApps...
Read More
The U.S. National Institue of Standards and Technology issued a document entitled “Framework for Improving Critical Infrastructure Cybersecurity” dated February 12, 2014. This document is now being used by FDA as a reference in its cybersecurity program.
Read More
AAMI has filed a Project Initiation Notice with ANSI for a new standard on HIT risk management. The notice was published in the ANSI Standards Action publication on December 19. The notice is reproduced below. BSR/AAMI HIT1000-201x, Risk Management for Heath-IT (new standard) Stakeholders: The primary stakeholders are health IT producers and manufacturers, healthcare providers,...
Read More
/docs/scpred/AAMI-BITarticle_Ten_Questions_With_Alan_Kusinitz.pdf
Read More
This content is only available to Premium and higher subscribers.  See our Subscribe page for information on subscriptions. It contains all software and computer related recall excerpts for the years listed. Some of the newest recalls on the site may not be included. This compilation is provided in reverse chronological order and is useful for quick review,...
Read More
The link provided is to a 2013 article entitled: “Safety Assurance Factors for Electronic Health Record Resilience (SAFER): study protocol.” Safety Assurance for EHR Article
Read More
/docs/FDAinfusionpumplifecycleguidance-ucm209337.pdf
Read More
Seapine Software (seapine.com) which provides a variety of development tools published its 2014 report on the state of software development for medical devices. This report was generated based on input from 500 individuals in the medical device industry. It contains a breakdown of risk management methods used, key documentation challenges, requirements management approaches used, test...
Read More
http://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/UCM346553.pdf
Read More
http://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/UCM346553.pdf
Read More
Sherman Eagles of SoftwareCPR® provides the following summary of some key points from FDA’s webinar on their premarket cybersecurity guidance on October 29. In the webinar FDA noted that the Instructions for Use should include what cybersecurity controls are needed in the use environment, but stated that it is not sufficient for a device to...
Read More
The FDA held a two day public workshop on Collaborative Approaches for Medical Device and Healthcare Cybersecurity on October 21-22. Documentation on the workshop including the video recording of the workshop can be found at: http://www.fda.gov/MedicalDevices/NewsEvents/WorkshopsConferences/ucm412979.htm.
Read More
/docs/scpred/SoftwareCPRenhanced-V-Diagram1014.png
Read More
http://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/UCM419468.pdf
Read More
http://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/UCM419468.pdf
Read More
1 2 3 4 9
Expand your access! Subscribe today!

Corporate Office

+1-781-721-2921
Partners located in the US (CA, FL, MA, MN, TN) and Italy.