Tag

risk
The West Australian reported that two autonomous haulage systems (AHS) trucks experienced a collision when one of the trucks backed into the cab of the second truck that was stationary at the time.  This is of interest to us as the AHS trucks are software controlled and they crashed.  Clearly a failure mode.  The initial report is...
Read More
FDA issued a Safety Communication on January 31, 2019, (see Safety Communication Link) warning of the risk of air being introduced in a blood vessel (air-in-line) and air embolism for infusion pumps, fluid warmers, rapid infusers, and accessory devices.  This communication is directed toward users (both clinical and service personnel) and patients.  However, what can system architects,...
Read More
The Verily Study Watch is a device worn on the wrist that digitizes patient physiologic measurements and processes the raw data through algorithms both on the wrist worn device and additional processing when communicated to cloud based computing systems.  The idea is that the Verily watch would be worn similar (or as!) a consumer device...
Read More
What concerns FDA when conducting a benefit-risk assessment of medical devices?  The answer is a long list of variables that can vary by type of device, target population, and indications for use, but the clear focus is on patient safety and benefit. The FDA considers both the device benefit-risk assessment, as well as evidence and...
Read More
This update addresses International and US National medical device standards ("a view of the landscape") being developed or revised that may be of interest to developers of software for medical devices or healthcare. Some of these standards are used directly for regulatory purposes and others may be valuable in demonstrating to regulatory authorities that a...
Read More
Here are some thoughts from a recent conversation between Sherman Eagles, Brian Pate, and Alan Kusinitz of SoftwareCPR®: Cybersecurity vulnerabilities can have unpredictable effects on safety.  Unpredictable effects … to those who have worked to reduce risks of software failures in medical device software, that phrase may be familiar.  That concept is explained in relation to...
Read More
FDA, together with the National Science Foundation (NSF) and the Department of Homeland Security Science, and Technology, held a public workshop May 18-19, 2017. Results of this workshop, including webcasts of the sessions, are at the FDA website. Public Workshop – Cybersecurity of Medical Devices: A Regulatory Science Gap Analysis, May 18-19, 2017
Read More
Although IEC 82304-1 Health Software: General requirements for safety has been published it is not clear when it will be harmonized in the EU. Nonetheless it appears EU notified bodies are treating it as “state-of-the-art” and are likely to expect it to be used for software products that are regulated as medical devices. IEC TR...
Read More
Sherman Eagles of SoftwareCPR® recently coauthored an article published by AAMI in the Jan/Feb 2016 BIT Journal entitled “Cybersecurity for Medical Device Manufacturers: Ensuring Safety and Functionality.”  You can read the article at this link: 2016 Jan-Feb BIT Cybersecurity Sherman is well known as an expert in medical device standards and has been involved in many...
Read More
NOTE: This is for historical reference as a final guidance was issued Sept 2017 and is posted separately. FDA issued a new draft guidance entitled “Design Considerations and Pre- market Submission Recommendations for Interoperable Medical Devices”. This guidance addresses medical devices that exchange information whether wired or wireless including through the internet. It includes unidirectional...
Read More
Note:  This draft is OBSOLETE and included only for historical reference only.  Look for the final draft elsewhere on this site. To view the guidance click this link:  2016-01-FDA Post market Cybersecurity draft guidance This guidance references a number of Presidential Executive Orders related to critical infrastructure and cybersecurity as a driving force for FDA’s increased oversight...
Read More
Stan Hamilton and Brian Pate of SoftwareCPR offer the following tip. As risk managers, we often struggle to draw the line for inclusion of foreseeable misuse. We ask questions like what is credible, and how far must you go? When performing risk analysis, we decide if it is credible enough to list as a hazard...
Read More
In SoftwareCPR’s opinion, a somewhat unique, very well conceived, and well designed tool for the specialized craft of risk analysis as well as safety assurance cases.  The tool is very configurable, allowing customized structures for your own methods.  The ability to view data from an FMEA, FTA, or table view saves valuable time during creation...
Read More
AAMI recently published “Assessing a Hospital’s Medical IT Network Risk Management Practice with 80001-1” in Biomedical Instrumentation & Technology (BI&T). The article reports on an actual hospital network/health IT assessment using 80001-1 as one of the tools for the assessment.
Read More
Sherman Eagles of SoftwareCPR co-authored AAMI’s recently published article “Reducing Risks and Recalls: Safety Assurance Cases For Medical Devices” in the January/February 2014 issue of BI&T (Biomedical Instrumentation & Technology; a monthly, peer-reviewed journal from the Association for the Advancement of Medical Instrumentation). The full article is posted with permission at the link provided. Any...
Read More
A January 2014 ACM Journal has an interesting article on software verification at NASA JPL for the Mars Curiosity Rover at the link provided. A few things that I found interesting: Their standard for flight software is ISO-C99. The coding standard at JPL (http://lars-lab.jpl.nasa.gov/JPL_Coding_Standard_C.pdf) is risk-based and has 6 “levels of compliance”. LOC-5 and LOC-6...
Read More
A 2003 computer science thesis done at the University of York entitled “The Safety of Software — Constructing and Assuring Arguments” is at the link provided. Software Safety Cases – PhD Thesis
Read More
Risk/hazard analysis for medical devices and their software require extensive analysis, documentation, and maintenance of complex information. Creation and maintenance of extensive tables, fault tree, and HAZOP diagrams can seem overwhelming. For complex and high risk systems the information can be voluminous and software tools can be very productive. Trace tools such as DOORS, CALIBER-RM,...
Read More
This content is only available to Standards Navigator subscribers.  See our Subscribe page for information on subscriptions. A new work item and draft technical report for guidance in implementing IEC 80001-1:2010. This TR provides practical guidance for doing risk management for hospital networks.The report is at the link provided until the review period ends on 24-Feb-2011. IEC...
Read More
On February 20, 2003, a final security rule 45 CFR Part 142 was issued. Subsequently HHS issued a series of educational documents regarding various aspects of the rule including administrative controls, physical controls, technical safeguards, risk management and others.  
Read More
The Carnegie Mellon Software Engineering Institute continued work on safety assurance cases for medical devices by publishing a paper entitled “Towards an Assurance Case Practice for Medical Devices” doing an example case for an infusion pump. The full article is at the link provided. Although this is intended uses infusion pumps as an example it...
Read More
This topic includes links to software safety guidance from other safety related industries that have useful information that could be applied to medical device software. All of these and sometimes others are in the document library section of the website.
Read More
This content is only available to Premium and higher subscribers.  See our Subscribe page for information on subscriptions. The attached pdf is a SoftwareCPR training aide and should not be used blindly to fill in the blanks. It is a partial example of a software risk analysis procedure and report. It is just one partial approach that...
Read More
The Carnegie Mellon Software Engineering Institute performs a number of research projects each year. Their december report on these projects is at the link provided. One of the projects was on safety cases for medical devices. Sherman Eagles of SoftwareCPR and Paul Jones of FDA participated in this project.TECHNICAL REPORT CMU/SEI-2008-TR-025 ESC-TR-2008-025 SEI assurance case...
Read More
The pdf at the link provided is a reprint of 2 articles entitled “Sensible Software Testing” parts 1 and 2, with the permission of the author Sean Beatty of High Impact Services. Mr. Beatty was a member of the working group that developed AAMI TIR32: Medical Device Software Risk Management. He is very experienced in...
Read More
The pdf at the link provided is a reprint of an article entitled “Sensible Software Testing” with the permission of the author Sean Beatty of High Impact Services. Mr. Beatty was a member of the working group that developed AAMI TIR32: Medical Device Software Risk Management. He is very experienced in embedded programming and this...
Read More
With the permission of Oliver Christ of PROSYSTEM AG in Hamburg, Germany, you can view or download slides at the link provided entitled: Cost-effective Application of Usability Engineering and Risk-Management. Oliver and his partner are heavily involved in standards and these slides provide an excellent overview of medical device usability, software, and risk management standards...
Read More
This content is only available to Premium and higher subscribers.  See our Subscribe page for information on subscriptions. Prepared this example Device Risk Management SOP for the purpose of risk analysis training where the pros and cons could be further discussed.  This example is modeled on the approach required by ISO 14971 and expands on it with...
Read More
Dr. Nancy Leveson of MIT indicated that there are some new papers involving a demonstration of STAMP (and STPA) being used for safety-driven design of a new JPL mission to Europa including a very complete example. A JPL modeling language was incorporated (JPL was funding the work), but had little to do with the final...
Read More
This content is only available to Premium and higher subscribers.  See our Subscribe page for information on subscriptions. Crimson Life Sciences which performs language translations for labeling and user interfaces was assessed by Underwriters Laboratory for conformance with the ISO 14971 Medical Device Risk Management standard. The summary of the audit results is available at this link...
Read More
The US Department of Homeland Security (DHS) released software security information via a webpage, initiatives, and various documents related to software security. Some of this information (such as the paper on Security in a Software Lifecycle) may aid medical device IT and device software developers in designing in appropriate security and privacy measures to ensure...
Read More
The pdf at the link provided is a reprint of an article entitled “Risk-Based Validation of Multilingual Medical Devices” co-authored by Alan Kusinitz, Managing Partner of SoftwareCPR, and Kai Simonsen of the Crimson Life Sciences division Transperfect Translations for the AAMI Biomedical Instrumentation and Technology journal and published in the Summer of 2007. Reprinted with...
Read More
This content is only available to Premium and higher subscribers.  See our Subscribe page for information on subscriptions. The pdf at the link provided is a reprint of an article entitled "Uses and Misuses of Probability in Medical Device Risk Management" authored by Alan Kusinitz, Managing Partner of SoftwareCPR, for the AAMI Biomedical Instrumentation and Technology journal...
Read More
This report was from an independent panel commissioned by Guidant corporation after Guidant received significant press for failure to take timely corrective action, including lack of clinician notification, of low probably known defects that could and did lead to deaths. This was focused in cardiac rhythm management products such as implantable pacemakers and defibrillators. The...
Read More
An article in the August 22, 2003, Los Angeles Times by Charles Ornstein and Tracy Weber, Times Staff Writers, describes an incident where “two patients die after alarms fail”. Read article:  LATimesarticle822
Read More
On February 20, 2003, a final security rule 45 CFR Part 142 was issued. A copy is at this link: HIPAA Final Security Rule 2003-02. Medical Device manufacturers that produce devices that will maintain patient data should be aware of HIPAA privacy and security requirements to assure appropriate features are incorporated in their devices to...
Read More
This content is only available to Premium Level or higher subscribers.  See our Subscribe page for information on subscriptions. At AAMI's International Standards Conference on March 11 2003 FDA's CDRH Software Compliance Expert and AAMI Software Committee co-chair (John Murray) gave a presentation on FDA's software message and the role standards can play to benefit industry and...
Read More
ADVAMED provided a white paper to FDA as part of the Part 11 Industry Coalition. This paper proposes that health and safety risk be used to properly interpret and apply Part 11 and that this approach would resolve some of industry’s issues rather than an approach focused on fraud. ADVAMED BLiebler Part11 Risk Paper
Read More
On August 14, 2002, the HIPAA final privacy rule 45 CFR Parts 160 and 164 were modified to respond to comments and to reduce the administrative burden of the rule.  A copy of the new rule can be view here:  HIPAA Modified Final Privacy Rule 2002-08. Medical Device manufacturers that produce devices that will maintain patient...
Read More
A NEMA presentation on HIPAA medical device issues is available here:  NEMA HIPAA Med Dev Issues Presentation. SoftwareCPR® provides on-site and web based training in HIPAA privacy and security regulations, in addition to other regulatory consulting services. SoftwareCPR® also provides a HIPAA Roadmap with links to relevant educational documents to paid subscribers (See Post HIPAA Privacy and...
Read More
A NEMA paper on HIPAA medical device remote service issues is available here: NEMA HIPAA Med Dev Remote Services Paper. SoftwareCPR® provides on-site and web based training in HIPAA privacy and security regulations, in addition to other regulatory consulting services. SoftwareCPR® also provides a HIPAA Roadmap with links to relevant educational documents to paid subscribers (See...
Read More
A NEMA paper on HIPAA is available here:  NEMA HIPAA Security Intro Overview. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was signed to law on July 21, 1996, and has the general objectives to: Guarantee health insurance coverage of employees Reduce health care fraud and abuse Introduce/implement administrative simplifications in order to augment...
Read More
On December 28, 2000, a final privacy rule 45 CFR Part 160 and 164 was issued.  HHS provides the rule and related guidance here: https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html. Medical device manufacturers that produce devices that will maintain patient data should be aware of HIPAA privacy and security requirements to assure appropriate features are incorporated in their devices to allow...
Read More
“A Methodology for Safety Case Development” was the result of a research grant. It discusses development of safety cases. Essentially development of justification for the safety of software in a given system/use. While FDA requires risk and software hazard analysis there is significant value, in our opinion (SoftwareCPR), in constructing rationale that demonstrates safety rather...
Read More
“Lessons from 342 Medical Device Failures” by Dolores R. Wallace and D. Richard Kuhn of NIST examines software related recalls for medical devices and their possible causes and preventive measures. IEEE-NIH_CBMS_Safety_Model-13
Read More
The New England Biomedical Discussion Group held a half-day seminar on Risk Management. Alan Kusinitz of SoftwareCPR gave a presentation on Software Risk Management. The newsletter summary of the seminar is at the link provided: Intro to Risk Management Article
Read More
“Capability Maturity Mode Implementation and Risks” byTracey Briscoe of Quality Systems and Software (maker of the DOORS requirements management tool).This white paper provides a concise overview of the CMM and some common issues regarding its value, costs, and implementation approach. Quality Systems and Software has a variety of white papers and courses offered on its...
Read More

Schedule Discussion with John F. Murray, Jr.

John is currently providing telephone and face-to-face meetings to discuss:  Cybersecurity, Part 11, 483 Response, design controls expectations for software documentation, and other topics.

Leave a message and we will contact you to schedule:

Corporate Office

+1-781-721-2921
Partners located in the US (CA, FL, MA, MN, TN) and Italy.