Software in Medical Devices, by MD101 Consulting

So we have a corrigendum (almost 100% sure. A vote by the EU Parliament is still in the pipe December the 16th, though). To corrigendumize: that's a neologism I propose to name bug fixing activities in legal matters. I corrigendumize, you corrigendumize, they corrigendumize! Any resemblance to "randomize" is purely coincidental!

We know that Drug Prescription Assistance Software are software as a medical device, thanks to the European Court of Justice. But how to CE mark that kind of software?

The GMED notified body has published a guide on substantial changes: named Guidance document for the interpretation of significant changes in the framework of article 120: “Transitional provisions” of Regulation (EU) 2017/745. This guide addresses changes according to the article 120 of the MDR. It's a decision tree in the same vein as FDA guidances on deciding when to submit a new 510k.

As a manufacturer, your mission, if you accept it, is to answer "No" for all your products CE marked with the MDD.
For hardware, be prepared to place your design in the freezer.
For software, be prepared to place your design in liquid nitrogen.

The guidance is on the page on white papers of GMED website.

To be software as a medical device or not to be.
That is the question.

And you rely on Competent Authorities to determine whether software is a medical device or not. For example, you have some practical examples on the ANSM website (google translate is my Friend): here is the lastest version.

And you wish you had a way to be noticed by the ANSM when the page changes. Hell no, no way.

Especially you wish you had been noticed when the ANSM change their mind on telesurveillance software: here is the previous version on archive.org if you want to compare with the latest.

Before: examples showing that communicating data, like tele follow-up is not a MD, with the invocation of expert function (found in MEDDEV 2.1/6 only for qualification of IVD, not MD) to exclude software without such function.
After: examples showing that tele surveillance is a MD (exit the expert function).

Arrgghh, This isn't Good Regulatory Practice.

Here is a quick follow-up of the new version of the FDA Guidance titled Medical Device Accessories – Describing Accessories and Classification Pathways, published in December 2017. This comes a bit in parallel to the Section 3060 guidance described in the previous post on the 21st Century Cures Act.

We continue this series of posts on cybersecurity with some comments on impacts of cybersecurity on the software development documentation.

This article is a follow-up of the previous article on the Draft guidance on Postmarket Management of Cybersecurity in Medical Devices.

We begin today a series of posts on cybersecurity in medical devices. Cybersecurity was not a subject before the advent of computerized medical devices. Now that every manufacturer wants its connected medical device, cybersecurity matters!
Let's start with the regulations.

The FDA released three new FDA guidances in July 2016:

• Two draft guidances on Deciding When to Submit a 510(k) for a Change to an Existing Device,
• The final guidance on General Wellness: Policy for Low Risk Devices.

The final version of the negotiated text of the new Medical Device Regulation (MDR) was published by the European Commission in June 2016. It is a big upheaval for all medical device manufacturers. Contrary to what the draft version of September 2015 contained, software is invited to the party.