By

Alan Kusinitz
Today, FDA issued a new Part 11 guidance draft that reduces the scope and burden of Part 11 significantly.  It essentially suspends enforcement on legacy systems existing prior to the rule’s effective date in 1997 and eliminates: enforcement related to audit trails, electronic copies, and maintenance of electronic records by focusing on meeting the intent...
Read More
This content is only available to Premium and higher subscribers.  See our Subscribe page for information on subscriptions. SoftwareCPR suggestions for a validation or Part 11 master plan are that it be a high-level plan not providing detailed document or protocol formats. Generally it is best if a master plan is a transient document.  It gets constructed...
Read More
ADVAMED provided a white paper to FDA as part of the Part 11 Industry Coalition. This paper proposes that health and safety risk be used to properly interpret and apply Part 11 and that this approach would resolve some of industry’s issues rather than an approach focused on fraud. ADVAMED BLiebler Part11 Risk Paper
Read More
/docs/UCIFDAJohnMurray-CDRHSoftwareMEssage101902.PPT
Read More
/docs/FDAPart11DraftArchivingGuidance00d-1539-nad0001.pdf
Read More
This content is only available to Premium and higher subscribers.  See our Subscribe page for information on subscriptions. The document at the link provided is a SoftwareCPR training aid that provides a partial template with some tips for construction of a handbook/procedure that addresses IT/Network issues regulatory compliance with 21 CFR Part 11 requirements and to support...
Read More
On August 14, 2002, the HIPAA final privacy rule 45 CFR Parts 160 and 164 were modified to respond to comments and to reduce the administrative burden of the rule.  A copy of the new rule can be view here:  HIPAA Modified Final Privacy Rule 2002-08. Medical Device manufacturers that produce devices that will maintain patient...
Read More
http://www.fda.gov/ohrms/dockets/dockets/00d1538/00d1538.htm
Read More
Company: Earlham CollegeDate: 07/29/2002 Product: Prenatal vitamins In addition to the above listed violations, our Investigator noted that the laboratory is using an electronic record system for processing and storage of data from the atomic absorption and HPLC instruments that is not set up to control the security and data integrity in that the system...
Read More
/docs/NEMAPart11DraftValidationGuidanceComments.pdf
Read More
http://hissa.nist.gov/effProject/handbook/c++/
Read More
A NEMA paper on HIPAA medical device remote service issues is available here: NEMA HIPAA Med Dev Remote Services Paper. SoftwareCPR® provides on-site and web based training in HIPAA privacy and security regulations, in addition to other regulatory consulting services. SoftwareCPR® also provides a HIPAA Roadmap with links to relevant educational documents to paid subscribers (See...
Read More
A NEMA paper on HIPAA is available here:  NEMA HIPAA Security Intro Overview. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was signed to law on July 21, 1996, and has the general objectives to: Guarantee health insurance coverage of employees Reduce health care fraud and abuse Introduce/implement administrative simplifications in order to augment...
Read More
On December 28, 2000, a final privacy rule 45 CFR Part 160 and 164 was issued.  HHS provides the rule and related guidance here: https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html. Medical device manufacturers that produce devices that will maintain patient data should be aware of HIPAA privacy and security requirements to assure appropriate features are incorporated in their devices to allow...
Read More
A NEMA presentation on HIPAA medical device issues is available here:  NEMA HIPAA Med Dev Issues Presentation. SoftwareCPR® provides on-site and web based training in HIPAA privacy and security regulations, in addition to other regulatory consulting services. SoftwareCPR® also provides a HIPAA Roadmap with links to relevant educational documents to paid subscribers (See Post HIPAA Privacy and...
Read More
“A Methodology for Safety Case Development” was the result of a research grant. It discusses development of safety cases. Essentially development of justification for the safety of software in a given system/use. While FDA requires risk and software hazard analysis there is significant value, in our opinion (SoftwareCPR), in constructing rationale that demonstrates safety rather...
Read More
“Lessons from 342 Medical Device Failures” by Dolores R. Wallace and D. Richard Kuhn of NIST examines software related recalls for medical devices and their possible causes and preventive measures. IEEE-NIH_CBMS_Safety_Model-13
Read More
/Docs/SCPRed/NEBDGPresentationSlides022802GPSV-SW68-Kusinitz.PDF
Read More
FDA withdrew recognition of this standard in May 2007 after it was obsoleted and replaced by ISO 62304. On Jan 14, 2002 FDA issued an update to their list of recognized standards for use by the Office of Device Evaluation. A new software standard was recognized. This is the AAMI/ANSI SW 68 Medical Device Software...
Read More
/docs/SCPRed/SoftwareCPR-Part11GlossaryGuidanceCommentRecord.PDF
Read More
http://www.21cfrpart11.com/pages/sol_prov/solution_providers.htm
Read More
Recipient:Christ Hospital Product: blood bank Date: 9/27/2001 During an inspection of your unlicensed blood bank, conducted on July 26, 30 and August 1, 2001, our investigator documented violations of Section 501(a)(2)(B) of the Federal Food, Drug, and Cosmetic Act and Title 21, Code of Federal Regulations 211 and 600-680, as follows: Failure to conduct validation...
Read More
Recipient:Dentsply International, Inc Product: dental handpieces and dental accessories Date: 9/26/2001 The inspection revealed that these devices are adulterated within the meaning of Section 501(h) of the Act, in that the methods used in, or the facilities or controls used for manufacturing, packing, storage, or installation are not in conformance with the Quality System regulation...
Read More
1 12 13 14 15 16 18

SoftwareCPR Training Courses:

Being Agile & Yet Compliant (Public)

Our SoftwareCPR unique approach to incorporating agile and lean engineering to your medical device software process training course is now open for registration!

  • Agile principles that align well with medical
  • Backlog management
  • Agile risk management
  • Incremental and iterative software development lifecycle management
  •  Frequent release management
  • And more!

3 days virtual (Zoom) with group exercises, quizzes, examples, Q&A.

Lead Instructor: Mike Russell

Next public offerings:

  • Americas: 11-13 February 2025
  • EU/Eastern Europe/Middle East/Africa/Atlantic/eastern South America: 18-20 February 2025
  • Southern Central Northeastern Pacific: 24-26 February 2025
See our post titled: 1st Quarter 2025 Agile Compliant Courses Scheduled

 

IEC 62304 and other emerging standards for Medical Device and HealthIT Software

Our flagship course for preparing regulatory, quality, engineering, operations, and others for the activities and documentation expected for IEC 62304 conformance and for FDA expectations. The goal is to educate on the intent and purpose so that the participants are able to make informed decisions in the future.  Focus is not simply what the standard says, but what is meant and discuss examples and approaches one might implement to comply.  Special deep discount pricing available to FDA attendees and other regulators.

3-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Brian Pate

Next public offering:  TBD

Call or email now to schedule a private, in-house class. The fall schedule is filling up!

Email training@softwarecpr.com to request a special pre-registration discount.  Limited number of pre-registration coupons.

Registration Link:

TBD

 


 

Medical Device Cybersecurity (Public or Private)

This course takes a deep dive into the US FDA expectations for cybersecurity activities in the product development process with central focus on the cybersecurity risk analysis process. Overall approach will be tied to relevant standards and FDA guidance documentation. The course will follow the ISO 14971:2019 framework for overall structure but utilize IEC 62304, IEC 81001-5-1, and AAMI TIR57 for specific details regarding cybersecurity planning, risk characterization, threat modeling, and control strategies.

2-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Dr Peter Rech, 2nd instructor (optional)

Next public offering:  TBD

Corporate Office

15148 Springview St.
Tampa, FL 33624
USA
+1-781-721-2921
Partners located in the US (CA, FL, MA, MN, TX) and Canada.