The FDA page on Medical Device Use of Symbols in Labeling is at the link provided. FDA currently allows use of symbols in place of text for medical devices and certain biologics provided the use is compliant with 21 CFR Parts 660, 801, and 809. FDA Use of Symbols in Medical Device LabelingRead More
At the AAMI/FDA Software Regulatory Class being held this week, it was stated that the following are expected to be released this summer by FDA: – Revision to the premarket cybersecurity guidance – Final of the interoperability guidanceRead More
FDA seeks manufacturers to provide onsite learning opportunities for FDA staff. In the areas of Digital Health/Software FDA is interested in 4 topics: Cybersecurity, Software Development, Total product life-cycle development processes and methodologies, and Software testing. The link provided is the main FDA webpage on this program and has a link to the full list...Read More
FDA issued a draft list of Class II Medical Devices exemptions from the 510(k) premarket notification requirements to comply with the 21st Century Cures Act. Note that 884.1630 is NOT exempt if it contains software for image analysis or smartphone use. Other software-related sections of note are 86.2570 and 882.1470.Read More
The presention material for the FDA Webinar – Factors to Consider When Making Benefit-Risk Determinations for Medical Device Investigational Device Exemptions Final Guidance – February 23, 2017 is at the link provided. FDA Presentation on Benefit-Risk IDE DevicesRead More
FDA issued a Final guidance entitled: “Postmarket Management of Cybersecurity in Medical Devices”. FDA held a free webinar on this guidance on Jan. 12,2017. Information information and presentation materials are at the link provided. SoftwareCPR can provide expert cybersecurity consulting services for regulatory compliance andrisk analysis, technical threat and vulnerability assessment as well as for...Read More
The FDA issued a draft guidance “Medical Product Communications That Are Consistent With the FDA-Required Labeling — Questions and Answers”. The full draft is at the link provided. Medical Product Communications That Are Consistent With the FDA-Required Labeling — Questions and AnswersRead More
Company: Morton Grove Pharmaceuticals, Inc. Date:1/17/2017 Your firm failed to exercise appropriate controls over computer or related systems to assure that only authorized personnel institute changes in master production and control records, or other records (21 CFR 211.68(b)). Data Integrity Remediation Your quality system does not adequately ensure the accuracy and integrity of data to...Read More
The US Law PLAW-114Publ255 referred to as the 21st Century Cures Act published in Dec 2016 is at the link provided. There are many important elements of this law for Drugs, Devices, and Biologics. 21st Century Cures ActRead More
FACTA Farmaceutici S.p.A Product: drug manufacturing facility Date:1/13/2017 1. Your firm failed to ensure that laboratory records included complete data derived from all tests necessary to assure compliance with established specifications and standards (21 CFR 211.194(a)). For multiple sterile drug product lots, your original data showed failing results, but data you reported showed passing results....Read More
The US FDA issued a FINAL guidance entitled: “Factors to Consider When Making Benefit-Risk Determinations for Medical Device Investigational Device Exemptions”. This guidance references software features in Appendix C the device description section. The full guidance is at the link provided. FDA FINAL Guidance Benefit-Risk IDE DevicesRead More
FDA issued a safety notice: Cybersecurity Vulnerabilities Identified in St. Jude Medical’s Implantable Cardiac Devices and Merlin@home Transmitter.Read More
Sandy Hedberg of SoftwareCPR prepared a summary of the impact of the December 13, 2016, U.S. law, the 21st Century Cures Act on Standalone Software. Section 3060 addresses standalone software and exempts some software from regulation as a medical device. Sandy’s summary is at the link provided: 21st Century Cures Act – Software CPR Analysis....Read More
The FDA webpage with a summary of how medical device recalls are handled and how FDA may notify the public is at the link provided. This includes examples of types of recall actions. We post software-related recalls on this website and SoftwareCPR can provide expert assistance in compliance with 21 CFR Part 806 Corrections and...Read More
Hyman, Phelps & McNamara posted a great summary of the impact of the 21st Century Cures Act in regards to general provisions affecting medical device regulation. They also provide links to summaries of other provisions of the act for standalone software (also posted on softwarecpr.com), and drugs and biologics impact.Read More
The law firm of Hyman Phelps and McNamara posted their summary of the impact on this Dec 13, 2016 US Law the 21st Century Cures Act. at the link provided. Section 3060 addresses standalone software and exempts some software from regulation as a medical device. They also provide links to summaries of other provisions of...Read More
http://blogs.fda.gov/fdavoice/index.php/2016/12/managing-medical-device-cybersecurity-in-the-postmarket-at-the-crossroads-of-cyber-safety-and-advancing-technology/Read More
The US FDA issued a draft guidance entitled: “Use of Electronic Health Record Data in Clinical Investigations”. This draft addresses a variety of issues including EHRs certified by ONC, data modifications, audit trials, informed consent, and Privacy and Security. The full draft guidance can be found at the following link: FDA_Use_of_EHR_Data_in_Clinical_InvestigationsRead More
Recipient: Polydrug Laboratories Pvt. Ltd. Corporate Office Product: Pharmaceuticals Date: 4/11/2016 Failure of computerized systems to have sufficient controls to prevent unauthorized access or changes to data. Your firm’s computer system for entering test results and storing certificates of analysis (CoA), which document whether a drug meets specifications, does not have sufficient controls to prevent...Read More
FDA held a public workshop, “Collaborative Approaches for Medical Device and Healthcare Cybersecurity,” October 21-22, 2014, in partnership with the Department of Homeland Security. The program book issued by FDA after the workshop was held is at the link provided. It contains information on the sessions, objectives, and speaker biographies. Sherman Eagles of SoftwareCPR® was...Read More
A new International Medical Device Regulators Forum (IMDRF) document was finalized. It is Software as a Medical Device (SaMD): Application of Quality Management System. The objective of the document is to provide guidance on the application of existing standardized and generally accepted QMS practices to SaMD. View the document at this link: imdrf-tech-151002-samd-qmsRead More
https://www.federalregister.gov/articles/2015/10/16/2015-25597/2015-edition-health-information-technology-certification-criteria-2015-edition-base-electronicRead More
FDA maintains a webpage for its educational modules referred to as “CDRH Learn.” Specialty Technical Topics provides a list with a section for IT and Software that includes three modules on Digital Health, Cybersecurity information in premarket submissions, and CDRH regulated software.Read More
Interesting write up: “How Medical Tech Gave a Patient a Massive Overdose”. The article can be found at https://www.healthleadersmedia.com/innovation/how-medical-tech-gave-patient-massive-overdoseRead More
FDA issued a safety communication to health care facilities using the Hospira Symbiq Infusion System regarding cybersecurity vulnerabilities. FDA is advising facilities to seek alternative infusion systems. In the interim, it is recommended the systems be disconnected from networks and maintain the drug libraries by updating manually along with other recommendations. An article regarding the...Read More
AAMI published an article entitled: “Best Practices in Applying Medical Device Risk Management Terminology” in its Spring 2015 Horizons publication. Alan Kusinitz, Founder of SoftwareCPR, co-authored this article and a reprint is provided with the permission of AAMI at the link provided. This is for your personal reference not for wider distribution due to the...Read More
FDA issued a revision to its “Mobile Medical Applications” Guidance Feb 9, 2015. The revision was to make this guidance consistent with the final “Medical Image Storage Devices, and Medical Image Communications Devices” guidance. Specific changes are FDA’s exercising of enforcement discretion to exempt MDDS and some Mobile Medical Apps from compliance the FDA regualtion....Read More
This draft was replaced by a final guidance in August 2016. It is provided here for historical comparison only. FDA issued a draft “General Wellness: Policy for Low Risk Devices” guidance on January 20, 2015. This draft policy continues to redefine the borderline for FDA regulation/non-regulation of Health IT along with their MDDS and MMApps...Read More
Sherman Eagles of SoftwareCPR® provides the following summary of some key points from FDA’s webinar on their premarket cybersecurity guidance on October 29. In the webinar FDA noted that the Instructions for Use should include what cybersecurity controls are needed in the use environment, but stated that it is not sufficient for a device to...Read More
The FDA held a two day public workshop on Collaborative Approaches for Medical Device and Healthcare Cybersecurity on October 21-22. Documentation on the workshop including the video recording of the workshop can be found at: http://www.fda.gov/MedicalDevices/NewsEvents/WorkshopsConferences/ucm412979.htm.Read More
The link provided is to FDA’s relatively new webpage related to connected health, including cybersecurity, Health IT, Mobile Medical Apps (MMA), and wireless medical devices. The MMA page provides lists of examples of types of MMApps and how they are or are not regulated. https://www.fda.gov/medicaldevices/digitalhealth/Read More
Brian Pate of SoftwareCPR® writes: In May 2014, FDA offered further guidance to manufacturers regarding premarket submission information identifying cyber-security risks and hazards associated with their medical devices, and the responsibility for engineering appropriate risk controls to address patient safety and assure proper device performance. FDA encouraged manufacturers to report any cyber-security incidents that may...Read More
FDA issued a draft guidance: Medical Device Data Systems, Medical Image Storage Devices, and Medical Image Communications Devices. This draft exercises FDA enforcement discretion to essentially deregulate MDDS and Imaging Storage and Coummincation systems despite their classifcation rules. The guidance is at the link provided and proposes the new policy and provides specific wording changes...Read More
Just a reminder that FDA maintains a blog at the link provided. This generally contains short announcements with some explanation from FDA leads on policy and specific projects across all FDA divisions although one select specific divisions using the categories options. One recent posting was from Bakul Patel of the device center regarding the recent...Read More
In SoftwareCPR’s experience, translations and localization of user interfaces and labeling of medical devices for distribution in a variety of geographic regions can be challenging and can present safety issues if not properly handled. Alan Kusinitz of SoftwareCPR® co-authored an article on localization risk management with one of the large companies that provides such services...Read More
It appears that the Center directed ORA to inspect Class I firms and provided each regional/district offices with a list of 50 firms to choose from. These inspectionsappear to be in part a validation exercise of the risk based approach to only inspecting higher risk firms. We are assuming it is for the remainder of...Read More
The Director, Office of Policy and Planning, of the Office of the National Coordinator for Health Information Technology provided an overview presentation on ONC’s perspective on the FDASIA draft report. The slides are at the following link: FDASIA-HITDraftReportOverview0414 As with all presentations SoftwareCPR reminds readers to refer to the actual source documentation, in this case the...Read More
The FDA released its anticpated draft report on regulation of Health IT. This report includes a risk-based regulatory framework for health information technology (health IT) that is a step towards clarifying what software will be actively regulated by FDA. The report was developed by the U.S. Food and Drug Administration in coordination with the Health...Read More
In a new draft guidance (for electrosurgical devices; but in our opinion representative of information needed for other devices) FDA stated that cybersecurity information including but not limited to the following should be provided: Confidentiality assures that no unauthorized users have access to the information. Integrity is the assurance that the information is correct –...Read More
The link provided is to a white paper prepared by Northwest Cadence regarding use of Microsoft Visual Studio to aid in compliance with FDA requirements. Food and Drug Administration (FDA) Compliance with Visual Studio 2010Read More
The link provided is to an article on Fuzz testing. This type of testing involves injecting bad data to challenge your applications and safeguards. This type of testing can be important to verify risk control measures and data integrity checks are verified. The name Fuzz testing is a fairly recent moniker for techniques that have...Read More
