7100 Software Test System
Download
Report
Transcript 7100 Software Test System
Regulation and Standards
Chapter 17
1
Extra Activities for
Regulated Industries
Develop and maintain a Quality System
Product Documentation
Design History File
Technical File
Product submissions
Testing certifications
Extra time for:
Submissions
Answer questions from regulators
Re-submissions
Audits
2
The Typical Road to
Market for a Non-Medical
Device
Generate a new idea for a product
Design the product
Test the product
Manufacture the product
Ship the product
3
The Typical Road to
Market for a Medical
Device
Generate a new idea for a product
Design the product
Test the product
Submit data to the regulatory agency
Wait
Manufacture the product
Ship the product
4
Timing of Product
Development
Establish a window of opportunity to sell the
product
Determine the amount of time to manufacture the
product
Determine the amount of time for regulatory
approval
Determine the amount of time to test the product
Determine the amount of time to design the
product
Determine the amount of time to specify the
product
Start the development cycle
5
Types of Regulations
Process
ISO 9000 family
Audits by Notified Bodies
Product
Food and Drug Administration (FDA)
Medical Device Directive (MDD)
Individual country requirements (Canada, Australia, Japan,
Russia)
City of Los Angeles
Other standards required for certain products
Environmental standards
6
Process Regulations
Basis for product regulations
Requires the company to show an experienced
quality system in place
ISO 9000 family used as the gold standard
For companies with design capabilities, ISO
9001 is the foundation
For medical device companies, ISO 13485 is
beginning to be accepted
7
ISO 9001
Management responsibility
Quality system
Contract review
Design control
Document and data control
Purchasing
Control of customer supplied product
Product identification and traceability
Process control
Inspection and testing
8
ISO 9001
Control of inspection, measuring, and test
equipment Inspection and test status
Control of non-conforming product
Corrective and preventive action
Handling, storage, packaging, preservation, and
delivery
Control of quality records
Internal quality audits
Training
Servicing
Statistical techniques
9
Design Control
Design and development planning
Organizational and technical interfaces
Design input
Design output
Design review
Verification
Validation
Design changes
10
Product Regulations
Europe
Medical Device Directive
Other Countries
Australia
Canada
Japan
Russia
United States
FDA
11
The various Medical Device Directives define
a medical device as:
"any instrument, appliance, apparatus, material or other article,
whether used alone or in combination, including the software
necessary for its proper application, intended by the manufacturer
to be used for human beings for the purpose of:
diagnosis, prevention, monitoring, treatment or alleviation of
disease
diagnosis, monitoring, alleviation of or compensation for an injury
or handicap
investigation, replacement or modification of the anatomy or of a
physiological process
control of conception,
and which does not achieve its principal intended action in or on
the human body by pharmacological, immunological or metabolic
means, but which may be assisted in its function by such means."
12
Medical Device Directive
3 divisions: AIMDD, MDD, IVMDD
Required for selling a product in Europe
Product must contain a CE mark
Must have a quality system
Product must meet a list of essential
requirements
Certificates for all testing
13
Medical Device Directive
Three directives:
Active Implantable Medical Devices Directive
(AIMDD)
Medical Devices Directive (MDD)
In Vitro Diagnostic Medical Devices Directive
(IVDMDD)
14
Medical Device Directive
Process
Analyze the device to determine which directive
is applicable
Identify the applicable Essentials Requirements
List (safety, risk, performance, …)
Identify any corresponding Harmonized
standards
Confirm that the device meets the Essential
requirements/Harmonized Standards and
document the evidence
Classify the device
15
Medical Device Directive
Process
Decide on the appropriate conformity
assessment procedure
Identify and choose a notified body
Obtain conformity certifications for the
device
Establish a Declaration of Conformity
Apply for the CE mark
16
Essentials Requirements
List
Essential Requirement
1. The device must be designed
and manufactured in such a way
that when used under the
conditions and for the purposes
intended, they will not
compromise the clinical
condition or the safety of
patients, users, and where
applicable, other persons. The
risks associated with devices
must be reduced to an acceptable
level compatible with a high
level of protection for health and
safety.
2. The solutions adopted by the
manufacturer for the design and
construction of the devices must
comply with safety principles
and also take into account the
generally acknowledged state of
the art.
A or N/a
A
A
Standards
Internal
Internal
Activity
Risk analysis
Test Clause
Pass/Fail
Document Location
Design History File
Safety review
Design History File
Specification
reviews
Design History File
Design reviews
Design History File
Safety review
Design History File
17
Declaration of
Conformance
Every device, other than a custom-made
or clinical investigation device, must be
covered by a declaration of conformity
Document that states you have met all the
essential requirements for your device
Must include the serial numbers or batch
numbers of the products it covers
Signed by a member of Senior
Management
18
The CE Mark
XXXX
19
Difference Between FDA
and MDD
FDA:
A submission must be sent to the FDA for each
product to be marketed
Must wait for approval
MDD:
A company may qualify for self-certification to
MDD for their products. These are checked
during scheduled audits.
20
Other Product Regulations
Countries
Japan
Australia
China
Russia
Type of Device Standards
Alarms
Software
Environmental Standards
EMC
Temperature/Humidity
Shipping
21
Audits
1-4 people in your spaces for 3 days to
several months
22
Audits
Will cover in detail your process and
products
Auditors will “dig-in” in they find the hint
of a problem
Major discrepancies will shut you down
until they are fixed
Legal and/or punitive steps may be taken
23
Food and Drug
Administration
Quality system
Testing to prove the safety and efficacy of your
product
Submission material dependent on the type of
product you are making
Particular attention to software
MDRs
Recalls
Audits
(see chapter 16…)
24
Food and Drug
Administration
Safety and efficacy:
Requirement verification
Risk analysis
Environmental testing
Clinical testing
25
Food and Drug
Administration
Submissions:
Class I
Little regulation
Class II
510(k)
Class III
PMA
26
FDA 2004 User Fees
Large business:
510(k)
$
3,480
PMA
180 day supplement
Real-time supplement
$206,811
$ 44,464
$ 14,890
27
FDA 2004 User Fees
Small business:
510(k)
$
2,784
PMA
180 day supplement
Real-time supplement
$ 78,588
$ 16,896
$ 5,658
28
Food and Drug
Administration
Software:
Based on an bad experience in
Canada
FDA doesn’t understand it
Therefore, they over-regulate it
All current regulations are in draft form
Software in a device is the same level as the device
Excess documentation required
Auditors free to regulate according to their own
principles
29
Food and Drug
Administration
MDRs and Recalls:
MDR: a report sent to the FDA detailing the
circumstances of your device killing or
causing serious injury to a patient
The FDA also gets a report from the hospital or
clinic where the situation occurred
Recall: a detailed plan for making design
changes in all your devices currently in the
field
30
Food and Drug
Administration
Audits:
General
Triggered by submissions
Triggered by field failures
Triggered by unsolicited information
31
Newest of the Regulations (US)
HIPAA
Health Insurance
Portability and
Accountability Act
Main components are
Privacy and Security
32
Protected Health
Information (PHI)
PHI is health Information that:
1) is created or received by a health care
provider, health plan, employer, or health care
clearinghouse, and
2) relates to the past, present, or future
physical or mental health or condition of an
individual, the provisions of health care to an
individual, or the past, present, or future
payment for the provision of health care to an
individual, and i) that dentifies the individual or
ii) with respect to which there is a reasonable
basis to believe the information can be used to
identify the individual.
33
Protected Health
Information (PHI)
Any health information that can be identified to
a person
It includes information about treatment and
care
PHI can include:
Name
Dates
Record number
Social security number
Full face photo
Any other unique identifying information
34
De-Identification
Patient information from which identifiers have been
deleted, redacted, or blocked, so that remaining
information cannot reasonably be used to identify a
person. Identifiers to be deleted include:
Name
Social security number
Address
Telephone number
Birth date
Admission date
FAX numbers
E-mail addresses
Medical record numbers
Health plan beneficiary numbers
Account numbers
Certification/license numbers
Full face photos.
35
Civil Penalties for NonCompliance
$100 for each
violation
Total of $25,000 for
all violations of an
identical requirement
in a calendar year
36
Obtainment/Disclosure of
PHI
Not more than $50,000
and/or not more than 1
year imprisonment
Not more than $100,000
and/or not more than 5
years imprisonment if the
offense is “under false
pretenses”
Not more than $250,000
and/or not more than 10
years imprisonment for the
intent to sell, use for
commercial advantage,
personal gain, or malicious
harm Protected Health
Information
37
HIPAA Philosophy
What I see here,
What I hear
here,
When I leave
here,
Remains here!
38
Other US Standards Groups:
AAMI
ANSI
ASQC
ASTM
IEEE
IES
IPC
NEMA
NFPA
OSHA
UL
39
Rest of World
British Standards
Institute
European Committee
for Normalization
European Committee
for Electronic
Standards
TickIT
International
Committee on Radio
Interference
Canadian Standards
IEEE
ISO (9000, 9001,
13485, 13488, 14000)
JSA
40
Trends:
Harmonization of Regulations & Standards
Attempts at defining Medical Informatics
and the structures of medical records
Computerization
41