By

Alan Kusinitz
http://www.fda.gov/MedicalDevices/NewsEvents/WorkshopsConferences/ucm457581.htm
Read More
https://www.federalregister.gov/articles/2015/10/16/2015-25597/2015-edition-health-information-technology-certification-criteria-2015-edition-base-electronic
Read More
https://www.federalregister.gov/articles/2015/10/16/2015-25597/2015-edition-health-information-technology-certification-criteria-2015-edition-base-electronic
Read More
FDA has a series of training videos and slide presentations referred to as CDRHLearn. Under the Special Technical Topics is an IT and Software Section which lists 3 topics: Digital Health, Premarket Cybersecurity Information, and CDRH Regulated Software.
Read More
The U.S. FBI issued a Public Service Announcement on the Internet of Things that includes, “Criminals can also gain access to unprotected devices used in home health care, such as those used to collect and transmit personal monitoring data or time-dispense medicines. Once criminals have breached such devices, they have access to any personal or...
Read More
FDA maintains a webpage for its educational modules referred to as “CDRH Learn.”  Specialty Technical Topics provides a list with a section for IT and Software that includes three modules on Digital Health, Cybersecurity information in premarket submissions, and CDRH regulated software.
Read More
http://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/UCM459917.pdf
Read More
http://www.softwarecpr.com/feedbackframepage.htm
Read More
http://www.gpo.gov/fdsys/pkg/FR-2015-08-18/html/2015-20309.htm
Read More
Interesting write up: “How Medical Tech Gave a Patient a Massive Overdose”.  The article can be found at https://www.healthleadersmedia.com/innovation/how-medical-tech-gave-patient-massive-overdose
Read More
/docs/FDApremarketclassificationcodexemptionsAug2015.pdf
Read More
FDA issued a safety communication to health care facilities using the Hospira Symbiq Infusion System regarding cybersecurity vulnerabilities. FDA is advising facilities to seek alternative infusion systems. In the interim, it is recommended the systems be disconnected from networks and maintain the drug libraries by updating manually along with other recommendations. An article regarding the...
Read More
The National Institute of Science of Technology issued Version 1 of its framework for improving cybersecurity for critical infrastructure including health care. The full press release is at the link provided.
Read More
http://www.consumer.ftc.gov/blog/can-your-app-really-do
Read More
In August 2014, the Australian Therapeutic Goods Authority (TGA) gave a presentation on its approach to software regulation of medical devices.  This is a short and very clear high level presentation that explains the TGA’s focus and use of relevant standards such as 62304 as well as its focus on safety and risk management. View...
Read More
/docs/scpred/SoftwareCPR-NewsletterJune15.pdf
Read More
FDA issued a final version of its Universal Device Identification rule in 2013 and this rule is posted in the softwarecpr.com library. FDA also created and updates a webpage devoted to implementation of this rule (which will take place over seven years with higher risk devices sooner and lower risk devices at the end).
Read More
The International Medical Device Regulators Forum (IMDRF) SaMD draft of a quality system for Software as a Medical Device is available for public comment.
Read More
Link updated December 2018. In November 2014, Health Canada began requiring electronic submissions of license applications for Class III and Class IV medical Devices entitled: “Guidance for Industry: Formatting of Class III and Class IV Licence Applications (Electronic and Paper Formats)” File # 14-112992-741. Certain types of CDs and DVDs are specified along with information...
Read More
FDA issued a Medwatch alert for infusion pumps May 13, 2015, regarding security vulnerabilities in Hospira’s LifeCare PCA3 and PCA5 Infusion Pump Systems.  A researcher has shown that exploiting the vulnerabilities could allow an unauthorized user to remotely modify the dosage delivered.  Homeland security was previously working with Hospira about this vulnerability (we reported on...
Read More
Hospira Lifecare PCA infusion pump running “SW ver 412” does not require authentication for Telnet sessions, which allows remote attackers to gain root privileges via TCP port 23.  The U.S. Department of Homeland Security has been working with Hospira to get this resolved and Hospira will be performing a recall to correct this.
Read More
AAMI published an article entitled: “Best Practices in Applying Medical Device Risk Management Terminology” in its Spring 2015 Horizons publication. Alan Kusinitz, Founder of SoftwareCPR, co-authored this article and a reprint is provided with the permission of AAMI at the link provided. This is for your personal reference not for wider distribution due to the...
Read More
http://www.ecri.org/press/Pages/Alarms-Health-IT-Patient-Violence-2015-Top-10-Patient-Safety-Concerns.aspx
Read More
Crisis Prevention and Recovery, LLC (CPR) is excited to announce the formation of a new business speciality, HumanFactorsCPR. HumanFactorsCPR is the fourth business speciality under the CPR brand, joining SoftwareCPR, ValidationCPR, and RegulatoryCPR. “One of the most attractive features of our new HumanFactorsCPR services is our capability to bridge the risk analysis process with the...
Read More
The Joint Commission, the nation’s largest accreditation organization for hospitals offers a free one hour online course entitled “Investigating and Preventing Health Information Technology-Related Patient Safety Events” at the link provided. https://www.jointcommission.org/topics/free_online_education_courses.aspx
Read More
/Docs/2015-ONCHITCertificationCriteriaPrePubVersion06612.pdf
Read More
The draft of the US ONC proposed 2015 HealthIT ceritfication requirements rule is at the link provided. The final will be published March 30, 2015. This new version requires use of a quality system and states: “….QMS established by the federal government and SDOs include FDA’s quality system regulation in 21 CFR part 820, ISO...
Read More
Stan Hamilton and Brian Pate of SoftwareCPR offer the following tip. As risk managers, we often struggle to draw the line for inclusion of foreseeable misuse. We ask questions like what is credible, and how far must you go? When performing risk analysis, we decide if it is credible enough to list as a hazard...
Read More
The International Medical Device Regulators Forum (IMDRF) in which FDA participates continues to publish many documents including several related to software.
Read More
FDA issued a revision to its “Mobile Medical Applications” Guidance Feb 9, 2015. The revision was to make this guidance consistent with the final “Medical Image Storage Devices, and Medical Image Communications Devices” guidance. Specific changes are FDA’s exercising of enforcement discretion to exempt MDDS and some Mobile Medical Apps from compliance the FDA regualtion....
Read More
FDA issued a final version of its guidance for “Medical Device Data Systems, Medical Image Storage Devices, and Medical Image Communications Devices.” The document is dated February 9, 2015, although it was issued several days prior. This guidance is very significant as it states FDA is exercising discretion and not requiring compliance to the recent...
Read More
The Federal Advisory Committee calendar of meetings is at the link provided. Attendance or downloading of material for most of these meetings is open to the public.
Read More
HIT Implementation, Usability and Safety Workgroup meeting on Friday, February 6, 2015 – SoftwareCPR® Partners Sherman Eagles and Alan Kusinitz gave a presentation at ONC’s request with recommendations on an approach to HealthIT provider quality systems regulation and standards. In addition to providing background on quality systems, SoftwareCPR® recommended that a standard or guidance be...
Read More
AAMI has filed a Project Initiation Notice with ANSI for a new standard on Application of Quality Management Principles and Practices to Health IT. The notice was published in the ANSI Standards Action publication on January 23. The notice is reproduced below. BSR/AAMI HIT2000-201x, Application of Quality Management Principles and Practices to Health IT (new...
Read More
AAMI has filed a Project Initiation Notice with ANSI for a new standard on Application of Quality Management Principles and Practices to Health IT. The notice was published in the ANSI Standards Action publication on January 23. The notice is reproduced below. BSR/AAMI HIT2000-201x, Application of Quality Management Principles and Practices to Health IT Stakeholders:...
Read More
FDA added the following standards to their recognized standards list and published the new recognitions January 2015. IEC TR 80001-2-5 2014. Application of risk management for IT networks incorporating medical devices–Part 2-5: Application guidance–Guidance on distributed alarm systems. IEEE Std 11073-10425- Health informatics 2014. Personal health device comunication, Part 10425: Device Specialization–Continuous Glucose Monitor (CGM)....
Read More
This draft was replaced by a final guidance in August 2016. It is provided here for historical comparison only. FDA issued a draft “General Wellness: Policy for Low Risk Devices” guidance on January 20, 2015. This draft policy continues to redefine the borderline for FDA regulation/non-regulation of Health IT along with their MDDS and MMApps...
Read More
The U.S. National Institute of Standards and Technology issued a document entitled “Framework for Improving Critical Infrastructure Cybersecurity” dated February 12, 2014.   This document is now being used by FDA as a reference in its cybersecurity program.  You can download version 1.0 here: Framework for Improving Critical Infrastructure Cybersecurity Version 1.0 See our later post...
Read More
AAMI has filed a Project Initiation Notice with ANSI for a new standard on HIT risk management. The notice was published in the ANSI Standards Action publication on December 19. The notice is reproduced below. BSR/AAMI HIT1000-201x, Risk Management for Heath-IT (new standard) Stakeholders: The primary stakeholders are health IT producers and manufacturers, healthcare providers,...
Read More
/docs/scpred/AAMI-BITarticle_Ten_Questions_With_Alan_Kusinitz.pdf
Read More
This content is only available to Premium and higher subscribers.  See our Subscribe page for information on subscriptions. It contains all software and computer related recall excerpts for the years listed. Some of the newest recalls on the site may not be included. This compilation is provided in reverse chronological order and is useful for quick review,...
Read More
The link provided is to a 2013 article entitled: “Safety Assurance Factors for Electronic Health Record Resilience (SAFER): study protocol.” Safety Assurance for EHR Article
Read More
/docs/FDAinfusionpumplifecycleguidance-ucm209337.pdf
Read More
1 2 3 4 5 6 18

Remote Webmeeting Assessments

SoftwareCPR can provide remote offsite assessments to support virtual offices.  Our consultants can utilize webmeeting tools to walk your teams through assessments such as:

  • 62304 compliance
  • Regulatory submission pre-review
  • Software risk analysis
  • Cybersecurity process and validation
  • Overall ISO 14971 risk management
  • Overview of software regulation with John Murray

Email office@softwarecpr.com
for more info!

Corporate Office

15148 Springview St
Tampa, FL 33624
USA
+1-781-721-2921
Partners located in the US (CA, FL, MA, MN) and Italy.