By

Alan Kusinitz
SoftwareCPR now has a validation blog at the link provided. The latest entry as of 18-Oct-2017 contains some Retrospective Validation Tips provided by SoftwareCPR founder Alan Kusinitz. Earlier entries relate to Part 11, Agile methods, and Health IT. ValidationCPR Blog
Read More
I don’t even really like to use the word retrospective
Read More
The U.S. Food and Drug Administration released guidance document, “Requests for Feedback on Medical Device Submissions: The Pre-Submission Program and Meetings with Food and Drug Administration Staff,” dated September 29, 2017. The guidance lists and explains the process for requesting meetings with the FDA. It explains proper use of these meetings, including examples of appropriate...
Read More
A blog post by Brian Pate of SoftwareCPR see the link provided and scroll down. HealthIT and Software as a Medical Device
Read More
SoftwareCPR now has a validation blog at the link provided. ValidationCPR Blog
Read More
"AAMI TIR69: Risk Management of Radio-frequency Wireless Coexistence for Medical Devices and Systems" available for purchase
Read More
Participation in the PMA CtQ pilot program is voluntary and the program aims to evaluate device design and manufacturing process quality information early on to assist FDA in its review of the PMA manufacturing section and post-approval inspections. This voluntary pilot program is part of the FDA’s ongoing Case for Quality effort to apply innovative...
Read More
On August 29, 2017, the FDA issued “Firmware Update to Address Cybersecurity Vulnerabilities Identified in Abbott’s (formerly St. Jude Medical’s) Implantable Cardiac Pacemakers: FDA Safety Communication.” The full document is at the link provided. Firmware Update to Address Cybersecurity Vulnerabilities in Abbott Pacemakers
Read More
The FDA published a list of standards added to their recognition list on August 21, 2017. IEC 82304-1 Edition 1.0 2016-10. Health software part 1: General requirements for product safety are included on this list in the Software/Informatics Section, along with a number of other standards related to device communication (including specifics of glucose meters...
Read More
UL 2900-1 Ed.1 2017 Standard for Software Cybersecurity Network-Connectable Products, Part 1: General Requirements was recognized by FDA on August 21, 2017. See at: FDA Modernization Act of 1997: Modifications to the List of Recognized Standards, Recognition List Number: 047.
Read More
Here are some thoughts from a recent conversation between Sherman Eagles, Brian Pate, and Alan Kusinitz of SoftwareCPR®: Cybersecurity vulnerabilities can have unpredictable effects on safety.  Unpredictable effects … to those who have worked to reduce risks of software failures in medical device software, that phrase may be familiar.  That concept is explained in relation to...
Read More
FDA issued a new draft guidance entitled”Draft Guidance for Industry; How To Prepare a Pre-Request for Designation”. This guidance is intended to describe informal interaction with FDA that might lead to a formal Designation request to determine wether a product will be regulator as a device or a drug and some combination thereof. The full...
Read More
SoftwareCPR® – Human Factors and Usability Engineering Assessment Does the design of your device promote safe and effective use? Are you ready for an FDA regulatory submission requiring HFE/UE report? Do you maintain a usability engineering file for your products? Is it complete? Do you have a systematic process for identifying and analyzing use error?...
Read More
FDA issues a new draft guidance in June 2017 titled “Use of Electronic Records and Electronic Signatures in Clinical Investigations Under 21 CFR Part 11 – Questions and Answers”.  This guidance while scoped for clinical investigations has information that is probably useful and defensible for assessing or ensuring compliance with other types of systems subject...
Read More
FDA CDRHLearn released a new tutorial entitled ‘Electronic Submission of 806 Reports of Corrections and Removals”. The full tutorial is at the link provided. FDA Tutorial E-submission of 806 reports
Read More
Symantec Cybersecurity expert Axel Wirth provided an AAMI podcast presentation June 21, 2017 titled “Patch Management in Healthcare”.  The podcast is on the AAMI page at the link provided along with several other podcasts related to cybersecurity in the prior two episodes.
Read More
http://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm563249.htm
Read More
http://blogs.fda.gov/fdavoice/index.php/2017/06/fostering-medical-innovation-a-plan-for-digital-health-devices/
Read More
FDA, together with the National Science Foundation (NSF) and the Department of Homeland Security Science, and Technology, held a public workshop May 18-19, 2017. Results of this workshop, including webcasts of the sessions, are at the FDA website. Public Workshop – Cybersecurity of Medical Devices: A Regulatory Science Gap Analysis, May 18-19, 2017
Read More
This SoftwareCPR.com newsletter in pdf form lists items added to the web site from mid Late December 2016 through late April. 2017. It serves as an easy reference to find new or updated items that may be of interest to you. Please search the library to see all items posted as the newsletter only lists...
Read More
The FDA page on Medical Device Use of Symbols in Labeling is at the link provided. FDA currently allows use of symbols in place of text for medical devices and certain biologics provided the use is compliant with 21 CFR Parts 660, 801, and 809. FDA Use of Symbols in Medical Device Labeling
Read More
At the AAMI/FDA Software Regulatory Class being held this week, it was stated that the following are expected to be released this summer by FDA: – Revision to the premarket cybersecurity guidance – Final of the interoperability guidance
Read More
The EU MDR of April, 5, 2017 is at the link below.  Clause (19) states: “It is necessary to clarify that software in its own right, when specifically intended by the manufacturer to be used for one or more of the medical purposes set out in the definition of a medical device, qualifies as a...
Read More
FDA seeks manufacturers to provide onsite learning opportunities for FDA staff. In the areas of Digital Health/Software FDA is interested in 4 topics: Cybersecurity, Software Development, Total product life-cycle development processes and methodologies, and Software testing. The link provided is the main FDA webpage on this program and has a link to the full list...
Read More
FDA issued a draft list of Class II Medical Devices exemptions from the 510(k) premarket notification requirements to comply with the 21st Century Cures Act. Note that 884.1630 is NOT exempt if it contains software for image analysis or smartphone use. Other software-related sections of note are 86.2570 and 882.1470.
Read More
The presention material for the FDA Webinar – Factors to Consider When Making Benefit-Risk Determinations for Medical Device Investigational Device Exemptions Final Guidance – February 23, 2017 is at the link provided. FDA Presentation on Benefit-Risk IDE Devices
Read More
http://www.congress.gov/bill/115th-congress/senate-bill/404/text
Read More
View the english version of the China FDA (CFDA) website.  Formerly the State FDA (SFDA), the CFDA is promoting use of 62304 for medical device software and essentially ISO/IEC 14764 for IT maintenance.  It is also actively expanding its requirements related to cybersecurity of networked devices.
Read More
http://www.fda.gov/Safety/MedWatch/SafetyInformation/SafetyAlertsforHumanMedicalProducts/ucm398226.htm
Read More
FDA issued a Final guidance entitled: “Postmarket Management of Cybersecurity in Medical Devices”. FDA held a free webinar on this guidance on Jan. 12,2017. Information information and presentation materials are at the link provided. SoftwareCPR can provide expert cybersecurity consulting services for regulatory compliance andrisk analysis, technical threat and vulnerability assessment as well as for...
Read More
The FDA issued a draft guidance “Medical Product Communications That Are Consistent With the FDA-Required Labeling — Questions and Answers”. The full draft is at the link provided. Medical Product Communications That Are Consistent With the FDA-Required Labeling — Questions and Answers
Read More
This content is only available to Premium and higher subscribers.  See our Subscribe page for information on subscriptions. SoftwareCPR checklist for "IEC 82304-1: Health software - Part 1: General requirements for product safety."  Download: IEC 82304 SoftwareCPR Checklist SoftwareCPR can provide conformance assessments, training, or expert consultation for efficient use and implementation of 82304 for medical device...
Read More
SoftwareCPR has posted its new checklist for “IEC 82304-1: Health software – Part 1: General requirements for product safety” in our website library and on our checklists page. This is free for our paid subscribers. SoftwareCPR can provide conformance assessments, training, or expert consultation for efficient use and implementation of 82304 for medical device software...
Read More
The US Law PLAW-114Publ255 referred to as the 21st Century Cures Act published in Dec 2016 is at the link provided. There are many important elements of this law for Drugs, Devices, and Biologics. 21st Century Cures Act
Read More
The US FDA issued a FINAL guidance entitled: “Factors to Consider When Making Benefit-Risk Determinations for Medical Device Investigational Device Exemptions”. This guidance references software features in Appendix C the device description section. The full guidance is at the link provided. FDA FINAL Guidance Benefit-Risk IDE Devices
Read More
What the 21st Century Cures Act Means for Software Manufacturers The 21st Century Cures Act (“Cures Act”), was signed into law by the President on December 13, 2016 (Public Law No. 114-255). This article focuses on section 3060 of the new law; namely “Clarifying Medical Software Regulation.” Other sections of the act address medical devices...
Read More
FDA issued a safety notice: Cybersecurity Vulnerabilities Identified in St. Jude Medical’s Implantable Cardiac Devices and Merlin@home Transmitter.
Read More
The law firm of Hyman Phelps and McNamara posted their summary of the impact on this Dec 13, 2016 US Law the 21st Century Cures Act. at the link provided. Section 3060 addresses standalone software and exempts some software from regulation as a medical device. They also provide links to summaries of other provisions of...
Read More
The FDA webpage with a summary of how medical device recalls are handled and how FDA may notify the public is at the link provided. This includes examples of types of recall actions. We post software-related recalls on this website and SoftwareCPR can provide expert assistance in compliance with 21 CFR Part 806 Corrections and...
Read More
Hyman, Phelps & McNamara posted a great summary of the impact of the 21st Century Cures Act in regards to general provisions affecting medical device regulation. They also provide links to summaries of other provisions of the act for standalone software (also posted on softwarecpr.com), and drugs and biologics impact.
Read More
http://blogs.fda.gov/fdavoice/index.php/2016/12/managing-medical-device-cybersecurity-in-the-postmarket-at-the-crossroads-of-cyber-safety-and-advancing-technology/
Read More
/docs/scpred/FDAFInalGuidanceBenefitRiskinDeviceAvailability1216.pdf
Read More
http://www.fda.gov/MedicalDevices/NewsEvents/WorkshopsConferences/ucm528236.htm
Read More
http://www.fda.gov/NewsEvents/Newsroom/PressAnnouncements/ucm517526.htm
Read More
http://www.fda.gov/MedicalDevices/NewsEvents/WorkshopsConferences/ucm523316.htm
Read More
http://www.fda.gov/MedicalDevices/DeviceRegulationandGuidance/UniqueDeviceIdentification/
Read More
1 2 3 4 18

SoftwareCPR Training Courses:

Being Agile & Yet Compliant (Public)

Our SoftwareCPR unique approach to incorporating agile and lean engineering to your medical device software process training course is now open for registration!

  • Agile principles that align well with medical
  • Backlog management
  • Agile risk management
  • Incremental and iterative software development lifecycle management
  •  Frequent release management
  • And more!

3 days virtual (Zoom) with group exercises, quizzes, examples, Q&A.

Lead Instructor: Mike Russell

Next public offerings:

  • Americas: 11-13 February 2025
  • EU/Eastern Europe/Middle East/Africa/Atlantic/eastern South America: 18-20 February 2025
  • Southern Central Northeastern Pacific: 24-26 February 2025
Register using form at this link:     Agile Course Post Promo

 

IEC 62304 and other emerging standards for Medical Device and HealthIT Software

Our flagship course for preparing regulatory, quality, engineering, operations, and others for the activities and documentation expected for IEC 62304 conformance and for FDA expectations. The goal is to educate on the intent and purpose so that the participants are able to make informed decisions in the future.  Focus is not simply what the standard says, but what is meant and discuss examples and approaches one might implement to comply.  Special deep discount pricing available to FDA attendees and other regulators.

3-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Brian Pate

Next public offering:  TBD

Call or email now to schedule a private, in-house class. The fall schedule is filling up!

Email training@softwarecpr.com to request a special pre-registration discount.  Limited number of pre-registration coupons.

Registration Link:

TBD

 


 

Medical Device Cybersecurity (Public or Private)

This course takes a deep dive into the US FDA expectations for cybersecurity activities in the product development process with central focus on the cybersecurity risk analysis process. Overall approach will be tied to relevant standards and FDA guidance documentation. The course will follow the ISO 14971:2019 framework for overall structure but utilize IEC 62304, IEC 81001-5-1, and AAMI TIR57 for specific details regarding cybersecurity planning, risk characterization, threat modeling, and control strategies.

2-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Dr Peter Rech, 2nd instructor (optional)

Next public offering:  TBD

Corporate Office

15148 Springview St.
Tampa, FL 33624
USA
+1-781-721-2921
Partners located in the US (CA, FL, MA, MN, TX) and Canada.