Software Recalls Issues and Challenges

Similar documents
The challenges of software medical device regulation.

Post Market Surveillance (including PMCF): common non compliances

FDA s Final Rule on Medical Device Data Systems Signals Active Regulation of Data Communication Technologies

MEASURE FOR MEASURE: QUALITY METRICS

Optimize Your Field Safety Corrective Actions Systems

HAZARD IDENTIFICATION AND RISK ASSESSMENT Revision Date: 04/2017

Health Canada Enforcement of Consumer Products

GUIDELINES ON MEDICAL DEVICES

Medical Device Recalls and Part 806

FDA Medical Device HFE Guidance

Medical Device Regulatory Framework 9 SEPTEMBER 2015 FUNDISA CONFERENCE JANE ROGERS

The Impact of Quality Culture on Quality Risk Management. FDA Perspective on Quality Culture; how it Impacts Risk Management

Flight Data Monitoring within an Integrated Safety Management System

Risk-Based Approach to Software Quality and Validation

Due diligence in the European medical devices industry

In the huge expanse of Asia, Singapore and

IQCP for Commercially Prepared CLSI-Exempt Media

Copyright GCI, LLC Remediation of Legacy Medical Devices

MDSAP AUDIT PROCESS. A Manufacturer s Perspective. Connie Hoy EVP Regulatory Affairs Cynosure, Inc.

Canadian Market Surveillance Model on Consumer Product Safety

Application of Quality Risk Management Tools for Cell Therapy Manufacturing

HSE Integrated Risk Management Policy. Part 3. Managing and Monitoring Risk Registers Guidance for Managers

Korean Medical Devices Regulations

Serious Adverse Event Reporting During European Device Clinical Investigations

Safety Management Introduction

PHARMA CONGRESS. Pharmacovigilance and Drug Safety: Assessing Future Regulatory and Compliance Developments. October 28, 2008

Utilization of UDI during the Product Recall. 18 September 2015 Terumo Cardiovascular Group Eileen Dorsey

PAT & Risk-Based Initiatives: Implementation Issues PDA New England - 8 th Dec Cliff Campbell B.E., C.Eng. CC&A Ltd., Cork, Ireland

Pharmacovigilance. Training session for patients and consumers involved in EMA activities, 25 November Presented by: Priya Bahri

ZOLL Document Number: 90E0004 Page 5 of 15 Maintenance of Quality Records

PROPOSED DOCUMENT. Global Harmonization Task Force

RISK MANAGEMENT POLICY


Medical Device Product Development for Startups

So, How Will You Audit a Risk Assessment in ISO 9001:2015?


Incorporating Risk Management into Complaint and Service Experience. Presented by: Richard J. DeRisio, M.S. Kinetic Concepts, Inc.

Clause-byclause. Interpretation. Transitioning to ISO 9001:2015

Expanded Access and the Individual Patient IND

Post Market Surveillance

Getting Started with Risk in ISO 9001:2015

Strategies for Risk Based Validation of Laboratory Systems

DISTRIBUTION AND SUPPLY OF PLASMA DERIVED FRACTIONATED BLOOD PRODUCTS AND RECOMBINANT PRODUCTS IN NEW ZEALAND

ISO 14001:2015. Control of Environmental Aspects & Impacts.

AAMI Quality Systems White Paper: Comparison of 21 CFR Part 820 to ISO 13485:2016 1

Pre-Clinical Testing for Devices and Diagnostics

Regulations governing the application of medical accelerators

FDA s Guidance for Industry

GUIDELINES ON MEDICAL DEVICES GUIDE FOR COMPETENT AUTHORITIES IN MAKING AN ASSESSMENT OF CLINICAL INVESTIGATION NOTIFICATION

The SMS Table. Kent V. Hollinger. December 29, 2006

The interface between Good Clinical Practice and Good Manufacturing Practice

HP Standard Supplier Requirements for Safe and Legal Products

GS1 Ireland Healthcare User Group (HUG) Information Day

Guide for Distributors of Medical Devices

Welcome ISO9001:2015 /ISO14001:2015

Clinical Integration Track: It s All About the Data

ASQ Tappan Zee Section Medical Devices, New Regulations and Standards. 26 th September / V. Fischer / Rev. 01

Medical Device Directive

The Integration and Application of ISO 9001 and the NIAHO Requirements In Medical Equipment Management

Forest Stewardship Council

GUIDE TO INSPECTIONS OF QUALITY SYSTEMS

ISPE Annual Meeting 29 October 1 November 2017 San Diego, CA

Challenges and Opportunities in the Development of integrated Drug Device Combination Products CMC Strategy Forum, Tokyo, 5 December 2017

Panel Discussion: European Medical Device Regulations Preparing for the Storm Moderator: Lenita Y. Sims Spears, Senior Quality Consultant/Senior

Quality Systems. Indian Pharmaceutical Alliance. Advanced GMP Workshops 2017

Medical Device Biocompatibility: ISO TC194 Overview & Standards

MEDICAL DEVICE. Technical file.

SUBJECT: INSTITUTIONAL REVIEW BOARD (IRB) - HUMANITARIAN USE DEVICES

Available online at ScienceDirect. Procedia Engineering 132 (2015 )

Work Health and Safety Compliance Training. Course Outline

Chapter 1. Pharmaceutical Industry Overview

Maintaining your Investigational Device Exemption (IDE) with the FDA: Keys for Success. Jenna Stump, MS, CCRP Clinical Research Regulatory Specialist

ISO 22000:2005 Standard INTERNATIONAL STANDARDS REGISTRATIONS

The Risk Management + Design Controls Connection: What Device Makers Need to Know

Mastering compliance for medical device solutions

FDA Initiatives and Regulatory Trends for Life Sciences. Larry Spears President L. Spears Consulting

IT Compliance in the FDA Regulated Industry. IT Responsibilities 10 Years Ago TODAY! 11/17/2008. Business. Security. Compliance. IT & Automation Forum

Global Product Safety: Trends & Updates CANADA. Teresa Dufort December 4, 2012 McMillan LLP

HEALTH AND SAFETY STRATEGY

THE NEW FOOD AND DRUG ADMINISTRATION (FDA) OF THE REPUBLIC OF THE PHILIPPINES

Best Practices: Integration of Risk Management and Corrective and Preventive Action

Global Compliance Trends and Warning Letters

This article specifically covers incorporation of physical and chemical indicators (PCIDs) into or onto the drug product.

Regulatory. Supplier Qualification A Review

An Introduction to the Worldwide Regulatory Framework for Medical Devices. Elizabeth Malo M.S., Director, Regulatory Affairs

STATE OF NORTH CAROLINA

Examining the New SQF Quality Code: How to Comply by the January Deadline

Delta Dental of Michigan, Ohio, and Indiana. Compliance Plan

Validating electronic source data in clinical trials

Risk Based Inspection in the Oil and Gas Industry

A New Era in Quality Control: Developing an IQCP for Your Laboratory

RCM Theory and Concepts Workshop Module 2- RCM Process Overview

Mitigating Medical Device Risk through Human Factors. Christina Mendat, PhD Director, Research & Human Factors

FDA 21 CFR Part 820 vs. ISO 13485:2016 Comparison Table created by greenlight.guru

FDA Update on Compounding

Software Regulation: The Transfusion Medicine Experience

UPPLIER ANUAL. Issued: 01 Aug 13

UNIQUE DEVICE IDENTIFICATION U.S. FDA. March 2014

Trinity College Dublin QP Forum 2017 Tuesday 25 th April

Transcription:

ASQ: Meeting the Compliance Challenge Perspectives from Government, Industry and Quality Professionals: April 28, 2010 Software Recalls Issues and Challenges Jeme Wallace Director Regulatory Affairs GE Healthcare Barrington, IL

Summary There are challenges in assessing software defects to determine if a recall of the product should be performed. Implementing an adequate risk assessment process is key to this decision. Crossfunctional teams assess risk and implement a recall decision. Several examples are provided for discussion of recall appropriateness. 2/

Agenda Recall Regulations US, EU, Canada Complaints Risk Assessment What s a recall? Examples 3/

Regulations - US Food and Drug Administration 21 CFR 7.40-7.59: Recall policy Recall is a voluntary action that takes place because manufacturers and distributors carry out their responsibility to protect the public health and well-being from products that present a risk of injury or gross deception or are otherwise defective. Why carry out this voluntary action? Manufacturers and distributors have a responsibility to protect the public health and well-being from products that present a risk of injury, or are otherwise defective. 21 CFR 806: Corrections and Removals Manufacturers and importers are required to make a report to FDA of any correction or removal of a medical device(s) if the correction or removal was initiated to: reduce a risk to health posed by the device remedy a violation of the act caused by the device which may present a risk to health http://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfcfr/cfrsearch.cfm 4/

Regulations EU Medical Device Directives COUNCIL DIRECTIVE 93/42/EEC: Medical Device Directives Article 10: Information on incidents occurring following placing of devices on the market Member States are required to ensure that any information brought to their knowledge regarding incidents involving a medical device is recorded and evaluated for: any malfunction or deterioration in the characteristics/performance of a device any inadequacy in the labeling or the instructions for use which might lead to or might have led to the death of a patient or user or to a serious deterioration in his state of health; any technical or medical reason in relation to the characteristics or performance of a device http://eurlex.europa.eu/lexuriserv/lexuriserv.do?uri=consleg:1993l0042:20071011:en:pdf 5/

Regulations Health Canada Health Products and Food Branch Inspectorate Recall Policy POLICY-0016 Recall: any action taken by the manufacturer, importer or distributor of the device to recall or correct the device, or to notify its owners and users of its defectiveness or potential defectiveness, after becoming aware that the device: a) may be hazardous to health b) may fail to conform to any claim made by the manufacturer or importer relating to its effectiveness, benefits, performance characteristics or safety c) may not meet the requirements of the Act or the Regulations. http://www.hc-sc.gc.ca/dhp-mps/compli-conform/info-prod/drugs-drogues/pol_0016_tc-tm-eng.php 6/

Stand-Alone Software-classification: Examples United States: PACS: Class II (LLZ) Digital Image Storage Device: Class I (LMB) Electronic Medical Record: Currently unclassified Canada: PACS: Class II Digital Image Storage Device: Class I Electronic Medical Record: Class I/II EU: PACS: Class IIa Digital Image Storage Device: Class I Electronic Medical Record: Class I Class I = lowest risk Class IIa/IIb = moderate risk Class III = highest risk 7/

Product Complaints/Investigation Complaint Handling procedure Ability to capture all product issues from internal & external sources Cross-functional team: Engineering, Clinical/Medical, RA, QA, Product Surveillance assesses complaint determines if investigation is required performs Risk Assessment cross-checks the Risk Management file recommends adverse event and/or recall reporting 8/

Risk Assessment: Based on ISO 14971 Categorization of risks are chosen and justified by the product owner Severity of hazard: ex: Minor, Serious, Critical, Catastrophic Probability of occurrence (Pocc): quantitative vs qualitative (may be better for S/W) ex: Improbable, Remote, Occasional, Frequent Likelihood of harm (LOH): ex: Rare, Unlikely, Likely Outcome of risk assessment process is a risk matrix to determine the: Probability of harm (POH): LOH x Pocc = POH, then POH x Severity = final risk rating ex: Acceptable, Risk Mitigation Required, Unacceptable 9/

Risk Assessment and Recall Decision Complaint: The lab results of all the patients in the hospital with the last name of Smith are getting placed in the incorrect patient record. Severity: Critical Pocc: Frequent Likelihood: Likely Improbable Remote Occasional Frequent Reportable Recall Minor Serious A A A RMR A RMR RMR UA Critical RMR RMR UA UA Catastrophic RMR UA UA UA 10 /

Why is Software Different? Potential for Defects Device (you can see it, touch it) Software defect User error Interoperability Usability/Human factors Requirements incorrect Component tolerances inadequate. Component at EOL Component spec changes Supplier changes: specs, new Sterilization changes Manufacturing changes Stability changes Material/formulation changes Labeling changes Environment Expiration period changes Performance specs Power sources Shock/fire hazards Software Software defect User error Interoperability Usability/Human factors Requirements incorrect What others can you add? 11 /

Samples/Examples A software product named BestEver was developed and released over 5 years ago. The system requirements were heavily researched and took into account every potential workflow sequence possible the developers were confident that all bases were covered and released the product for clinical use. Workflow sequences A and B were an instant success, however user sites did not immediately utilize C and D workflows. A year ago, due to an increase in reimbursement for workflow C, a user site began utilizing it. The Complaint Handling Unit noted several complaints from this site regarding this workflow. Investigation demonstrated a software defect in workflow C. If only one user reports the issue, is this a recall? 12 /

Samples/Examples A software change was made on BestEver per a user request. The development team completed testing and sent it to the requesting site for acceptance testing. One user at the site follows a specific workflow sequence and likes the change. Another user at the same site follows a different workflow sequence. He does not like the change and detects a S/W defect based on his workflow. Is it desirable to make this change since it uncovered a defect?? Is it a recall? 13 /

Samples/Examples Every year the developers of BestEver software test and release an upgrade so that the product continues to be the best ever. User sites are encouraged to install each upgrade and are offered a free stuffed bear when the upgrade is complete. One site decides they have enough stuffed bears for everyone and refuses an upgrade. About 6 months later, the user site detects a defect in their existing software and files a complaint. After investigation by the development team, an adverse event report is filed with the regulatory agency. Is this a software recall? 14 /

Samples/Examples The developers of BestEver know that their software can work with other software packages. They even state in the labeling that it is compatible with any other software that uses the commonly used Special Connecting software. A user site decides to connect BestEver software to EvenBetter software using Special Connecting. One day routine upgrades are installed and the system is re-booted. BestEver doesn t work as it did before and a complaint is filed with the developers of BestEver. Investigation into the complaint determines that, while no upgrades were made to BestEver, an upgrade was made on EvenBetter. The changes caused a latent defect in BestEver to become apparent. Is it a recall? 15 /

Conclusion In spite of the complexities of software and making decisions on recalls, it s an exciting time to be in this field Changing regulations globally Increase in technology rapidly advancing Great potential to help the public health 16 /

Thank you 17 /

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback