FDA's Medical Device Software Regulation Strategy (COM)
Thu, Sep 21, 2017, 8:30 AM –
Fri, Sep 22, 2017, 4:30 PM EDT
The growth of the medical software industry outpaces the design of FDA's regulatory process. In some instances clinicians have weighed the risk of software failure against the benefits of using a device at all. Device software is often used in conjunction with other software-based devices, but their interoperability was never anticipated.
How can you anticipate and defend against the malicious remote hacking and shut down of an insulin infusion pump?
Can one software program defeat the performance capability or back up safety features of another software program?
When interoperability surface, which software manufacturer takes the lead to solve the problem and deal with proprietary software issues?
This seminar will focus on addressing these concerns and educating participants on FDA’s recent medical device software regulation strategies.
Seminar instructor Casper Uldriks is an ex-FDA official who has spent 32 years with the FDA. His engagements focus on advertising and promotion, recalls, corrections and removals and enforcement. He currently trains FDA personnel and counsels clients on wide range of topics, including: FDA inspections; import operations; advertising and promotion; corrective and preventive actions; medical device reporting and corporate reorganization to improve conformance to FDA’s requirements.
The medical device trade and healthcare professionals remain plagued by other issues, such as the interoperability of devices from different manufacturers, or software validation that is limited to the immediate use of the software rather than its performance with other software programs, and software hacking protection applications. In case of software malfunction, fixing the malfunction or bug can get more difficult as software gets increasingly sophisticated, customized by users and placed in a network system. Under these circumstances, it is difficult to decide who is responsible for managing and fixing software problems.
This seminar will help those involved in overcoming these commercial and regulatory obstacles. It will highlight the need for firms to remain current with technological tools and strategy to remain competitive, and ideally, outside FDA’s regulatory radar. Going further, it will instruct participants on how to apply these tools and strategies to ensure the following factors:
For those who have addressed these issues to meet FDA’s regulatory expectations, the course instructor, a former FDA official, will help identify a basic centering point to build a regulatory profile for your software products.
Understanding FDA legal authority
Applying FDA classifications / risk controls
Understanding FDA and NIST software guidance
Identifying the quality system regulation for risk management, software verification and validation
Identifying cybersecurity issues and developing a planned response
Identifying and resolving interoperability issues
Figuring out the scope of FDA’s mobile apps regulation
Learning about bug updates classified as recalls by FDA
Future device software applications
Who Will Benefit:
Regulatory Affairs Managers
Quality Assurance Managers
Software Design Engineers
Compliance Department Personnel
Hospital Risk Department Personnel
Software Program Marketers
IT Security Managers
The development and application of medical device software expands faster than can be managed by one federal agency. Although FDA relies on its own experience and expertise, input from other federal organizations, voluntary standards organizations and partnerships with industry has become a collaborative effort. At the same time, the device software industry needs to look beyond FDA itself to understand where FDA will eventually go in regulating software.
The evolution of software has created unprecedented progress and unprecedented risks to the public. The management of the unprecedented risks requires the device industry to rely on more than just FDA’s guidance to comply with its regulatory expectations. FDA can expect developers to apply voluntary standards, such as ANSI, AAMI, IEC and ISO, all of which provide information on software verification and validation. The National Institute of Standards and Technology (NIST) has taken a leading role in publishing reports concerning the benefits and risks of third-party mobile applications. FDA has partnered with NIST in this effort. Likewise, NIST has published a report on cybersecurity management and wireless technology.
FDA recently published a draft guidance to help the industry address software issues in premarket submissions. The guidance sets out a baseline from which to show the adequacy of the software, but it is not an endpoint for you. Are you prepared to integrate and apply new software risk management tools for your devices?
FDA's risk classification will gradually clarify how it intends to manage the health risks. Risk factors include areas such as the following:
Mobile medical apps
Software problems represent one of the most common root causes for recalls and have been associated with deaths and serious injuries as well. FDA sees firms revise software only to have it create more problems rather than solve them. The infusion pump industry is a classic example.
Day 01(8:30 AM - 4:30 PM)
8:30 – 9:00 AM: Registration
9:00 AM: Session Start Time
FDA Authority and Regulatory Program
Types of Software Devices
Function and outcome
Medical Device Data Systems (MDDS)
Office of the National Coordinator (ONC) for Health Information Protection
Software Regulatory Applications
Quality System Regulation (QSR)
Design verification and validation
Corrective and prevent action plans
Service / maintenance / recall
Corrections and Removals Reporting
Updates: FDA vs. Non-FDA
Compatibility by Design
Instructions for use
Use of Voluntary Standards
Failure Management / Follow Up
User’s vs. Manufacturer’s Legal Responsibility
Environment of use
Day 02(8:30 AM - 4:30 PM)
Device Vulnerabilities: Malfunction and Failure
Corrective action for software
Disclosure to users
National Institute of Science and Technology Report
Medical Mobile Applications (Mobile Apps)
Mobile Apps Defined as a Device
FDA Regulatory Strategy
National Institute of Science and Technology Report and Collaboration
Updates (FDA vs. Non-FDA Updates)
Criteria for corrective and preventive action deemed recalls
Reports of corrections and removals
Reports of adverse events
Professional vs. Lay Use / Home Use
Labeling: Instructions for Use and Precautions
Environment of Use
FDA Regulation of Accessories
Federal Communications Commission (FCC) Regulation
Casper (Cap) Uldriks
Former Associate Center Director of FDA's CDRH
Casper (Cap) Uldriks, through his firm “Encore Insight LLC,” brings over 32 years of experience from the FDA. He specialized in the FDA’s medical device program as a field investigator, served as a senior manager in the Office of Compliance and an Associate Center Director for the Center for Devices and Radiological Health. He developed enforcement actions and participated in the implementation of new statutory requirements. His comments are candid, straightforward and of practical value. He understands how FDA thinks, how it operates and where it is headed. Based on his exceptionally broad experience and knowledge, he can synthesize FDA’s domestic and international operational programs, institutional policy and thicket of legal variables into a coherent picture.