International Standards and EU regulation of medical device software an update

Similar documents
Software in Medical Devices

AAMI Wireless Workshop: Systems of Systems & based Risk Management

Regulations governing the application of medical accelerators

MEDICAL DEVICE. Technical file.

ISO 13485:2016 Medical Devices-Quality Management Systems- Requirements for Regulatory Purposes. Theresa McCarthy

Medical Device Software: A new challenge

AAMI Quality Systems White Paper

Updated EU Medical Device Regula2ons: What s In, What s Out, and What s Hot?

Post market Surveillance ISO EU Medical Device Regulation

The Medical Device Coordination Group: a new Authority Under EU Device Regulations

COMMISSION RECOMMENDATION. of XXX. on the audits and assessments performed by notified bodies in the field of medical devices

Contents. Regulatory Bodies... 13

POSITION PAPER Moving from the MDD to the MDR

White Paper. Managing Risk in Medical Connectors. Summary. Index. Introduction. About Fischer Connectors

Med-Info. Directive 98/79/EC on in-vitro diagnostic medical devices. TÜV SÜD Product Service GmbH

Regulatory Framework for Medical Device

Ready or Not: The New Medical Device Regulations Are Here!

Panel Discussion: European Medical Device Regulations Preparing for the Storm Moderator: Lenita Y. Sims Spears, Senior Quality Consultant/Senior

Understanding IEC 62304

SOFTWARE APPS AS MEDICAL DEVICES. The Regulatory Landscape 2015 WHITE PAPER WHITE PAPER PRODUCED BY MAETRICS

GUIDELINES ON MEDICAL DEVICES. IVD GUIDANCE : Research Use Only products A GUIDE FOR MANUFACTURERS AND NOTIFIED BODIES

MEDICAL DEVICE CLINICAL INVESTIGATIONS AND ISO 14155

GUIDANCE NOTE FOR MANUFACTURERS OF CUSTOM-MADE MEDICAL DEVICES

Co-ordination of Notified Bodies Medical Devices (NB-MED) on Council Directives 90/385/EEC, 93/42/EEC and 98/79/EC

Author Query Form ENCYCLOPEDIA OF SOFTWARE ENGINEERING (ESE) ARTICLE:

IVD Regulation 2017/746

FREQUENTLY ASKED QUESTIONS DURING ELECTRO-MEDICAL DEVICE MARKET ACCESS

Self-Care Medical Devices Framework. Dr. Simone Breitkopf Head HEOR, Governmental and Public Affairs

Guide for Manufacturers and Sponsors on Clinical Investigations Carried Out in Ireland

Changes to the International Regulatory Environment

Course Title ID Duration Basic Premium. Biological Evaluation of Medical Devices: A Risk-Based Approach N mins

AAMI Quality Systems White Paper: Comparison of 21 CFR Part 820 to ISO 13485:2016 1

Standard Operating Procedures Guidelines for Good Clinical Practice

Companion diagnostics and the IVD Directive 98/79/EC + revision

Short intro to the MDR & IVDR (C)2018 QAdvis AB

This document is a preview generated by EVS

ISO INTERNATIONAL STANDARD. Quality systems Medical devices Guidance on the application of ISO and ISO 13488

The European Commission proposes new rules for medical devices

Dangers of Over-Regulation (or Under- Regulation) of Genetic Testing at EU level. David Barton

Software Regulation: The Transfusion Medicine Experience

Manufacturers. Factsheet for. of Medical Devices. Medical Devices Regulation (MDR) background. Act now to be ready on time!

IVDR Breakout. Copyright 2017 BSI. All rights reserved.

Title: Review of Medical Devices Page: 1 of 5 Written by:

The following 2 points present a particular concern for us:

Manufacturers of in vitro Diagnostic

MEDICAL DEVICES: Guidance document

New European Rules governing medical devices vigilance and combination products. Lincoln Tsang May 2008

Gap Analysis Report MedDev 2.7/1 rev.4 Guideline: Equivalence and Risk/Benefit Profile

Manufacturers. Factsheet for. of Medical Devices. Medical Devices Regulation (MDR) background. Act now to be ready on time!

Experience with Directive 93/42/EEC (MDD)

CANADA (HEALTH CANADA)

FDA s Final Rule on Medical Device Data Systems Signals Active Regulation of Data Communication Technologies

Manufacturers of In-Vitro Diagnostic

Left to Our Own Devices Design Control & Risk Management Strategies for Combination Products

Medical Device Directive

A roadmap to ISO implementation

CE marking is regarded as a passport for products to enter and circulate freely within the 30 counties forming part of the EEA.

CONSTRUCTION SECTOR STANDARDIZATION GUIDANCE DOCUMENT

COCIR/MITA Joint Contribution. EU and US call for input on regulatory issues for possible future trade agreement

Perspective: New European IVD Regulations New Concepts for Market Authorizations and Product Launch Schedules

December 16, Division of Dockets Management (HFA-305) Food and Drug Administration 5630 Fishers Lane, Room 1061 Rockville, MD 20852

GUIDELINES ON MEDICAL DEVICES

ELECTROTECHNIQUE IEC INTERNATIONALE INTERNATIONAL ELECTROTECHNICAL

Serious Adverse Event Reporting During European Device Clinical Investigations

GUIDELINES ON MEDICAL DEVICES

The Institutional Review Board (IRB) Manual

Checklist for the assessment based on the standards

The challenges of software medical device regulation.

ISO INTERNATIONAL STANDARD. Cleanrooms and associated controlled environments Part 4: Design, construction and start-up

ISO INTERNATIONAL STANDARD

Mapping Your Success Staying Current on Standards Under the EU Approach

RULES OF PROCEDURE OF THE MEDICAL DEVICE COORDINATION GROUP. The Medical Device Coordination Group (hereinafter the MDCG ),

U.S. FDA CENTER FOR DEVICES AND RADIOLOGICAL HEALTH UPDATE

DRUG DRAFT GUIDELINE FOR REGISTRATION OF MEDICAL DEVICES FOR HUMAN USE IN UGANDA, SEPTEMBER 2009

Factory CRO. Factory CRO for Medical Devices & IVDs

ehealth Suisse Checklists Addendum to the guideline for app developers, manufacturers and distributors

Medtech: Global Regulatory Strategy in Medical Device Product Development

Expert Commentary on BS EN ISO 13485:2016, Medical devices Quality management systems Requirements for regulatory purposes

ELECtro-Medical devices. in trusted hands. sgs is the world s leading

Guidance on the Information Required for Notified Body Medical Device Personnel Involved in Conformity Assessment

Medical Devices for Clinical Use

Impact of the IVD Regulations. Barbara Fallowfield Managing Director

Quality Manual. ISO 9001:2008 Standard. Issue No - 3. April

Update on Regulatory Environment- Europe Experience with 2007/47/EC M5 & Discussions on Possible Recast of EU Medical Device Regulations

COCIR High Level Contribution on the Proposal for Medical Devices Regulation Revision of Directive 2007/47/EC

Conformity Assessment of Own Brand Labelling

QMS Aspects of the MDR (& IVDR)

Regulation of software a medical device

Regulatory Affairs in Medical Technology

MEDICAL DEVICES : Guidance document

Understanding Clinical Equivalence

IVD Regulation What you need to know. Erica Conway 5 th May 2017

ASEAN Consultative Committee for Standards & Quality. Medical Device Product Working Group. Common Submission Dossier Template

ISO INTERNATIONAL STANDARD

Manual for ITC's Clients 2016 Conformity assessment of in vitro diagnostic medical devices pursuant to Council Directive 98/79/EC

Decontamination of Reusable Medical Devices: A Risk Management Perspective. By Paul Holland

A REVIEW OF MARKET ENTRY REQUIREMENTS FOR RISK MANAGEMENT, WITH SPECIAL EMPHASIS ON FDA AND ISO COMPLIANCE

VALUE OF COMPANION DIAGNOSTICS IN PERSONALISED MEDICINE

GUIDELINES ON MEDICAL DEVICES CLINICAL EVALUATION: A GUIDE FOR MANUFACTURERS AND NOTIFIED BODIES

Legal requirements and international standards for technical documentation

Transcription:

International Standards and EU regulation of medical device software an update Sherman Eagles Partner, SoftwareCPR seagles@softwarecpr.com 612 865 0107 1 Who am I? 18 years at Medtronic, retired 2008 Last 10 years as a Medtronic Technical Fellow working in area of software safety and reliability Extensive work on standards related to medical device software Convener of international standards working groups on medical device software Now doing training and consulting on medical device software standards and software safety 2

What I m going to talk about A brief overview of the European regulatory system including use of harmonized standards Software in the medical device directives EN IEC 62304 harmonized standard for medical device software life cycle processes IEC TR 80002 1 software risk management IEC 80001 1 risk management for IT networks incorporating a medical device 3 Regulation in the European Union EU governing bodies issue directives to member countries Member countries must pass laws to implement the directives Competent authorities oversee the laws and accredit notified bodies Notified bodies determine if a product complies with the directive and issue a CE mark if it does 4

New Approach Directives Legislation identifies essential requirements in directives Only products fulfilling the essential requirements may be placed on the market Products that comply with harmonized standards are presumed to conform to the essential requirements 5 The medical device directives Active Implantable Medical Devices Directive (AIMD) 1990 Medical Devices Directive (MDD) 1993 In Vitro Diagnostic Medical Devices Directive (IVDD) 1998 6

Software in the medical device directives Only reference in any of the essential requirements was to electrical programmable systems in the MDD Devices incorporating electronic programmable systems must be designed to ensure the repeatability, reliability and performance of these systems according to the intended use. In the event of a single fault condition (in the system) appropriate means should be adopted to eliminate or reduce as far as possible consequent risks. 7 Harmonized standard for electrical programmable systems IEC 60601 1 4 After 2005 also 60601 1 3 rd edition 8

2007 changes in directives Amendments to the MDD and AIMD were adopted by the EU parliament in 2007 EU member countries have until March 2010 to implement the changes 9 Software changes in the 2007 amendments Same changes in both MDD and AIMD directives Clarified what software products may be medical devices Software that is intended to be used specifically for diagnostic or therapeutic purposes is subject to the directive s requirements. 10

Implications for software products Software products that are a single piece of software with an intended purpose that fits the medical device definition will be regulated as medical devices This includes products that are not currently regulated A system that is a combination of software applications assembled for a purpose that fits the medical device definition may be regulated, but this is not yet clear. 11 Swedish report June 2009 http://www.lakemedelsverket.se/english/all news/nyheter 2009/Improving patient safety inthe EU Many Medical Information Systems should be classified as Medical Devices/ Initiated and led by the Swedish Medical Products agency with involvement from users, manufacturers, standardization organizations and notified bodies in Sweden Task was to formulate a guideline for classification of medical information systems Concluded many medical information systems should be regulated as medical devices 12

Some products recommended for regulation Electronic medical record systems Anaesthetic record systems Patient data management systems Retinal imaging systems Radiological information systems Web based patient questionnaires Decision support systems eprescription systems 13 Competent Authorities reaction Task force formed with Sweden chairing to draft guidance for regulation of software that meets the definition of a medical device Sweden currently (until end of 2009) has the presidency of the EU 14

Joint CEN/CENELEC software group Currently under development First meeting in June 2009 Role Monitor regulatory position related to software Enable consistent approach to application of medical directives for software Provide advice, proposals and suggestions to other EU bodies addressing software as a medical device Ensure adequate standards are available 15 Software changes in the 2007 amendments Added a new essential principle For devices which incorporate software or which are medical software in themselves, the software must be validated according to the state of the art taking into account the principles of development lifecycle, risk management, validation and verification. 16

Harmonization of IEC 62304 November 2008, EN IEC 62304 was harmonized for software for MDD, AIMD and IVDD. No effective date given, but it is expected that notified bodies will require conformity by March 2010. 17 Role of standards in assuring safe medical device software SAFE All hazards have been addressed Risks have been reduced to acceptable levels Adequate process has been implemented (compliance with standards is often considered a demonstration of adequate process.) Process is effective ISO 14971 IEC 62304 AAMI TIR 32 IEC 60601-1

Status of IEC 62304 Approved by both IEC and ISO as an international standard (joint development effort) Adopted by ANSI as a US national standard replacing ANSI/AAMI/SW 68 Recognized by FDA for use in premarket submissions Harmonized in the EU under the MDD, AIMDD and IVDD Expected to be adopted by the Chinese SFDA 19 62304 philosophy Safe medical device software requires risk management, quality management and good software engineering Good software engineering requires critical thinking can t be done by checklist Manufacturers know more about their products than regulators The variety of medical devices requires a variety of approaches one size does not fit all Resources should be used on what is important A standard should have minimum requirements, not best practices 20

IEC 62304 What is it? A framework processes, activities and tasks Process is the top level, a process has activities and an activity has tasks. Specific requirements in IEC 62304 are generally at the task level. Identifies requirements for what needs to be done and what needs to be documented Specifies a software safety classification system additional requirements apply as safety classification increases 21 IEC 62304 What is not in it? Does not prescribe how to accomplish requirements Not a how to with defined methods or practices Does not require a specific software life cycle Does not specify documents What to document, not where it must go. All of these decisions are left to the manufacturer 22

IEC TR 80002 1 IEC TR 80002 1:2009 Medical device software guidance on the application of ISO 14971 to medical device software Gives guidance for each clause of 14971 Status: approved Will be published this fall 23 Software risk analysis In the system risk analysis, identify software items that could contribute to a hazardous situation Direct control of hardware Information that is used in diagnosis or treatment Identify potential causes of the software item contributing to a hazardous situation 24

Potential software causes Incorrect or incomplete specification of functionality Defects in the software functionality Failure or unexpected results from SOUP (OTS) Hardware or software failures that could result in unpredictable software operation Reasonably foreseeable misuse 25 Systematic errors the probability problem Software defects are systematic errors Systematic failure design errors that do not occur randomly and for which a probability of occurrence cannot be calculated FDA has taken the position that probability/likelihood for software errors cannot be stated. How do you show that the risk from software is acceptable? 26

Acceptable risk May be able to estimate residual risk (after risk control measures have been applied) of harm occurring, even if software failure occurs If residual risk cannot be estimated, then Focus on severity of consequences Show use of all reasonably practical risk controls Show that risk control measures implemented are effective Show that risk control measures meet applicable standards and are state of the art 27 State of the art from ISO 14971 "State of the art" is used here to mean what is currently and generally accepted as good practice. Various methods can be used to determine "state of the art" for a particular medical device. Examples are: standards used for the same or similar devices; best practices as used in other devices of the same or similar type; results of accepted scientific research. State of the art does not necessarily mean the most technologically advanced solution. 28

IEC 80001 1 (under development) IEC 80001 1:20xx Application of risk management for IT networks incorporating medical devices 29 What is the problem? Increasing drive toward heterogeneous networks Increasing deployment of devices in multi-vendor / multi-modality networking environments Increasing mix of medical device & I.T. technologies Systems of Systems Result in Unanticipated Emergent Behaviors!! Wireless networks increase the problem because you can t segregate networks by separate cabling 30

Joint Commission Alert December 11, 2008 Safely implementing health information and converging technologies As health information technology (HIT) and converging technologies the interrelationship between medical devices and HIT are increasingly adopted by health care organizations, users must be mindful of the safety risks and preventable adverse events that these implementations can create or perpetuate. 31 Who is needed to address the problem? Network integrators and maintainers Clinical engineers Medical device manufacturers Non medical network technologies None of these parties can address the problem alone, problem solution for networks incorporating medical devices must be shared in a partnership or federated model. 32

What properties need to be ensured? Risk management should be applied to address the following key properties: safety; effectiveness (effective treatment of the patient using the information exchanged and also enhanced effectiveness of the responsible organization due to the exchange of information); and data and system security (confidentiality, integrity, availability, etc.) 33 IEC 80001 1 process Responsible organization establishes the process Based on ISO 14971 Addresses hazards associated with the connection of medical devices to a network Residual risk is approved by appropriate person in the responsible organization 34

IEC 80001 1 Status Joint working group between IEC 62A and ISO 215 Todd Cooper and Sherman Eagles co conveners First meeting held in January 2007 Involvement by Medical Device Manufacturers Hospitals FDA First committee draft circulated in December, 2007 Second Committee draft circulated November, 2008 Draft for vote will be circulated July 31 Schedule for approved standard, end of 2010 35 Future standards activities Guidance documents to aid in implementation of IEC 80001 1 Guidance for Healthcare Delivery Organizations Guidance for wireless networks Guidance for the communication of medical device security needs, risks and controls Guidance for development of responsibility agreements Step by step risk management with examples Causes of hazards associated with medical ITnetworks 36

Another future activity? Guidance for writing documentation and code for effective implementation of static analysis 37 Sherman Eagles seagles@softwarecpr.com 612 865 0107 Offering training and consulting on medical device software validation and software risk management www.softwarecpr.com 38

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback