By

Alan Kusinitz
http://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/UniqueDeviceIdentification/GlobalUDIDatabaseGUDID/UCM396595.pdf
Read More
http://www.fda.gov/MedicalDevices/NewsEvents/WorkshopsConferences/ucm457581.htm
Read More
https://www.federalregister.gov/articles/2015/10/16/2015-25597/2015-edition-health-information-technology-certification-criteria-2015-edition-base-electronic
Read More
https://www.federalregister.gov/articles/2015/10/16/2015-25597/2015-edition-health-information-technology-certification-criteria-2015-edition-base-electronic
Read More
FDA has a series of training videos and slide presentations referred to as CDRHLearn. Under the Special Technical Topics is an IT and Software Section which lists 3 topics: Digital Health, Premarket Cybersecurity Information, and CDRH Regulated Software.
Read More
The U.S. FBI issued a Public Service Announcement on the Internet of Things that includes, “Criminals can also gain access to unprotected devices used in home health care, such as those used to collect and transmit personal monitoring data or time-dispense medicines. Once criminals have breached such devices, they have access to any personal or...
Read More
FDA maintains a webpage for its educational modules referred to as “CDRH Learn.”  Specialty Technical Topics provides a list with a section for IT and Software that includes three modules on Digital Health, Cybersecurity information in premarket submissions, and CDRH regulated software.
Read More
http://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/UCM459917.pdf
Read More
https://www.softwarecpr.com/feedbackframepage.htm
Read More
http://www.gpo.gov/fdsys/pkg/FR-2015-08-18/html/2015-20309.htm
Read More
Interesting write up: “How Medical Tech Gave a Patient a Massive Overdose”.  The article can be found at https://www.healthleadersmedia.com/innovation/how-medical-tech-gave-patient-massive-overdose
Read More
/docs/FDApremarketclassificationcodexemptionsAug2015.pdf
Read More
FDA issued a safety communication to health care facilities using the Hospira Symbiq Infusion System regarding cybersecurity vulnerabilities. FDA is advising facilities to seek alternative infusion systems. In the interim, it is recommended the systems be disconnected from networks and maintain the drug libraries by updating manually along with other recommendations. An article regarding the...
Read More
The National Institute of Science of Technology issued Version 1 of its framework for improving cybersecurity for critical infrastructure including health care. The full press release is at the link provided.
Read More
http://www.consumer.ftc.gov/blog/can-your-app-really-do
Read More
In August 2014, the Australian Therapeutic Goods Authority (TGA) gave a presentation on its approach to software regulation of medical devices.  This is a short and very clear high level presentation that explains the TGA’s focus and use of relevant standards such as 62304 as well as its focus on safety and risk management. View...
Read More
/docs/scpred/SoftwareCPR-NewsletterJune15.pdf
Read More
FDA issued a final version of its Universal Device Identification rule in 2013 and this rule is posted in the softwarecpr.com library. FDA also created and updates a webpage devoted to implementation of this rule (which will take place over seven years with higher risk devices sooner and lower risk devices at the end).
Read More
The International Medical Device Regulators Forum (IMDRF) SaMD draft of a quality system for Software as a Medical Device is available for public comment.
Read More
Link updated December 2018. In November 2014, Health Canada began requiring electronic submissions of license applications for Class III and Class IV medical Devices entitled: “Guidance for Industry: Formatting of Class III and Class IV Licence Applications (Electronic and Paper Formats)” File # 14-112992-741. Certain types of CDs and DVDs are specified along with information...
Read More
FDA issued a Medwatch alert for infusion pumps May 13, 2015, regarding security vulnerabilities in Hospira’s LifeCare PCA3 and PCA5 Infusion Pump Systems.  A researcher has shown that exploiting the vulnerabilities could allow an unauthorized user to remotely modify the dosage delivered.  Homeland security was previously working with Hospira about this vulnerability (we reported on...
Read More
Hospira Lifecare PCA infusion pump running “SW ver 412” does not require authentication for Telnet sessions, which allows remote attackers to gain root privileges via TCP port 23.  The U.S. Department of Homeland Security has been working with Hospira to get this resolved and Hospira will be performing a recall to correct this.
Read More
AAMI published an article entitled: “Best Practices in Applying Medical Device Risk Management Terminology” in its Spring 2015 Horizons publication. Alan Kusinitz, Founder of SoftwareCPR, co-authored this article and a reprint is provided with the permission of AAMI at the link provided. This is for your personal reference not for wider distribution due to the...
Read More
http://www.ecri.org/press/Pages/Alarms-Health-IT-Patient-Violence-2015-Top-10-Patient-Safety-Concerns.aspx
Read More
Crisis Prevention and Recovery, LLC (CPR) is excited to announce the formation of a new business speciality, HumanFactorsCPR. HumanFactorsCPR is the fourth business speciality under the CPR brand, joining SoftwareCPR, ValidationCPR, and RegulatoryCPR. “One of the most attractive features of our new HumanFactorsCPR services is our capability to bridge the risk analysis process with the...
Read More
The Joint Commission, the nation’s largest accreditation organization for hospitals offers a free one hour online course entitled “Investigating and Preventing Health Information Technology-Related Patient Safety Events” at the link provided. https://www.jointcommission.org/topics/free_online_education_courses.aspx
Read More
The draft of the US ONC proposed 2015 HealthIT ceritfication requirements rule is at the link provided. The final will be published March 30, 2015. This new version requires use of a quality system and states: “….QMS established by the federal government and SDOs include FDA’s quality system regulation in 21 CFR part 820, ISO...
Read More
/Docs/2015-ONCHITCertificationCriteriaPrePubVersion06612.pdf
Read More
Stan Hamilton and Brian Pate of SoftwareCPR offer the following tip. As risk managers, we often struggle to draw the line for inclusion of foreseeable misuse. We ask questions like what is credible, and how far must you go? When performing risk analysis, we decide if it is credible enough to list as a hazard...
Read More
The International Medical Device Regulators Forum (IMDRF) in which FDA participates continues to publish many documents including several related to software.
Read More
FDA issued a revision to its “Mobile Medical Applications” Guidance Feb 9, 2015. The revision was to make this guidance consistent with the final “Medical Image Storage Devices, and Medical Image Communications Devices” guidance. Specific changes are FDA’s exercising of enforcement discretion to exempt MDDS and some Mobile Medical Apps from compliance the FDA regualtion....
Read More
FDA issued a final version of its guidance for “Medical Device Data Systems, Medical Image Storage Devices, and Medical Image Communications Devices.” The document is dated February 9, 2015, although it was issued several days prior. This guidance is very significant as it states FDA is exercising discretion and not requiring compliance to the recent...
Read More
HIT Implementation, Usability and Safety Workgroup meeting on Friday, February 6, 2015 – SoftwareCPR® Partners Sherman Eagles and Alan Kusinitz gave a presentation at ONC’s request with recommendations on an approach to HealthIT provider quality systems regulation and standards. In addition to providing background on quality systems, SoftwareCPR® recommended that a standard or guidance be...
Read More
The Federal Advisory Committee calendar of meetings is at the link provided. Attendance or downloading of material for most of these meetings is open to the public.
Read More
AAMI has filed a Project Initiation Notice with ANSI for a new standard on Application of Quality Management Principles and Practices to Health IT. The notice was published in the ANSI Standards Action publication on January 23. The notice is reproduced below. BSR/AAMI HIT2000-201x, Application of Quality Management Principles and Practices to Health IT (new...
Read More
AAMI has filed a Project Initiation Notice with ANSI for a new standard on Application of Quality Management Principles and Practices to Health IT. The notice was published in the ANSI Standards Action publication on January 23. The notice is reproduced below. BSR/AAMI HIT2000-201x, Application of Quality Management Principles and Practices to Health IT Stakeholders:...
Read More
FDA added the following standards to their recognized standards list and published the new recognitions January 2015. IEC TR 80001-2-5 2014. Application of risk management for IT networks incorporating medical devices–Part 2-5: Application guidance–Guidance on distributed alarm systems. IEEE Std 11073-10425- Health informatics 2014. Personal health device comunication, Part 10425: Device Specialization–Continuous Glucose Monitor (CGM)....
Read More
This draft was replaced by a final guidance in August 2016. It is provided here for historical comparison only. FDA issued a draft “General Wellness: Policy for Low Risk Devices” guidance on January 20, 2015. This draft policy continues to redefine the borderline for FDA regulation/non-regulation of Health IT along with their MDDS and MMApps...
Read More
The U.S. National Institute of Standards and Technology issued a document entitled “Framework for Improving Critical Infrastructure Cybersecurity” dated February 12, 2014.   This document is now being used by FDA as a reference in its cybersecurity program.  You can download version 1.0 here: Framework for Improving Critical Infrastructure Cybersecurity Version 1.0 See our later post...
Read More
AAMI has filed a Project Initiation Notice with ANSI for a new standard on HIT risk management. The notice was published in the ANSI Standards Action publication on December 19. The notice is reproduced below. BSR/AAMI HIT1000-201x, Risk Management for Heath-IT (new standard) Stakeholders: The primary stakeholders are health IT producers and manufacturers, healthcare providers,...
Read More
/docs/scpred/AAMI-BITarticle_Ten_Questions_With_Alan_Kusinitz.pdf
Read More
This content is only available to Premium and higher subscribers.  See our Subscribe page for information on subscriptions. It contains all software and computer related recall excerpts for the years listed. Some of the newest recalls on the site may not be included. This compilation is provided in reverse chronological order and is useful for quick review,...
Read More
The link provided is to a 2013 article entitled: “Safety Assurance Factors for Electronic Health Record Resilience (SAFER): study protocol.” Safety Assurance for EHR Article
Read More
1 2 3 4 5 6 18

SoftwareCPR Training Courses:

Being Agile & Yet Compliant (Public)

Our SoftwareCPR unique approach to incorporating agile and lean engineering to your medical device software process training course is now open for registration!

  • Agile principles that align well with medical
  • Backlog management
  • Agile risk management
  • Incremental and iterative software development lifecycle management
  •  Frequent release management
  • And more!

3 days virtual (Zoom) with group exercises, quizzes, examples, Q&A.

Lead Instructor: Mike Russell

Next public offerings:

  • Americas: 11-13 February 2025
  • EU/Eastern Europe/Middle East/Africa/Atlantic/eastern South America: 18-20 February 2025
  • Southern Central Northeastern Pacific: 24-26 February 2025
Register using form at this link:     Agile Course Post Promo

 

IEC 62304 and other emerging standards for Medical Device and HealthIT Software

Our flagship course for preparing regulatory, quality, engineering, operations, and others for the activities and documentation expected for IEC 62304 conformance and for FDA expectations. The goal is to educate on the intent and purpose so that the participants are able to make informed decisions in the future.  Focus is not simply what the standard says, but what is meant and discuss examples and approaches one might implement to comply.  Special deep discount pricing available to FDA attendees and other regulators.

3-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Brian Pate

Next public offering:  TBD

Call or email now to schedule a private, in-house class. The fall schedule is filling up!

Email training@softwarecpr.com to request a special pre-registration discount.  Limited number of pre-registration coupons.

Registration Link:

TBD

 


 

Medical Device Cybersecurity (Public or Private)

This course takes a deep dive into the US FDA expectations for cybersecurity activities in the product development process with central focus on the cybersecurity risk analysis process. Overall approach will be tied to relevant standards and FDA guidance documentation. The course will follow the ISO 14971:2019 framework for overall structure but utilize IEC 62304, IEC 81001-5-1, and AAMI TIR57 for specific details regarding cybersecurity planning, risk characterization, threat modeling, and control strategies.

2-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Dr Peter Rech, 2nd instructor (optional)

Next public offering:  TBD

Corporate Office

15148 Springview St.
Tampa, FL 33624
USA
+1-781-721-2921
Partners located in the US (CA, FL, MA, MN, TX) and Canada.