Category

Blog
Software of Unknown Provenance SOUP.  It is likely that you are familiar with the acronym, SOUP, in relation to medical device and Health IT software.  The medical device software standard IEC 62304, defines SOUP as a “software item that is: already developed and generally available and that has not been developed for the purpose of being...
Read More
This July 2021 Standards Navigator Report content is only available to Standards Navigator subscribers. See our Subscribe page for information on subscriptions. SoftwareCPR® Standards Navigator provides information and tools related to standards that play a significant role in health software and software intensive medical devices.  In addition to information on existing standards, our report keeps you...
Read More
Most medical device manufacturers use many, many software programs, systems, or services to automate quality system This software is not to be confused with product software - that is, software that runs as part of a medical device.  Medical device in this context could be custom hardware devices or Software as a Medical Device (SaMD)....
Read More
One of the most important references in creating a software development lifecycle process to assure software quality is the FDA guidance document, “General Principles of Software Validation.”  This guidance document has been around for many years.  The current version, 2.0, was released in 2002.  To many in the industry, this guidance is simply referred to...
Read More
In a release from The Cybersecurity and Infrastructure Security Agency (CISA) on July 21, 2021, it was announced that the Common Weakness Enumeration (CWE) Top 25 list has been updated from the previous 2020 version. The CWE Top 25 is a list that uses real-world data from the National Vulnerability Database (NVD) to identify current...
Read More
As the use of Artificial Intelligence (AI) and machine learning methods expand in medical devices and HealthIT software, an oft asked question is whether the data sets used for training should be retained as part of the design history file (DHF) or other long term storage mechanisms.  SoftwareCPR partners Alan Kusinitz, Sherman Eagles, John Murray,...
Read More
Cybersecurity: PACS CISA Homeland Security Advisory Issued for Medical Systems The Department of Homeland Security’s CISA has issued an advisory for the Worldwide Infrastructure Healthcare and Public Health sectors regarding Philips Vue PACS. The ICS Medical Advisory, ICSMA-21-187-01, discloses 15 vulnerabilities discovered in the Philips Clinical Collaboration Platform Portal, also known as Vue PACS. Four...
Read More
Those of us that are involved in critical medical devices and those that directly deliver therapy should be closely watching events in other industries, such as the Tesla issue in the article linked below.  One way to view this issue is in the context of software control authority – a term used in the aerospace...
Read More
The FDA is officially modifying medical device classifications for some software functions. On April 19, 2021, the agency published a “final” rule that updates eight classification regulations by amending these regulations to exclude software functions that no longer fall within the device definition under 201(h) of the FD&C Act. With this final rule, FDA is amending the...
Read More
An excellent overview of the challenges and benefits of the Microservices architectural style of software application development.  While many of the factors discussed by the author (Dr. André Fachat, published January 30, 2019), these same factors can affect the safety and efficacy of a medical devices using this style.  The article consists of two parts:...
Read More
This January 2021 Standards Navigator Report content is only available to Standards Navigator subscribers.  See our Subscribe page for information on subscriptions. SoftwareCPR® Standards Navigator provides information and tools related to standards that play a significant role in health software and software intensive medical devices. In addition to information on existing standards, SoftwareCPR Standards Navigator keeps you...
Read More
This December 2020 Standards Navigator Report content is only available to Standards Navigator subscribers.  See our Subscribe page for information on subscriptions. SoftwareCPR Standards Navigator Report provides information and tools related to standards that play a significant role in health software and software intensive medical devices. In addition to information on existing standards, SoftwareCPR Standards...
Read More
Is it possible to view draft revisions of FDA guidance documents when they are a “work in progress,” or are they only become available once published as draft?  This is a frequent question that I have heard. However, the FDA does not typically provide copies or drafts of “works in progress” for those items that...
Read More
This content is only available to our Premium subscribers. See our Subscribe page for information on subscriptions. ISO 14971 was updated and released in 2019.  We previously discussed the internal debate regarding ISO 14917 in this post ISO 14971 versus the EU Commission. There are several items to consider with the new update: Section 10.1 - “The manufacturer...
Read More
Compliance and Agile In a prior blog, we discussed a common hurdle to achieving agile benefits: focusing on isolated software process changes and not considering all four organizational factors. Another common hurdle to agile success is thinking only about making agile “compliant.” You will miss the full power of agile if you do not consider...
Read More
The Food and Drug Administration (FDA or Agency) is announcing the availability of the draft guidance on EMC entitled ‘‘Electromagnetic Compatibility (EMC) of Medical Devices.’’ This new “draft” guidance document is intended to recommend information that should be provided in a premarket submissions to demonstrate electromagnetic compatibility (EMC) for electrically powered medical devices and medical...
Read More
At SoftwareCPR today, we honor our consultants that are also veterans who served in our US military! John Murray – US Navy Mike Russell – US Air Force Greg Sandoe – US Marine Corps Jordan Pate – US Army Paul Felten – US Army Thank you for your service!
Read More
Why is a SR or NSR Designation important? The FDA guidance document, “Information Sheet Guidance For IRBs, Clinical Investigators, and Sponsors: Significant Risk and Nonsignificant Risk Medical Device Studies,” sheds some light on the Investigational Device Exemptions (IDE) regulations of 21 CFR 812. The IDE regulations describe significant risk (SR), nonsignificant risk (NSR), and exempt...
Read More
FDA released their CDRH Proposed Guidance Updates that includes a significant amount of “software related” guidance in FY 2021. There are four separate guidance documents listed for publication in FY 2021. IMO that is a fairly large commitment from the agency and I will look forward to reading about the agency’s “current thinking” on these...
Read More
Understanding OTS and SOUP is very important in every lifecycle stages of medical device and HealthIT software development.  In the late 1990’s, the US FDA first published guidance documentation on the use of Off-The-Shelf (OTS) software in medical devices (or sometimes referred to as “OTSS”).  At that time, OTSS generally accounted for a very small...
Read More
Our internal cybersecurity expert Gwen contributed the following. The Use of LIS2 In Medical Devices LIS2-A2 is widely used in laboratory devices as a standard practice for Healthcare Delivery Organizations (HDOs). The LIS and LIS2 communication protocol standards published nearly two decades ago have often been used in medical device network systems due to their...
Read More
In 2018, Google Health began a program in Thailand to screen for diabetic retinopathy using artificial intelligence (AI). The AI was designed to analyze photos of diabetic patients’ eyes to detect signs of eye disease. The AI was promising in theory – during testing, it was 90% accurate in detecting diabetic retinopathy in eye scans,...
Read More
This September 2020 Standards Navigator Report content is only available to Standards Navigator subscribers.  See our Subscribe page for information on subscriptions. SoftwareCPR Standards Navigator Report provides information and tools related to standards that play a significant role in health software and software intensive medical devices. In addition to information on existing standards, SoftwareCPR Standards...
Read More
On September 14, 2020 the Digital Health Team at FDA provided a 2020 Update on the Software Precertification Pilot Program. The announcement is a short 8-page document. The document provides the details that are driving program development. It contains a considerable amount of information that may take a few reads to fully understand. On my...
Read More
Why are clinical studies necessary? Medical device clinical studies provide evidence for a PMA submission. Under 21 CFR 860.7, the FDA relies only on “valid scientific evidence” to determine whether there is reasonable assurance that a device is safe and effective. Valid scientific evidence can originate from a variety of sources, including well-controlled studies. Even...
Read More
Remember the 2005 guidance document, Guidance for the Content of Premarket Submissions for Software Contained in Medical Devices? In 2020 that guidance is as relevant as ever, and it can be useful to review what we know about the FDA’s expectations regarding Level of Concern (LOC) in medical devices. LOC is important if for no...
Read More
Do you understand the Q-Sub Guidance? The FDA issued the guidance document Requests for Feedback and Meetings for Medical Device Submissions: The Q-Submission Program in 2019, but it has taken some time for the industry to understand all the facets of the program. The guidance covers a wide range of FDA submissions – IDE/PMA/HDE applications, de novo...
Read More
“Agile” remains a hot topic in general, and “compliant agile” is a goal in many medical (and other regulated) companies. However, “agile” also remains difficult and elusive for many. This article will examine one of the most common hurdles to achieving agile benefits from well-intentioned initiatives. First, let’s address agile and medical device development in...
Read More
This July 2020 Standards Navigator Report content is only available to Standards Navigator subscribers.  See our Subscribe page for information on subscriptions. SoftwareCPR Standards Navigator Report provides information and tools related to standards that play a significant role in health software and software intensive medical devices. In addition to information on existing standards, SoftwareCPR Standards...
Read More
This content is only available to our Premium subscribers.  See our Subscribe page for information on subscriptions. What is a Real-Time PMA Supplement? Section 737(4)(D) of the Federal Food, Drug, and Cosmetic Act defines a Real-Time PMA Supplement as: “a supplement to an approved premarket application or premarket report under section 515 that requests a...
Read More
This content is only available to our Premium subscribers.  See our Subscribe page for information on subscriptions. You are likely aware of the CAPA process overall and how it fits in to the quality management system for a medical device manufacturer or supplier.  Just the name itself, corrective and preventive action, describes one of the...
Read More
This February 2020 Standards Navigator Report content is only available to Standards Navigator subscribers.  See our Subscribe page for information on subscriptions. SoftwareCPR Standards Navigator Report provides information and tools related to standards that play a significant role in health software and software intensive medical devices. In addition to information on existing standards, SoftwareCPR Standards...
Read More
This "FDA GPSV Traceability Expectations" post is only available to Premium subscribers. See our Subscribe page for information on subscriptions. Going way back to the late 1990's, FDA had an expectation that safe and effective software would require a well thought out development lifecycle that includes many activities designed to ensure the correctness and robustness...
Read More
This content is only available to Standards Navigator subscribers.  See our Subscribe page for information on subscriptions. SoftwareCPR Standards Navigator Report provides information and tools related to standards that play a significant role in health software and software intensive medical devices. In addition to information on existing standards, SoftwareCPR Standards Navigator keeps you up to date...
Read More
ISO 14971 Risk Analysis Identifying safety risks in medical devices is a challenging and laborious process.  The process standard, ISO 14971, is a systematic, total product risk management lifecycle process to identify, control, and evaluate risk, where risk is defined as the combination of severity of the harm (to people, property, or environment) and probability...
Read More
I am looking forward to teaching the IEC 62304 Course February 2020 with Brian Pate in Sunnyvale CA. https://events.eventzilla.net/e/2020-softwarecpr-62304-and-emerging-software-standards-training-course–sunnyvale-ca-2138757731 For 15 years I taught the AAMI Software Validation Course with Alan Kusinitz.  These days I have shifted gears to teach the SoftwareCPR 62304 course with Brian Pate. There is a major shift in my perspective between...
Read More
Thus far, regulatory guidance for medical device cybersecurity has been focused on the approval or compliance of the device itself and has not been very specific about what cybersecurity assurance information is provided to the health care customers that host the devices within their IT infrastructure.  Medical device labeling has been sparse related to cybersecurity...
Read More
Do you have a question about FDA Digital Health Regulatory Policy?  FDA’s Center for Devices and Radiological Health has a resource to help. I know from personal experience that the Digital Health Team (DHT) at FDA focuses a lot of energy and effort on answering these questions in an effective and efficient manner. During my...
Read More
The FDA and the NIH National Center for Advancing Translational Sciences (NCATS)/Office of Rare Diseases Research (ORDR) conducted this needs assessment to better understand unmet medical device needs for rare diseases – ultimately to raise public awareness of these unmet needs.  Let this motivate us all to explore, push limits, innovate, and invent.  Onward software...
Read More
This content is only available to Standards Navigator subscribers.  See our Subscribe page for information on subscriptions. SoftwareCPR Standards Navigator provides information and tools related to standards that play a significant role in health software and software intensive medical devices. In addition to information on existing standards, SoftwareCPR Standards Navigator keeps you up to date on...
Read More
For anyone involved in software development, the importance of software requirements cannot be minimized. Software requirements provide the definition and explanation of “what the software should do” and “how the software should behave.” The software engineers and developers use the requirements as input to the software design and coding process. The test developers also use...
Read More
Premarket Notifications (510(k)s), Premarket Approval Applications (PMAs), Premarket Reports (PMRs), notices, and supplements all have associated fees to be paid to the FDA before they will review a medical device product. The 2019 Medical Device User Fee Amendments (MDUFA) are listed at 2019 MDUFA. If the FDA determines that a manufacturer is a “small business”...
Read More
Some thoughts on Requirements … using the General Principles of Software Validation to help. Many times we struggle with creating software requirements and documenting them.  The FDA General Principles of Software Validation-Final Guidance helps set the FDA expectations in this area.  Section 4.1 of the guidance states: “A documented software requirements specification provides a baseline for both...
Read More
This content is only available to Standards Navigator subscribers.  See our Subscribe page for information on subscriptions. SoftwareCPR Standards Navigator provides information and tools related to standards that play a significant role in health software and software intensive medical devices. In addition to information on existing standards, SoftwareCPR Standards Navigator keeps you up to date on...
Read More
Health Canada released the full guidance document, Pre-market Requirements for Medical Device Cybersecurity. It can be viewed at:  https://www.canada.ca/en/health-canada/services/drugs-health-products/medical-devices/application-information/guidance-documents/cybersecurity.htm It includes requirements such as: “Risk management is required for all medical devices throughout their life-cycle. Manufacturers should incorporate cybersecurity into the risk management process for every device that consists of or contains software. Manufacturers are...
Read More
This content is only available to Premium subscribers.  See our Subscribe page for information on subscriptions. As more "software as a medical device" (SaMD) applications are developed and marketed, there has been an increased focus on what activities and documentation are required for compliance with US medical device regulations and applicable ISO standards.  Along with...
Read More
Another useful reference for establishing a safety culture in your software organization. “The purpose of this Handbook is to define the NASA Safety Culture Program and to provide guidance in the development and implementation—sustainment, growth, and practice—of Safety Culture at the Center level. It defines the NASA Safety Culture Model, describes the Safety Culture Survey...
Read More
This content is only available to Premium subscribers.  See our Subscribe page for information on subscriptions. This template is conceived as a partial example template for a generic small device with embedded real time control. Explanatory comments are included in << comment >>. Other text is example definition that you should replace with your own...
Read More
This content is only available to Standards Navigator subscribers.  See our Subscribe page for information on subscriptions. A SoftwareCPR example for software release note and revision history.  Software Revision Level History Example
Read More
This content is only available to Standards Navigator subscribers.  See our Subscribe page for information on subscriptions. SoftwareCPR Standards Navigator provides information and tools related to standards that play a significant role in health software and software intensive medical devices. In addition to information on existing standards, SoftwareCPR Standards Navigator keeps you up to date on...
Read More
1 2 3 4

Cybersecurity Review

Our cybersecurity experts are NESSUS Pro Licensed and can quickly remediate cybersecurity deficiencies with your medical device or digital health software.  Planning, requirements, validation, and submissions – we can assist with all.

Interested in having a conversation?  Email us to arrange a Zoom meeting or call us at +1 781-721-2921.

office@softwarecpr.com

Corporate Office

15148 Springview St
Tampa, FL 33624
USA
+1-781-721-2921
Partners located in the US (CA, FL, MA, MN), Canada, and Italy.