Thursday, January 26, 2012

Medical Devices and EMI: The FDA Perspective


The EMI Problem


Graphic depicting electromagnetic sources that can affect medical devices, including lightening, radar, CRTs, microwaves, electric power lines and short wave radiosAn electric powered wheelchair suddenly veers off course; an apnea monitor fails to alarm; a ventilator suddenly changes its breath rate.[1,2,3] These are just a few examples of the problems that might occur when radiated electromagnetic (EM) energy interacts with the sensitive electronics incorporated into many medical devices. Over the years, many incidents of suspected electromagnetic interference (EMI) with medical devices have been documented.[4] In addition, recent congressional hearings [5] and media attention [6,7] have heightened concern for the safe and effective use of devices in the presence of EMI. For medical devices the environment has become crowded with potential sources of EMI (figure 1).
Because of its concern for the public health and safety, the Center for Devices and Radiological Health (CDRH) part of the Food and Drug Administration (FDA), has been in the vanguard of examining medical device EMI and providing solutions. Extensive laboratory testing by CDRH [8,9,10], and others [11,12,13,14], has revealed that many devices can be susceptible to problems caused by EMI. Indeed, the CDRH has been investigating incidents of device EMI, and working on solutions (e.g. the 1979 draft EMC standard for medical devices [15]), since the late 1960's, when there was concern for EMI with cardiac pacemakers.[16]
The key to addressing EMI is the recognition that it involves not only the device itself but also the environment in which it is used, and anything that may come into that environment. More than anything else, the concern with EMI must be viewed as a systems problem requiring a systems approach. In this case the solution requires the involvement of the device industry, the EM source industry (e.g., power industry, telecommunications industry), and the clinical user and patient. The public must also play a part in the overall approach to recognizing and dealing with EMI.
The focus of this article is to briefly outline the concerns of the Center for Devices and Radiological Health, FDA, for EMI in all medical devices with electrical or electronic systems, and the strategy developed to minimize these problems.

The Complexity of Device EMI

As our society seeks new technology, medical devices can usually be found in the forefront. There is an ever-increasing use of electronics and microprocessors in devices of all kinds, across the vast range of devices: from relatively simple devices like electrical nerve stimulators to the more recent advances in imaging such as magnetic resonance imaging (MRI). In the medical industry there is a tendency toward more automation in devices to monitor patients and help perform diagnosis. Microminiaturization has revolutionized the medical device industry: smaller devices requiring less power that can perform more functions.
At the same time, there is a proliferation of new communications technology: the personal communications systems (PCS), cellular telephones, wireless computer links, to name a few. With these advances are coming some unforeseen problems: the interactions between the products emitting the EM energy and sensitive medical devices. Even the devices themselves can emit EM energy which can react with other devices or products.
Electromagnetic compatibility, or EMC, is essentially the opposite of EMI. EMC means that the device is compatible with (i.e., no interference caused by) its EM environment, and it does not emit levels of EM energy that cause EMI in other devices in the vicinity. The wide variation of medical devices and use environments makes them vulnerable to different forms of EM energy which can cause EMI: conducted, radiated, and electrostatic discharge (ESD). Further, EMI problems with medical devices can be very complex [see 17], not only from the technical standpoint but also from the view of public health issues and solutions.
Graphic representing the role of distance from the EM energy sourceA brief overview of radio frequency interference (RFI) can help to illustrate some of the variables that make device EMI so complex and difficult to address effectively. In general, the strength of the EM field at any given distance from the source of the radiated signal (transmitter) is directly proportional to the radiated power of the transmitter and inversely proportional to the distance. The role of distance from the EM energy source is highlighted by Figure 2.
The relatively low power cellular telephone creates a 3 V/m field strength at 1 m, while a more powerful hand-held CB transceiver creates the same field strength at 5 m. Further, the high power TV transmitter creates this same field strength at a distance of 1000 m. It is easy to see then, at small distances from the radiator where EM field strength can be very high, even the best protected devices (i.e., with a high level of immunity) may be susceptible to EMI. However, the device may be susceptible to only some of the variations (e.g., frequency or modulation) in the EM energy. This is why some devices may be affected by a nearby transmitter of a certain frequency, and other devices at the same location may not be affected. Add to RFI the other forms of EMI and it quickly becomes apparent that devices can face a fairly hostile environment, which can ultimately affect the patient or device user.

FDA Concern with EMI

The consequence of EMI with medical devices may be only a transient "blip" on a monitor, or it could be as serious as preventing an alarm from sounding or inappropriate device movement leading to patient injury or death. With the increasing use of sensitive electronics in devices, and the proliferation of sources of EM energy, there is heightened concern about EMI in many devices. While the numbers of reports with possible links to EMI have been steady, these numbers are generally not indicative of the actual occurrence of incidents. Indeed, in investigating possible EMI-related problems it is usually the case that the EM energy which caused the event has dissipated (e.g. the EM energy source was shut off or removed from the area). Only through careful measurement and testing can the true nature of EMI susceptibility be determined. The complexity of the testing, and the vast range of devices encountered, make it a very difficult task indeed to address EMI.
The CDRH has regulatory authority over several thousand different kinds of medical devices, with thousands of manufacturers and variations of devices. The very nature of this range of devices does not lend itself to "generic" approaches. For example, an apnea monitor is very different from a powered wheelchair, in form, function, and configuration.
graphic representing classification vs signal strengthThe EM environment that envelops the devices can vary widely, from the rural setting to the commercial setting, to the urban setting, and of course, the hospital setting. The International Electrotechnical Commission (IEC) has classified the EM environment into eight areas and defined the typical EM environment in each area. [18] Within each area there are conditions for the location and power of local EM energy sources (e.g., transmitters), which if exceeded would result in higher EM field strengths. Table 1 indicates the general classifications and the upper range of radiated EM field strength specified for each environment.

Formation of the CDRH EMC Working Group

Concern in the CDRH has led to the formation of an EMC Working Group. This group was charged by the Deputy Center Director, Dr. Elizabeth Jacobson, to:
  • assess all device areas to identify EMC concerns;
  • coordinate the development of a strategy to assure EMC in all appropriate devices;
  • provide a focal point for actions;
  • keep the Center Director and his staff informed of activities involving EMI/EMC.
This initiative involves virtually all of the CDRH offices and functions. The formation and subsequent accomplishments of the Group have already had an impact on the regulatory approach, research, and interactions with the device industry. [19]
The EMC Working Group has developed a draft strategy to address EMC concerns across all appropriate device areas. This involves awareness (and education), regulation, research, cooperation with other agencies and organizations, and coordination and cooperation with manufacturers and users.
CDRH has long recognized that the majority of devices likely do not have major problems with EMI. Nonetheless, there are some critical device areas where the threat from EMI could directly impact upon the life and well-being of the patient. Rather than implement additional burdensome requirements over a broad spectrum of devices, CDRH is focusing on those areas where EMI has an established presence, is problematic, or could affect the critical function of the device.

Plans for Device EMC

A comprehensive plan for addressing medical device EMC needs to focus on the primary aspects of device safety and effectiveness. Although many manufacturers in certain device areas have been addressing EMC for some time (e.g. cardiac pacemakers), based on discussions with users, manufacturers, and EMC test facilities there still appears to be a general lack of awareness of the EMI problem. Thus, one key element in our plan includes raising this awareness and educating the users, manufacturers, and regulators about EMC.
Awareness
The CDRH has always placed a high priority on providing information to the public. For example, when the CDRH developed information that some apnea monitors could fail to alarm due to EMI, an FDA Safety Alert was sent out to large numbers of clinicians and users of these devices, warning of the problem and providing tips for the safe use of the devices. [20] Following the extensive investigations into EMI with powered wheelchairs and motorized scooters, the FDA published an article in its Medical Bulletin, which goes to over 1 million clinicians, providing information about device EMI. [21] In addition, a question-and-answer document was developed for the users of powered wheelchairs and motorized scooters. [22]
Pre-Market
The pre-market approach to device regulation was charged to the former Bureau of Medical Devices by the 1976 Amendments to the Food, Drug, and Cosmetics Act. In the early 1980s, this bureau was merged with the Bureau of Radiological Health to form the Center for Devices and Radiological Health. Under the 1976 Amendments, and the more recent Safe Medical Device Act of 1990 [23], CDRH has authority to require device manufacturers to submit information about the safety and effectiveness of their devices. EMI has implications in both the safe and effective use of devices. Thus, a central part of the strategy for dealing with EMC concerns is to address these concerns in pre-market submissions.
In some device areas, notably the respiratory and anesthesia area, concern with EMI has evolved over a period of years because of problems with such devices as the apnea monitor. Indeed, there is a draft FDA standard for apnea monitors with EMC requirements that grew out of our investigations of EMI problems. This draft standard is presently undergoing public comment. [24]
Because of the vast range of devices, and the time and resources it takes to develop mandatory standards, a more general approach is being planned to address EMC in all appropriate device areas with respect to the pre-market concerns. This approach includes the development of priorities and guidelines for pre- and post- market and research activities.
Development of the guidelines for the regulators and manufacturers have been proposed in phases, including:
  • a general guideline to address EMC across a broad range of devices which would be harmonized with prevailing national and international standards; and
  • ultimately, specific guidelines tailored to concerns in each device area and developed in accordance with pre- market priorities for EMC.
Post-Market
For devices already in use, the post-market domain, plans are being formulated to address EMC utilizing the Good Manufacturing Practice (GMP) requirements [Title 21 Code of Federal Regulations (CFR) 820] and inspection guidance [FDA, CDRH Compliance Policy Guidance Manual 7382.830, 5/94]. There are also plans to gather information from the manufacturers of radiation emitting products, such as electronic article surveillance systems, to examine the implications for device EMI.
In addition, the collection of incident reports, mandatory in the cases of patient death or injury [23], is another major tool to assess the post-market use of devices. With the large numbers of devices being used today, and the steady number of incident reports, plans are underway to better distinguish EMI incidents from other types of device incidents. The plans involve building a separate database of carefully scrutinized incident reports, which would form the foundation that would grow with later reports. A system to separate and analyze EMI reports will serve as a resource in making decisions and setting priorities.
Research and Standards
Research and work with voluntary standards organizations have been ongoing in CDRH for several years. Present investigations include examinations of suggested EMI to cardiac pacemakers from digital cellular telephones, EMI to ventilator devices, and follow-up on powered wheelchair EMC. The CDRH laboratory is equipped to perform these kinds of investigations and has the experienced staff to develop test protocols. Indeed, the CDRH work with powered wheelchair EMC has contributed greatly to draft test requirements and procedures for a national (ANSI/RESNA) and an international (ISO) standard. [25,26]
National and international standards activities play an important role in medical device EMC, which is why CDRH has promoted and supported the development of voluntary EMC product family standards for medical devices and EMC requirements for device- specific standards. In addition to ANSI/RESNA and ISO, CDRH has worked with AAMI, the ANSI-Accredited Standards Committee C63, and the International Electrotechnical Commission (IEC). In many cases, the Center s EMC laboratory findings and environmental measurements are utilized in proposals and recommendations to these voluntary standards organizations. The Center has been particularly interested and active in the development of IEC 601- 1-2 [27], and has attempted to harmonize our recommendations with this document to the extent possible, given the FDA mandate to assure safety and effectiveness. The European equivalent of this standard will become especially important as of January 1996, when the European Community EMC Directive becomes effective. [17] IEC 601-1-2 is an important step towards assuring EMC of medical devices; however, CDRH has some critical concerns about this document, and is participating in the development of the first amendment to this document.
Work with Other Agencies
There are additional plans to work with other Federal agencies and professional organizations to promote medical device EMC. Present activities include participation in the EMC Risk Assessment project ongoing at the Walter Reed Army Medical Center. Engineers at Walter Reed have begun an ambitious program to document the incidents of EMI in devices and address solutions. CDRH scientists have brought laboratory data and a rich history of experience to the meetings with Walter Reed staff. In addition, CDRH is continuing its dialog with the Federal Communications Commission (FCC) to promote medical device EMC.

Some Accomplishments to Date

The CDRH EMC Working group, and previous work on device EMC, have accomplished much in a short time frame. Chief among the accomplishments is the formulation of strategies to address EMC in all appropriate device areas. By taking a more comprehensive approach, the CDRH has been proactive in raising awareness and concern for EMC/EMI in devices. The EMC Working Group cooperated with AAMI to present a one and one-half day forum on medical device EMC. The objective of the forum was simple: make known the concern for device EMC, and provide a forum for interaction by the users, clinicians, manufacturers, EM source industries, the public, and CDRH to address the concern.
The EMC Working Group has also been busy assessing the various device areas in the pre-market domain to help in devising priorities for guidance development and laboratory testing. In addition, the Group has provided training for the CDRH staff about EMC, developed strategies, and made recommendations for CDRH/FDA policy toward EMC. Various members of the EMC Working Group have been taking the lead in activities outside the CDRH to address EMC in medical devices.
The laboratory investigation of powered wheelchair EMI, and subsequent standards efforts, illustrates that device EMC can be achieved through cooperation among CDRH, manufacturers, and users. Below is a brief overview of this work.

Experience with Powered Wheelchair EMC

CDRH became aware of suspected EMI in powered wheelchairs and motorized scooters in mid-1992. By late 1993 CDRH laboratory investigations and testing had revealed serious EMI reactions by these devices over a wide range of radio frequencies (1 MHz to 1000 MHz). The evidence indicated that these devices could experience incidents of uncontrolled movement or electromechnical brake release in the presence of moderate radiated EM fields (as low as 3 to 10 V/m). This was sufficient to warrant notifying powered wheelchair users, through user organizations, [28] of the potential for EMI, and to solicit information concerning actual incidents. Further testing revealed that the EMI seemed to affect the control system of the powered wheelchairs resulting in electromechanical brake release and unintended wheel movement.
In many cases, motorized scooters utilize the same type of control systems as the powered wheelchairs. Thus, there was concern that the scooter devices could also suffer from EMI. EMC tests were performed on samples of motorized scooters. The results revealed that these devices could also exhibit EMI problems.
Experience from EMC testing of other devices led CDRH researchers to develop testing procedures which fully challenge the devices. These procedures became the basis for the 1993 CDRH proposals to the RESNA and the ISO for EMC tests and requirements in their respective standards. The proposals were made to harmonize as much as possible with the IEC 801-3 standard (recently renumbered to IEC 1000-4-3) [29] for radiated immunity testing. However, in the process of performing the laboratory tests, CDRH created unique procedures which take into account the relatively slow response time of powered wheelchairs. Through careful scrutiny of submissions of EMC test data by the device manufacturers, and verification testing by CDRH, it became clear that the procedures devised by CDRH were more accurate in determining EMI problems than the existing standard procedures.
Additional testing procedures were developed to examine the device response as the wheels were kept at a constant speed, to simulate normal movement of the wheelchair. Figure 3 represents the results of testing on one device (before modifications were made by the manufacturer). In this case the wheels were fixed at a constant speed of 30 RPM during the exposure of the device. Note that there are several places where the motion of the wheels deviated from the 30 RPM baseline, indicating EMI to the wheelchair. These tests were performed at the EM field strength of 20 V/m. This level was chosen because the device manufacturers had stated they could build devices immune to this level, which is approximately the field strength from a hand-held transceiver at 0.6 m (2 ft). Many powered wheelchair users utilize radio transceivers and cellular telephones for communications, any of which could be placed within this distance of the device's control system.
Shows test results before medification of wheelchair for EMCShows test results for EMC after modification
Following careful EMC modifications to the powered wheelchair by the manufacturer, with the appropriate shielding and circuit modifications, the same powered wheelchair was retested and found to be immune (no EMI reactions) across the entire frequency range (figure 4). This demonstrated that these devices could indeed be made immune to 20 V/m. With such findings in hand, CDRH notified powered wheelchair and scooter manufacturers in May 1994 [30] that future submissions for these type devices should address EMC in labeling and testing. Additional work with the RESNA subcommittee for EMC refined the original CDRH EMC test proposal and reduced the number of test points, to make the procedure more affordable to perform, without compromising the test reliability.
The experience with powered wheelchair EMI demonstrates the ability of CDRH to work with the device manufacturers to recognize and address an EMI problem. Many of these device manufacturers were helpful in sharing information, providing samples, bringing together interested parties, and working towards a solution of the problem. CDRH was able to develop a new and more accurate test procedure in a relatively short time frame, building upon its years of experience in the laboratory and EMC testing of devices.

Summary

There is still much work to be done to reach the goal of assuring device EMC across the broad range of devices. The CDRH EMC Working Group has been charged by the Deputy Center Director to continue this effort, which will likely last some time into the future and impact all electrical and electronic medical devices. Given the nature of the EMI problem, and the quick pace of technology, plans for this program must be dynamic and flexible. The very nature of EMI is complex, with large uncertainties in nearly every aspect. The CDRH approach will reflect these constraints and rely in large measure on the cooperation of all of the parties.
Posted by at No comments:

All Device Manufacturers/Repackers Using Cotton


Since August 1993, the Center for Devices and Radiological
Health  (CDRH) has become aware of several instances where
devices made of Chinese cotton have been found t o  be
contaminated with mold, even though the devices were labeled
as sterile.  Devices containing cotton include, but are not
limited t o  laparotomy sponges, surgical sponges, surgical
drapes, operating room towels and wound dressings.  T o  date,
w e  have not noted problems regarding cotton grown in other
countries, including the United States.  As a precaution, the
following information sheuld be considered regardless of the
c o t t o n l s  origin.
-
The prevalent mold which has been identified thus far is
Pvronemia domesticum, which belongs to the class Ascomycetes
and is believed to be nonpathogenic.

Several companies who have experienced problems with mold
have changed their sterilization practices.  One manufacturer
has determined that P.  domesticum is resistant to standard
ethylene oxide  (EO) sterilization cycles and to standard
gamma radiation doses.  The manufacturer is using a standard
steam sterilization cycle followed by  a standard EO
sterilization cycle.  Other companies have instituted a
standard EO sterilization cycle followed by  a standard gamma
radiation cycle, or vice versa.

CDRH is not advocating any of the above methods, but is
recommending that you conduct appropriate, adequate and
thorough validation studies of each sterilization cycle in
use.  The sterilization validation studies should not only
focus on bacterial contamination, but  should also include
molds and yeasts.  The following points should be  included a s
part of your sterilization validation:

1.  Bioburden of the incoming cotton device.  The bioburden
assessment must include bacteria, molds and yeasts using
established test methods.  The entire device must be
submerged in the culture media.  Bioburden should be assessed
as part of sterilization cycle development, and then periodic
bioburden assessment should be performed once the cycle h a s
been validated.

2 .   Sterilization cycle development studies should include
inoculated product using P. domesticum and any other
microorganisms found during initial bioburden assessment.
The inoculated product should be placed in the hardest to
sterilize locations within the chamber.  Standard methods should be utilized for inoculation, recovery and culture techniques.  Again, the entire device must be submerged in
the culture media.  If gamma radiation is used to sterilize
the device, our experience has shown that incubation up to 3 0
days may reveal slow growing microorganisms which were not
found at the traditional 14 day incubation period.

Use of  inoculated product should not preclude the use of
biological indicators and/or dosimeters during validation and
during routing processing.

3.  During validation, sterility testing of the sterilized
cotton should be performed using established test methods.
The testing regimen should include identification of
bacteria, molds and yeasts.  Again, the entire device must be
submerged in the culture media.  Traditionally, FDA does not
require that routine sterility testing be conducted on each
sterilization load, provided that the sterilization process
has been properly validated.  However, for cotton deyices, it
is recommended that at least periodic sterility testing be
performed t o  assess that the cycle is adequate.


All Device Manufacturers/Repackers Using Cotton (PDF Version) (PDF - 105KB)
If you have any questions regarding this letter, you may
contact John Samalik of the General Surgery Branch at the
above address or at  (301) 594-4595.
Posted by at No comments:

Preparing Notices of Availability of Investigational Medical Devices and for Recruiting Study Subjects


This guide is intended to clarify section 812.7 of 21 CFR Part 812, the regulations providing procedures for investigational device exemptions (OMB CONTROL NUMBER 0910-0078). This section prohibits the promotion or test marketing of investigational medical devices. Any person wishing to make known through a notice, publication, display, mailing, exhibit, announcement, or oral presentation the availability of an investigational device for the purpose of obtaining clinical investigators to participate in a clinical study involving human subjects should:
  1. Announce the availability of the device only in medical or scientific publications or at medical or scientific conferences whose readership or audience is comprised primarily of experts qualified by scientific training and experience to investigate the safety and effectiveness of devices.
  2. State in clear terms that the purpose is only to obtain investigators and not to make the device generally available. Enrolling more investigators than necessary to evaluate the safety and effectiveness of the device will be considered promotion or commercialization of the device.
  3. Limit the information presented in any notice of availability to the following: the proposed use of the device, the name and address of the sponsor, how to apply to be an investigator, and how to obtain the device for investigational use. The notice should further list the investigator's responsibilities during the course of the investigation; namely, to await institutional review board (IRB) and Food and Drug Administration (FDA) approval before allowing any subject to participate, to obtain informed consent from subjects, to permit the device to be used only with subjects under the investigator's supervision, to report adverse reactions, to keep accurate records, and, more generally, to conduct the investigation in accordance with the signed agreement with the sponsor, the investigational plan, FDA's regulations, and whatever conditions of approval are imposed by the reviewing IRB or FDA.
  4. Use direct mailing for the sole purpose of soliciting qualified experts to conduct investigations. (Note: an undirected mass mailing will not be considered an appropriate means of soliciting clinical investigators. Such a mailing will be considered promotion.)
  5. Include the following statement displayed prominently and in printing at least as large as the largest printing in the notice: "Caution - INVESTIGATIONAL DEVICE, LIMITED BY FEDERAL (OR UNITED STATES) LAW TO INVESTIGATIONAL USE."
  6. Ensure that no claims are made which state or imply, directly or indirectly, that the device is reliable, durable, dependable, safe, or effective for the purposes under investigation or that the device is in any way superior to any other device.
  7. Not present comparative descriptions of the device with other devices but may include reasonably sized drawings or photographs of the device.
  8. A sponsor or investigator should not offer volume discounts for an investigational device. FDA would regard such discounts as the promotion of an investigational device.
When recruiting study subjects, sponsors and investigators should take the following into consideration:
  1. Direct recruiting advertisements are seen as part of the informed consent and subject selection process [see 21 CFR 50.20, 50.25, 56.111(a)(3) and 812.20(b)(11)]. IRB review is necessary to ensure that the information provided is not misleading to subjects. This is especially critical when a study may involve subjects who are likely to be vulnerable to undue influence.
  2. When direct advertising is used, the IRB should review the information contained in the advertisement and the mode of its communication, to determine that the procedure for recruiting subjects is not coercive and does not state or imply a certainty of favorable outcome or other benefits beyond what is outlined in the consent document and the protocol.
  3. No claims should be made, either explicitly or implicitly, that the device is safe or effective for the purposes under investigation, or that the test article is known to be equivalent or superior to any device.
  4. Advertising for recruitment into investigational device studies should not use the term "new treatment," without explaining that the test article is investigational. A phrase such as "receive new treatments" implies that all study subjects will be receiving newly marketed products of proven worth.
  5. Advertisements should not promise "free medical treatment" when the intent is only to say subjects will not be charged for taking part in the investigation. Advertisement may state that subjects will be paid, but should not emphasize the payment or the amount to be paid.
Generally, FDA believes that any advertisement to recruit subjects should be limited to the information the prospective subjects need to determine their eligibility and interest. The following should be included in advertisements, but FDA does not require inclusion of the listed items:
  1. The name and address of the clinical investigator and/or research facility;
  2. The condition under study and/or the purpose of the research;
  3. In summary form, the criteria that will be used to determine eligibility for the study;
  4. A brief list of participation benefits, if any (e.g., a no-cost health examination);
  5. The time or other commitment required of the subjects; and
  6. The location of the research and the person or office to contact for further information.
This guide represents the Agency's current thinking on preparing notices of availability of investigational medical devices and for recruiting study subjects. It does not create or confer any rights for or on any person and does not operate to bind FDA or the public. An alternative approach may be used if such approach satisfies the requirements of the applicable statute, regulations, or both.

Posted by at No comments:

Cybersecurity for Networked Medical Devices


Guidance for Industry - Cybersecurity for Networked Medical Devices Containing Off-the-Shelf (OTS) Software


Introduction

A growing number of medical devices are designed to be connected to computer networks. Many of these networked medical devices incorporate off-the-shelf software that is vulnerable to cybersecurity threats such as viruses and worms. These vulnerabilities may represent a risk to the safe and effective operation of networked medical devices and typically require an ongoing maintenance effort throughout the product life cycle to assure an adequate degree of protection. FDA is issuing this guidance to clarify how existing regulations, including the Quality System (QS) Regulation, apply to such cybersecurity maintenance activities.
FDA's guidance documents, including this guidance, do not establish legally enforceable responsibilities. Instead, guidances describe the Agency's current thinking on a topic and should be viewed only as recommendations, unless specific regulatory or statutory requirements are cited. The use of the word shouldin Agency guidances means that something is suggested or recommended, but not required.
The Least Burdensome Approach
We believe we should consider the least burdensome approach in all areas of medical device regulation. This guidance reflects our careful review of the relevant scientific and legal requirements and what we believe is the least burdensome way for you to comply with those requirements. However, if you believe that an alternative approach would be less burdensome, please contact us so we can consider your point of view. You may send your written comments to the contact persons listed on the coversheet to this guidance or to the CDRH Ombudsman. Comprehensive information on CDRH's Ombudsman, including ways to contact him, can be found on the Internet.

Background

This guidance outlines general principles that we consider to be applicable to software maintenance actions required to address cybersecurity vulnerabilities for networked medical devices—specifically, those that incorporate off-the-shelf (OTS) software. The guidance is organized in question-and-answer format, providing responses to questions that have frequently been posed to FDA staff. The “I” in the questions and the “you” in the answers are intended to apply to device manufacturers who incorporate OTS software in their medical devices.
The QS regulation, 21 CFR Part 820, applies to software maintenance actions. In addition, FDA has issued several guidance documents on software, including:

Questions and Answers

1. Which medical devices are covered by this guidance?
This guidance provides recommendations for medical devices that incorporate off-the-shelf (OTS) software and that can be connected to a private intranet or the public Internet. This guidance is addressed to device manufacturers who incorporate OTS software in their medical devices. However, this information also may be useful to network administrators in health care organizations and information technology vendors.
2. What is a cybersecurity vulnerability?
For purposes of this guidance, a cybersecurity vulnerability exists whenever the OTS software provides the opportunity for unauthorized access to the network or the medical device. Cybersecurity vulnerabilities open the door to unwanted software changes that may have an effect on the safety and effectiveness of the medical device.
3. What is it about “network-connected medical devices” that causes so much concern?
Vulnerabilities in cybersecurity may represent a risk to the safe and effective operation of networked medical devices using OTS software. Failure to properly address these vulnerabilities could result in an adverse effect on public health. A major concern with OTS software is the need for timely software patches to correct newly discovered vulnerabilities in the software.
4. Who is responsible for ensuring the safety and effectiveness of medical devices that incorporate OTS software?
You (the device manufacturer who uses OTS software in your medical device) bear the responsibility for the continued safe and effective performance of the medical device, including the performance of OTS software that is part of the device.1
5. How should purchasers and users of these medical devices respond to information about a cybersecurity vulnerability?
FDA recommends that purchasers and users of medical devices that may be subject to a cybersecurity vulnerability contact you with their concerns. As Question 4 explains, you are responsible for the performance of OTS software that is part of your device. Although there may be times when it is appropriate for the user to become involved (see Question 9 below), the user should not attempt to make changes without seeking your advice and recommendations.
6. What regulations apply to software patches that address cybersecurity vulnerabilities?
The need to be vigilant and responsive to cybersecurity vulnerabilities is part of your obligation under 21 CFR 820.100 to systematically analyze sources of information and implement actions needed to correct and prevent problems. The preamble to the QS regulation explains that actions taken should “be appropriate to the magnitude of the problem and commensurate with the risks encountered” (61 Fed. Reg. 52633; Oct. 7, 1996). Information in this guidance will remind you of some of the actions that ordinarily will be necessary to address this particular type of software concern.
Under 21 CFR 820.30(g), design validation requires that devices conform to defined user needs and intended uses, including an obligation to perform software validation and risk analysis, where appropriate. Software changes to address cybersecurity vulnerabilities are design changes and must be validated before approval and issuance. 21 CFR 820.30(i).
7. Is FDA premarket review required prior to implementation of a software patch to address a cybersecurity vulnerability?
Usually not. In general, FDA review is necessary when a change or modification could significantly affect the safety or effectiveness of the medical device. 21 CFR 807.81(a)(3), 814.39.
a. 510(k). For medical devices cleared for market under the 510(k) program, you may refer to our guidance entitled, “Deciding When to Submit a 510(k) for a Change to an Existing Device.”2 That guidance explains that a new 510(k) submission to FDA is necessary for a change or modification to an existing medical device if:
  • The medical device has a new or changed indication for use (e.g., the diseases or conditions the medical device is intended to treat); or
  • The proposed change (e.g, modification in design, energy source, chemical composition, or material) could significantly affect the safety or effectiveness of the medical device.
It is possible, but unlikely, that a software patch will need a new 510(k) submission.3 As with all changes made to devices, you should document the basis of your decisions in the design history file. See 21 CFR 820.3(e), 820.30(j).
b. Premarket Approval Application (PMA). For medical devices approved under PMAs (21 CFR Part 814), a PMA supplement is required for a software patch if the patch results in a change to the approved indications for use or is deemed by the manufacturer to have an adverse effect on the safety and effectiveness of the approved medical device. 21 CFR 814.39. Otherwise, you should report your decision to apply a software patch to your PMA device to FDA in your annual reports. See 21 CFR 814.39(b), 814.84.
8. Should I validate the software changes made to address cybersecurity vulnerabilities?
Yes. See answer to Question 4. You should validate all software design changes, including computer software changes to address cybersecurity vulnerabilities, according to an established protocol before approval and issuance. 21 CFR 820.30(i). You may refer to the “General Principles of Software Validation; Final Guidance for Industry and FDA Staff” (see Background section) for more information about how to validate software changes. For most software changes intended to address cybersecurity vulnerabilities, analysis, inspection, and testing should be adequate and clinical validation should not be necessary.
9. What else should I do to ensure cybersecurity for networked medical devices?
You should maintain formal business relationships with your OTS software vendors to ensure timely receipt of information concerning quality problems and recommended corrective and preventive actions. Because of the frequency of cybersecurity patches, we recommend that you develop a single cybersecurity maintenance plan to address compliance with the QS regulation and the issues discussed in this guidance document.
While it is customary for the medical device manufacturer to perform these software maintenance activities, there may be situations in which it is appropriate for the user facility, OTS vendor, or a third party to be involved. Your software maintenance plan should provide a mechanism for you to exercise overall responsibility while delegating specific tasks to other parties. The vast majority of healthcare organizations will lack detailed design information and technical resources to assume primary maintenance responsibility for medical device software and, therefore, will rely on you to assume the primary maintenance responsibility.
10. Do I need to report a cybersecurity patch?
Not usually, because most software patches are installed to reduce the risk of developing a problem associated with a cybersecurity vulnerability and not to address a risk to health posed by the device. In most cases, therefore, you would not need to report a cybersecurity patch under 21 CFR Part 806 so long as you have evaluated the change and recorded the correction in your records. However, if the software patch affects the safety or effectiveness of the medical device, you should report the correction to FDA, even if a software maintenance plan is in effect.
Posted by at No comments:

Inspection of Medical Device Manufacturers



PROGRAM 7382.845

SUBJECT: INSPECTION OF MEDICAL DEVICE MANUFACTURERS
IMPLEMENTATION DATE: February 02, 2011 (Previous editions obsolete.)
COMPLETION DATE: February 2, 2015
DATA REPORTING
PRODUCT CODES: 73-91
PRODUCT/ASSIGNMENT CODES:
82845A; 42845A -- All Level 1 (Abbreviated) Inspections
82845B; 42845B -- All Level 2 (Comprehensive) Inspections
82845C; 42845C -- All Level 3 (Compliance Follow-up) Inspections
82845G -- All For Cause Inspections
82845P -- Joint FDA/Accredited Person Inspections
82845S -- Report Time spent on Assessment of Firm’s Sterilization processes
81010 -- Report Time spent on MDR Follow-up
81011 -- Report Time spent on Assessment of Firm’s MDR Practices
81845T -- Report Time spent on Assessment of Firm’s Tracking Practices
81845R -- Report Time spent on Assessment of Firm’s Corrections and Removals Practices
82A800 -- Independent Accredited Person Inspections

Table of Contents

  1. The Quality System (QS) Regulation
  2. The MDR Regulation
  3. The Medical Device Tracking Regulation
  4. The Corrections and Removals Regulation
  5. The Registration and Listing Regulation
  1. Objectives
  2. Program Management Instructions
  1. Operations
    1. Inspectional Strategy
      1. QS inspections
      2. Level 1 inspections
      3. Level 2 inspections
      4. Level 3 inspections
      5. For Cause Inspections
      6. Foreign Inspections
    2. Inspectional Instructions
    3. Special Instructions Concerning Design Controls
    4. Special Instructions for Sterilization Processes
    5. Inspection of Radiation Emitting Devices
    6. Sample Collection
  2. Additional Considerations
    1. Registration and Listing
    2. Imports
    3. Exports
    4. Electronic Records and Electronic Signatures
  3. Remarketed Devices
  4. Reporting
  1. Analyzing Laboratories
  2. Analyses to be Conducted
  3. Methodology
  1. Quality System/GMP Regulatory/Administrative Follow-up
    1. Compliance Decision
    2. Contract Sterilizers, Contract Device Manufacturers and Finished Device Manufacturers – Deciding Responsibility When Taking Regulatory Action
    3. Violative Devices Sold to Government Agencies
    4. Administrative and Judicial Actions
    5. Facilitating Review of Regulatory Recommendations
  2. MDR Regulatory/Administrative Follow-up
  3. Tracking Regulatory/Administrative Follow-up
  4. Corrections and Removals Regulatory/Administrative Follow-up
  5. Registration and Listing Regulatory/Administrative Follow-up
  6. Radiation Emitting Device Regulatory/Administrative Follow-up
  7. Exports Regulatory/Administrative Follow-up
Attachments
Posted by at No comments:
Subscribe to: Posts (Atom)