19
Feb
2018

Human Subject Protection Deadline

, ,
0

FDA made public that the effective date for compliance with the final rule on “Human Subject Protection – Acceptance of Data from Clinical Investigations for Medical Devices.”  According to the announcement from FDA, the “update relates to the standards for accepting clinical data from clinical investigations conducted inside and outside the United States” with the stated purpose of “protecting human participants, and to help ensure the quality and integrity of data obtained through such investigations.”  This rule applies to:

  • Investigational device exemptions (IDE)
  • Premarket notifications (510(k))
  • Requests for De Novo classification
  • Premarket approvals (PMA)
  • Product development protocols (PDP)
  • Humanitarian device exemptions (HDE)

The major take away here is FDA is requiring that data submitted from clinical investigations conducted outside the United States be from investigations conducted in accordance with good clinical practice (GCP), which includes review and approval by an independent ethics committee (IEC) and informed consent from subjects.  Many with software responsibilities may not be familiar with GCP … What is Good Clinical Practice (GCP)?

GCP is defined in 21 CFR 812.28(a)(1) as:

“a standard for the design, conduct, performance, monitoring, auditing, recording, analysis, and reporting of clinical investigations in a way that provides assurance that the data and results are credible and accurate and that the rights, safety, and well-being of subjects are protected.” GCP includes review and approval (or provision of a favorable opinion) by an independent ethics committee (IEC) before initiating an investigation, continuing review of an ongoing investigation by an IEC, and obtaining and documenting the freely given informed consent of the subject (or a subject’s legally authorized representative, if the subject is unable to provide informed consent) before initiating an investigation. GCP does not require informed consent in life-threatening situations when the IEC reviewing the investigation finds, before initiation of the investigation, that informed consent is not feasible and either that the conditions present are consistent with those described in 21 CFR 50.23 or 50.24(a), or that the measures described in the protocol or elsewhere will protect the rights, safety, and well-being of subjects.”

Read more at:

https://www.govinfo.gov/content/pkg/FR-2018-02-21/pdf/2018-03244.pdf

See our post on significant vs non-significant risk devices: https://www.softwarecpr.com/2020/11/distinguishing-significant-and-nonsignificant-risk-devices/

About the author

Brian is a biomedical software engineer - whatever that is! Started writing machine code for the Intel 8080 in 1983. Still enjoys designing and developing code. But probably enjoys his garden more now and watching plants grow ... and grandkids grow!

SoftwareCPR Training Courses:

IEC 62304 and other emerging standards for Medical Device and HealthIT Software

Our flagship course for preparing regulatory, quality, engineering, operations, and others for the activities and documentation expected for IEC 62304 conformance and for FDA expectations. The goal is to educate on the intent and purpose so that the participants are able to make informed decisions in the future.  Focus is not simply what the standard says, but what is meant and discuss examples and approaches one might implement to comply.  Special deep discount pricing available to FDA attendees and other regulators.

3-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Brian Pate

Next public offering:  June 24-26, 2025 (Boston, MA)

Multiple participants from the same company: If you register 5 or more from the same company before March 15, 2025, receive a special discounted registration of $1999 per person.  These registrations may be transferred to another person at any time. Email training@softwarecpr.com to register and secure the TEAM discount.

 

For private, in-house courses, please contact us.

Email training@softwarecpr.com for more info.

 

 

Being Agile & Yet Compliant (Public)

Our SoftwareCPR unique approach to incorporating agile and lean engineering to your medical device software process training course is now open for registration!

  • Agile principles that align well with medical
  • Backlog management
  • Agile risk management
  • Incremental and iterative software development lifecycle management
  •  Frequent release management
  • And more!

3 days virtual (Zoom) with group exercises, quizzes, examples, Q&A.

Lead Instructor: Mike Russell

Next public offerings:

  • Americas: 11-13 February 2025
  • EU/Eastern Europe/Middle East/Africa/Atlantic/eastern South America: 18-20 February 2025
  • Southern Central Northeastern Pacific: 24-26 February 2025
See our post titled: 1st Quarter 2025 Agile Compliant Courses Scheduled

 

Medical Device Cybersecurity (Public or Private)

This course takes a deep dive into the US FDA expectations for cybersecurity activities in the product development process with central focus on the cybersecurity risk analysis process. Overall approach will be tied to relevant standards and FDA guidance documentation. The course will follow the ISO 14971:2019 framework for overall structure but utilize IEC 62304, IEC 81001-5-1, and AAMI TIR57 for specific details regarding cybersecurity planning, risk characterization, threat modeling, and control strategies.

2-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Dr Peter Rech, 2nd instructor (optional)

Next public offering:  TBD

Corporate Office

15148 Springview St.
Tampa, FL 33624
USA
+1-781-721-2921
office@softwarecpr.com
Partners located in the US (CA, FL, MA, MN, TX) and Canada.