Transcript 7100 Software Test System
Regulation and Standards Chapter 17
1
Extra Activities for Regulated Industries
Develop and maintain a Quality System Product Documentation Design History File Technical File Product submissions Testing certifications Extra time for: Submissions Answer questions from regulators Re-submissions Audits 2
The Typical Road to Market for a Non-Medical Device
Generate a new idea for a product Design the product Test the product Manufacture the product Ship the product 3
The Typical Road to Market for a Medical Device
Generate a new idea for a product Design the product Test the product Submit data to the regulatory agency Wait Manufacture the product Ship the product 4
Timing of Product Development
Establish a window of opportunity to sell the product Determine the amount of time to manufacture the product Determine the amount of time for regulatory approval Determine the amount of time to test the product Determine the amount of time to design the product Determine the amount of time to specify the product Start the development cycle 5
Types of Regulations
Process ISO 9000 family Audits by Notified Bodies Product Food and Drug Administration (FDA) Medical Device Directive (MDD) Individual country requirements (Canada, Australia, Japan, Russia) City of Los Angeles Other standards required for certain products Environmental standards 6
Process Regulations
Basis for product regulations Requires the company to show an experienced quality system in place ISO 9000 family used as the gold standard For companies with design capabilities, ISO 9001 is the foundation For medical device companies, ISO 13485 is beginning to be accepted 7
ISO 9001
Management responsibility Quality system Contract review Design control Document and data control Purchasing Control of customer supplied product Product identification and traceability Process control Inspection and testing 8
ISO 9001
Control of inspection, measuring, and test equipment Inspection and test status Control of non-conforming product Corrective and preventive action Handling, storage, packaging, preservation, and delivery Control of quality records Internal quality audits Training Servicing Statistical techniques 9
Design Control
Design and development planning Organizational and technical interfaces Design input Design output Design review Verification Validation Design changes 10
Product Regulations
Europe Medical Device Directive Other Countries Australia Canada Japan Russia United States FDA 11
The various Medical Device Directives define a medical device as:
"any instrument, appliance, apparatus, material or other article, whether used alone or in combination, including the software necessary for its proper application, intended by the manufacturer to be used for human beings for the purpose of: diagnosis, prevention, monitoring, treatment or alleviation of disease diagnosis, monitoring, alleviation of or compensation for an injury or handicap investigation, replacement or modification of the anatomy or of a physiological process control of conception, and which does not achieve its principal intended action in or on the human body by pharmacological, immunological or metabolic means, but which may be assisted in its function by such means."
12
Medical Device Directive
3 divisions: AIMDD, MDD, IVMDD Required for selling a product in Europe Product must contain a CE mark Must have a quality system Product must meet a list of essential requirements Certificates for all testing 13
Medical Device Directive
Three directives: Active Implantable Medical Devices Directive (AIMDD) Medical Devices Directive (MDD) In Vitro Diagnostic Medical Devices Directive (IVDMDD) 14
Medical Device Directive Process
Analyze the device to determine which directive is applicable Identify the applicable Essentials Requirements List (safety, risk, performance, …) Identify any corresponding Harmonized standards Confirm that the device meets the Essential requirements/Harmonized Standards and document the evidence Classify the device 15
Medical Device Directive Process
Decide on the appropriate conformity assessment procedure Identify and choose a notified body Obtain conformity certifications for the device Establish a Declaration of Conformity Apply for the CE mark 16
Essentials Requirements List
Essential Requirement 1. The device must be designed and manufactured in such a way that when used under the conditions and for the purposes intended, they will not compromise the clinical condition or the safety of patients, users, and where applicable, other persons. The risks associated with devices must be reduced to an acceptable level compatible with a high level of protection for health and safety.
2. The solutions adopted by the manufacturer for the design and construction of the devices must comply with safety principles and also take into account the generally acknowledged state of the art.
A or N/a A A Standards Internal Activity Risk analysis Safety review Internal Specification reviews Design reviews Safety review Test Clause Pass/Fail Document Location Design History File Design History File Design History File Design History File Design History File 17
Declaration of Conformance
Every device, other than a custom-made or clinical investigation device, must be covered by a declaration of conformity
Document that states you have met all the essential requirements for your device
Must include the serial numbers or batch numbers of the products it covers
Signed by a member of Senior Management
18
The CE Mark
XXXX
19
Difference Between FDA and MDD
FDA: A submission must be sent to the FDA for each product to be marketed Must wait for approval MDD: A company may qualify for self-certification to MDD for their products. These are checked during scheduled audits.
20
Other Product Regulations
Countries Japan Australia China Russia Type of Device Standards Alarms Software Environmental Standards EMC Temperature/Humidity Shipping 21
Audits
1-4 people in your spaces for 3 days to several months 22
Audits
Will cover in detail your process and products Auditors will “dig-in” in they find the hint of a problem Major discrepancies will shut you down until they are fixed Legal and/or punitive steps may be taken 23
Food and Drug Administration
Quality system Testing to prove the safety and efficacy of your product Submission material dependent on the type of product you are making Particular attention to software MDRs Recalls Audits (see chapter 16…) 24
Food and Drug Administration
Safety and efficacy: Requirement verification Risk analysis Environmental testing Clinical testing 25
Food and Drug Administration
Submissions: Class I Class II Class III Little regulation 510(k) PMA 26
FDA 2004 User Fees
Large business: 510(k) PMA 180 day supplement Real-time supplement $ 3,480 $206,811 $ 44,464 $ 14,890 27
FDA 2004 User Fees
Small business: 510(k) PMA 180 day supplement Real-time supplement $ 2,784 $ 78,588 $ 16,896 $ 5,658 28
Food and Drug Administration
Software: Based on an bad experience in Canada FDA doesn’t understand it Therefore, they over-regulate it All current regulations are in draft form Software in a device is the same level as the device Excess documentation required Auditors free to regulate according to their own principles 29
Food and Drug Administration
MDRs and Recalls: MDR: a report sent to the FDA detailing the circumstances of your device killing or causing serious injury to a patient The FDA also gets a report from the hospital or clinic where the situation occurred Recall: a detailed plan for making design changes in all your devices currently in the field 30
Food and Drug Administration
Audits: General Triggered by submissions Triggered by field failures Triggered by unsolicited information 31
Newest of the Regulations (US)
HIPAA Health Insurance Portability and Accountability Act Main components are Privacy and Security 32
Protected Health Information (PHI)
PHI is health Information that: 1) is created or received by a health care provider, health plan, employer, or health care clearinghouse, and 2) relates to the past, present, or future physical or mental health or condition of an individual, the provisions of health care to an individual, or the past, present, or future payment for the provision of health care to an individual, and i) that dentifies the individual or ii) with respect to which there is a reasonable basis to believe the information can be used to identify the individual.
33
Protected Health Information (PHI)
Any health information that can be identified to a person It includes information about treatment and care PHI can include: Name Dates Record number Social security number Full face photo Any other unique identifying information 34
De-Identification
Patient information from which identifiers have been information cannot reasonably be used to identify a Name Social security number Address Telephone number Birth date Admission date FAX numbers E-mail addresses Medical record numbers Health plan beneficiary numbers Account numbers Certification/license numbers Full face photos.
35
Civil Penalties for Non Compliance
$100 for each violation Total of $25,000 for all violations of an identical requirement in a calendar year 36
Wrongful Obtainment/Disclosure of PHI
Not more than $50,000 and/or not more than 1 year imprisonment Not more than $100,000 and/or not more than 5 years imprisonment if the offense is “under false pretenses” Not more than $250,000 and/or not more than 10 years imprisonment for the intent to sell, use for commercial advantage, personal gain, or malicious harm Protected Health Information 37
HIPAA Philosophy
What I see here, What I hear here, When I leave here, Remains here!
38
Other US Standards Groups:
AAMI ANSI ASQC ASTM IEEE IES IPC NEMA NFPA OSHA UL 39
Rest of World
British Standards Institute European Committee for Normalization European Committee for Electronic Standards TickIT International Committee on Radio Interference Canadian Standards IEEE ISO (9000, 9001, 13485, 13488, 14000) JSA 40
Trends:
Harmonization of Regulations & Standards Attempts at defining Medical Informatics and the structures of medical records Computerization 41