Inoveon Corp.

Recipient: Inoveon Corp.
Product: Diabetic Retinopathy 3DT System
Date: 4/27/05

Failure to establish and maintain adequate procedures for validating the device design to ensure that the device conforms to user needs and intended uses and include risk analysis, as required by 21 CFR 820.30(g) [FDA 483, Item 15]. For example, a formal risk analysis of the original system design and software changes to correct software bugs that caused incorrect functionality or performance problems, and to enhance the product, has not been documented. Although your software release notes briefly describe the nature of unresolved software bugs in a particular software version, they do not explain the impact of these software bugs on used needs and intended uses. For example, in the workflow release notes, dated 6/24/04, software version 2.0tr 17 described that “the scores for the left eye and right eye was reversed, and the macular edema value used previously was confusing.”

Failure to establish and maintain adequate procedures to ensure formal documented reviews of the design results are planned and conducted at appropriate stages of the design development, as required by 21 CFR 820.30(e). For example, although the software release notes describe what software bugs were known, resolved or not resolved, the results of design reviews were not documented to (a) indicate how design reviews are linked to the software release notes; (b) indicated who attended the design reviews and the date of review; and (c) explain the impact of unresolved or know software bugs, and any other action items.

Status of design changes was not documented to explain why certain design changes were not implemented to correct software bugs. For example, the _____ report, queried on 12/8/04, showed Item 405 and 406 for “iScore report modification (evidence of glaucoma) – glaucoma screening”, Item 109 for “to close “99” loophole in the analysis algorithm”, and Item 678 for “Analysis Application Testing.” These software bugs remained open and not assigned;

The “Workflow Release Notes by _____ has no status information or discussion of the test releases of software versions v2.0tr36 through v2.0tr40. These software versions were released for use at the _____

Design change testing to release software version 2.0tr38 contains unclear explanation of the software validation test results to document what exact functionality or performance problems were detected during testing and to explain the impact of these problems. For example, Test No. 4.1.2 for ETDRS (Early Treatment Diabetic Retinopathy Severity Scale) data commented “ETDRS data appears to be correct” under the Comment section, and “These have been a number of recommendations offered. We should consider addressing them in subsquent releases” under the Issued/Problems section. Test No. 4.2.1 for Diagnostic Report commented “looks good”, and “There have been a number of recommendations offered. We should consider addressing them in subsequent releases.” See_____ System Functional Tests, test dated 10/27/04;

Design change testing to release software version v2.0tr38 showed Test No. 4.2 for “Print iScore Report” feature failed. A workaround to resolves this software bug was not clearly explained. For example, the Issues/Problems section reported ” *** found a problem where the recommendation in the Print email did not match the follow-up recommendation on the iScore ***”, and the Workaround section reported “iScore is the official source for follow-up recommendation; however, if someone uses the print email for decision making, having an inconsistent recommendation would be very bad.” See_____System Functional Tests, test dated 10/27/04.

Your firm has not analyzed quality data from your _____ (software issues). service reports, and Help Desk in the last 12 months;

Your _____ system is used to record customer complaints reported by the readers at the reading center after product releases as well as internal non- conformances detected by the software engineers during their software design validation testing prior to product releases. The _____ tracking of submitted items dated 12/8/04, lacked information to identify which product issues are related to either customer complaints or internal non-conformances detected during testing;

In a 12/14/04 e-mail explaining your firm’s trend analysis of quality data during the inspection, your firm provided a numerical count of product defects, nonconformities, and product enhancements. Your firm has not categorized the types of product enhancements. Your firm trended product defects and nonconformities into six types of categories but has not clearly explained their specific nature and impact on product functionality or performance. In addition, your firm has not defined what and how product issues are classified as “defects” or “nonconformities.” For examples, Your firm recorded 103 defects and 361 enhancements for software version 1.x., and 190 nonconformities and 159 enhancements for software version 2.x; and

Your firm’s Quality Manual requires that a quality report discussing customer satisfaction/complaints/consults, quality indicators, quality audits, and proficiency testing is to be prepared on a scheduled basis for review by the Quality Council and Executive Committee. In spite of the software defects, nonconformities, enhancements mentioned above, your firm reported that no quality report has been generated at the time of inspection.

In your’s executive summary concerning an unacceptablyhigh disagreement rate between the readers on the classification of cases of ungradable eyes, your firm identified that the root cause is that there is no clearly stated procedure for deciding how to grade fields that are clearly sub-standard but which may have some lesions that can be graded. Your firm then recommended that the readers and software engineers get together to develop an alternative grading questionnaire and analysis algorithm that can provide a long-term improvement.

Failure to establish and maintain procedures for finished device acceptance to ensure that each production run, lot, or batch of finished devices is not released for distribution until all the requirements are completed as required by 21 CFR 820.80(d) [FDA 483 item 3]. For example, your firm has not documented the signature(s) of approval needed to release 3DT software versions 1.1, 1.2, 1.3, and 2.0 for distribution.

Item #3.1.2.1. states that “Med Watch forms must be typed or completed with FDA provided software instead of handwritten”. This statement is not correct. FDA prefers that forms be typed and using Med Watch software is optional. However, the forms must be completed in English.

FDA District: Dallas District Office

About the author

Amy enjoys researching and writing about developments in medical technology and how that intersects with US law. She received her J.D. from the University of Florida Levin College of Law in 2020 and now works as a Regulatory Associate for SoftwareCPR®, a general-purpose regulatory consulting firm that is recognized globally for their expertise with standards and national regulations pertaining to medical device, mobile medical app, and HealthIT software.

SoftwareCPR Training Courses:

IEC 62304 and other emerging standards for Medical Device and HealthIT Software

Our flagship course for preparing regulatory, quality, engineering, operations, and others for the activities and documentation expected for IEC 62304 conformance and for FDA expectations. The goal is to educate on the intent and purpose so that the participants are able to make informed decisions in the future.  Focus is not simply what the standard says, but what is meant and discuss examples and approaches one might implement to comply.  Special deep discount pricing available to FDA attendees and other regulators.

3-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Brian Pate

Next public offering:  TBD

Email training@softwarecpr.com to request a special pre-registration discount.  Limited number of pre-registration coupons.

Registration Link:

TBD

 


 

Being Agile & Yet Compliant (Public or Private)

Our SoftwareCPR unique approach to incorporating agile and lean engineering to your medical device software process training course is now open for scheduling!

  • Agile principles that align well with medical
  • Backlog management
  • Agile risk management
  • Incremental and iterative software development lifecycle management
  •  Frequent release management
  • And more!

2-days onsite (4 days virtual) with group exercises, quizzes, examples, Q&A.

Instructors: Mike Russell, Ron Baerg

Next public offering: March 7 & 28, 2024

Virtual via Zoom

Registration Link:

Register Now

 


 

Medical Device Cybersecurity (Public or Private)

This course takes a deep dive into the US FDA expectations for cybersecurity activities in the product development process with central focus on the cybersecurity risk analysis process. Overall approach will be tied to relevant standards and FDA guidance documentation. The course will follow the ISO 14971:2019 framework for overall structure but utilize IEC 62304, IEC 81001-5-1, and AAMI TIR57 for specific details regarding cybersecurity planning, risk characterization, threat modeling, and control strategies.

2-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Dr Peter Rech, 2nd instructor (optional)

Next public offering:  TBD

Corporate Office

15148 Springview St.
Tampa, FL 33624
USA
+1-781-721-2921
Partners located in the US (CA, FL, MA, MN, TX) and Canada.