Orcanos 6th Medical Event – IEC 62304/62804 New Updates

New Updates By Sherman Eagles

Regulations and Standards
What is happening and where we are heading?

About me
* Medtronic Technical Fellow (retired) now consulting part-time
* Convener of working group for 60601-1 Programmable Electrical Medical System clause
* Convener for IEC 62304 – Medical device software life cycle processes and IEC 80002-1 Application of ISO 14971 for medical device software
* Co-convener for IEC 80001 series on Risk management for IT-Networks incorporating a medical device
* Co-chair of AAMI SW committee
Today’s presentation
* Recent regulatory activities
* Recent standards activities
* Emerging issues
* Medical device security
* Medical device interoperability
* Mobile medical apps
Recent Regulatory Activities – European Union
* EN 13485:2012 and EN 14971:2012 – Modifications to presumed conformance with essential requirements
* Not all quality management and risk management requirements are covered by these standards.
* Manufacturer cannot determine acceptable risk.
* As low as reasonably practicable (ALARP) can no longer be used. Risk must be as low as possible.
* Risk/benefit analysis must be done for each hazard, not just overall residual risk.
* Cannot reduce risk with information for use.

Recent Regulatory Activities – European Union
* Proposed Medical Device Regulations
* 3 directives become 2 regulations
* Target adoption 2014
* 3 year transition for medical devices
* 5 year transition for IVDs
* Significant reduction in Notified Bodies (80 to 30 or less)
* Additional competence for manufacturers and notified bodies
* Increased scrutiny of class III devices
* Changes in audits
* Increased post-market surveillance
Recent Regulatory Activities – European Union
* Changes to MDD went into effect in 2010
* New essential requirement on software requires software lifecycle to be state of the art
* EN 62304 is harmonized for software, therefore is default state of the art
* Notified Bodies did not have expertise to evaluate manufacturers implementation of EN 62304
* Some notified bodies have been increasing their expertise
* Team of notified bodies just released an FAQ on using EN 62304
Recent Regulatory Activities – European Union
* Software as a medical device
* 2010 changes to Medical Device Directive
* Swedish guidance for determining what software is a medical device
* CEN TC 251/CENELEC TC 62 SAMD working group
* MEDDEV 2.1/6 Qualification and Classification of standalone software
* Revised Swedish guidance
* IMDRF new work item on standalone software regulation

Recent Regulatory Activities – USA
* Safety assurance cases and static analysis tools required for infusion pump 510(k)
* Medical Device Data System (MDDS) classification
* Draft guidance for Medical Device Mobile Apps
* FDA Safety and Innovation Act (FDASIA)
* Joint study by ONC, FDA and FCC to create a regulatory framework for Health IT –
report due January, 2014
* Advisory group formed
Recent Regulatory Activities – USA
* FDA study of software pre-market review activities
* FDA hired McKinsey to study how they do software reviews
* Study looked at FDA reviewer practices as well as industry practices
* One conclusion – industry is hesitant to adopt new practices because of uncertainty of
* Establishment of a formal training program for reviewers
* Facilitate medical device software continuous improvement
* Governance structure that oversees all software functions at CDRH

Recent Standards Activities – IEC 62304
* Revision of 62304 will be done in 3 parts
* Amendment to 62304 edition 1
* Second edition will expand scope from medical device software to health software
* Amendment expected by January, 2014
* Assessment TR expected in 2014
* Second edition expected in 2015/2016
Recent Standards Activities – IEC 62304 Amendment
* Software safety classification needed change because too much software was being classified as Class C
* Changes to software safety classification
* Uses risk instead of consequence to determine software safety class
* Applies system level risk management without software risk controls prior to software safety classification
62304 Draft Amendment classification flow chart
Recent Standards Activities – IEC 62304 Amendment
* Requirements for legacy software
* Legacy software is existing software that was created before 62304 was harmonized and has been in use
* Change is needed because legacy software that is not being changed had to go through 62304 process for CE mark
* Approach is to define requirements to determine if existing documentation on development process and risk management is sufficient, together with post-market information, to achieve the intent of the standard.

Leave a Reply

Your email address will not be published. Required fields are marked *