By

Alan Kusinitz
Brian Pate of SoftwareCPR suggest that a good rule of thumb is: If differences in the final product, produced by two different development groups using the same specification element, resulted in unacceptable differences in safety or efficacy then it would likely be a “requirement”. Otherwise it is most likely to be a design specification. This...
Read More
http://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/UCM418205.pdf
Read More
http://www.fda.gov/medicaldevices/deviceregulationandguidance/howtomarketyourdevice/ucm370879.htm
Read More
http://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/UCM418469.pdf
Read More
http://www.imdrf.org/docs/imdrf/final/technical/imdrf-tech-140918-samd-framework-risk-categorization-141013.pdf
Read More
Brian Pate and Alan Kusinitz of SoftwareCPR.com will be instructing next week’s (9/29-9/30/14) course with FDA instructors and another industry instructor. Compliant Use of Agile Practices in the Development of Medical Device Software Course: September 29-30, 2014 Arlington, VA This course focuses on compliant use of Agile Methods in medical device software development using AAMI...
Read More
The IMDRF issued “Software as a Medical Device: Possible Framework for Risk Categorization and Corresponding Considerations.” This guidance provides terminology and possible framework for the industry and regulators to work from in discussing and dealing with risk related to standalone software used as a medical device.
Read More
The link provided is to FDA’s relatively new webpage related to connected health, including cybersecurity, Health IT, Mobile Medical Apps (MMA), and wireless medical devices. The MMA page provides lists of examples of types of MMApps and how they are or are not regulated. https://www.fda.gov/medicaldevices/digitalhealth/
Read More
http://www.fda.gov/MedicalDevices/ScienceandResearch/MedicalDeviceDevelopmentToolsMDDT/
Read More
http://www.fda.gov/MedicalDevices/ScienceandResearch/MedicalDeviceDevelopmentToolsMDDT/
Read More
/docs/FDADraft510kexemptionsguidanceAug2014.pdf
Read More
/docs/FDAFiscalYear2015userFeeRates.pdf
Read More
/docs/FDAFiscalYear2015userFeeRates.pdf
Read More
/docs/FDAEvaluatingSubstantialEquivalenceGuidance0714.pdf
Read More
http://www.advisory.com/Daily-Briefing/2014/07/16/Google-wants-a-piece-of-the-eye-teams-up-with-Novartis-on-smart-contact-lenses
Read More
http://blogs.fda.gov/fdavoice/index.php/2014/06/fda-encourages-medical-device-data-system-innovation/
Read More
FDA issued a draft guidance: Medical Device Data Systems, Medical Image Storage Devices, and Medical Image Communications Devices. This draft exercises FDA enforcement discretion to essentially deregulate MDDS and Imaging Storage and Coummincation systems despite their classifcation rules. The guidance is at the link provided and proposes the new policy and provides specific wording changes...
Read More
A number of draft standards were released for comment, including including several related to specific security for medical devices and Health IT: AAMI TIR38 – AAMI Medical device safety assurance case guidance IEC Health SW Standards Framework ISO 27799 Health informatics “Information management in health using ISO/IEC 27002” IEC TR 80001-2-8, Application of risk management...
Read More
Just a reminder that FDA maintains a blog at the link provided. This generally contains short announcements with some explanation from FDA leads on policy and specific projects across all FDA divisions although one select specific divisions using the categories options. One recent posting was from Bakul Patel of the device center regarding the recent...
Read More
In SoftwareCPR’s experience, translations and localization of user interfaces and labeling of medical devices for distribution in a variety of geographic regions can be challenging and can present safety issues if not properly handled.  Alan Kusinitz of SoftwareCPR® co-authored an article on localization risk management with one of the large companies that provides such services...
Read More
It appears that the Center directed ORA to inspect Class I firms and provided each regional/district offices with a list of 50 firms to choose from. These inspectionsappear to be in part a validation exercise of the risk based approach to only inspecting higher risk firms. We are assuming it is for the remainder of...
Read More
http://www.fda.gov/downloads/Training/CDRHLearn/UCM311629.pdf
Read More
ECRI Institute published its Top 10 Patient Safety Concerns for Healthcare Organizations to give healthcare organizations a gauge to check their track record in patient safety. The list originally appeared in its Healthcare Risk Control (HRC) System newsletter, the Risk Management Reporter, and is reprinted in this report. The list is partly based on more...
Read More
This white paper provides an update of the proposed revisions to EU medical device regulation as of April 2014. BSI WP EU Regulations
Read More
The following draft standards are being circulated for comment or ballot. More information is availale to Standards Navigator Subscribers in the the Standards Navigator topic:-IEC 62304 Amendment CDV -$ISO 16142-1 DIS -ISO 90003 FDIS -ISO 15289 FDIS -ISO 24748-4 DIS -ISO 24748-6 NP
Read More
This white paper provides an update of the proposed revisions to EU medical device regulation as of April 2014. Green Paper on Mobile Health
Read More
Alan Kusinitz Managing Partner of SoftwareCPR accepted appointment to the Biomedical Instrumnetation and Technology journal editorial board. Alan authored a number of articles for this journal and performed peer revieiws for the journal over the years.
Read More
Lucille Ferus a Partner at SoftwareCPR provided training to the Tawian FDA on US and international medical device software regulation in April. We continue to see increased focus on software regulation in countries outside the US..
Read More
SaMD. Standalone Medical Devices. Do you have SaMD or software systems that might be classified as medical devices, even if FDA has chosen not to regulate them? Do you know the features that might trigger medical device classification? Whether regulated or not, a well developed and sufficiently documented risk analysis and management plan is essential...
Read More
/docs/FDApremarketReviewCommunicationsGuidance040414.pdf
Read More
The Director, Office of Policy and Planning, of the Office of the National Coordinator for Health Information Technology provided an overview presentation on ONC’s perspective on the FDASIA draft report. The slides are at the following link: FDASIA-HITDraftReportOverview0414 As with all presentations SoftwareCPR reminds readers to refer to the actual source documentation, in this case the...
Read More
The FDA released its anticpated draft report on regulation of Health IT. This report includes a risk-based regulatory framework for health information technology (health IT) that is a step towards clarifying what software will be actively regulated by FDA. The report was developed by the U.S. Food and Drug Administration in coordination with the Health...
Read More
The Wall Street Journal reports that “the top federal auto-safety regulator will defend his agency before Congress on Tuesday, telling lawmakers that General Motors had “critical information” that would have helped it identify a defect earlier in the Chevrolet Cobalt and other vehicles and might have changed the agency?s course in investigating the problems.In prepared...
Read More
In a new draft guidance (for electrosurgical devices; but in our opinion representative of information needed for other devices) FDA stated that cybersecurity information including but not limited to the following should be provided: Confidentiality assures that no unauthorized users have access to the information. Integrity is the assurance that the information is correct –...
Read More
In a new draft guidance (for electrosurgical devices but in our opinion representative of information needed for other devices) FDA stated that cybersecuirty information including but not limited to the following should be provided: Confidentiality assures that no unauthorized users have access to the information. Integrity is the assurance that the information is correct –...
Read More
http://www.fda.gov/medicaldevices/deviceregulationandguidance/guidancedocuments/ucm383206.htm#s5
Read More
The link provided is to a white paper prepared by Northwest Cadence regarding use of Microsoft Visual Studio to aid in compliance with FDA requirements. Food and Drug Administration (FDA) Compliance with Visual Studio 2010
Read More
The Office of National Coordinator for Health Information Technology published a proposed rule for Voluntary 2015 Edition Electronic Health Record Certification Criteria; Interoperability Updates and Regulatory Improvements. The proposed rule eliminates the “complete EHR” designation, separates the content and transport certification criteria and announces a more frequent certification rule making process. The proposed rule also...
Read More
There is a new draft for vote of ISO 13485 Medical Devices – Quality Management systems – requirements for regulatory purposes. This version updates the references to ISO 9001 to the 2008 version. Some new requirements include: A requirement for a risk management process has been added in the product realization phase and ISO 14971...
Read More
AAMI recently published “Assessing a Hospital’s Medical IT Network Risk Management Practice with 80001-1” in Biomedical Instrumentation & Technology (BI&T). The article reports on an actual hospital network/health IT assessment using 80001-1 as one of the tools for the assessment.
Read More
Sherman Eagles of SoftwareCPR co-authored AAMI’s recently published article “Reducing Risks and Recalls: Safety Assurance Cases For Medical Devices” in the January/February 2014 issue of BI&T (Biomedical Instrumentation & Technology; a monthly, peer-reviewed journal from the Association for the Advancement of Medical Instrumentation). The full article is posted with permission at the link provided. Any...
Read More
http://cacm.acm.org/magazines/2014/2/171689-mars-code/fulltext
Read More
The latest ACM Journal has an interesting article on software verification at NASA JPL for the Mars Curiosity Rover at the link provided: Mars Code February 2014
Read More
A new set of guides and interactive tools to help health care providers more safely use electronic health information technology products, such as electronic health records (EHRs), are now available at the link provided. The Office of the National Coordinator for Health Information Technology (ONC) at HHS released the Safety Assurance Factors for EHR Resilience...
Read More
NIST received comments on the Preliminary Cybersecurity Framework for improving critical infrastructure cybersecurity and is updating the framework. They have announced that the final version (Version 1.0) will be released on February 13. When it is released, the Final Framework will be posted at NIST.
Read More
http://www.aami.org/news/2014/020514_FDA_Overhaul_Inspection_Compliance_Activities.html
Read More
SoftwareCPR comments on common confusion: Struggling with Essential Requirements? Many manufacturers faced with compliance to the 3rd edition of 60601-1 do not understand which of their product requirements meet the essential requirements definition. Confusion arises over the actual risk control measures designed into the system and the requirements for the “performance of a clinical function...
Read More
The link provided is to an article on Fuzz testing. This type of testing involves injecting bad data to challenge your applications and safeguards. This type of testing can be important to verify risk control measures and data integrity checks are verified. The name Fuzz testing is a fairly recent moniker for techniques that have...
Read More
http://www.ibm.com/developerworks/library/j-fuzztest/index.html
Read More
http://wallstcheatsheet.com/stocks/more-apple-iwatch-clues-fda-meeting-and-healthbook-app.html
Read More
http://www.aami.org/news/2014/011514_FDA_Names_Issuing_Agencies_for_UDI.html
Read More
Lisa Simone, a biomedical software engineer at FDA, published an article in the Biomedical Instrumentation & Technology Journal (Nov-Dec 2013) with information on an analysis of historical software related recalls using internal information at FDA as well as other sources. The article breaks down the recalls by year and product type. She investigated the years...
Read More
The International Telecommunication Union (ITU) has adopted the Continua Design Guidelines (CDG) that contain specifications to ensure the interoperability of devices used for applications monitoring personal health (Recommendation ITU-T H.810 Interoperability design guidelines for personal health systems). ITU-T H.810 is available at the link provided: http://www.itu.int/rec/T-REC-H.810-201312-I
Read More
The Association for the Advancement of Medical Instrumentation selected Alan Kusinitz (Managing Partner of SoftwareCPR) to join its board member nominating committee. Alan has contributed to standards development and training programs for AAMI over many years in the interest of protecting public health.
Read More
http://www.nist.gov/itl/upload/preliminary-cybersecurity-framework.pdf
Read More
The U.S. Health and Human Services Office of the National Coordinator for Health Information Technology (ONC) maintains a website at the link provided. This website includes information and updates on Health IT and Electronic Medical Records programs for software that often is not considered a Medical Device and not regulated by the U.S. FDA.
Read More
IECEE published Document OD-2044 Ed. 2.2, Evaluation of Risks Management in medical electrical equipment according to IEC 60601-1 and IEC/ISO 80601-1. The procedure intends to provide a uniform approach to the Certification Body Testing Laboratory and Manufacturer on assessment and documentation of compliance with the relevant clauses of IEC 60601 standard series related to the...
Read More
This content is only available to Premium and higher subscribers.  See our Subscribe page for information on subscriptions. It contains all software and computer related warning letter excerpts included on this site. Some of the newest warning letters on the site may not be included since we only update this comprehensive document periodically. This compilation is provided...
Read More
AAMI announced that TIR45-2012 “Guidance on the use of agile practices in the development of medical device software” was their most popular TIR for 2013. This document was developed with the participation of FDA and addresses how Agile Methods can be use in compliance with FDA medical device regulations for software. Brian Pate and Alan...
Read More
http://in.reuters.com/article/2013/12/18/cyberattack-fda-drugmakers-idINDEE9BH00N20131218
Read More
The International Medical Device Regulators Forum (IMDRF) issued a final document “Software as a Medical Device(SaMD): Key Definitions” on December 9, 2013. IMDRF SaMD def
Read More
http://mobihealthnews.com/27563/in-tense-hearing-congressman-declares-software-is-not-a-medical-device/
Read More
The document at the link provided is a short checklist for helping ensure or assess requirements quality. It is an educational aid to be used only by knowledgeable individuals and should not be used blindly or considered comprehensive. This was prepared by Brian Pate with input from Alan Kusinitz. Requirement Quality Checklist
Read More
FDA’s Device Center added a dedicated webpage on Cybersecurity for medical devices in its connected health section.
Read More
Oct 22, 2013 press release from the office of Conressman Marsha Blackburn:”Congressman Marsha Blackburn (R-TN07) joined Representatives Gene Green (D-TX29), Dr. Phil Gingrey (R-GA11), Diana DeGette (D-CO01), Greg Walden (R-OR02), and G. K. Butterfield (D-NC01) today in introducing the Sensible Oversight for Technology which Advances Regulatory Efficiency (SOFTWARE) Act to provide regulatory clarity regarding mobile...
Read More
http://www.fda.gov/MedicalDevices/DeviceRegulationandGuidance/default.htm
Read More
If sample sizes need to be determined there are many statistical methods and assumptions related to this so decisions should be carefully considered. Two of the most commonly used sample tables are ISO 2859 for attibutes and ISO 3951 for variables.
Read More
The amendments to ISO 62366 and IEC 60601-1-6 were approved unanimously. The amendment to 62366 introduces requirements for legacy products that were created prior to the adoption of ISO 62366 and the amendment to 60601-1-6 clarifies the elements of the usability engineering process that are required for compliance with the IEC 60601 series
Read More
This SoftwareCPR.com newsletter lists items added to the website from 7/22/2013 to 10/24/2013. It serves as an easy reference to find new or updated items that may be of interest to you and provides a full index of SoftwareCPR educational items. You can click on sections of the document and the related web page should...
Read More
http://www.fda.gov/MedicalDevices/DeviceRegulationandGuidance/UniqueDeviceIdentification/default.htm#ruleguidanc
Read More
Last week was the first offering of AAMI’s course on Agile Software Methods Compliance. Approximately 30 students attended from a wide range of medical device manufacturers including software engineers, quality, compliance, and regulatory managers. As a first offering this level of enrollment shows the high interest in more efficient and effective approaches to medical device...
Read More
The EU Commission published “Commission Recommendation of 24 September 2013 on the audits and assessments performed by notified bodies in the field of medical devices.” This clarifies and strengthens the criteria for certifying (and auditing) notified bodies, and the criteria that the notified bodies have to use in assessing companies and products. The main changes...
Read More
The FDA Safety and Innovation Act (FDASIA) workgroup completed its work and made its draft recommendations in September. The recommendations include: HIT should not be regulated except in cases where there is risk to the patient, a patient-safety risk framework should be used to allow application of regulatory oversight by risk, vendors should be required...
Read More
1 2 3 4 5 9
Expand your access! Subscribe today!

Corporate Office

+1-781-721-2921
Partners located in the US (CA, FL, MA, MN, TN) and Italy.