By

Brian Pate
Through blog posts and downloadable content, Alan Kusinitz, Sherman Eagles, Brian Pate, and other SoftwareCPR® experts keep you informed of new developments in FDA Software Regulation, enforcement actions, ISO standards related to medical devices, and also gain access to a wide variety of training aides, document templates, and checklists! Download the attached form to learn more about the different SoftwareCPR® subscriptions...
Read More
The West Australian reported that two autonomous haulage systems (AHS) trucks experienced a collision when one of the trucks backed into the cab of the second truck that was stationary at the time.  This is of interest to us as the AHS trucks are software controlled and they crashed.  Clearly a failure mode.  The initial report is...
Read More
Came across this website that has some very detailed “commandments” for software development at their company.  A surprisingly lengthy list of dos and don’ts related to coding, testing, designing, estimating, and managing the software lifecycle.  Does your company have anything written?  I often find that each company has some “lore” – some practices that characterize...
Read More
The US FDA issued the final guidance for industry, “The Least Burdensome Provisions: Concept and Principles.”  This guidance is intended to accurately reflect Congress’ intent by describing the guiding principles and recommended approach for FDA staff and industry to facilitate consistent application of least burdensome principles.  FDA Least Burdensome Final Guidance
Read More
FDA issued a Safety Communication on January 31, 2019, (see Safety Communication Link) warning of the risk of air being introduced in a blood vessel (air-in-line) and air embolism for infusion pumps, fluid warmers, rapid infusers, and accessory devices.  This communication is directed toward users (both clinical and service personnel) and patients.  However, what can system architects,...
Read More
Does FDA accept regulatory submissions for medical devices and SaMD that have software developed using agile methods? What about IEC 62304 compliance?  Can agile and lean approaches to software development be compliant? On February 18th and 19th, 2019, we will explore those topics and more at our 2019 “Being Agile & Compliant” public training course. ...
Read More
COURSE DATES: February 18 – 19, 2019 TRAINING LOCATION: Tampa, Florida, USA COST: 2 Full Days for $2,495.00 January Registration Discount of 10% available through Jan 19, 2019. Extended to 1/25/2019. Ask about our multi-student discount as well! Meet our newest partner, John Murray, at the course! Download registration form Only a limited number of...
Read More
The Verily Study Watch is a device worn on the wrist that digitizes patient physiologic measurements and processes the raw data through algorithms both on the wrist worn device and additional processing when communicated to cloud based computing systems.  The idea is that the Verily watch would be worn similar (or as!) a consumer device...
Read More
(January 7, 2019)— John F. Murray, Jr, of Mount Airy, MD USA, has joined Crisis Prevention and Recovery LLC (DBA SoftwareCPR ®) as a partner. John retired from the US Food and Drug Administration in December 2018 after 32 years of federal service. For 25 years at FDA, John focused on FDA regulated software and...
Read More
Clearly one of the great struggles with medical device product design is to understand and finely tune the design input for our devices.  It is difficult but the payoff can be great when done well – pays off with development efficiency, greater certainty with safety risk control, and ultimately in customer satisfaction. In our training...
Read More
It is always good to remind ourselves of exactly what the regulation says – often our corporate procedures can become “bloated” and lead some to believe that some specific activities and/or types of deliverables are required by the regulations.
Read More
One of the most difficult challenges for medical device and HealthIT manufacturers is to properly "level" the design requirements for their medical device systems such that it is clear when it comes to design validation versus design verification.
Read More
FDA released a new draft guidance today entitled, “Clarification of Radiation Control Regulations For Manufacturers of Diagnostic X-Ray Equipment Draft Guidance for Industry and Food and Drug Administration Staff“, dated December 17, 2018.  A few things to note related to software: On line 370, question 16, FDA addresses the question of the use of software...
Read More
Certainly everyone with any connection to information technology and networked devices is concerned with cybersecurity. However, often we just miss the basics – we do not practice good cyber hygiene. While not intended to be comprehensive or state-of-the-art, here are some security basics (or as some call it, “cyber hygiene”) that one should consider when developing...
Read More
FDA issued a draft guidance for prescription POC (Point-of-care) entitled “Blood Glucose Monitoring Test Systems for Prescription Point-of-Care Use.” This draft guidance document provides recommendations to industry about the types of information to include in their premarket submissions for blood glucose monitoring systems used for diabetes management in the health care prescription POC settings. This guidance...
Read More
Glanced through the latest FDA warning letters today.  From the FDA Medical Device & Radiological Health Operations West/Division 3 I see the inspector pointing out “This design validation also fails to include software validation [emphasis mine] to assure software will perform as intended and will not prevent safe operation by the user.”   Of course this is...
Read More
The Food and Drug Administration (FDA or the Agency) is announcing the establishment of a docket to solicit public comment on a proposed framework for regulating software applications disseminated by or on behalf of drug sponsors for use with one or more of their prescription drug products. Recognizing the opportunities for increased use of digital...
Read More
FDA released a final guidance "Benefit-Risk Factors to Consider When Determining Substantial Equivalence in Premarket Notifications 510(k) with Different Technological Characteristics" dated Sept. 25, 2018.  This guidance applies only to devices with similar intended use and if the different technological characteristics do not raise different questions of Safety and Effectiveness.  Read the full guidance at...
Read More
FDA has posted their FY 2019 Proposed Guidance Development list with priorities. A link is provided below but here is the “A” list items: Final Guidance Topics Consideration of Uncertainty in Making Benefit-Risk Determinations in Medical Device Premarket Approvals, De Novo Classifications, and Humanitarian Device Exemptions Unique Device Identification: Policy Regarding Compliance Dates for Class...
Read More
Pharmaceutical Laboratories and Consultants, Inc. Date:8/29/18 This warning letter summarizes significant violations of current good manufacturing practice (CGMP) regulations for finished pharmaceuticals. See 21 CFR, parts 210 and 211. Because your methods, facilities, or controls for manufacturing, processing, packing, or holding do not conform to CGMP, your drug products are adulterated within the meaning of...
Read More
Company:  Draeger Medical, Inc. Date of Enforcement Report:  6/27/2018 PRODUCT Apollo Anesthesia Machine; Cat. no. 8605310 Product Usage:  Indicated as a continuous flow anesthesia system. The Apollo may be used for manually assisted or automatic ventilation, delivery of gases and anesthetic vapor, and monitoring of oxygen and CO2 concentration, breathing pressure, respiratory volume, and anesthetic agent concentration and identification....
Read More
Prepared a visual aide (one of many we use in our training courses) of key Medical Devices Standards and FDA guidance related to software.  Enjoy! SoftwareCPR Sw Stds Guidances
Read More
"Based upon the company’s precertification level and the level of risk for the device, the product (or modifications to a product) may be able to go directly to market or undergo a streamlined submission review"
Read More
Cybersecurity firm Sophos published an article on Medical Device cybersecurity and David Overton of SoftwareCPR® suggested we post this as it may be of interest. David pointed out these statements: A significant percentage of medical devices are not secure. Most medical device manufacturers do not take serious steps to secure their devices for two reasons:...
Read More
We help you meet the intent of the rule -- not the hype
Read More
This content is only available to Premium and higher subscribers.  See our Subscribe page for information on subscriptions. Created a job aide which compares the IEC 62304 and IEC 82304 elements for requirements. This is only intended to be used as a starting point and requires interpretation based on knowledge of each standard and the type of...
Read More
This content is only available to Premium and higher subscribers.  See our Subscribe page for information on subscriptions. Use this as a starting point to gather information on the software development environment (and related information) as required in FDA's Guidance for Software Information to be included in open market submissions. It is only intended as a starting...
Read More
This content is only available to Premium and higher subscribers.  See our Subscribe page for information on subscriptions. A sample checklist for releasing or updating software is at the link provided. GoLiveiChecklistTrainingExample111115   . . . Thank you for your interest!  To view our Premium or Standards Navigator content, please click here to select the plan that best...
Read More
Brian Pate of SoftwareCPR® writes: In May 2014, FDA offered further guidance to manufacturers regarding premarket submission information identifying cyber-security risks and hazards associated with their medical devices, and the responsibility for engineering appropriate risk controls to address patient safety and assure proper device performance. FDA encouraged manufacturers to report any cyber-security incidents that may...
Read More
Obviously, unit tests have their greatest value at the time of the development of the unit itself. Well-designed unit tests provide evidence that the unit performs its intended function, that the software design executes as intended, and allows the developer (or tester) to test the unit with inputs and states that may be difficult to...
Read More
IEC/TR 62348 is a technical report that assesses “the impact of the most significant changes in Amendment 1 to IEC 60601-1:2005 and mapping of the clauses of IEC 60601-1:2005 to the previous edition.”  The report is intended to be a tool for manufacturers to understand the impact of Amendment 1:2012 changes to 60601-1 from the...
Read More
This content is only available to Premium and higher subscribers.  See our Subscribe page for information on subscriptions. Prepared this example Device Risk Management SOP for the purpose of risk analysis training where the pros and cons could be further discussed.  This example is modeled on the approach required by ISO 14971 and expands on it with...
Read More
We hope you find this Regulatory Roadmap on HIPAA Privacy and Security useful.
Read More
Although the HIPAA Privacy Rule directly effects “Covered Entities” medical device and pharmaceutical manufacturers may be involved in inadvertent release of private patient information and must deal with requirements from their customers that are Covered Entities. It was reported that: Eli Lilly, already has settled with eight states and the Federal Trade Commission for $160,000...
Read More
1 2 3

SoftwareCPR Training Courses:

Being Agile & Yet Compliant (Public)

Our SoftwareCPR unique approach to incorporating agile and lean engineering to your medical device software process training course is now open for registration!

  • Agile principles that align well with medical
  • Backlog management
  • Agile risk management
  • Incremental and iterative software development lifecycle management
  •  Frequent release management
  • And more!

3 days virtual (Zoom) with group exercises, quizzes, examples, Q&A.

Lead Instructor: Mike Russell

Next public offering: Dec 3, 4, & 5, 2024 – 12:00 pm to 5:00 pm CET

Register Now


 

IEC 62304 and other emerging standards for Medical Device and HealthIT Software

Our flagship course for preparing regulatory, quality, engineering, operations, and others for the activities and documentation expected for IEC 62304 conformance and for FDA expectations. The goal is to educate on the intent and purpose so that the participants are able to make informed decisions in the future.  Focus is not simply what the standard says, but what is meant and discuss examples and approaches one might implement to comply.  Special deep discount pricing available to FDA attendees and other regulators.

3-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Brian Pate

Next public offering:  TBD

Call or email now to schedule a private, in-house class. The fall schedule is filling up!

Email training@softwarecpr.com to request a special pre-registration discount.  Limited number of pre-registration coupons.

Registration Link:

TBD

 


 

Medical Device Cybersecurity (Public or Private)

This course takes a deep dive into the US FDA expectations for cybersecurity activities in the product development process with central focus on the cybersecurity risk analysis process. Overall approach will be tied to relevant standards and FDA guidance documentation. The course will follow the ISO 14971:2019 framework for overall structure but utilize IEC 62304, IEC 81001-5-1, and AAMI TIR57 for specific details regarding cybersecurity planning, risk characterization, threat modeling, and control strategies.

2-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Dr Peter Rech, 2nd instructor (optional)

Next public offering:  TBD

Corporate Office

15148 Springview St.
Tampa, FL 33624
USA
+1-781-721-2921
Partners located in the US (CA, FL, MA, MN, TX) and Canada.