Tag

safety
Software risk analysis requires consideration of both the development process itself and the runtime environment.
Read More
AAMI Post Market Risk Management Report
Read More
FDA is raising awareness among health care providers and facility staff that cybersecurity vulnerabilities in certain GE Healthcare Clinical Information Central Stations and Telemetry Servers may introduce risks to patients while being monitored.  Per the FDA notice: “A security firm has identified several vulnerabilities in certain GE Healthcare Clinical Information Center workstations and Telemetry Servers,...
Read More
ISO 14971 Risk Analysis Identifying safety risks in medical devices is a challenging and laborious process.  The process standard, ISO 14971, is a systematic, total product risk management lifecycle process to identify, control, and evaluate risk, where risk is defined as the combination of severity of the harm (to people, property, or environment) and probability...
Read More
A probe into a series of engine failures on Airbus’s smallest jet, the A220, is studying whether a software change set off unexpected vibrations that damaged fast-moving parts and forced three emergency landings. Investigators are focusing their attention on recent changes in engine software that may have caused parts that compress air inside the engine...
Read More
The 2015 Amendment 1 update to IEC 62304 added a new clause that requires identification of “categories of defects associated with the selected programming technology” and providing analysis and other evidence demonstrating “that these defects do not contribute to unacceptable risk.”  Read a recent article on challenges with using C language.
Read More
Dialog+ haemodialysis machines with software versions 9.xx (excluding versions 9.18, 9.1A, 9.1B) – software and hardware upgrade required (MDA/2019/024) Summary Manufactured by B. Braun Avitum AG – Malfunction of the temperature sensor can result in temperature of the dialysis fluid to be more than ±1°C outside the programmed values, which can lead to inadequate treatment....
Read More
The FDA is warning patients and health care providers that certain Medtronic MiniMed™ insulin pumps have potential cybersecurity risks. Patients with diabetes using these models should switch their insulin pump to models that are better equipped to protect against these potential risks.
Read More
Another useful reference for establishing a safety culture in your software organization. “The purpose of this Handbook is to define the NASA Safety Culture Program and to provide guidance in the development and implementation—sustainment, growth, and practice—of Safety Culture at the Center level. It defines the NASA Safety Culture Model, describes the Safety Culture Survey...
Read More
The West Australian reported that two autonomous haulage systems (AHS) trucks experienced a collision when one of the trucks backed into the cab of the second truck that was stationary at the time.  This is of interest to us as the AHS trucks are software controlled and they crashed.  Clearly a failure mode.  The initial report is...
Read More
Came across this website that has some very detailed “commandments” for software development at their company.  A surprisingly lengthy list of dos and don’ts related to coding, testing, designing, estimating, and managing the software lifecycle.  Does your company have anything written?  I often find that each company has some “lore” – some practices that characterize...
Read More
FDA issued a Safety Communication on January 31, 2019, (see Safety Communication Link) warning of the risk of air being introduced in a blood vessel (air-in-line) and air embolism for infusion pumps, fluid warmers, rapid infusers, and accessory devices.  This communication is directed toward users (both clinical and service personnel) and patients.  However, what can system architects,...
Read More
FDA, together with the National Science Foundation (NSF) and the Department of Homeland Security Science, and Technology, held a public workshop May 18-19, 2017. Results of this workshop, including webcasts of the sessions, are at the FDA website. Public Workshop – Cybersecurity of Medical Devices: A Regulatory Science Gap Analysis, May 18-19, 2017
Read More
http://www.fda.gov/MedicalDevices/ResourcesforYou/HealthCareProviders/ucm525916.htm
Read More
Sherman Eagles of SoftwareCPR® recently coauthored an article published by AAMI in the Jan/Feb 2016 BIT Journal entitled “Cybersecurity for Medical Device Manufacturers: Ensuring Safety and Functionality.”  You can read the article at this link: 2016 Jan-Feb BIT Cybersecurity Sherman is well known as an expert in medical device standards and has been involved in many...
Read More
NOTE: This is for historical reference as a final guidance was issued Sept 2017 and is posted separately. FDA issued a new draft guidance entitled “Design Considerations and Pre- market Submission Recommendations for Interoperable Medical Devices”. This guidance addresses medical devices that exchange information whether wired or wireless including through the internet. It includes unidirectional...
Read More
Note:  This draft is OBSOLETE and included only for historical reference only.  Look for the final draft elsewhere on this site. To view the guidance click this link:  2016-01-FDA Post market Cybersecurity draft guidance This guidance references a number of Presidential Executive Orders related to critical infrastructure and cybersecurity as a driving force for FDA’s increased oversight...
Read More
Interesting write up: “How Medical Tech Gave a Patient a Massive Overdose”.  The article can be found at https://www.healthleadersmedia.com/innovation/how-medical-tech-gave-patient-massive-overdose
Read More
http://www.ecri.org/press/Pages/Alarms-Health-IT-Patient-Violence-2015-Top-10-Patient-Safety-Concerns.aspx
Read More
The Joint Commission, the nation’s largest accreditation organization for hospitals offers a free one hour online course entitled “Investigating and Preventing Health Information Technology-Related Patient Safety Events” at the link provided. https://www.jointcommission.org/topics/free_online_education_courses.aspx
Read More
HIT Implementation, Usability and Safety Workgroup meeting on Friday, February 6, 2015 – SoftwareCPR® Partners Sherman Eagles and Alan Kusinitz gave a presentation at ONC’s request with recommendations on an approach to HealthIT provider quality systems regulation and standards. In addition to providing background on quality systems, SoftwareCPR® recommended that a standard or guidance be...
Read More
ECRI Institute published its Top 10 Patient Safety Concerns for Healthcare Organizations to give healthcare organizations a gauge to check their track record in patient safety. The list originally appeared in its Healthcare Risk Control (HRC) System newsletter, the Risk Management Reporter, and is reprinted in this report. The list is partly based on more...
Read More
Sherman Eagles of SoftwareCPR co-authored AAMI’s recently published article “Reducing Risks and Recalls: Safety Assurance Cases For Medical Devices” in the January/February 2014 issue of BI&T (Biomedical Instrumentation & Technology; a monthly, peer-reviewed journal from the Association for the Advancement of Medical Instrumentation). The full article is posted with permission at the link provided. Any...
Read More
A January 2014 ACM Journal has an interesting article on software verification at NASA JPL for the Mars Curiosity Rover at the link provided. A few things that I found interesting: Their standard for flight software is ISO-C99. The coding standard at JPL (http://lars-lab.jpl.nasa.gov/JPL_Coding_Standard_C.pdf) is risk-based and has 6 “levels of compliance”. LOC-5 and LOC-6...
Read More
The article “Build and Validate Safety in Medical Device Software”, available on the Medical Electronics Design Website at http://www.medicalelectronicsdesign.com or at the link provided above, provides an overview of the challenges and approaches to preventing and detecting software faults that can lead to hazardous situations. The article provides an overview of some of the relevant...
Read More
On February 20, 2003, a final security rule 45 CFR Part 142 was issued. Subsequently HHS issued a series of educational documents regarding various aspects of the rule including administrative controls, physical controls, technical safeguards, risk management and others.  
Read More
In the July 2006 IEEE Computer Journal article: “The Power of 10: Rules for Developing Safety- Critical Code” by Gerard J. Holzmann of the NASA/JPL Laboratory for Reliable Software, the following 10 rules were listed: Restrict all code to very simple control flow constructs—do not use go to statements, set jump or long jump constructs,...
Read More
This topic includes links to software safety guidance from other safety related industries that have useful information that could be applied to medical device software. All of these and sometimes others are in the document library section of the website.
Read More
The US Department of Homeland Security (DHS) released software security information via a webpage, initiatives, and various documents related to software security. Some of this information (such as the paper on Security in a Software Lifecycle) may aid medical device IT and device software developers in designing in appropriate security and privacy measures to ensure...
Read More
On February 20, 2003, a final security rule 45 CFR Part 142 was issued. A copy is at this link: HIPAA Final Security Rule 2003-02. Medical Device manufacturers that produce devices that will maintain patient data should be aware of HIPAA privacy and security requirements to assure appropriate features are incorporated in their devices to...
Read More
On August 14, 2002, the HIPAA final privacy rule 45 CFR Parts 160 and 164 were modified to respond to comments and to reduce the administrative burden of the rule.  A copy of the new rule can be view here:  HIPAA Modified Final Privacy Rule 2002-08. Medical Device manufacturers that produce devices that will maintain patient...
Read More
On December 28, 2000, a final privacy rule 45 CFR Part 160 and 164 was issued.  HHS provides the rule and related guidance here: https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html. Medical device manufacturers that produce devices that will maintain patient data should be aware of HIPAA privacy and security requirements to assure appropriate features are incorporated in their devices to allow...
Read More
A NEMA presentation on HIPAA medical device issues is available here:  NEMA HIPAA Med Dev Issues Presentation. SoftwareCPR® provides on-site and web based training in HIPAA privacy and security regulations, in addition to other regulatory consulting services. SoftwareCPR® also provides a HIPAA Roadmap with links to relevant educational documents to paid subscribers (See Post HIPAA Privacy and...
Read More
A NEMA paper on HIPAA medical device remote service issues is available here: NEMA HIPAA Med Dev Remote Services Paper. SoftwareCPR® provides on-site and web based training in HIPAA privacy and security regulations, in addition to other regulatory consulting services. SoftwareCPR® also provides a HIPAA Roadmap with links to relevant educational documents to paid subscribers (See...
Read More
A NEMA paper on HIPAA is available here:  NEMA HIPAA Security Intro Overview. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was signed to law on July 21, 1996, and has the general objectives to: Guarantee health insurance coverage of employees Reduce health care fraud and abuse Introduce/implement administrative simplifications in order to augment...
Read More
“A Methodology for Safety Case Development” was the result of a research grant. It discusses development of safety cases. Essentially development of justification for the safety of software in a given system/use. While FDA requires risk and software hazard analysis there is significant value, in our opinion (SoftwareCPR), in constructing rationale that demonstrates safety rather...
Read More

SoftwareCPR Training Courses:

Being Agile & Yet Compliant (Public)

Our SoftwareCPR unique approach to incorporating agile and lean engineering to your medical device software process training course is now open for registration!

  • Agile principles that align well with medical
  • Backlog management
  • Agile risk management
  • Incremental and iterative software development lifecycle management
  •  Frequent release management
  • And more!

3 days virtual (Zoom) with group exercises, quizzes, examples, Q&A.

Lead Instructor: Mike Russell

Next public offerings:

  • Americas: 11-13 February 2025
  • EU/Eastern Europe/Middle East/Africa/Atlantic/eastern South America: 18-20 February 2025
  • Southern Central Northeastern Pacific: 24-26 February 2025
Register using form at this link:     Agile Course Post Promo

 

IEC 62304 and other emerging standards for Medical Device and HealthIT Software

Our flagship course for preparing regulatory, quality, engineering, operations, and others for the activities and documentation expected for IEC 62304 conformance and for FDA expectations. The goal is to educate on the intent and purpose so that the participants are able to make informed decisions in the future.  Focus is not simply what the standard says, but what is meant and discuss examples and approaches one might implement to comply.  Special deep discount pricing available to FDA attendees and other regulators.

3-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Brian Pate

Next public offering:  TBD

Call or email now to schedule a private, in-house class. The fall schedule is filling up!

Email training@softwarecpr.com to request a special pre-registration discount.  Limited number of pre-registration coupons.

Registration Link:

TBD

 


 

Medical Device Cybersecurity (Public or Private)

This course takes a deep dive into the US FDA expectations for cybersecurity activities in the product development process with central focus on the cybersecurity risk analysis process. Overall approach will be tied to relevant standards and FDA guidance documentation. The course will follow the ISO 14971:2019 framework for overall structure but utilize IEC 62304, IEC 81001-5-1, and AAMI TIR57 for specific details regarding cybersecurity planning, risk characterization, threat modeling, and control strategies.

2-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Dr Peter Rech, 2nd instructor (optional)

Next public offering:  TBD

Corporate Office

15148 Springview St.
Tampa, FL 33624
USA
+1-781-721-2921
Partners located in the US (CA, FL, MA, MN, TX) and Canada.