Transcript 7100 Software Test System

The Impact of Regulations
on
Medical Device Design
Richard C. Fries, PE, CRE
Manager, Corporate
Reliability Engineering
Baxter Healthcare
Round Lake, Illinois
1
Extra Activities for
Regulated Industries
Develop and maintain a Quality System
Product Documentation
Design History File
Technical File
Product submissions
Testing certifications
Extra time for:
Submissions
Answer questions from regulators
Re-submissions
Audits
2
The Typical Road to
Market for a Non-Medical
Device
Generate a new idea for a product
Design the product
Test the product
Manufacture the product
Ship the product
3
The Typical Road to
Market for a Medical
Device
Generate a new idea for a product
Design the product
Test the product
Submit data to the regulatory agency
Wait
Manufacture the product
Ship the product
4
Timing of Product
Development
 Establish a window of opportunity to sell the
product
 Determine the amount of time to manufacture the
product
 Determine the amount of time for regulatory
approval
 Determine the amount of time to test the product
 Determine the amount of time to design the product
 Determine the amount of time to specify the
product
 Start the development cycle
5
Types of Regulations
Process
ISO 9000 family
Audits by Notified Bodies
Product
Food and Drug Administration (FDA)
Medical Device Directive (MDD)
Individual country requirements (Canada, Australia, Japan,
Russia)
City of Los Angeles
Other standards required for certain products
Environmental standards
6
Process Regulations
Basis for product regulations
Requires the company to show an experienced
quality system in place
ISO 9000 family used as the gold standard
For companies with design capabilities, ISO
9001 is the foundation
For medical device companies, ISO 13485 is
beginning to be accepted
7
ISO 9001










Management responsibility
Quality system
Contract review
Design control
Document and data control
Purchasing
Control of customer supplied product
Product identification and traceability
Process control
Inspection and testing
8
ISO 9001
 Control of inspection, measuring, and test
equipment Inspection and test status
 Control of non-conforming product
 Corrective and preventive action
 Handling, storage, packaging, preservation, and
delivery
 Control of quality records
 Internal quality audits
 Training
 Servicing
9
Design Control
Design and development planning
Organizational and technical interfaces
Design input
Design output
Design review
Verification
Validation
Design changes
10
Product Regulations
United States
FDA
Europe
Medical Device Directive
Other Countries
Australia
Canada
Japan
Russia
11
Food and Drug
Administration
Quality system
Testing to prove the safety and efficacy of your
product
Submission material dependent on the type of
product you are making
Particular attention to software
MDRs
Recalls
Audits
12
Food and Drug
Administration
Safety and efficacy:
Requirement verification
Risk analysis
Environmental testing
Clinical testing
13
Food and Drug
Administration
Submissions:
Class I
Little regulation
Class II
510(k)
Class III
PMA
14
FDA 2004 User Fees
Large business:
510(k)
$
3,480
PMA
180 day supplement
Real-time supplement
$206,811
$ 44,464
$ 14,890
15
FDA 2004 User Fees
Small business:
510(k)
$
2,784
PMA
180 day supplement
Real-time supplement
$ 78,588
$ 16,896
$ 5,658
16
Food and Drug
Administration
Software:
Based on an bad experience in
Canada
FDA doesn’t understand it
Therefore, they over-regulate it
All current regulations are in draft form
Software in a device is the same level as the device
Excess documentation required
Auditors free to regulate according to their own
principles
17
Food and Drug
Administration
MDRs and Recalls:
MDR: a report sent to the FDA detailing the
circumstances of your device killing or
causing serious injury to a patient
The FDA also gets a report from the hospital or
clinic where the situation occurred
Recall: a detailed plan for making design
changes in all your devices currently in the
field
18
Food and Drug
Administration
Audits:
General
Triggered by submissions
Triggered by field failures
Triggered by unsolicited information
19
Medical Device Directive
Required for selling a product in Europe
Product must contain a CE mark
Must have a quality system
Product must meet a list of essential
requirements
Certificates for all testing
20
Medical Device Directive
Process
Analyze the device to determine which directive
is applicable
Identify the applicable Essentials Requirements
List
Identify any corresponding Harmonized
standards
Confirm that the device meets the Essential
requirements/Harmonized Standards and
document the evidence
Classify the device
21
Medical Device Directive
Process
Decide on the appropriate conformity
assessment procedure
Identify and choose a notified body
Obtain conformity certifications for the
device
Establish a Declaration of Conformity
Apply for the CE mark
22
Medical Device Directive
Three directives:
Active Implantable Medical Devices Directive
(AIMDD)
Medical Devices Directive (MDD)
In Vitro Diagnostic Medical Devices Directive
(IVDMDD)
23
Essentials Requirements
List
E ssential R eq uirem ent
1. T he device m ust be designed
and m anufactured in such a way
that w hen used under the
conditions and for the purposes
intended, they w ill not
com pro m ise the clinical
condition or the safety o f
patients, users, and w here
applicable, other persons. T he
risks associated w ith devices
m ust be reduced to an acceptable
level co m patible w ith a high
level of protection for health and
safety.
2. T he solutions adopted by the
m anufacturer for the design and
construction of the devices m ust
com ply w ith safety principles
and also take into account the
generally ackno w led ged state of
the art.
A or N /a
A
A
Standards
Internal
Internal
A ctivity
R isk analysis
T est C lause
P ass/Fail
D ocum ent Location
D esign H istory File
Safety review
D esign H istory File
Specificatio n
review s
D esign H istory File
D esign review s
D esign H istory File
Safety review
D esign H istory File
24
Declaration of
Conformance
Every device, other than a custom-made
or clinical investigation device, must be
covered by a declaration of conformity
Document that states you have met all the
essential requirements for your device
Must include the serial numbers or batch
numbers of the products it covers
Signed by a member of Senior
Management
25
The CE Mark
XXXX
26
Difference Between FDA
and MDD
FDA:
A submission must be sent to the FDA for each
product to be marketed
Must wait for approval
MDD:
A company may qualify for self-certification to
MDD for their products. These are checked
during scheduled audits.
27
Other Product Regulations
Countries
Japan
Australia
China
Russia
Type of Device Standards
Alarms
Software
Environmental Standards
EMC
Temperature/Humidity
Shipping
28
Audits
1-4 people in your spaces for 3 days to
several months
29
Audits
Will cover in detail your process and
products
Auditors will “dig-in” in they find the hint
of a problem
Major discrepancies will shut you down
until they are fixed
Legal and/or punitive steps may be taken
30
Newest of the Regulations
HIPAA
Health Insurance
Portability and
Accountability Act
Main components are
Privacy and Security
31
Protected Health
Information (PHI)
PHI is health Information that:
1) is created or received by a health care
provider, health plan, employer, or health
care
clearinghouse, and
2) relates to the past, present, or future
physical or mental health or condition of an
individual, the provisions of health care to an
individual, or the
past, present, or future
payment for the provision of health care to an
individual, and i) that
identifies the
individual or ii) with respect to which there is a
reasonable basis to believe the information can
32
be used to identify the individual.
Protected Health
Information (PHI)
Any health information that can be identified to
a person
It includes information about treatment and
care
PHI can include:
Name
Dates
Record number
Social security number
Full face photo
Any other unique identifying information
33
De-Identification
 Patient information from which identifiers have been
deleted, redacted, or blocked, so that remaining
information cannot reasonably be used to identify a
person. Identifiers to be deleted include:
Name
Social security number
Address
Telephone number
Birth date
Admission date
FAX numbers
E-mail addresses
Medical record numbers
Health plan beneficiary numbers
Account numbers
Certification/license numbers
Full face photos.
34
Civil Penalties for NonCompliance
$100 for each
violation
Total of $25,000 for
all violations of an
identical requirement
in a calendar year
35
Obtainment/Disclosure of
PHI
 Not more than $50,000
and/or not more than 1
year impisonment
 Not more than $100,000
and/or not more than 5
years imprisonment if the
offense is “under false
pretenses”
 Not more than $250,000
and/or not more than 10
years imprisonment for the
intent to sell, use for
commercial advantage,
personal gain, or malicious
harm Protected Health
Information
36
HIPAA Philosophy
What I see here,
What I hear
here,
When I leave
here,
Remains here!
37