FDA, SaMD, IoT, Apple macOS, Data Breach
TLP White
We start by continuing our discussion from last week regarding the FDA’s precertification plans. We also address next generation medical devices and IoT areas and then shed some light on a new Apple macOS discovery. We conclude with addressing a recent judgement requiring a large hospital to pay $4.3 million as a result of an incurring three data breaches. Welcome back to Hacking Healthcare:
Hot Links –
- Update Released for FDA Pre-Certification Program. Last week we reported on the Food and Drug Administration’s (“FDA”) Software as a Medical Device (“SaMD”) pre-certification program, intended to accelerate the regulatory approval process for medical device software and applications. This week, the FDA released an update to its working model for the program.[1]
As a reminder, the FDA’s stated intent here is to recognize that software is different than hardware in that it tends to be updated frequently, which means reviewing the software itself can be unviable. The problem is only growing as software and more complex medical devices that rely on software continue to proliferate. As a result, they propose reviewing the actual software developers, the thought being that as developers prove themselves to be trustworthy, there is increased likelihood that their products will be as well.
In response to concerns that the model would favor more well-established firms, the updated version clarifies that pre-certification is available to small companies and startups, not just large, established technology companies.[2] It also explains that the FDA’s long term plan is to permit pre-certification for both software as a medical device as well as software within a device. Additionally, the updated version incorporates concepts from the International Medical Device Regulators Forum’s (“IMDRF”) Software as a Medical Device document. The IMDRF is a voluntary group of medical device regulators working to accelerate international medical device regulatory harmonization and convergence.[3] Finally, the FDA eliminated the need for a predicate device, which qualifies a product for the 510(k) clearance process.[4]
[1] https://www.regulations.gov/document?D=FDA-2017-N-4301-0073
[2] https://www.healthcaredive.com/news/fda-unveils-software-pre-cert-update/526224/
[3] http://www.imdrf.org/
[4] https://www.politico.com/newsletters/morning-ehealth/2018/06/20/fda-rolls-out-pre-certification-update-259530
As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC.
Read full blog below: