Warning Letter- Failure to File new 510(k)

iRythm Technologies, Inc. was issued a warning letter from the FDA. SoftwareCPR comments: This Warning Letter demonstrates the need for:

  • Quality systems to stay compliant (CAPA and complaints!)
  • Regulatory oversight to engineering and marketing activities
  • Really communicating product behavior in the IFU!!”

Excerpts from a warning letter of interest to software professionals:

“As stated in the Zio AT System indications for use, the system is intended to continuously record and report patient symptomatic and asymptomatic cardiac events and continuous electrocardiogram (ECG) information. After wear, a final report of the entire ECG recording is generated. The ZEUS software system is a component of the Zio AT system and supports the capture, reporting, and analysis of arrhythmia events. The reports are provided to a reviewer to render a diagnosis. Therefore, the reports are components of the device system. Because Zio AT System (“Zio AT”) is intended for use in the diagnosis of disease, the Zio AT system, including its components, is a device within the meaning of section 201(h).”

These violations include, but are not limited to, the following:

  1. Changes were made to the device without a new 510(k) submission. More specifically, the Zio AT System is adulterated under section 501(f)(1)(B) of the Act, 21 U.S.C. § 351(f)(1)(B), because your firm does not have an approved application for premarket approval (PMA) in effect pursuant to section 515(a) of the Act, 21 U.S.C. § 360e(a), or an approved application for an investigational device exemption under section 520(g) of the Act, 21 U.S.C. § 360j(g). The device is also misbranded under section 502(o) the Act, 21 U.S.C. § 352(o), because your firm did not notify the agency of its intent to introduce the device into commercial distribution, as required by section 510(k) of the Act, 21 U.S.C. § 360(k).
  2. Quality System Regulation (QSR) violations: This inspection also revealed that these devices are adulterated within the meaning of section 501(h) of the Act, 21 U.S.C. § 351(h), in that the methods used in, or the facilities or controls used for, their manufacture, packing, storage, or installation are not in conformity with the current good manufacturing practice requirements of the Quality System regulation found at 21 CFR part 820.
  3. Medical Device Reporting (MDR) Violations: Our inspection also revealed that your firm’s Zio AT system is misbranded under section 502(t)(2) of the Act, 21 U.S.C. § 352(t)(2), in that your firm failed or refused to furnish material or information respecting the device that is required by or under section 519 of the Act, 21 U.S.C. § 360i, and 21 CFR Part 803 – Medical Device Reporting.

For more information, see the link below:

iRhythm Technologies, Inc. – 643474 – 05/25/2023 | FDA

About the author

Allison joined SoftwareCPR in 2022, bringing along over ten years of passion for building teamwork and growth in organizations. This is established in part by the greatest University the South has to offer- Mississippi State.

SoftwareCPR Training Courses:

Being Agile & Yet Compliant (Public)

Our SoftwareCPR unique approach to incorporating agile and lean engineering to your medical device software process training course is now open for registration!

  • Agile principles that align well with medical
  • Backlog management
  • Agile risk management
  • Incremental and iterative software development lifecycle management
  •  Frequent release management
  • And more!

3 days virtual (Zoom) with group exercises, quizzes, examples, Q&A.

Lead Instructor: Mike Russell

Next public offerings:

  • Americas: 11-13 February 2025
  • EU/Eastern Europe/Middle East/Africa/Atlantic/eastern South America: 18-20 February 2025
  • Southern Central Northeastern Pacific: 24-26 February 2025
See our post titled: 1st Quarter 2025 Agile Compliant Courses Scheduled

 

IEC 62304 and other emerging standards for Medical Device and HealthIT Software

Our flagship course for preparing regulatory, quality, engineering, operations, and others for the activities and documentation expected for IEC 62304 conformance and for FDA expectations. The goal is to educate on the intent and purpose so that the participants are able to make informed decisions in the future.  Focus is not simply what the standard says, but what is meant and discuss examples and approaches one might implement to comply.  Special deep discount pricing available to FDA attendees and other regulators.

3-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Brian Pate

Next public offering:  TBD

Call or email now to schedule a private, in-house class. The fall schedule is filling up!

Email training@softwarecpr.com to request a special pre-registration discount.  Limited number of pre-registration coupons.

Registration Link:

TBD

 


 

Medical Device Cybersecurity (Public or Private)

This course takes a deep dive into the US FDA expectations for cybersecurity activities in the product development process with central focus on the cybersecurity risk analysis process. Overall approach will be tied to relevant standards and FDA guidance documentation. The course will follow the ISO 14971:2019 framework for overall structure but utilize IEC 62304, IEC 81001-5-1, and AAMI TIR57 for specific details regarding cybersecurity planning, risk characterization, threat modeling, and control strategies.

2-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Dr Peter Rech, 2nd instructor (optional)

Next public offering:  TBD

Corporate Office

15148 Springview St.
Tampa, FL 33624
USA
+1-781-721-2921
Partners located in the US (CA, FL, MA, MN, TX) and Canada.