Thursday 13 January 2022
By Mitch on Thursday 13 January 2022, 13:54 - Standards
IEC 81001-5-1 was published in December 2021. We already talked about the draft version here. Combined with IEC/TR 60601-4-5, published in February 2021, these two standards constitute the state of the art in cybersecurity of medical devices in Europe.
The final version is very close to the draft version, apart from a few changes to the organizational requirements; formerly clause 10 present in the draft, but removed and copied to clause 4 in the final version.
Be prepared to apply these two standards for your MDR CE Mark submissions, when they are harmonized. Most probably by 2024.
Monday 6 December 2021
By Mitch on Monday 6 December 2021, 13:32 - Regulations
Great news! The FDA announced their list of new or revised guidances for 2022. Software is going to be privileged, with 6 guidances on Clinical Decision Support software, SaMD risk categorization, cybersecurity, QMS SW, and Artificial Intelligence / Machine Learning. The draft guidance Content of Premarket Submissions for Device Software Functions opens the ball in 2021. This draft guidance will supersede the guidance titled Content of Premarket Submissions for Software Contained in Medical Device, when it is published in its final version. This little change in the title is a sign of the times.
Monday 8 November 2021
By Mitch on Monday 8 November 2021, 13:56 - Regulations
That is the question.
MD manufacturers are pressed by end-users to implement changes. Especially SaMD, where the users are used to receiving new versions weekly or monthly. Thus, Class I MDD SaMD manufacturers are pressed to find a way to qualify their software changes as non-substantial according to the MDCG 2020-3. Otherwise, they can't deliver new versions to their end-users, blocked by the deadly MDR rule 11 and its class IIa trap.
Saturday 6 November 2021
By Mitch on Saturday 6 November 2021, 16:18 - Misc
This blog is ten years old!
Thank you to all of you who read, download and share the content of this blog.
Friday 9 July 2021
By Mitch on Friday 9 July 2021, 13:37 - Standards
The draft list of harmonized standards for the MDR regulation was published in May 2021. In this document, we find the references to the following cybersecurity standards:
- IEC 80001-1: Safety, effectiveness and security in the implementation and use of connected medical devices or connected health software - Part 1: Application of risk management,
- IEC 81001-5-1 (not published): Health Software and health IT systems safety, effectiveness and security - Part 5-1: Security - Activities in the product lifecycle,
- IEC/TR 60601-4-5: Medical electrical equipment - Part 4-5: Guidance and interpretation - Safety-related technical security specifications.
Wednesday 26 May 2021
By Mitch on Wednesday 26 May 2021, 00:01 - Regulations
This is the end of MDD, and class I SaMD.
Friday 26 March 2021
By Mitch on Friday 26 March 2021, 13:38 - Misc
The definition of SOUP, and the requirements related to their lifecycle in IEC 62304 processes, are totally independent of any technology. Making no technological assumption, that's the way the standard is thought, so that it can be applied to any health software.
Cloud-based applications and web technologies make an intensive use of SOUPs. Let's see how IEC 62304 requirements can be applied to these technologies.
Thursday 4 March 2021
By Mitch on Thursday 4 March 2021, 17:50 - Regulations
Friday 19 February 2021
By Mitch on Friday 19 February 2021, 13:43 - Standards
That's a déjà-vu. The second version of IEC 62304 is still in draft. It has been in this state for five years, since the publication of the amendment 1. We already had a draft version in 2019. A new draft version is, again, in public review (or has been in public review in your country) under the name IEC CDV 62304:2021. Go to the website of your national standardization organization, to see if you can still download it for free!
Friday 5 February 2021
By Mitch on Friday 5 February 2021, 12:40 - Regulations
A Notice was published in the Federal Register the 15th January 2021, about the exemption of a long list of medical devices from premarket notification. This list, found in table 6 of the Notice, contains 83 class II devices.
Yet, we have to wait for 120 days, to see this Notice published with the list in its final version.
Friday 25 December 2020
By Mitch on Friday 25 December 2020, 13:55 - Regulations
After the MDCG guide 2019-11 for the MDR, the MDCG 2020-16 gives the regulatory oversight on In-Vitro Diagnostic medical devices (IVD MD) classification; including software qualified as IVD MD. Let's see the consequences for software.
Friday 20 November 2020
By Mitch on Friday 20 November 2020, 14:01 - Regulations
The MDR 2017/745/EU and IVR 2017/746/EU define requirements, present in the Annex VII of both regulations, addressing the conformity assessment process that Notified Bodies shall put in place. It would be an understatement to say that this process will take some time.
Friday 6 November 2020
By Mitch on Friday 6 November 2020, 12:23 - Regulations
While the winds of Covid are blowing a bad air on Europe, the UK MHRA published in September 2020 the guidance on regulatory status of medical devices, IVD and AIMD from 1 January 2021.
Friday 4 September 2020
By Mitch on Friday 4 September 2020, 14:34 - Regulations
The FDA published in July the final version of the Guidance on Multiple Function Device Products. Despite the absence of the word "software" in the title, it addresses at first software medical devices. It also addresses hardware devices, but we will focus on software in this post.
Friday 15 May 2020
By Mitch on Friday 15 May 2020, 14:00 - Processes
A recurring question is the confusion, or more precisely the difference between software release of IEC 62304, and design transfer of ISO 13485.
Sunday 3 May 2020
By Mitch on Sunday 3 May 2020, 14:20 - Regulations
So we have a new guidance on cybersecurity for medical devices: the MDCG 2019-16. This is not the one we expected so quickly, but we're not going to complain about the existence of this guidance! It was published in December 2019. At last I found time to write a review.
This guidance covers a broad range of topics applicable to all stakeholders in the medical device supply chains, and to end-users. It explains a bit why it is 46 pages long.
Saturday 18 April 2020
By Mitch on Saturday 18 April 2020, 12:03 - Misc
Having struggled with dozens of software editors who wanted to CE mark their class I software before May 2020. Having struggled with the lockdown, having struggled with projects in war mode to fight against the Covid-19, here I am! My last post was in December 2019, too long to make an active blog.
Today I post an article with a tone of speech a bit different than usual. No software, no comment on regulatory guidances. Probably an effect of the current situation, which affects all of us.
Friday 6 December 2019
By Mitch on Friday 6 December 2019, 14:10 - Regulations
So we have a corrigendum (almost 100% sure. A vote by the EU Parliament is still in the pipe December the 16th, though). To corrigendumize: that's a neologism I propose to name bug fixing activities in legal matters. I corrigendumize, you corrigendumize, they corrigendumize! Any resemblance to "randomize" is purely coincidental!
Saturday 30 November 2019
By Mitch on Saturday 30 November 2019, 18:20 - Templates
The final validation was missing in the list on templates on this blog. Problem solved.
Friday 22 November 2019
By Mitch on Friday 22 November 2019, 14:16 - Standards
The second version of IEC 62304 is still in draft. It has been is this state for almost five years, since the publication of the amendment 1. It is now in public review (or has been in public review in your country) under the name IEC 62304:2019 CDV. Go to the website of your national standardization organization, to see if you can still download it for free!