August 30, 2015

Avoid Common Medical Device Software Development Life Cycle, IEC 62304 Pitfalls

Russ King, Managing Partner, Methodsense

Russ King, Managing Partner, Methodsense

IEC 62304, the international standard that defines software development lifecycle requirements for medical device software, was developed from the perspective that product testing alone is insufficient to ensure patient safety. It provides a common framework for medical device manufacturers to develop software components. Conformance with this standard demonstrates that there is a software development process in place that fulfills the requirements of the Medical Device Directive.

If your medical device has software that regulates its functionality in a way that contributes to Basic Safety or Essential Performance, then you will need to comply with IEC 62304. This standard requires all aspects of the Software Development Life Cycle (SDLC) to be appropriately managed to ensure patient safety, including:

  • Development and code reviews
  • Risk management
  • Configuration management
  • Incident and bug resolution
  • Validation
  • Maintenance

dnachainThe most common mistake medical device manufacturers make is failing to assess which elements of risk their software mitigates. These are the elements that must be addressed by IEC 62304. For example, what would happen if the creator of a hoist didn’t properly vet the software that signaled the hoist to lower the patient at a certain speed? If a patient were lowered too quickly – or not at all – there would be a risk management nightmare. Since software plays a role in the Basic Safety functions of the hoist, it must comply with 62304’s requirements.

Common software functionality manufacturers fail to recognize as IEC 62304 compliance issues include:

  • Alarms and Alerts often an Essential Performance requirement because they are intended to detect abnormalities
  • Speed & Position Sensors use of software to limit range of motion, speed and force, which are Basic Safety concerns
  • Algorithms remove the software and the device is no longer able to operate as intended, resulting in the algorithms being part of Essential Performance 

It is critical to have clearly defined processes for your company and your Software Development Life Cycle, in particular. IEC 62304 identifies several expectations related to the information that should be included in your SDLC procedures, including:

  • Documentation of your process – document management is essential for meeting compliance goals
  • Software of Unknown Pedigree (SOUP) – manage your SOUP appropriately
  • Document Development – make certain you are sufficiently resourced to support document development needs
  • Version Control & Updates – clearly define software updates and how software will be maintained in a validated state.

Medical device manufacturers frequently seek 3rd party software development assistance. However, the manufacturer remains responsible for the device software. Important areas to consider when contracting out your software development include:

  • Supplier Management Processconfirm that your software vendor complies with IEC 62304 and their processes are reviewed during vendor audit
  • Quality Agreement – confirm that:
    • It defines vendor responsibilities and IEC 62304 Deliverables
    • Vendor procedures used for software development will be provided to you and the test lab for review
  • Establish your SDLC – at minimum, your process will define acceptance criteria (i.e. IEC 62304 compliance and deliverables) from your vendor

Once you know you must comply with IEC 62304, how do you go about preparing? To start, know that compliance with this standard is defined as implementing all of the processes, activities and tasks identified in the standard in accordance with the software safety class. 62304 itself does not prescribe a particular organizational structure or specific format for documentation. Compliance is determined by a review of all required documentation, including the risk management file.

IEC 62304 file will be reviewed to ensure:

  • It contains all required documentation including a risk management file
  • Procedures meet the requirements of the standard
  • Each check list item is satisfied
  • A product review is conducted and further a review of the relevant software segments if it has been decided that the software performs Basic Safety or Essential Performance for your device

If you get caught in any of the above-mentioned pitfalls, you’ve probably got a problem. You will either not receive a report at all, or will receive a report that says you failed somewhere in IEC 60601-1 or IEC 62304.

Because the standards are voluntary in the US, you don’t necessarily have to make product changes. However, for each “fail,” you will be required to provide justification for each deviation. If you have valid justification, your device should still attain regulatory approval from the FDA, although developing this justification can be a lengthy process in itself. In the end, though, you may find it more efficient to comply with IEC 62304.

Download your IEC 62304 action list here. 

Russ King is President of Methodsense, a consulting firm that helps clients deliver medical and technological breakthroughs by effectively meeting the requirements needed to bring their products to market. He can be reached at (919) 313-3962 or rking@methodsense.com.

TwitterFacebookGoogle+LinkedInEmailPrintFriendlyShare

FDA FastStats: CDRH Shows Significant Growth in Electronic Submissions; Deadline Looming for eMDR

No more paper. That’s what the FDA requires from the medical device community starting August 14, 2015 with regards to electronic medical device reporting (eMDR). With the draft guidance initially introduced in 2009, and the final rule released in 2014, medical device manufacturers have a little over three months to comply. In the infographic shown below, CDRH submissions overall have dramatically increased through the years. Back in 2006, only 1,575 records were submitted electronically by CDRH to FDA. At year end 2014, electronic submissions to CDRH had reached a record high of 812,443 and are expected to continue to rise going forward.

 

FDAeMDR

TwitterFacebookGoogle+LinkedInEmailPrintFriendlyShare

FDA’s Action Plan Demands Some Industry Action, Too

Patrick Stone

Patrick Stone, President, TradeStoneQA

“The following Pharmaceuticals FY 2015 Action Plan (the Action Plan), developed by the Office of Regulatory Affairs (ORA), the Center for Drug Evaluation and Research (CDER), and the Center for Veterinary Medicine (CVM), is intended to facilitate operational and program alignment as FDA transitions to distinct commodity-based and vertically-integrated regulatory programs with well-defined leads, coherent policy and strategy development, and well-designed and coordinated implementation.

That’s the FDA’s plain Jane version of its 2015 Action Plan. But let’s look at some interesting wrinkles not necessarily contained in the document.

The Pharmaceuticals Inspectorate will change the way FDA inspectors conducts audits and how many audits will be conducted in a years’ time. There are some interesting things to note here: First, the Center for Biologics (CBER) is noticeably not included in this reorganization effort. Second, district offices will not be at the helm when it comes to which drug firms get inspected and how compliance OAI & VAI cases are handled. Third, CDER will be assuming the lead role and Center compliance teams will be responsible for industry corrective action plans.

prescription drugsTraditionally, the district compliance team for the drug company took the lead role in compliance strategy and remediation. But now, the inspectors conducting drug audits will be dedicated and certified to conduct inspections. This will reduce errors and enhance the quality of inspections domestically and internationally. This will also increase the number of observations (483 notice of observations), warning letters, and consent decrees.

When a generalist inspector conducts a drug audit they may miss a system wide failure or process control deviation due to a lack of training. By contrast, when a professional team of inspectors with dedicated drug training for a drug firms system conduct an audit, those same compliance issues are not usually missed. This is a positive step in the right direction however building the new drug teams and training them accordingly will take years.

Quality by design (QbD) implementation is looming so this will also affect the training requirements from a system based approach to a QbD approach.

Don’t be caught off-guard by this new way of doing things. The FDA is making some changes here, and regulated firms need to make sure they understand them.

Patrick Stone is the author of Bubble Gum Badge – An FDA His-Story. You can also follow him on Twitter.

TwitterFacebookGoogle+LinkedInEmailPrintFriendlyShare

FDA Plays Catch Up In Brave New World of Electronic Consent

Michael Causey, Editor & Publisher, eDataIntegrityReport.com

Michael Causey, Editor & Publisher, eDataIntegrityReport.com

Informed consent (IC) is more than getting a quick signature from a clinical trial participant, the FDA gently reminds industry in a new guidance addressing increasingly complicated electronic IC (eIC) issues. Issued almost simultaneously with Apple’s new ResearchKit tool which promises faster, cheaper access to potential trial participants, and unimagined data streams to boot, the guidance comes at an important time for the clinical trial world.

Never accused of being early adopters of technology, clinical trial folks need to heed the FDA’s new guidance. Used properly, it can serve as something of a roadmap as everyone veers into previously unchartered territory.

First, understand the FDA’s expectations as laid out in the new guidance. It expects subjects to receive enough information to allow for an informed decision and an easy way to ask questions and receive jargon-free answers.

When using an eIC, FDA requires it to contain all elements of traditional IC, but also that any interactive eIC program be easy to navigate, including the means for the subject to stop and return to it later. Further, eIC tools must meet any subject’s physical limitations, e.g. poor vision or impaired motor skills. Perhaps most importantly, the eIC “must be presented in a manner that minimizes the possibility of coercion or undue influence regarding the subject’s decision to participate in a study.

FDAlogoFDA requires an investigator to obtain the informed consent. However, if the investigator delegates the responsibility, it is their obligation to hire a surrogate with demonstrable credentials. Nothing new there. But it gets a little more complicated when it comes to eIC. For example, consent can be handled remotely. However, when the consent process is not personally witnessed by study personnel, the eIC should include a method to ensure that the person giving consent is the person participating, or the subject’s legally authorized representative. The subject must also have the opportunity to ask questions and receive answers before actually signing electronically.

A subjects’ questions can be answered in a number of ways, including text message, phone calls, and videoconferencing. The data and communications must be secure. Subjects should also be told in advance how and when they will receive answers to questions and given information on how to contact an appropriate individual with questions about the investigation, the subjects’ rights and whom to contact in the event that a research-related injury occurs.

FDA also issues some eIC direction to IRBs. “A critical part” of an IRBs responsibility is to ensure that there is an adequate informed consent process in place that protects the rights and welfare of subjects participating in clinical investigations. Further, the agency recommends, but does not outright require, that an investigator discuss plans for using eIC with the IRB before finalizing development of the eIC to ensure that the IRB agrees that a particular format may be used for obtaining informed consent.

The FDA remains neutral when it comes to archiving documents. That said, the agency does weigh in on “cloud” and other remote storage solutions. Data privacy laws and regulations that apply to the remote site, in addition to those that apply to the research site itself, “may apply and should be considered.”

Finally, the agency reminds us that when one of its cheerful investigators is waiting in your lobby, he or she will be expecting access to records and reports made by the investigator including site-specific versions of eICs, materials submitted to IRBs for review and approval, all amendments to the site-specific eICs, and all subject-specific signed eICs. Any updates to the documentation must also be available for review.

Comments on the guidance are due May 8. When submitting your input, refer to docket no. FDA-2015-D-0390

TwitterFacebookGoogle+LinkedInEmailPrintFriendlyShare

Brookings Looks to Advance Medical Device Postmarket Surveillance System

Michael Causey, Editor & Publisher, eDataIntegrityReport.com

Michael Causey, Editor & Publisher, eDataIntegrityReport.com

Patients and medical device innovators will benefit if the United States is able to launch a National Device Postmarket Surveillance System (MDS), says a new report by the Brookings Institution with input from a wide swath of public-private players including the Office of Surveillance and Biometrics Center for Devices and Radiological Health.

The Brookings paper, “Strengthening Patient Care: Building an Effective National Medical Device Surveillance System,” calls for an MDS that’s responsible for coordinating medical device postmarket evidence activities, then builds and facilitates access to a network of data partners. The report also stresses, however, that the MDS should not work in a vacuum. Instead, it should be built upon and coordinate with existing public and private sector programs to better leverage existing expertise and resources.

Brookings envisions a system that collaborates with other groups to support other high-priority evidence needs that may benefit from the same infrastructure, including product tracking and utilization, clinical quality improvement, and economic analysis of medical device-related care.

medicaldeviceThe Brookings Planning Board (PB) suggests the new MDS be implemented and managed by a wide array of stakeholders. But none of this is going to happen overnight. The PB envisions a seven-year rollout, with the first two years devoted to an incubator project tasked with developing a five-year MDS implementation plan.

Ideally, the incubator project would be initiated by the FDA. The report lays it out pretty clearly. “Without some initial seed funding and active FDA engagement, it will be difficult to assure the purpose and sustain the momentum necessary for other stakeholders to fully engage in the development of MDS.”

Finding funds won’t be easy, the report authors acknowledge. For example, the FDA does not currently have any specific appropriations dedicated to paying for the initiative. Congress enacted legislation in 2012 mandating the agency expand the Sentinel system to include medical devices. Unfortunately, folks on Capitol Hill didn’t come up with or identify other sources for the cash to fund it. The PB calls for “more explicit Congressional support” to support and fund the infrastructure required to emerge with a robust system of medical device surveillance in this country.

While Washington’s culture of gridlock isn’t exactly encouraging, maybe the prospect of safer medical devices developed in a climate that encourages innovation is the kind of thing a few of them can actually support on the same day. We’ll see.

TwitterFacebookGoogle+LinkedInEmailPrintFriendlyShare

FDA Gives MDDS World a Big Break

Michael Causey, Editor & Publisher, eDataIntegrityReport.com

Michael Causey, Editor & Publisher, eDataIntegrityReport.com

Sometimes it’s nice to be told what the FDA isnt going to do. The agency issued a guidance last month that should give anyone building or working with a Medical Device Data System (MDDS) happy and relieved. Can you hear the collective sigh?

FDA defines MDDS as any hardware or software that transfers, stores, converts, and or/displays medical device data. To be considered MDDS, the product cannot modify either the data or its display. It also cannot, by itself, control the functions of a medical device. MDDS is not supposed to be used for active patient monitoring. FDA’s MDDS examples include:

  • software that stores patient data such as blood pressure readings for review at a later time;
  • software that converts digital data generated by a pulse oximeter into a format that can be printed; and
  • software that displays a previously stored electrocardiogram for a particular patient.

FDA logoThe February 9 guidance, building on a June 2014 draft document, advises manufactures, distributors and others involved that it “does not intend to enforce compliance with the regulatory controls that apply to MDDS, medical image storage devices, and medical image communications devices.” Industry should thank the FDA for acknowledging the low-risk nature of such devices. Further, the agency cited the “importance they play in advancing digital health.”

Specifically, the agency is giving out three free passes: MDDS previously subject to 21 CFR 880.6310, medical image storage devices previously subject to 21 CFR 892.2010, and medical image communications previously devices subject to 21 CFR 892.2020.

Comments, or applause, can be sent to the agency at www.regulations.gov. Cite document number 140021. The agency does point out, however, that comments may not be acted upon until the document is next revised or updated.

Stuck for a comment idea? Well, flowers are always nice. People love those big tins of caramel popcorn, too.

TwitterFacebookGoogle+LinkedInEmailPrintFriendlyShare

FDA CDRH Enforcement: Agency Eases Up a Bit at Home, Looks Overseas

Michael Causey, Editor & Publisher, eDataIntegrityReport.com

Michael Causey, Editor & Publisher, eDataIntegrityReport.com

Quality system surveillance inspections dropped about 3% in 2013, the FDA’s Center for Devices and Radiological Health (CDRH) says in its latest stats. It’s not sure why, exactly, but posits it’s due to an increase in inspections overseas. That drains away resources for domestic doings.

It’s worth noting that the overall number of inspectional observations dropped by 17 percent in FDA’s latest stats from 2013. FDA’s most frequent inspectional observations remained consistent, with Corrective and preventive action procedures (CAPA) leading the way, followed by complaint reviewing, receiving and evaluating. The trio was rounded out by problems with quality audits to assure quality systems are in compliance. Not much new there. Still, it’s important to know.

For the first time since 2009, the number of warning letters issued by CDRH dropped according to the agency’s most recent annual stats. Fewer than 5% of domestic firms and over 15% of foreign firms inspected received warning letters. That might sound good to US-based device makers, but as manufacturing moves more and more overseas, those higher stats are becoming their problem, too.

FDAlogoUntil we receive more recent numbers, we’ll have to look for anecdotal evidence suggesting any deviation in the FDA’s regulatory focus in 2014 or 2015. So far, it’s looking like business as usual.

Let’s take a quick look at some recent warning letters to better illustrate the point:

While FDA’s overseas inspections have tended to focus on India and China, CDRH hit Spanish-based DIMA, a manufacturer of slings and incontinence mesh products, with a warning letter for insufficient environmental controls and other good manufacturing practice (GMP) shortcomings. CDRH hit the form for not having change handling procedures that were up to the mark, and failure to demonstrate that a CAPA it opened ultimately did not require corrective actions.

Back in Tonawanda NY, CDRH’s January 23 warning letter to Praxair criticized the firm for not having clear definitions for what qualified as a reportable event. Further, the agency said the company did not require verification of validation of CAPAs. Praxair makes gas flow products that regulate oxygen flow.

Related:

FDA FastStats: A Look Back at 2013 Medical Device Warning Letters and Quality System Deficiencies

TwitterFacebookGoogle+LinkedInEmailPrintFriendlyShare

Quality Takes Time, FDA’s CDER Reminds Drug Makers

Michael Causey, Editor & Publisher, eDataIntegrityReport.com

Michael Causey, Editor & Publisher, eDataIntegrityReport.com

Scholars still debate how long it took to build the Great Wall of China, but it’s generally agreed it was built in stages between the Fifth Century B.C. and the Sixteenth Century A.D.. The Great Pyramid of Giza took about twenty years to construct, according to ancient historians, but it must be remembered that Egypt’s rulers were pretty rough on their non-volunteer workforce. Deadlines had a deeper meaning back then.

By contrast, the Center for Drug Evaluation and Research (CDER) quality initiative has been with us some ten years, or about the time it took to build the Panama Canal. Both projects have had to dig through – and around – a lot of muck. At the peak of work, excavators in Panama carved out the equivalent of the English Channel Tunnel every 14 weeks. It’s not fair to hold the agency to that same standard.

Pharmaceutical manufacturingInstead, let’s acknowledge that FDA just completed its own new structure called the Office of Pharmaceutical Quality (OPQ). Less bricks and mortar than a shift in human capital, the OPQ will take on some of the functions and staff at the Office of Pharmaceutical Science (OPS), take some preapproval and surveillance inspections duties from the Office of Compliance (OC), and absorb some of the inspection-related activities for bioequivalence/bioavailability and non-clinical studies from OC’s Office of Scientific Investigations. The idea is to make the drug review more integrated with FDA and improve communications both ways.

The agency hopes OPQ will streamline the processes that monitor drug quality throughout the product lifecycle, including drug application review, post-approval improvements, and surveillance and inspections of global manufacturing facilities.

OPQ was built, in part, in response to the falling number of drug-related product recalls over the past few years. FDA believes OPQ will help it better organize and quantify the state of manufacturing at drug facilities in the US and abroad. FDA’s recently been pushing a new approach to quality metrics, as highlighted by CDER’s Russell Wesdyk. His presentation outlines CDER’s revised way of looking at surveillance and adoption of quality metrics that promote the use of a common language to improve measurement.

According to Wesdyk, quality metrics will be used to assist segment sites and producers based on risk when it comes to inspection and reviews. But it won’t issue “restaurant style grades” reporting how one facility stacks up against industry groupings. Wesdyk encourages any interested parties to reach out to him as FDA’s thinking evolves. That’s a good thing.

Remember, it’s not as if the Panama Canal doesn’t require some maintenance now and then. The FDA’s got the right idea here.

The alternative is to build something and then forget about it. We’ve all seen how that usually turns out.  Take a look at the Pyramid of Giza lately?

TwitterFacebookGoogle+LinkedInEmailPrintFriendlyShare

FDA’s CDRH Tempers 2015 Goals with a Dash of Pessimism

Tamar June

Tamar June, VP, Strategic Marketing, AssurX, Inc.

Unlike its sister Center for Drug Evaluation & Research  (CDER), CDRH’s (Center for Devices & Radiological Health) new proposed guidance development and goals for 2015 reminds industry not to get its hopes up too high.  “Our experience over the years has shown that there are many reasons why CDRH does not complete the entire annual agenda of guidance documents it undertakes,” it admits toward the front of the new document. CDER emerges as the more world-weary older sibling, optimism tempered a bit by experience in the real world.

FDAlogoThe agency’s priorities guidance lists keep it pretty simple: the A-list are guidance’s it “fully intends” to publish. The B-list are ones it will publish “as resources permit.”  CDRH reminds us that if we weigh in heavily on a particular guidance, it’s always possible the Center will move it up the waiting list.

They list just over a dozen final guidance topics and draft guidance topics on their A-list, as it were. Those include:

  • Applying Human Factors and Usability to Optimize Medical Device Design
  • 510(k) Submissions for Medical Devices that Include Antimicrobial Agents
  • Balancing Premarket and Postmarket Data Collection for Devices Subject to Market Approval
  • FDA Notification and Medical Device Reporting for Laboratory Developed Tests
  • Reprocessing Medical Devices in Health Care Settings: Validation Methods and Labeling

A-list draft guidance topics include:

  • Medical Device Accessories
  • Medical Device Decision Support Software
  • Benefit-Risk Factors to Consider When Reviewing IDE Submissions
  • Adaptive Design for Medical Device Clinical Studies
  • UDI FAQs.

The B-list is shorter. The only Final Guidance Topic it holds is one finalizing existing draft guidance documents (see above).

It does include some draft guidance topics we might see in 2015, though it’s not so likely given CDRH’s workload. Here are a few:

  • Medical Device Interoperability
  • 3D Printing
  • Use of Symbols in Labeling

CDRH further lists some two dozen retrospective guidances it is due to review in 2015. Those mostly focus on specific guidance for various 501(k) premarket notifications, e.g., short-term and long-term intravascular catheters, electromyography needle electrodes, and powered tables and multifunctional physical therapy tables.

All in all, CDRH is to be applauded to laying out what looks to be a realistic wish list for 2015. Of course, the proof’s in the pudding. We’ll report back as they hit various milestones.

TwitterFacebookGoogle+LinkedInEmailPrintFriendlyShare

FDA’s CDER Unveils Ambitious 2015 Wish List

Michael Causey, Editor & Publisher, eDataIntegrityReport.com

Michael Causey, Editor & Publisher, eDataIntegrityReport.com

The holidays came a little early for the folks at the Center for Drug Evaluation and Research (CDER). They just released their sometimes optimistic, but always enlightening guidance wish list and overall priorities for 2015. Let’s take a look.

CDER Director Janet Woodcock recently said these are her agencies “front burner” priorities:

  • Implementing and clarifying statutory provisions on drug compounding.
  • Meeting Generic Drug User Fee Amendments (GDUFA) review goals that went into effect Oct. 1 last year.
  • Continue the build out of Office of Generic Drugs “super office.”
  • Build out the Office of Pharmaceutical Quality.
  • Implement and continue to develop Program Alignment Group agreements with the Office of Regulatory Affairs.

She singled out the implementation of a new process, data and document management IT system as a “big deal” goal this year

But there’s plenty more on FDA’s big front burner:

  • Respond as needed and participate in “21st Century Cures” legislative activities.
  • Rapidly re-evaluate regulation of drug advertising and promotion.
  • Execute immediate actions required by the Sunscreen Innovation Act and implement a longer-term plan.
  • Respond to Ebola outbreak.
  • Issue final guidances on abuse-deterrent opioid formulations.

She’s also hoping to fill more than 600 staff vacancies and recruit for a slew of executive positions.

prescription drugsWoodcock’s ambitious goals include five more bulleted pages of additional “important” priorities ranging from implementing a biosimiliars program, working on the Drug Label Improvement Initiative and developing a strategic plan for managing a growing pile of drug imports.

In the agency’s spare time, the plan is to issue nearly fifty guidances in advertising, biopharmaceuticals, biosimiliars, clinical medical/pharmacology/statistical/drug safety, electronic submissions, generics, and labeling, among others. Each of these guidances are already under development, CDER said earlier this month.

It’s certainly important to have goals, and a person’s reach should exceed their grasp, etc, but there’s also the problem of over-promising and under-delivering.

FDA’s got a big front burner but maybe not enough cooks, or oven space, to get it all done in 2015. We’ll keep an eye on it and report back throughout the year. Bon appetit.

TwitterFacebookGoogle+LinkedInEmailPrintFriendlyShare