Past Event

FDA's Medical Device Software Regulation Strategy (COM)

21–22 September 2017
Boston, MA, United States

FDA's Medical Device Software Regulation Strategy (COM)

Thu, Sep 21, 2017, 8:30 AM –
Fri, Sep 22, 2017, 4:30 PM EDT

Boston, MA
United States

The growth of the medical software industry outpaces the design of FDA's regulatory process. In some instances clinicians have weighed the risk of software failure against the benefits of using a device at all. Device software is often used in conjunction with other software-based devices, but their interoperability was never anticipated.

    How can you anticipate and defend against the malicious remote hacking and shut down of an insulin infusion pump?
    Can one software program defeat the performance capability or back up safety features of another software program?
    When interoperability surface, which software manufacturer takes the lead to solve the problem and deal with proprietary software issues?

This seminar will focus on addressing these concerns and educating participants on FDA’s recent medical device software regulation strategies.

Seminar instructor Casper Uldriks is an ex-FDA official who has spent 32 years with the FDA. His engagements focus on advertising and promotion, recalls, corrections and removals and enforcement. He currently trains FDA personnel and counsels clients on wide range of topics, including: FDA inspections; import operations; advertising and promotion; corrective and preventive actions; medical device reporting and corporate reorganization to improve conformance to FDA’s requirements.

The medical device trade and healthcare professionals remain plagued by other issues, such as the interoperability of devices from different manufacturers, or software validation that is limited to the immediate use of the software rather than its performance with other software programs, and software hacking protection applications. In case of software malfunction, fixing the malfunction or bug can get more difficult as software gets increasingly sophisticated, customized by users and placed in a network system. Under these circumstances, it is difficult to decide who is responsible for managing and fixing software problems.

This seminar will help those involved in overcoming these commercial and regulatory obstacles. It will highlight the need for firms to remain current with technological tools and strategy to remain competitive, and ideally, outside FDA’s regulatory radar. Going further, it will instruct participants on how to apply these tools and strategies to ensure the following factors:

    Software functionality
    Risk identification
    Software protection
    Problem detection
    Response strategy

For those who have addressed these issues to meet FDA’s regulatory expectations, the course instructor, a former FDA official, will help identify a basic centering point to build a regulatory profile for your software products.
Learning Objectives:

    Understanding FDA legal authority
    Applying FDA classifications / risk controls
    Understanding FDA and NIST software guidance
    Identifying the quality system regulation for risk management, software verification and validation
    Identifying cybersecurity issues and developing a planned response
    Identifying and resolving interoperability issues
    Figuring out the scope of FDA’s mobile apps regulation
    Learning about bug updates classified as recalls by FDA
    Future device software applications

Who Will Benefit:

    Regulatory Affairs Managers
    Quality Assurance Managers
    Software Design Engineers
    Manufacturing Managers
    Compliance Department Personnel
    Hospital Risk Department Personnel
    Software Program Marketers
    IT Security Managers
    Marketing Personnel

Topic Background:

The development and application of medical device software expands faster than can be managed by one federal agency. Although FDA relies on its own experience and expertise, input from other federal organizations, voluntary standards organizations and partnerships with industry has become a collaborative effort. At the same time, the device software industry needs to look beyond FDA itself to understand where FDA will eventually go in regulating software.

The evolution of software has created unprecedented progress and unprecedented risks to the public. The management of the unprecedented risks requires the device industry to rely on more than just FDA’s guidance to comply with its regulatory expectations. FDA can expect developers to apply voluntary standards, such as ANSI, AAMI, IEC and ISO, all of which provide information on software verification and validation. The National Institute of Standards and Technology (NIST) has taken a leading role in publishing reports concerning the benefits and risks of third-party mobile applications. FDA has partnered with NIST in this effort. Likewise, NIST has published a report on cybersecurity management and wireless technology.

FDA recently published a draft guidance to help the industry address software issues in premarket submissions. The guidance sets out a baseline from which to show the adequacy of the software, but it is not an endpoint for you. Are you prepared to integrate and apply new software risk management tools for your devices?

FDA's risk classification will gradually clarify how it intends to manage the health risks. Risk factors include areas such as the following:

    Mobile medical apps
    Home use
    Remote use

Software problems represent one of the most common root causes for recalls and have been associated with deaths and serious injuries as well. FDA sees firms revise software only to have it create more problems rather than solve them. The infusion pump industry is a classic example.

Day 01(8:30 AM - 4:30 PM)

    8:30 – 9:00 AM: Registration
    9:00 AM: Session Start Time
    FDA Authority and Regulatory Program
    Types of Software Devices
    Regulatory Strategy
    Risk Classification
    Function and outcome
    Medical Device Data Systems (MDDS)
    Office of the National Coordinator (ONC) for Health Information Protection
    Software Regulatory Applications
    FDA Guidance
    Premarket submissions
    Paradigms: aeronautics
    Quality System Regulation (QSR)
    Design verification and validation
    Voluntary standards
    Corrective and prevent action plans
    Voluntary Standards
    Service / maintenance / recall
    Implementation strategy
    Corrections and Removals Reporting
    Updates: FDA vs. Non-FDA
    Predictive Analytics
    Compatibility by Design
    Instructions for use
    Use of Voluntary Standards
    Proprietary Information
    Failure Management / Follow Up
    User’s vs. Manufacturer’s Legal Responsibility
    System configuration
    Environment of use
    Home use

Day 02(8:30 AM - 4:30 PM)

    Device Vulnerabilities: Malfunction and Failure
    Pre-Emption Design
    Latent Malware/Virus
    Post-Event Management
    Corrective action for software
    Disclosure to users
    National Institute of Science and Technology Report
    Medical Mobile Applications (Mobile Apps)
    Mobile Apps Defined as a Device
    FDA Regulatory Strategy
    FDA Guidance
    National Institute of Science and Technology Report and Collaboration
    Updates (FDA vs. Non-FDA Updates)
    Criteria for corrective and preventive action deemed recalls
    Reports of corrections and removals
    Reports of adverse events
    Professional vs. Lay Use / Home Use
    Labeling: Instructions for Use and Precautions
    Environment of Use
    FDA Regulation of Accessories
    Federal Communications Commission (FCC) Regulation

Casper (Cap) Uldriks
Former Associate Center Director of FDA's CDRH

Casper (Cap) Uldriks, through his firm “Encore Insight LLC,” brings over 32 years of experience from the FDA. He specialized in the FDA’s medical device program as a field investigator, served as a senior manager in the Office of Compliance and an Associate Center Director for the Center for Devices and Radiological Health. He developed enforcement actions and participated in the implementation of new statutory requirements. His comments are candid, straightforward and of practical value. He understands how FDA thinks, how it operates and where it is headed. Based on his exceptionally broad experience and knowledge, he can synthesize FDA’s domestic and international operational programs, institutional policy and thicket of legal variables into a coherent picture.


Related Events