CE-marking Requirements for Medical Devices including Software

Hvordan godkendes medicoteknisk udstyr med vægt på SW? Foredrag hos IDA Elteknik København 30.04.2014 Claus Lindholt CE-marking Requirements for Medical Devices including Software Compliance with Medical Devices Directive EN ISO 13485, EN ISO 14971, EN 62304 & EN62366 30.04.2014 Claus Lindholt 30.04.2014 Claus Lindholt Indhold af foredrag 30.04.2014 Eksempler på medical SW og medical App s MD Life-cycle og regulatoriske krav MD Definitioner, klassifikation og veje til CE-mærket Harmoniserede standarder Regulatorisk Strategi -> Plan -> Dok -> CE-mærke Krav til Medical SW - EN62304, EN62366 Dokumentation for SW i praksis Hvad med Agile (SCRUM) (QMS ISO13485 eller Risk Management ISO14971) Claus Lindholt 1

Claus Lindholt baggrund Akademiingeniør svagstrøm 1975 fra DIA (AUC) Ca. 35 år som projektleder: Produktionsteknologi Kvalitetsstyring Produktudvikling Indenfor produktområderne: Telefoner og dataudstyr Skibsautomation EMS (Electronic Manufacturing Service) Mobiltelefoner og apps til mobiltelefoner Medicinsk udstyr (20 år) Tidligere eksportchef, salgschef, kvalitetschef, teknisk direktør og adm.direktør Medejer af Pulsemaster Ltd. UK terapeutisk udstyr, siden 2000 Teknisk direktør (CTO) i Mermaid Care A/S, siden 2006 Certificeret lead auditor for ISO13485 kvalitetsstyringssystemer Konsulentarbejde vedr. Technical File og ISO13485 QMS for start-up s Undervisning og foredrag i regulatoriske krav til medicinsk udstyr 30.04.2014 Claus Lindholt Medico i Nordjylland Mermaid Care A/S Måleapparat for lungeparametre, Shunt og O2-tab Baseret på forskning fra AaU, Rcare Gas sensorsystem for O2, CO2 og flow samt pulsoximeter for SpO2 2 CE-mærkede produkter i MDD klasse IIa Algoritmer på Windows XP-emb. platform Claus Lindholt 2

Examples Medical SW & App s Challenges for medical SW Software used in a setting that does not allow the doctor sufficient time to second-guess the software. Emergency Care Predictive Analytics Software. This category of software may process and analyze large amounts of both structured and unstructured healthcare data and vital sign data to recommend and adjust a treatment in an emergency care setting. Can such SW always be trusted in a hot situation? Hospital patient monitoring software. The problem is alarms going off so often that nurses no longer treat them as truly indicative of an emergency. An emerging category of software is using sophisticated analytics to assess the various data related to a monitored patient, giving nurses a more meaningful notification when a patient s health is deteriorating. What happens when one doesn t work, a patient crashes and the caregiver is alerted too late? Challenges for medical SW Software that takes a very complicated calculation and presents a result without transparently revealing the basis for the calculation. Burn Victim Fluids Assessment. Could use an advanced algorithm that learns how each patient responds to fluid therapy each hour. The algorithm could use fluid in and out trend data to predict the fluid rate for the next hour that will best achieve the urine output target range. Radiation dose calculator. Radiation treatment planning is generally performed on dedicated computers using specialized treatment planning software. The planner will try to design a plan that delivers a uniform prescription dose to the tumor and minimizes dose to surrounding healthy tissues. Many factors are considered by radiation oncologists when selecting a dose, including whether the patient is receiving chemotherapy, patient comorbidities, whether radiation therapy is being administered before or after surgery, and the degree of success of surgery. Claus Lindholt 3

Challenges for medical SW Apps and other software that guide untrained users to make very complex medical decisions. SpotMole App DIABETooL Insulin Calc App Concussion Assessment&Response App Disease Management App SpotMole App SpotMole App Description from Google Play: SpotMole provides a simple way to have a quick check of your skin spots and moles. Take a snapshot of a mole or load a mole's photo from the phone's gallery and let SpotMole do the rest! SpotMole may detect signs of melanoma using image processing and pattern recognition techniques. Spotmole does a scan of relevant dermatological features. Using SpotMole you first have to take a close-up and well centered snapshot of a skin spot or mole and next run an analysis. SpotMole automatic assessment software uses standard visual analysis proceedures to check spots on the skin. The features extracted are common in dermatology and widely employed in visual inspection of the skin spots. These are Asymmetry, Border, Color, Diameter and Evolution of the mole (ABCDE). Spotmole's output may be negatively influenced by images with poor contrast/brightness, color artifacts, nonuniform illumination, poor resolution, skin hairs covering the mole, etc. PLEASE, MAKE SURE YOU READ THE USAGE INFORMATION BEFORE USING THE APP: ON THE MAIN APP'S SCREEN JUST PRESS THE 'USAGE' BUTTON DISCLAIMER: SpotMole is by no means a substitute for clinical diagnostics performed by trained dermatologists. SpotMole is not a medical device and should not be considered as such. Regardless of the output of the program you are urged to seek medical advice if you have doubts with a particular skin spot - mole. SpotMole's assessment is for educational purpose only. Use SpotMole at your own risk. What happens if the app misses a potential melanoma? Claus Lindholt 4

DIABETooL Insulin Calc DIABETooL Insulin Calc Description from Google Play: Summary: - Input your medical protocol and life conditions, - Run insulin Units calc, - Check record details, - View Statistics over period of time, - Check HbA1c estimate based on your average data, - View graphs,for who? Especially designed for Diabetes type 1 patients, also known as insulin-dependent diabetes, following functional insulin therapy protocols with rapid acting insulins, either with by pump or needle injections. But also meaningful for doctors, advisers and nurses. For what? First of all, because we have been dreaming for a while about it for private usage. So we are very keen on sharing our experience with you. To compute the rapid acting insulin dose (UI) assumed to be injected according to the carbohydrates and lipid meat contents and corrective factors from your medical protocol. The input data are limited within default range values but input values keep anyway under your entire responsibility. Your data are recorded locally into your smart-phone database. You can export these data into a CSV file format (e.g. to be able to easily import your data into your PC favorite calc spreadsheet. In case of requested export (EXPORT button), the recorded CSV file will be localized onto your SD card. No data are exchanged with external devices or servers. Full detailed statistics (average, min, max values over several time periods) are available for each parameter (Blood Glucose, Insulin Units, Carbohydrates, Lipids). Every parameter is shown in a graphical view as well. The view is zoomable (in/out). The base view shows last 30.04.2014 week data and it can be slided or zoom over time just Claus playing Lindholt with your finger ends. Concussion Assessment&Response Claus Lindholt 5

Concussion Assessment&Response Description from Google Play: Sport Version app, or CARE, is a new tool that helps medical professionals and athletic trainers assess the likeliness of a concussion and respond quickly and appropriately to this potentially serious medical situation. The CARE provides instruction during the assessment of an injury; it also provides tools that can help document the injury as well as recovery. All the recorded assessment information can be shared via email with other doctors or other medical professionals. The CARE allows users to test an athlete s readiness to return to play via a step-by-step testing regimen. This tool is an invaluable way to assess possible concussions and respond appropriately. FEATURES: ------- snip------ Return-to-Play Guide: This part of the app helps to protect children and athletes from further injury by guiding them through a daily exercise routine that tests their ability to return to play. Through a five-day, tiered workout routine, parents can ensure that their child is able to handle the added exercise without further injury or discomfort. Concussion General Information The app s concussion information helps ensure that medical professionals are provided a comprehensive understanding of concussions as well as the assessments they will be administering via the CARE. All concussion information in this section has been provided by Gerard A. Gioia, PhD and Jason Mihalik, PhD, concussion specialists from the Children s National Medical Center and the Matthew A. Gfeller Sport-Related Traumatic Brain Injury Research Center. Acute Concussion Evaluation (ACE) Post-Concussion Home/School Instructions Included with the app is a concussion overview page that users can share with other coaches, parents, or athletes. This overview is an excellent way to share important information about how to recognize and respond to concussions. Disease Management App Disease Management App Description from Google Play (abbreviated): Rapidly rising health care costs have prompted Employers and Health Plans to look to Disease Management Programs as a way to improve ones health while reducing overall healthcare costs. This app features complete health risk assessments for both men and women including Diabetes, Heart Disease, Prostate Cancer, Breast Cancer, Colorectal Cancer, Gastrointestinal, Osteoporosis, Stroke, and Lung Cancer. Multiple choice health quizzes are included to test your knowledge and increase awareness of these various disease states. Each Risk Assessment provides an in-depth look at an individual for a specific disease state and determines a level of risk. A routine visit with an individual s primary care physician is recommended and encouraged in most situations. Ideal For Businesses (Health Plans and Employers) Disease management is one approach that aims to provide better care while reducing the costs of caring for the chronically ill. For Individuals and Families A simple and convenient way to determine your risk for developing one the following major diseases: Diabetes, Heart Disease, Prostate Cancer, Breast Cancer, Colorectal Cancer, Gastrointestinal, Osteoporosis, Stroke, and Lung Cancer. Disease Management programs empower individuals, in collaboration with physicians and other health care professionals, to effectively manage their conditions and associated risk factors and co-morbidities. Our risk assessments are designed by experienced healthcare professionals to ensure accurate and dependable information is made available to you or a loved one. -This app does not diagnose or suggest treatment for any disease state. A visit to your primary care physician is highly recommended. Claus Lindholt 6

Life-Cycle for Medical Devices Direktiver og standarder MDD Life-Cycle for Medical Devices Intended use Clinical Trials Clinical Reports & Articles Product Requirements Intended Use & Performance Risk Analysis Controlled Processes Verification & Validation Clinical Evaluation QMS Process Control - GMP Training Calibration CAPA System Change Control Final Control Changes Refurbishment Archiving Vigilance De-commissioning Marke-- Projectplation Development Approval which requirements? ting& Produc- Research From idea to end-of-life Sales Regulatory Requirements Service & End-of-Life Plan for Regulatory Requirements incl.: Strategy Time Schedule Resources Economics MDD Classification MDD Essential Req. Risk Management Standards e.g. EMC and Safety Clinical Rationale Quality Management Process Validation Brochures and Web-site Manuals National Language Dealer Contracts Post Market Surveillance Vigilance Reporting Recalls 30.04.2014 Claus Lindholt Definition på medicinsk udstyr Se direktivet på www.medicinskudstyr.dk link til Lovgivning Bek.1263 1)» Medicinsk udstyr «: Ethvert instrument, apparat, udstyr, materiale, utensilie (éngangsudstyr), anordning, hjælpemiddel eller enhver anden genstand anvendt alene eller i kombination, herunder edb-programmel, der hører med til korrekt brug heraf, som af fabrikanten er beregnet til anvendelse på mennesker med henblik på: a) Diagnosticering, forebyggelse, overvågning, behandling eller lindring af sygdomme, b) diagnosticering, overvågning, behandling, lindring af eller kompensation for skader eller handicap, c) undersøgelse, udskiftning eller ændring af anatomien eller en fysiologisk proces, eller d) svangerskabsforebyggelse, og hvis forventede hovedvirkning i eller på det menneskelige legeme ikke fremkaldes ad farmakologisk, immunologisk eller metabolisk vej, men hvis virkning kan understøttes ad denne vej. 2)» Tilbehør «: Ethvert produkt, der af fabrikanten er bestemt til at blive anvendt sammen med medicinsk udstyr, for at det medicinske udstyr kan anvendes som planlagt af dets fabrikant. I bekendtgørelsen betragtes tilbehør som selvstændigt medicinsk udstyr. Claus Lindholt 7

Relevante Direktiver Medicinsk Udstyr direktivet (MDD) 93/42 + 2007/47 omfatter alt medicinsk udstyr og SW til diagnosticering, forebyggelse, overvågning, behandling eller lindring af sygdomme og handikap mv. In Vitro Diagnostic direktivet (IVDD) 98/79 omfatter alle typer testsystemer, som anvender biologisk materiale udenfor kroppen (in vitro), f.eks. Glucosetest apparater, herunder beslutningsstøttesystemer (SW) baseret på IVD data Aktiv Implantat direktivet (AIMDD) 90/385 omfatter alle typer aktivt medicinsk udstyr, som er beregnet til at bruges i kroppen i længere tid, f.eks. pacemakers Waste of Electrical and Electronic Equipment (WEEE) omfatter kontrolleret bortskaffelse af AL elektronik også medicinsk udstyr, men ikke B2B Reduction of Hazardous Substances (RoHS) regulerer brugen af f.eks. bly i elektronik og bromholdige brandhæmmere i plast. Al medicinsk udstyr er pt. undtaget, men RoHS 2 (2011/65) træder i kraft for MD d.22.07.2014, IVD d.22.07.2016 og AIMD i 2019! MDD Bilag I - Væsentlige Krav De generelle krav: Højt sikkerhedsniveau Indbygget beskyttelse Egnethed Stabilitet i ydeevne Transportsikkerhed Afvejning af fordele mod ulemper De specifikke krav findes i de harmoniserede standarder. De specifikke krav: Elektrisk sikkerhed Elektromagnetisk kompatibilitet (EMC) Krav til brugbarhed (usability) Risikoanalyse Mærkningskrav Krav til brugsanvisning Alarmfunktioner Materialesikkerhed Bioforligelighed Sterilitetssikkerhed Mekanisk sikkerhed Brand- og eksplosionssikkerhed Nøjagtighed og stabilitet Strålebeskyttelse Klinisk evaluering Klassificering af medicinsk udstyr MDD bilag IX Medicinsk udstyr opdeles i 3 klasser Klasse I med underklasser Is og Im Ikke elektrisk udstyr (klasse I), sterilt udstyr (klasse Is) og udstyr med målefunktion (klasse Im) Klasse IIa (romertal 2a) Det meste elektriske udstyr Klasse IIb Udstyr med høj risko Klasse III Udstyr i forbindelse med centralnervesystemet MDD bilag IX afsnit III har 18 regler til klassificering EU MEDDEV 2.4 /1 part 1 & part 2 indeholder guidelines Dokumentationen for klassificeringen skal indeholde rationale for fabrikantens valg af klasse Klassificeringen gælder alene vejen til CE-mærket de tekniske krav er de samme for alle klasser afhængig af udstyret Eksempler: ALPE er klasse IIa i henhold til regel 10 (active device for diagnosis) Respirator er klasse IIb efter regel 9 + potentiel farlig 30.04.2014 Claus Lindholt Claus Lindholt 8

Vejen til CE-mærket - MDD Klassificeringen gælder alene vejen til CE-mærket de tekniske krav er de samme for alle klasser afhængig af udstyret Klasse I anmeldes til CA Lægemiddelstyrelsen Klasse Is og Im kræver NB assistance Klasse IIa kræver NB assistance og dokument kontrol Klasse IIb og III kræver NB s granskning af dokumentationen og der er begrænsning i valget af kvalitetsstyringsomfang 30.04.2014 Claus Lindholt Vejen til CE-mærket MDD Direktiver og Harmoniserede Standarder Direktiver Standarder EU Kommissionen EU Direktiv Standardiseringsorganisation Forslag til EN standard Regeringen Folketinget Dansk lov EU Kommissionen EU Tidende Harmonisering af EN standard Sundhedsministeren Sundhedsstyrelsen Bekendtgørelse MDD nr.1263 af 15.12.08 IVDD nr.1269 af 12.12.05 Dansk Standard National DS/EN standard Virksomheden Væsentlige krav Kvalitetsstyring Virksomheden Medicinsk Udstyr iht. EN standarder Bemyndiget Organ Overensstemmelse Akkrediteret Laboratorium Testrapporter Bemyndiget Organ Sundhedsstyrelsen Overvågning 0543 Find Dir. & Harm.Std. på www.medicinskudstyr.dk Claus Lindholt 9

Nogle harmoniserede standarder EN62304:2006 - Medical device software - Software life-cycle processes EN 62366:2008 - Medical devices - Application of usability engineering to medical devices EN ISO 14971:2012 - Medical devices - Application of risk management to medical devices EN 60601-1:2006 - Medical electrical equipment -- Part 1: General requirements for basic safety and essential performance EN 60601-1-2:2007 - Medical electrical equipment -- Part 1-2: General requirements for basic safety and essential performance - Collateral standard: Electromagnetic compatibility - Requirements and test EN60601-x-y Horisontale og Vertikale standarder EN60601-1 Generic EN60601-1-2 EMC EN60601-1-6 Usability EN60601-1-8 Alarms EN60601-1 Generic EN60601-1 Generic EN60601-1 Generic EN60601-2-12 Lungeventillatorer 30.04.2014 EN60601-1-x Horisontale (collateral) std. gælder alle typer udstyr EN60601-2-x Veritkale (particular) std. dækker særlige krav eller fortolkninger for specifikt udstyr (EN80601-2-x) Se en samlet liste via Lovgivning link på www.medicinskudstyr.dk Claus Lindholt EN 60601-1:2006 - Indhold 1 Scope, object and related standards 2 * Normative references ( * Rationale in Annex A) 3 * Terminology and definitions 4 General requirements 5 * General requirements for testing ME EQUIPMENT 6 * Classificationof ME EQUIPMENT and ME SYSTEMS 7 ME EQUIPMENT identification, marking and documents 8 * Protection against electrical HAZARDS from ME EQUIPMENT 9 * Protection against MECHANICAL HAZARDS 10 * Protection against unwanted and excessive radiation HAZARDS 11 * Protection against excessive temperatures and other HAZARDS 12 * Accuracy of controls and instruments and protection against hazardous outputs 13 * HAZARDOUS SITUATIONS and fault conditions 14 * PROGRAMMABLE ELECTRICAL MEDICAL SYSTEMS (PEMS) 15 Construction of ME EQUIPMENT 16 * ME SYSTEMS 17 * Electromagnetic compatibility of ME EQUIPMENT and ME SYSTEMS 30.04.2014 Claus Lindholt Claus Lindholt 10

8 * Protection against electrical hazards Krav: Means of Patient Protection MoPP (x2) Means of Operator Protection MoOP (x2) Applied Part B, BF eller CF [pdf s. 217] Bestemt ved Risk Manangement proces Metoder: Isolationsafstande og materialer Krybe-luft afstande Transformatorer Beskyttelsesjord Vigtigste tests: Lækstrøm < 100µA (touch current) Højspændingstest > 4kV Jordslutningsstrøm >25A 30.04.2014 Claus Lindholt EN60601-1-2:2007 EMC Emissions Protection of radio services CISPR 11 Protection of PUBLIC MAINS NETWORK Harmonic distortion IEC 61000-3-2 Voltage fluctuation and flicker IEC 61000-3-3 Immunity ESD ElectroStatic Discharge IEC61000-4-2 Radiated RF Electromagnetic Fields IEC 61000-4-3 Electrical fast transients and bursts IEC 61000-4-4 Surges IEC 61000-4-5 Conducted disturbances, induced by RF fields IEC 61000-4-6 Voltage dips and variations IEC 61000-4-11 Magnetic fields IEC 61000-4-8 EMC oplysninger i brugermanualen, f.eks. afstand til mobiltelefoner Brug et akkrediteret laboratorium og få en testrapport 30.04.2014 Claus Lindholt EN60601-1-8:2007/AC2010 Alarm systemer Elektromedicinsk udstyr Del 1-8: Generelle sikkerhedskrav Kollateral standard: Generelle krav, prøvninger og vejledninger for alarmsystemer i elektromedicinsk udstyr og elektromedicinsk systemer Marking of Controls 6.3 Instruction for Use 6.8.2 Technical Description 6.8.3 Alarm Condition 201.1 Alarm Groups 201.1.1 Alarm Condition Priority 201.1.2 Intelligent Alarm System 201.2 Alarm Signal Generation 201.3 Visual Alarm Signals and Displays 201.3.2 Auditory Alarm Signals 201.3.3 Alarm System Delays 201.4 Alarm Presets 201.5 Alarm Limits 201.6 Alarm System Security 201.7 Alarm Signal Inactivation States 201.8 Alarm Reset 201.9 Alarm Latching Properties 201.10 Distributed Alarms 201.11 Alarm Condition Logging 201.12 30.04.2014 Claus Lindholt Claus Lindholt 11

Regulatorisk Strategi & Plan Hvordan kommer man fra alle kravene til en plan for gennemførelse og får det hele med? MDD Life-Cycle for Medical Devices Intended use Clinical Trials Clinical Reports & Articles Product Requirements Intended Use & Performance Risk Analysis Controlled Processes Verification & Validation Clinical Evaluation QMS - GMP Proces Control Training Calibration CAPA System Change Control Final Control Changes Refurbishment Archiving Vigilance De-commissioning Research Activities Project Plan CEmarking & Development Produc- Tion Marketing & Sales Regulatory Requirements Service & End-of- Life Plan for Regulatory MDD Classification Brochures and Web-site Requirements incl.: MDD Essential Req. Manuals Strategy Risk Management National Language Time Schedule Standards e.g. Dealer Contracts Resources EMC and Safety Post Market Surveillance Economics Clinical Rationale Vigilance Reporting Quality Management Recalls Process Validation 2 Strategi for CE-mærkning Hvad skal udstyret bruges til? + Er det er medicinsk udstyr? + Hvilket direktiv? + Hvilken klassificering? + Hvilken vej til CE-mærket? + Hvilke krav til kvalitetsstyring? + Hvilke standarder gælder? + Hvilke medicinske krav? + Hvordan dokumenteres det hele? = LAV EN PLAN! Claus Lindholt 12

Regulatory Strategy for CE-marking Costumer Requirements Intended Use definition Medical device? Yes Applicable Directive MDD or IVDD (AIMDD) No Other rules & standards? e.g. EPJ or LIS Product properties e.g. includes SW Device Classification: MD: I, Im, Is, IIa, IIb, III IVD: Other, Selftest, List A, B Directive Requirements: Essential Requirements Clinical Rationale IVD Performance Eval.. Harmonized Standards List of applicable Route to CE-mark CA application or NB Other directives to consider: RoHS, Reach, WEEE etc. Technical File Content DHF + DMR Scope & content of QMS QM+QOP+WI+QF+QR CE Conformity doc. PMS & Vigilance Project Plan including Regulatory Strategy and Deliverables Develop Product Documentation Establish QMS Directive + EN ISO13485 Develop MDD/IVDD Conformance Documentation 30.04.2014 Claus Lindholt Documentation for CE-marking Project Plan including Regulatory Strategy and Deliverables Develop Product EN62304 EN62366 EN/ISO14971 EN60601-1 Develop QMS Directive + EN/ISO13485 Clinical Performance doc. EN14155 EN13612 Verify Product Safety & EMC test DHF Implement QMS Quality Records Essential Requirements Product Lifetime Validate Product Transfer to Production DMR + DHR Internal Audit QMS + all doc s MD Clinical Rationale IVD Performance Val. Decl. of Conformance Notified Body Audit (Annex? + ISO 13485) Review of ALL documents xxxx Product Changes Quality Records Management review Clinical Improvement PMS & Vigilance EN62304 Software for medicinsk udstyr Livscyklusprocesser for medicinsk software 30.04.2014 Claus Lindholt Claus Lindholt 13

Is the SW a medical device? Meddev 2.1/6 page 9 Is the SW MDD or IVD? Meddev 2.1/6 page 9 Claus Lindholt 14

Livscyklusprocesser for SW? Input Brugerkrav Projektplan Standarder SW Udvikling Output SW dokumentation Eksekverbar kode Verifkationsdokumentation Proceskontrol Proceskrav Livscyklus EN62304 QA-Dokumentation 30.04.2014 Claus Lindholt MDD Life-Cycle for Medical Devices Intended use Clinical Trials Clinical Reports & Articles Product Requirements Intended Use & Performance Risk Analysis Controlled Processes Verification & Validation Clinical Evaluation QMS - GMP Proces Control Training Calibration CAPA System Change Control Final Control Changes Refurbishment Archiving Vigilance De-commissioning Research Activities Project Plan CEmarking & Development Produc- Tion Marketing & Sales Regulatory Requirements Service & End-of- Life Plan for Regulatory MDD Classification Requirements incl.: MDD Essential Req. Strategy Risk Management Time Schedule Standards e.g. Resources EMC and Safety Economics Clinical Rationale Quality Management Process Validation Brochures and Web-site Manuals National Language Dealer Contracts Post Market Surveillance Vigilance Reporting Recalls From MDD Life Cycle to EN62304 SW-Development MDD Product Life cycle Research Business Plan & Devel. CE-mark Production Marketing & Sales Service & EoL ISO13485 Control Concept Costumer Requirements Development Verification Validation Transfer Product Risk Management Process Claus Lindholt 15

From MDD Life Cycle to EN62304 SW-Development MDD Product Life cycle Research Business Plan & Devel. CE-mark Production Marketing & Sales Service & EoL ISO13485 Control Concept Costumer Requirements Development Verification Validation Transfer Product Risk Management Process EN62304 5.1 SW Planning 5.2 Req. Analysis 5.3 Architecture 5.4 Detailed 5.5 Unit Impl. & Test 7. SW Risk Management Process 5.6 Integrat. & Test 8. SW Configuration Management Process 9. SW Problem Resolution Process 5.7 System Test 5.8 Release From MDD Life Cycle to EN62304 SW-Development MDD Product Life cycle Research Business Plan & Devel. CE-mark Production Marketing & Sales Service & EoL ISO13485 Control Concept Costumer Reqirements Development Verification Validation Transfer Product Risk Management Process EN62304 5.1 SW Planning 5.2 Req. Analysis 5.3 Architecture 5.4 Detailed 5.5 Unit Impl. & Test 7. SW Risk Management Process 5.6 Integrat. & Test 8. SW Configuration Management Process 9. SW Problem Resolution Process 5.7 System Test 5.8 Release EN 62304 - SW Dev. Life Cycle MDD, Bilag I, væsentlige krav 12.1.a. For udstyr, der inkorporerer software, eller i sig selv er medicinsk software, skal softwaren valideres i overensstemmelse med det aktuelle tekniske niveau, idet der tages hensyn til principperne for udviklingslivscyklus, risikostyring, validering og verificering. Annex I, ER 12.1.a. For devices which incorporate software or which are medical software in themselves, the software must be validated according to the state of the art taking into account the principles of development lifecycle, risk management, validation and verification. Claus Lindholt 16

Life-cycle model for softwareudvikling iht. EN62304 Et framework processer, aktiviteter og opgaver Identificerer krav for hvad der skal gøres og hvad der skal dokumenteres Specificerer en SW klassifikation metode Beskriver ikke hvordan kravene opfyldes Kræver ikke en specifik SW life-cycle model Specificerer ikke dokumenter SW Development Processes Documented life-cycle with: Development Plan Milestones Activites Documentation Development life-cycle must include: Requirements specification Architecture specification Sub-system design and test specifications Verification PEMS Validation EN62304 - Vigtige koncepter Kvalitetsstyring og risikostyring er nødvendig SW klassificeres iht. fareniveau (severity of potential harm) Der er forskellige krav baseret på SW klassifikationen Forskellige moduler kan have forskellig klasse Segregering adskillelse af kritiske funktioner også variabler SW life-cycle ender ikke med produktfrigivelsen, den fortsætter med vedligeholdelse Guidelines for risikostyring af medicinsk software: AAMI TIR32:2004 Medical device software risk management IEC/TR 80002-1 Guidance on the application of ISO14971 to medical device software Claus Lindholt 17

EN62304 Klassifikation af software Risk Management Proces efter EN ISO 14971 A: No injury possible B: non-serious injury C: death or serious injury Validering afhænger af klasse De-klassificering ved HW risk control SW risk control samme klasse som kontrollerede hazard Segregering skal dokumenteres SW i et medicinsk udstyr Medical SW funktionstyper Claus Lindholt 18

Særlige risiko egenskaber ved SW SW kan ikke i sig selv påføre skade derfor kan risikoanalyse ikke gennemføres på SW alene HW platform og tilkoblet udstyr samt kommunikation skal med SW er systematisk af natur og fejler ikke tilfældigt derfor bruges sandsynlighed ikke. Risiko = 100% Alle årsager må derfor undersøgers og imødegås, hvis de er kritiske. Funktionen af SW er afgørende for dybden af risikoanalysen og valg af kontrolmetoder ved SW fejl: Life supporting respirator Terapeutisk strålekanon Dianostisk eller monitorering ALPE eller patientmonitor Kæder af årsager i SW SW Risk Management Claus Lindholt 19

Kontrol af farlige situationer SOUP Software of Unknown Provenance Også kaldet tredje parts software Styresystemer, udviklingsystemer (biblioteker), run-time fortolker (Java), kommunikations SW, drivere etc. Hvis der skiftes version af udviklingssystem, kan det betyde ny komplet SW-test og SW-validering Hvis SOUP bruges, skal det altid være under kontrol og enten valideres, overvåges eller isoleres ALPE essential System Architecture ALPE Trolley N 2 O 2 10L or 20L Gas Cylinders w. Pressure Regulators to 5 Bar Public Mains ALPE-1 Control Unit Gas Supply System Pulse Oximeter Embedded Controller w. ALPE-1 Firmware USB I/F Isolated Mains Power Status Display Supply Function buttons & Alarm Beeper Isol.Trafo Gas Flow Data/Electrical Inspired atmospheric air ALPE Respiration Unit Flow Meter O 2 Analyzer Patient Windows WLAN Notebook PC w. ALPE Console SW Operator 4 HW systems: ALPE-1 Trolley ALPE-1 Controller Unit ALPE Respiration Unit ALPE Notebook PC 2 SW Systems: ALPE-1 Firmware w. Alarm System ALPE Console SW w. Algorithm and Operator Interface SOUP håndtering af Windows XP og Embedded Linux Opdelt på flere processorer Alarmsystem - segregering FPGA og HW-watch-dog Sikker USB kommunikationsprotokol 30.04.2014 Claus Lindholt Claus Lindholt 20

SW Risk Management Brug vejledninger i anvendelse af EN ISO 14971 (risikostyring) i forbindelse med software til medicinsk udstyr (TIR 32 og IEC TR80002-1) Find alle farer på systemniveau og identificér dem, der kan have SW som grundlæggende årsag Lav en tabel pr. identificeret fare (hazard) og grad af alvorlighed (severity) List alle årsager og kæder af årsager Opstil kontrolmetoder (Methods of Control ikke mitigations) List sporbarhed for kontrolmetoder med krydsreference til system specifikation, design og alle testniveauer (og kode for Class C) Risk Management EN/ISO14971 Hvis tiden tillader? EN62366:2007 Medicinsk udstyr Indbyggelse af anvendelighed i medicinsk udstyr Medical devices Application of usability engineering to medical devices Claus Lindholt 21

Categories of user actions Indblanding Smutter Utilsigtet Huskefejl Tilsigtet 30.04.2014 Claus Lindholt Usability conceptual design Risk Analysis Claus Lindholt 22

Dokumentation af medicinsk SW BRDPhase 1 CRS Phase 2 Phase 3 Phase 3 & 4 Phase 4 SRS Risk Management Process Legend: BRD Business Rationale Document CRS Customer Requirement Specification VaTP Validation Test Plan VaTR Validation Test Report SRS System Requirement Specification VeTP Verifictaion Test Plan SDS System Specification ITP Integration Test Plan ITR Integration Test Report xdd Document (x= S for SW, H for H W, U for Usability & M for Mechanics) MTP Module Test Plan MTR Module Test Report RMF = Risk Management File DHF History File DMR Device Master Record Mermaid Care QMS Control Process Phase V-Model and Controlled Documents RM F SDS xdd VaTP VeTP ITP M TP M TR ITR VeTR Verification Process VaTR Phase 4 Phase 4 Phase 5 Phase 6 Phase 7 V.1.1 / 07.12.06 / CL DHF Legend: Phase 1: Product Proposal Phase 2: Product Requirements Phase 3: Phase 4: Development Phase 5: System Verification Phase 6: System Validation Phase 7: Product Release DM R 10 Technical File for CE-marking of Stand-alone SW MDD Product Life cycle Research Business Plan & Develop. CE-mark Production Marketing & Sales Service & End-of-Life Clinical Articles (optional) Business Rationale (optional) Classification Final Test Essential Req. Final Control Standards Clinical Rationale Declaration Brochures Web-site EN13485 Control Concept Costumer Requirem. Development Verification Validation Transfer Proof of Concept Clinical Articles (optional) CRS RMF VaTP VaTPr VaTR DMR: SW-executable SW Configuration Manuals Labels Packaging Work Instructions EN62304 SW 5.1 Planning 5.2 Requirem. Analysis 5.3 Architecture 5.4 Detailed 5.5 Unit Implem. & Test 5.6 Integration & Test 5.7 System Test 5.8 Release PMP SRS SAS SDD s MTR s ITR VeTPR SWC SW-RMF VeTPr VeTP SDS ITPr ITP MTPr s MTP s Claus Lindholt 23

Required QMS Procedures MDD Annex VI+VII MDD Product Life cycle Research Business Plan & Develop. CE-mark Production Marketing & Sales Service & End-of-Life CE-marking Process Post Marketing Surveilance Vigilance EN13485 Control Concept Costumer Requirem. Development Verification Validation Transfer Risk Management Sub-contracting of Production EN62304 SW 5.1 Planning 5.2 Requirem. Analysis 5.3 Architecture 5.4 Detailed 5.5 Unit Implem. & Test 5.6 Integration & Test 5.7 System Test 5.8 Release SW Control EN62304 Document Control SW Risk Management Configuration Management Problem Resolution Required Quality Records MDD Product Life cycle Research Business Plan & Develop. CE-mark Production Marketing & Sales Service & End-of-Life Management Reviews Standards DHR: P/O Records Test Records Control Records Complaints Accident Reports EN13485 Control Concept Costumer Requirem. Development Verification Validation Transfer Sub-contracting of Production EN62304 SW 5.1 Planning 5.2 Requirem. Analysis 5.3 Architecture 5.4 Detailed 5.5 Unit Implem. & Test 5.6 Integration & Test 5.7 System Test 5.8 Release Phase Reviews Document Reviews Configuration Records Release Notes Training Records Problem Reports Manifesto for Agile Software Development We are uncovering better ways of developing software by doing it and helping others do it. Through this work we have come to value: Individuals and interactions over processes and tools Working software over comprehensive documentation Customer collaboration over contract negotiation Responding to change over following a plan That is, while there is value in the items on the right, we value the items on the left more. Claus Lindholt 24

AAMI TIR 45:2012 AGILE Practices in the development of medical Device SW Fig 4, p.23 Spørgsmål og diskussion Kontakt: claus@lindholt.dk mobil: 40 25 35 33 LinkedIn: dk.linkedin.com/in/clauslindholt/ Kvalitetsstyring ISO 13485 Claus Lindholt 25

ISO 13485 Medicinsk udstyr Kvalitetsstyringssystemer Krav til lovmæssige formål Standard for kvalitetsstyringssystemer indenfor medicinsk udstyr Konstrueret med henblik på opfyldelse af lovmæssige krav Harmoniseret i EU i forhold til MDD+AIMDD Stort overlap med FDA s Quality System Regulations (21 CFR part 820), men dækker ikke alle QSR krav Proces- og produktstandarder Produktstandarder beskriver, hvad produktet skal kunne/gøre/være. Eksempelvis kravene i IEC 60601-1-2 Processtandarder beskriver hvordan fabrikanten skal udføre en opgave. Eksempelvis ISO 13485 og ISO 14971 Fordele: Muliggør tilpasning til fabrikantens egne vilkår, undgår micro-management fra lovgivernes side Men en processtandard er en større ledelsesopgave at implementere end en produktstandard, da den griber ind i større dele af organisationen, ikke kun R&D og produktion Kvalitetsstyringssytem (QMS) Specificerer de processer som skal til for at organisationen kan levere produkter/services, der lever op til krav fra lovgivere, kunder og andre Input Sæt af sammenhængende aktiviteter Output Claus Lindholt 26

Interaktion mellem processerne Plan 6. Resource management processes 4. Quality Management System Act 5. Management responsibility processes Do 7. Product realization processes Check 8. Measuring, monitoring, and improvement processes 4. Quality Management System Etablere kvalitetsstyringsystemet: Identificere processer og hvad de behøver for at kunne køre effektivt, forpligte sig til at udføre og følge op på disse processer Establish er nøgleordet: Processerne skal være dokumenterede og følges i praksis Dokumentationskrav: Kvalitetsmanual, kvalitetspolitik, kvalitetsmål, documents og records. Alle har et medansvar men det overordnede QMS-ansvar er ledelsens 5. Management responsibility Organisationsdiagram: Definere ansvarsområder Management representative: Ansvarlig for implementering Rapporterer til ledelsen om QMS tilstand Skaber bevidsthed om lovmæssige krav i organisationen Management review: Ledelsen mødes for at diskutere QMS. Claus Lindholt 27

6. Resource management Organisationen skal identificere de ressourcer, der er nødvendige for at kunne drive kvalitetsstyringssystemet i overensstemmelse med kravene, og sikre at disse er til stede Ressourcer kan være mennesker, maskiner, bygninger, værktøjer osv. 7. Product realization Udstyrets vej fra idé til kunde Generelle krav til nyt udstyr Kunden: Customer requirements Specifikke krav til et indkøb Sales (7.2 Customer related processes) control (7.3) Purchasing Tegninger, specifikationer, arbejdsinstruktioner Production and service provision Tegninger, specifikationer, (7.5) arbejdsinstruktioner Færdigt udstyr 7.3 control Claus Lindholt 28

8. Measuring, monitoring, and improvement Forbedring er ikke et krav i 13485 kravet er maintain the effectiveness Korrigerende og forebyggende handlinger Nonconformance: Noget er ikke, som det bør være Corrective action: Root cause analysis-> forhindre at problemet opstår igen Correction: Man reparerer det umiddelbare problem 8. Measuring, monitoring, and improvement Control of Nonconforming Product Corrective and Preventive Action Feedback til ledelsen Analysis of Data Customer complaints/feedback Internal audits Dokumentation Documents kendetegnes ved et revisionsnummer, udvikler sig og opdateres Kvalitetsmanual Procedurer Skabeloner Arbejdsinstruktioner Records arkivmateriale Training records: Certifikater, CV er, eksamensbeviser Purchasing records: Ordrer, følgesedler Device History Record Hvis det ikke er dokumenteret, skete det ikke. Nogle dokumenter og records er direkte krævet af ISO 13485 andre er bare gavnlige at have Papir eller elektronisk? Underskrifter er et nøgleelement. Praksis på området er høje krav til dyr og tidskrævende validering af software til elektroniske underskrifter Claus Lindholt 29

ISO 13485 og andre standarder Andre processtandarder kan have yderligere krav til bestemte processer i QMS EN 62304: Software life cycle processes EN 14971: Risk management for medical devices Da mange sådanne standarder forudsætter et kvalitetsstyringsystem, kan det være nødvendigt at have et, selvom MDD ikke kræver det for udstyrets klasse ISO 13485 binder andre processtandarder sammen Ansvarsdefinition Dokumentationskrav Ledelse ISO 13485 og andre standarder ISO 13485 kræver, at man sætter sig ind i de lovmæssige krav til udstyret og følger dem: En af kvalitetsstyringsystemets opgaver er at sørge for, at relevante produktstandarder følges Notified Bodies + audits EU: Notified Body påtager sig mod betaling opgaven med at sikre, at fabrikanters kvalitetsstyringsystem lever op til relevante krav (ISO 13485) Certificering (3-årig), med årlige opfølgningsaudits Dokumentationsgennemgang og interviews Frit valg blandt akkrediterede Notified Bodies der er forskel! Vær opmærksom på: ISO 13485 er ikke altid konkret. NBs kan finde på at komme med krav, der bunder i deres praksis, ikke i 13485 (dem kan man modsætte sig!) Afsæt god tid til audit, også i ledelsen. Det er en let måde at vise, at ledelsen tager ansvar for kvalitetsstyringsystemet. Claus Lindholt 30

Spørgsmål og diskussion Claus Lindholt 31