Avsnitt

  • “Overconfidence in the performance of AI models in the development phase is a common problem.”

    In this Let’s Talk Risk! conversation, David Giese highlights the growing need for a rigorous, disciplined development process with the goal of meeting regulatory requirements for marketing authorization. He shares how AI developers are often over-confident in the performance of their models, but disappointed when these models are subjected to rigorous scrutiny during the regulatory review.

    Software as a Medical Device (SaMD), including AI/ML devices, are growing exponentially in MedTech. Rapidly evolving technology offers an opportunity to develop innovative products, but it also presents new risks. Security and Cybersecurity concerns are on the rise, as well as, concerns about transparency and explainability of AI/ML models.

    David points to new guidance documents from the FDA and emerging standards. As an example, software developers should consider using IEC 81001-5-1 - Health software and health IT system safety, effectiveness and security - along with IEC 62304 - Medical device software - Software life cycle processes.

    Listen to this Let’s Talk Risk! conversation with David Giese, which also includes an open discussion with a live audience. Jump to a section of interest using these timestamps.

    00:01:30 Introduction

    00:02:30 Current state of AI/ML applications in MedTech

    00:04:05 Different types of AI models - adaptive vs. generative AI

    00:06:25 Challenges in meeting regulatory expectations for AI in MedTech

    00:08:18 Use of synthetic data in AI model development

    00:09:30 Best practices for AI development and regulatory submissions

    00:12:02 Cybersecurity challenges for SaMD and AI/ML devices

    00:14:03 New skills risk practitioners need to develop

    00:15:09 Open discussion and audience Q&A

    00:27:20 Closing comments and key takeaways

    If you enjoyed this podcast, consider subscribing to the Let’s Talk Risk! newsletter.

    Suggested links:

    LTR: EU vs. FDA - Aligned but different in approach to safety of AI/ML devices

    LTR: A new paradigm for building connected medical devices

    FDA: Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions, Issued September 2023.

    About J. David Giese

    J. David Giese is currently President and Partner at Innolitics, a consulting firm specializing in development of new medical software and regulatory submissions to the FDA. His team has helped develop and receive FDA clearance for over 60 medical devices, both SaMD and SiMD, over the last 12 years. His expertise include application development, custom software development, engineering design, project management, user experience design, cybersecurity, software testing and technical writing. He holds Bachelors and Masters degrees in Biomedical Engineering.

    Let’s Talk Risk! with Dr. Naveen Agarwal is a weekly live audio event on LinkedIn, where we talk about risk management related topics in a casual, informal way. Join us at 11:00 am EST every Friday on LinkedIn.

    Disclaimer

    Information and insights presented in this podcast are for educational purposes only. Views expressed by all speakers are their own and do not reflect those of their respective organizations.



    This is a public episode. If you’d like to discuss this with other subscribers or get access to bonus episodes, visit naveenagarwalphd.substack.com/subscribe
  • Summary

    “Medical devices are now increasingly connected in a hospital network. Or even if they are not, they are vulnerable to cyber attacks”.

    In this episode of the Let's Talk Risk Podcast, Eric Henry highlights the growing concern about security and cybersecurity of medical devices. As technology evolves and medical devices increasingly operate in an i…



    This is a public episode. If you’d like to discuss this with other subscribers or get access to bonus episodes, visit naveenagarwalphd.substack.com/subscribe
  • Saknas det avsnitt?

    Klicka här för att uppdatera flödet manuellt.

  • “Software more than any other type of device, has integrations with other systems and devices. You have to consider a complex network of dependencies and infrastructure when analyzing risks.”

    In this Let’s Talk Risk! conversation, Megan Kane highlights the growing role of software, including artificial intelligence, in in-vitro diagnostic devices, including in next generation sequencing applications. We are now living at at time where technology is rapidly enabling precision medicine solutions for an individual patient.

    In this high-tech environment, increasingly driven by software, new risks are also emerging. Cybersecurity, patient data privacy, service availability are common concerns. But when it comes to IVDs, it becomes challenging to connect the dots to find a direct link to the patient. Inaccurate or delayed results are common risks related to IVDs, but their potential impact on a patient is difficult to figure out with sufficient confidence. It often results in underestimating the severity of potential harm as reflected by a recent FDA warning letter.

    Another key development in this area is the new FDA regulation for Lab Developed Tests (LDT), which is expected to add new requirements for pre-market reviews, risk management and quality system.

    Listen to this Let’s Talk Risk! conversation with Megan Kane, which also includes an open discussion with a live audience. Jump to a section of interest using these timestamps.

    00:01:10 Introduction

    00:01:50 How software is increasingly driving IVD applications

    00:03:30 Emerging risks with software in IVDs

    00:06:15 Evolving regulatory approach to IVDs affecting LDTs

    00:09:13 Increasing focus on risk management for LDTs

    00:12:50 Risk considerations when software is a component of an IVD

    00:15:30 Open discussion and audience Q&A

    00:28:01 Closing comments and key takeaways

    If you enjoyed this podcast, consider subscribing to the Let’s Talk Risk! newsletter.

    Suggested links:

    LTR: 3 pillars for defining your IVD risk management strategy

    LTR: Focus on intended use for risk management of IVDs

    FDA: Laboratory developed tests

    About Megan Kane

    Megan Kane is currently Director of Regulatory Operations at Velsera, where she supports the mission of radically improving healthcare globally through multi-omics to fuel growth of precision medicine. She is primarily involved in developing advanced software, including AI applications for end-to-end Next Gen Sequencing analysis. Previously she held various roles in Quality and Regulatory functions at both large and small medical device and in-vitro diagnostic companies. She holds a Bachelor’s degree in Molecular and Cell Biology, and Internal Auditor certifications from BSI in ISO 13485:2016 and ISO 9001:3015.

    Let’s Talk Risk! with Dr. Naveen Agarwal is a weekly live audio event on LinkedIn, where we talk about risk management related topics in a casual, informal way. Join us at 11:00 am EST every Friday on LinkedIn.

    Disclaimer

    Information and insights presented in this podcast are for educational purposes only. Views expressed by all speakers are their own and do not reflect those of their respective organizations.



    This is a public episode. If you’d like to discuss this with other subscribers or get access to bonus episodes, visit naveenagarwalphd.substack.com/subscribe
  • Risk practitioners in MedTech now have a unique opportunity to help accelerate development and post-market improvement of AI/ML enabled medical devices while also reducing the regulatory burden.

    PCCP, or Pre-Determined Change Control Plan, is a novel regulatory approach that allows device manufacturers to include planned changes in their initial submission and avoid additional submissions in the post-market phase when these changes are implemented.

    This is even more important for AI/ML enabled medical devices, which are expected to learn from new data in real-world applications to improve both user experience and performance without compromising patient safety.

    As an example, Apple recently utilized a tailored PCCP approach in their regulatory submissions to receive advance clearance for their planned post-market changes. In case of the Hearing Aid Function, they focused on features to improve user experience. In the Sleep Apnea Notification function (SANF), on the other hand, they focused on improving the performance of the core AI model based on real-world data. In both cases, they proposed a rigorous verification and validation plan, and labeling updates.

    Risk managers can play a key role in planning these modifications using a risk-based approach. They can help develop testing and implementation protocols. Finally, they can help articulate the overall benefits and risks to convince the FDA that these planned changes would improve safety and effectiveness.

    Risk practitioners therefore have an opportunity to become more strategic and influential by playing a proactive role. They can collaborate with regulatory professionals, product developers and clinicians right from the start of product development.

    Listen to the 22-minute audio summary above that covers the following topics:

    * Key differences between FDA’s draft and final PCCP guidance

    * Lessons learned from Apple’s tailored approach to PCCP

    * Understanding benefits and risks of PCCPs

    * Opportunities for risk practitioners

    * Challenges in implementing PCCPs

    Disclaimer

    This article was prepared with the help of Google NotebookLM, an artificial intelligence research assistant, using the following sources:

    * FDA Draft and Final Guidance: PCCP for AI/ML enabled devices.

    * Apple De Novo: Hearing Aid Feature, Decision Summary.

    * Apple 510k: Sleep Apnea Notification Feature (SANF).

    * Caption Health De Novo: Automated Ejection Fraction Software.

    * Notes created using Google NotebookLM in response to user prompts.

    All output(s), including the audio summary, were reviewed by a human for accuracy and relevance. This article is intended for educational purposes only and should not be considered as regulatory advice.

    If you liked this post, consider becoming a free or paid subscriber to Let’s Talk Risk!.



    This is a public episode. If you’d like to discuss this with other subscribers or get access to bonus episodes, visit naveenagarwalphd.substack.com/subscribe
  • This is a free preview of a paid episode. To hear more, visit naveenagarwalphd.substack.com

    Summary

    “You are not gong to lose your job to AI, but you may lose your job to someone who knows how to use AI better than you do”.

    In this episode of the Let's Talk Risk Podcast, we explore the benefits of applying Generative AI to improve consistency of quality system documentation in MedTech with Garth Conrad, VP of Quality at Flex Health Solutions.

    G…

  • Applications of AI in medical devices are growing rapidly. The regulatory environment in both the US and the EU is also changing fast. In this dynamic environment, it is important to stay updated and practice a flexible approach to both risk management and your regulatory strategy.

    Listen to a brief audio summary above, about the emerging regulatory environment in these two major jurisdictions, and key takeaways for risk practitioners and regulatory professionals.

    Regulatory environment is changing rapidly but there is new guidance

    There is good news! A new guidance document in the form of a questionnaire was recently published by the Team-NB, the European Association of Medical devices Notified Bodies. The joint Team-NB/IG-NB Questionnaire on Artificial Intelligence in Medical Devices offers device manufacturers a process-oriented roadmap to demonstrate conformity to the EU-MDR (or EU-IVDR) requirements.

    The term risk(s) appears 50 times in this questionnaire, highlighting the significance of risk management as a critical factor in ensuring safety and effectiveness of AI devices throughout their lifecycle. Out of a total of 189 questions across 26 categories, 32 (17%) are explicitly related to risk management!

    FDA’s regulatory approach is considerably less prescriptive and more collaborative. The regulatory framework for the pre-market review is no different for AI-enabled devices compared to medical devices in general, including Software as a Medical Device (SaMD). A majority of nearly 1000 AI/ML enabled devices have been authorized as Class II devices, either through the De Novo, or the 510k pathway. The most important requirement is to demonstrate safety and effectiveness through valid scientific evidence that benefits of the intended use outweigh probable risks.

    Let us take a closer look at the emerging regulatory environment in the US and EU

    First, there is broad alignment at a high level between FDA and the EU

    At a high level both FDA and notified bodies are generally aligned on the need to demonstrate safety and effectiveness of AI-enabled medical devices. Here are 3 specific areas of convergence in these two :

    1. Focus on safety and effectiveness

    Both the FDA and the European approach, reflected by Team-NB, prioritize patient safety and the effectiveness of AI-enabled medical devices.

    2. Recognition of AI’s unique challenges

    Both recognize that AI presents unique regulatory challenges due to its complexity, iterative nature, and reliance on data.

    3. Importance of real-world monitoring

    Both emphasize the need for ongoing monitoring of AI-enabled devices in real-world settings to ensure safety and performance.

    Second, the Team-NB approach focuses on certifiability using a process-oriented questionnaire

    1. Process-oriented approach for safety

    The European approach, as evidenced by the questionnaire, focuses on ensuring the safety of AI-based medical devices through a comprehensive evaluation of processes throughout the device lifecycle.

    2. Detailed requirements and documentation

    The questionnaire outlines specific requirements for documentation, competence of development teams, risk management, data management, model development, and post-market surveillance.

    3. Emphasis on certifiability

    The questionnaire highlights the challenges of certifying AI-based medical devices, particularly those with self-learning capabilities, and emphasizes the need for robust validation processes.

    4. Consideration of AI-specific security risks

    The questionnaire addresses AI-specific cybersecurity risks like adversarial attacks and emphasizes the importance of security lifecycle management.

    Finally, FDA’s approach is more collaborative and adaptive

    1. Collaborative and adaptive

    The FDA emphasizes collaboration with stakeholders (developers, patients, academia, global regulators) and a commitment to adapt regulations to the rapidly evolving AI landscape.

    2. Focus on bias mitigation and health equity

    The FDA prioritizes addressing bias in AI algorithms and promoting health equity by ensuring data representativeness.

    3. Emphasis on lifecycle management

    The FDA stresses the importance of managing AI applications throughout the medical product lifecycle, from design to deployment, monitoring, and maintenance.

    4. Commitment to guidance and regulatory science

    The FDA is actively developing guidance documents and supporting research to address the unique challenges of evaluating and regulating AI in medical products.

    Key takeaways for risk practitioners and regulatory professionals

    In this rapidly changing environment, it is very important for risk practitioners and regulatory professionals to stay current with evolving regulatory approaches. Here are 3 key takeaways to keep in mind:

    1. Practice a flexible and adaptable approach to risk management

    Risk practitioners and regulatory professionals need to stay informed of the latest developments and adjust their practices accordingly. They must also anticipate future changes and build flexibility into their risk management frameworks and compliance strategies.

    2. Understand and address bias in AI systems

    Identifying and quantifying bias in AI systems can be complex. Risk practitioners and regulatory professionals need to develop robust methodologies for assessing bias and its potential impact on patient safety and health equity. This includes understanding the sources of bias in training data, evaluating the fairness of AI algorithms, and implementing strategies for monitoring and mitigating bias in deployed systems.

    3. Apply a tailored approach to address regulatory concerns in each market

    The FDA is primarily focused on the end product and its intended use, while the EU is taking a more process-oriented approach that emphasizes the entire AI lifecycle. These differing approaches may lead to varying risk profiles and require adjustments to risk management strategies depending on the target market. Risk practitioners and regulatory professionals need to carefully consider these differences and develop tailored strategies that meet the specific requirements of each jurisdiction.

    In conclusion

    It is clear that AI applications in MedTech are going to continue growing. We are still in the early phase of AI applications, especially in healthcare.

    At the same time, the regulatory environment is evolving rapidly. Both the FDA and the EU are moving fast to catch up with technology. While a focus on safety and effectiveness remains as the centerpiece of the regulatory approach, there are distinct differences in these two major jurisdictions. Good news is that new guidance from these regulators is coming out to clarify their latest thinking.

    Risk management is an essential aspect of regulatory focus. There are new and emerging concerns about risks associated with AI/ML devices. Risk practitioners and regulatory professionals must stay current, and develop flexible, adaptable and tailored strategies to respond to this dynamic regulatory environment.

    Disclaimer

    This article was prepared with the help of Google NotebookLM, an artificial intelligence enabled research assistant, using the following sources:

    * FDA white paper: Artificial Intelligence & Medical Products.

    * Team-NB - Questionnaire: Artificial Intelligence in Medical Devices.

    * FDA: Good Machine Learning Practice for Medical Device Development.

    * IMDRF: Good machine learning practice for medical device development.

    * Notes created using Google NotebookLM in response to user prompts

    All output(s), including the audio summary, were reviewed by a human for accuracy and relevance. This article is intended for educational purposes only and should not be considered as regulatory advice.

    If you liked this post, consider becoming a free or paid subscriber to Let’s Talk Risk!.



    This is a public episode. If you’d like to discuss this with other subscribers or get access to bonus episodes, visit naveenagarwalphd.substack.com/subscribe
  • “The classic thing with AI is that the hard stuff is easy and the easy stuff is hard. It can do math I cannot do, but it cannot do the reasoning I find easy.”

    In this Let’s Talk Risk! conversation, we discuss key challenges and opportunities for applying Artificial Intelligence/Machine Learning (AI/ML) in MedTech. This was an open conversation with a live audience as part of the weekly Let’s Talk Risk! conversation on LinkedIn.

    AI/ML applications in MedTech are growing rapidly. FDA has authorized nearly 1000 such applications, and this trend is only expected to grow. Our conversation included a variety of topics about this rapidly evolving field.

    This discussion involved comments from Emanuel Tkach, MD, Bijan Elahi, Edwin Bills, Rafael Pozos, Wag Hanna, Phil Deming, Andy David and Ritam Priya.

    Jump to a section of interest using these timestamps.

    00:03:30 Key factors related to AI/ML applications in MedTech

    00:05:30 Dynamic nature of AI/ML causing performance drift

    00:07:30 Upcoming ISO guidance on risk considerations for AI/ML applications

    00:09:00 Keeping the human in the loop

    00:10:25 Data quality issues and best practices for AI/ML

    00:12:17 Cybersecurity considerations affecting safety

    00:14:20 Lessons learned from clinical evaluation of conventional devices

    00:16:25 Is agile software development for AI/ML too slow?

    00:19:12 Treating AI/ML as a tool and a team member, and its limitations

    00:23:30 A few examples of AI/ML applications in MedTech

    00:21:35 Watch out for human over-reliance on AI/ML

    00:27:44 Experience with ChatGPT prompts

    00:32:22 Closing comments and key takeaways

    If you enjoyed this podcast, consider subscribing to the Let’s Talk Risk! newsletter.

    Suggested links:

    LTR: AI/ML in MedTech

    FDA: QA/RA aspects of AI/ML devices

    Disclaimer

    Information and insights presented in this podcast are for educational purposes only. Views expressed by all speakers are their own and do not reflect those of their respective organizations.



    This is a public episode. If you’d like to discuss this with other subscribers or get access to bonus episodes, visit naveenagarwalphd.substack.com/subscribe
  • Summary

    “Apply the usability engineering process diligently, and with the spirit of inquiry. You will learn things that you never thought. And these are the things that make your device possible”.

    Human factors engineering, or usability engineering, is often thought of as a check-the-box activity for the purpose of regulatory compliance. But it is a lot …



    This is a public episode. If you’d like to discuss this with other subscribers or get access to bonus episodes, visit naveenagarwalphd.substack.com/subscribe
  • In this Let’s Talk Risk! conversation, Ritam Priya advises device manufacturers to engage early with the FDA through the Q-sub program. Applications of AR/VR in MedTech are growing rapidly, but the regulatory science is still evolving. There are many specific safety and performance concerns unique to AR/VR technologies used for medical purposes. Early engagement with the FDA can help in developing adequate plans for verification and validation of these devices.

    Image quality, cyber-sickness, rapidly changing hardware and software technologies used in AR/VR applications, for example, are some of the concerns that need careful planning throughout design and development and in the post-market phase.

    Listen to this Let’s Talk Risk! conversation with Ritam Priya, which also includes an open discussion with a live audience. Jump to a section of interest using these timestamps.

    00:02:05 Introduction

    00:01:30 Transitioning into a medical safety role from clinical practice

    00:02:31 Overview of AR/VR applications in MedTech

    00:06:15 Example of a recently cleared AR/VR based medical device

    00:08:27 Image quality is a major concern for FDA in AR/VR devices

    00:09:20 How FDA is advancing regulatory science for AR/VR technologies

    00:11:18 Special safety and performance considerations for AR/VR devices

    00:13:27 Audience Q&A and open discussion

    00:31:11 Closing comments and key takeaways

    If you enjoyed this podcast, consider subscribing to the Let’s Talk Risk! newsletter.

    Suggested links:

    LTR: A fast growing frontier: AR/VR driving innovation in MedTech.

    FDA: Augmented Reality and Virtual Reality in Medical Devices.

    About Ritam Priya

    Ritam Priya is currently the Founder & Principal at Novarum MDRQ Consulting where she provides regulatory consulting services to MedTech clients in both pre- and post-market phases. She has over 20 years of experience in the medical industry, including leadership experience at top organizations. Her expertise includes regulatory requirements for marketing authorization of medical devices in major global markets including US, EU, UK, Australia and Canada. She holds a Bachelor’s degree in Mathematics, Computer Science and Economics, and an MBA in Strategy.

    Let’s Talk Risk! with Dr. Naveen Agarwal is a weekly live audio event on LinkedIn, where we talk about risk management related topics in a casual, informal way. Join us at 11:00 am EST every Friday on LinkedIn.

    Disclaimer

    Information and insights presented in this podcast are for educational purposes only. Views expressed by all speakers are their own and do not reflect those of their respective organizations.



    This is a public episode. If you’d like to discuss this with other subscribers or get access to bonus episodes, visit naveenagarwalphd.substack.com/subscribe
  • “It comes down to collaboration. It comes down to intentional communication and ensuring there is trust and familiarity on both sides.”

    In this Let’s Talk Risk! conversation, Dr. Olaf Hedrich emphasizes the need for collaboration, building trust and familiarity between clinicians and engineers. We all have a mutual desire to do the right things for our patients, but sometimes our lens is a bit narrow. It is important to understand some of the technical side of our individual functions so we can learn to speak the same language and broaden the aperture on our collective view.

    Clinicians should learn some of the technical language and concepts of risk, and engineers should gain exposure to the practice of medicine relevant to their device.

    He shares a specific example of how clinicians can help uncover the true nature of risk and find innovative solutions to challenging problems. It is not unusual for harm to occur even when there is no device malfunction or defect. In these situations, clinicians can help understand the true nature of risk through peer-to-peer communication with other clinicians in the field directly involved with the device.

    Listen to this Let’s Talk Risk! conversation with Dr. Olaf Hedrich, which also includes an open discussion with a live audience. Jump to a section of interest using these timestamps.

    00:00:40 Introduction

    00:01:30 Transitioning into a medical safety role from clinical practice

    00:03:50 How clinicians can help understand the true nature of risk

    00:06:25 Keeping the patient in the center of everything we do

    00:07:57 How intentional communication and trust drives collaboration

    00:08:50 Emerging challenges for MedTech in a rapidly changing environment

    00:11:25 Career advice to industry professionals for growth in this new environment

    00:14:27 Audience Q&A and open discussion

    00:32:10 Closing comments and key takeaways

    If you enjoyed this podcast, consider subscribing to the Let’s Talk Risk! newsletter.

    Suggested links:

    LTR: Tips for clinicians transitioning into a medical safety role in MedTech.

    LTR: Communicate to facilitate collaboration, not to impose opinions.

    About Dr. Olaf Hedrich, MD

    Dr. Olaf Hedrich is currently the Chief Medical Safety Officer at Medtronic. Previously he was at Boston Scientific in a career spanning more than 10 years in various roles of increasing responsibility. He transitioned into MedTech from his clinical practice as a cardiac electrophysiologist. He also served as instructor of medicine and clinical fellow at Tufts-New England Medical Center, and as instructor of medicine and chief resident at Saint Louis University. He is a Fellow of the Heart Rhythm Society and a Fellow of the American College of Cardiology.

    Let’s Talk Risk! with Dr. Naveen Agarwal is a weekly live audio event on LinkedIn, where we talk about risk management related topics in a casual, informal way. Join us at 11:00 am EST every Friday on LinkedIn.

    Disclaimer

    Information and insights presented in this podcast are for educational purposes only. Views expressed by all speakers are their own and do not reflect those of their respective organizations.



    This is a public episode. If you’d like to discuss this with other subscribers or get access to bonus episodes, visit naveenagarwalphd.substack.com/subscribe
  • Summary

    “PCCP is a great tool for your regulatory strategy but it is not for every company or for every change”.

    PCCP (Predetermined Change Control Plan) is a new regulatory scheme that allows device manufacturers to implement post-market changes without requiring pre-market submission to the FDA.

    In this episode, Yu Zhao explains how the PCCP tool offer…



    This is a public episode. If you’d like to discuss this with other subscribers or get access to bonus episodes, visit naveenagarwalphd.substack.com/subscribe
  • “It is not just about protecting your data. It is also about protecting safety of a medical device.”

    In this Let’s Talk Risk! conversation, Nidhi Gani highlights the important difference between data security and cybersecurity, especially for a life-saving medical device such as a pacemaker. As medical devices become more inter-connected, they are also increasingly vulnerable to cyberattacks. Managing the risk of these vulnerabilities is a key party of cybersecurity risk management of medical devices and healthcare systems they are a part of.

    Although the regulatory environment is changing rapidly, Nidhi encourages risk practitioners to apply the same basic principles of medical device safety to cybersecurity. A best practice is to apply the secure product development framework (SPDF) across the entire lifecycle of a medical device.

    Listen to this Let’s Talk Risk! conversation with Nidhi Gani, which also includes an open discussion with a live audience. Jump to a section of interest using these timestamps.

    00:01:25 Introduction

    00:02:12 Why cybersecurity is important for medical devices

    00:04:32 Medical devices today operate in a complex, connected environment

    00:05:22 The SPDF approach to medical device development for cybersecurity

    00:07:19 Current industry challenges in applying the SPDF approach

    00:09:28 Cybersecurity challenges in the post-market phase

    00:11:28 Exciting career opportunity for QA/RA professionals

    00:15:13 Audience Q&A and open discussion

    00:29:24 Closing comments and key takeaways

    If you enjoyed this podcast, consider subscribing to the Let’s Talk Risk! newsletter.

    Suggested links:

    AAMI TR57:2016: Principles for medical device security - Risk management, Revised 2023.

    FDA: Cybersecurity webpage, Current as of March 2024.

    LTR: Cybersecurity is the next frontier in medical device risk management.

    LTR: Security risk assessment and vulnerability monitoring.

    About Nidhi Gani

    Nidhi Gani is currently a Cybersecurity regulatory affairs consultant at MCRA and an adjunct professor at Northeastern University. She holds a Bachelor’s degree in Biotechnology and Master’s degrees in Microbiology and Regulatory Affairs in Drugs, Biologics, and Medical Devices. She also has a certification in Cybersecurity from Harvard University. She applies her extensive technical and regulatory experience to help develop innovative solutions for medical device clients in this rapidly evolving space.

    Let’s Talk Risk! with Dr. Naveen Agarwal is a weekly live audio event on LinkedIn, where we talk about risk management related topics in a casual, informal way. Join us at 11:00 am EST every Friday on LinkedIn.

    Disclaimer

    Information and insights presented in this podcast are for educational purposes only. Views expressed by all speakers are their own and do not reflect those of their respective organizations.



    This is a public episode. If you’d like to discuss this with other subscribers or get access to bonus episodes, visit naveenagarwalphd.substack.com/subscribe
  • “Technology has changed, we need to move with the technology change.”

    In this Let’s Talk Risk! conversation, Leo Eisner shares a brief history of IEC 60601, the comprehensive global safety standard for active medical devices, and the work currently ongoing on the 4th edition. He is leading the group currently working on the user-interface aspects, which includes information provided by the manufacturer, usability, alarm system and also user interfaces aspects. There are a total of 12 working groups involved in various aspects of the standard, each focusing on a source of harm or hazardous situation.

    Leo encourages risk practitioners in the industry to stay current with safety standards and consider taking an active role in the standards development process. This is a good way to be recognized as an industry expert and have an opportunity to shape the future direction of best practices.

    Listen to this Let’s Talk Risk! conversation with Leo Eisner, the IEC 60601 Guy, which also includes an open discussion with a live audience. Jump to a section of interest using these timestamps.

    00:02:25 Introduction

    00:03:39 A brief overview and history of IEC 60601

    00:06:30 A quick update on the work currently ongoing on the 4th edition

    00:10:30 Reference documents for the 4th edition project

    00:12:32 Why risk practitioners should get involved in standards development

    00:14:25 Audience Q&A and open discussion

    00:32:30 Closing comments and key takeaways

    If you enjoyed this podcast, consider subscribing to the Let’s Talk Risk! newsletter.

    Suggested links:

    IEC: Architectural specification for safety standards of medical electrical equipment, medical electrical systems, and software used in healthcare, v 3.0.

    IEC: Design specification for the 4th edition of IEC 60601-1

    About Leonard (Leo) Eisner

    Leonard Eisner the “60601 Guy” is the Founder and Principal compliance/regulatory consultant at Eisner Safety Consultants. He has worked at 3 notified bodies and in the medical device industry for over 30 years. His career has spanned over 35 years of product safety certification test lab experience. He worked at 2 internationally recognized labs for 11 years. As an an expert in the standards development process, Leo has been staying at the forefront of evolving medical device standards for over 20 years with standards such as the IEC 60601 series, ISO 15223, ISO 20417 and other Working Group (WG), Maintenance Teams, and committees. He is an expert member of the development teams on IEC 60601-1, edition 3.2, and currently leading one of the WGs, an expert member of an another WG, and on the editing team (AG50) involved in the 4th edition of the standard.

    Let’s Talk Risk! with Dr. Naveen Agarwal is a weekly live audio event on LinkedIn, where we talk about risk management related topics in a casual, informal way. Join us at 11:00 am EST every Friday on LinkedIn.

    Disclaimer

    Information and insights presented in this podcast are for educational purposes only. Views expressed by all speakers are their own and do not reflect those of their respective organizations.



    This is a public episode. If you’d like to discuss this with other subscribers or get access to bonus episodes, visit naveenagarwalphd.substack.com/subscribe
  • “Before making a decision, we have to look at the issues end-to-end. We have to consider how our actions will impact the customer.”

    In this Let’s Talk Risk! conversation, Rajesh Kathuria emphasizes the need to consider the full impact of our actions on safety of customers and users and quality of performance. As an example, when working at the component level, we should consider the impact of any changes at the system level and how it could affect the safety of end user or the patient.

    Rajesh advises industry colleagues to take the emotions out, and rely on data as much as possible. If you don’t have good quality data, your first decision could be to take the time and gather more information, especially when the potential consequences of failure could be catastrophic. He also recommends to consider diverse viewpoints from a cross-functional experienced team as part of the decision making process.

    Listen to this Let’s Talk Risk! conversation with Rajesh Kathuria which also includes an open discussion with a live audience. Jump to a section of interest using these timestamps.

    00:02:10 Introduction

    00:05:42 Considering risks in decision making

    00:08:25 An example of missing long-term factors in decision making

    00:10:09 Taking a systems approach to finding solutions

    00:12:13 An example of a difficult decision to delay a project to ensure safety

    00:14:30 Difficult decisions require courage to do the right thing

    00:16:30 Leadership advice for QA/RA professionals

    00:17:50 Audience Q&A and open discussion

    00:35:50 Closing comments and key takeaways

    If you enjoyed this podcast, consider subscribing to the Let’s Talk Risk! newsletter.

    Suggested links:

    LTR podcast: Understanding risk-based thinking

    LTR podcast: Getting comfortable with a probabilistic way of thinking about risk

    About Rajesh Kathuria

    Rajesh Kathuria is a currently the Owner and Director at KMS Solutions, B.V, providing strategic consulting services in Quality and Regulatory for medical device companies. He is a seasoned leader with over 20 years of industry experience in senior leadership positions. He holds a Bachelors degree in Mechanical Engineering and Graduate degree in Management with specialization in International Marketing and Finance. He is also a certified ISO 13485 lead auditor and has extensive experience of auditing/working in various geographies and different global regulations.

    Let’s Talk Risk! with Dr. Naveen Agarwal is a weekly live audio event on LinkedIn, where we talk about risk management related topics in a casual, informal way. Join us at 11:00 am EST every Friday on LinkedIn.

    Disclaimer

    Information and insights presented in this podcast are for educational purposes only. Views expressed by all speakers are their own and do not reflect those of their respective organizations.



    This is a public episode. If you’d like to discuss this with other subscribers or get access to bonus episodes, visit naveenagarwalphd.substack.com/subscribe
  • “There are 3 pillars I consider essential to defining a strategy for IVD risk management. What is the system definition, who are the user groups, and what is the level of novelty?”

    In this Let’s Talk Risk! conversation, Claudia Campbell-Matland highlights the broad range of in-vitro diagnostic devices (IVD), which requires a strategic approach to their development and risk management.

    Claudia advises IVD manufacturers to consider their risk management strategy and scope under 3 pillars - the system definition, the target user groups and the level of complexity. A simple, home-based IVD requires a very different approach than a highly complex analytical system used as a companion diagnostics for highly sophisticated immunotherapies.

    She recommends taking some time to develop a business strategy first before jumping into product development and risk management activities.

    Listen to this Let’s Talk Risk! conversation with Claudia Campbell-Matland, which also includes an open discussion with a live audience. Jump to a section of interest using these timestamps.

    00:01:33 Introduction

    00:03:03 Strategic questions to ask for IVD risk management

    00:05:10 3 pillars of IVD risk management strategy

    00:06:45 Example of a strategy for a simple point-of-care assay IVD

    00:08:31 Special considerations for home-based IVDs

    00:09:20 Leadership opportunity for QA/RA professionals in setting strategy

    00:10:15 Practical tips for assigning severity and probability for IVD risks

    00:12:51 Latest update on LDTs

    00:14:50 Audience Q&A and open discussion

    00:35:50 Closing comments and key takeaways

    If you enjoyed this podcast, consider subscribing to the Let’s Talk Risk! newsletter.

    Suggested links:

    LTR podcast: Focus on intended use in the clinical environment for IVD risk management

    LTR podcast: Risk management of IVDs requires a different approach

    About Claudia Campbell-Matland

    Claudia Campbell-Matland is a consultant and managing member at CNCM Consulting LLC providing services to medical device and IVD manufacturers in product development, risk management, project management and strategy development. She has nearly 30 years of experience in the clinical space at various global organizations. She holds a Masters degree in Microbiology and Bachelors in Biology, as well as multiple certifications in auditing and project management.

    Let’s Talk Risk! with Dr. Naveen Agarwal is a weekly live audio event on LinkedIn, where we talk about risk management related topics in a casual, informal way. Join us at 11:00 am EST every Friday on LinkedIn.

    Disclaimer

    Information and insights presented in this podcast are for educational purposes only. Views expressed by all speakers are their own and do not reflect those of their respective organizations.



    This is a public episode. If you’d like to discuss this with other subscribers or get access to bonus episodes, visit naveenagarwalphd.substack.com/subscribe
  • “To be able to see a virtual image over the real world - that augmented reality is - is a mind blowing, very different experience.”

    In this Let’s Talk Risk! conversation, Phil Deming shares some of the unique human factors engineering challenges for an augmented reality (AR) technology for 3D visualization of human anatomy in real time during a medical procedure.

    Phil advises manufacturers to stay current with rapidly evolving new technologies, and talk to users in their intended environment to figure out how best to deploy a system so it does not interfere with their standard work flow. This is the essences of human factors engineering, which involves developing a solid understanding of how users interact with a system and minimizing risks at the user interface.

    He also shares some of the differences between usability engineering according to IEC 62366 and FDA guidance for human factors engineering.

    Listen to this Let’s Talk Risk! conversation with Phil Deming, which also includes an open discussion with a live audience. Jump to a section of interest using these timestamps.

    00:01:40 Introduction

    00:02:30 Human factors engineering in medical industry vs. consumer electronics

    00:05:15 Introducing AR technology to visualize human anatomy in 3D space

    00:07:15 Human factors considerations for AR technology

    00:08:42 Considering use-related risks associated with AR technology

    00:10:05 Tackling new challenges in human factors emerging with technology

    00:11:35 Audience Q&A and general discussion

    00:30:52 Closing comments and key takeaways

    If you enjoyed this podcast, consider subscribing to the Let’s Talk Risk! newsletter.

    Suggested links:

    Understanding risk-based thinking

    MediView XR: OmnifyXR holographic display with real-time imaging and 3D anatomy visualization.

    FDA Guidance: Applying Human Factors and Usability Engineering to Medical Devices, issued February 2016.

    IEC 62366-1:2015: Application of usability engineering to medical devices, issued 2015.

    LTR podcast: Treat human factors as a driver of customer satisfaction, not a check-the-box activity, August 2024.

    About Phil Deming

    Phil Deming III is a human factors engineer at MediView XR, Inc., a digital health company that leverages augmented reality, remote connectivity and spatial computing data to create revolutionary surgical navigation and tele-procedure platforms. He has over 20 years of usability and human factors, first in the consumer electronics, later transitioning into medical devices. He holds a Bachelors degree in Business Management, Marketing and related support services, and a certification in Automotive Engineering Technology.

    Let’s Talk Risk! with Dr. Naveen Agarwal is a weekly live audio event on LinkedIn, where we talk about risk management related topics in a casual, informal way. Join us at 11:00 am EST every Friday on LinkedIn.

    Disclaimer

    Information and insights presented in this podcast are for educational purposes only. Views expressed by all speakers are their own and do not reflect those of their respective organizations.



    This is a public episode. If you’d like to discuss this with other subscribers or get access to bonus episodes, visit naveenagarwalphd.substack.com/subscribe
  • “It’s too often confused with risk management itself. Part of the risk-based approach is just the mindset, the thinking about risk, and then deciding ‘so what should we do?’, the answer to which might be a formal risk management.”

    In this Let’s Talk Risk! conversation, Steve Gompertz clarifies a subtle difference between a risk-based approach and formal risk management according to standards such as ISO 14971. Risk-based approach is more about a mindset and a set of behaviors that lead to risk-based decisions, rather than application of specific risk management tools such as FMEAs.

    Steve advises manufacturers to consider adding a section in each procedure to describe a risk-based approach appropriate to that process. Another good practice is to create an alignment matrix to map differences in the risk-based approach to different processes of the quality system.

    Listen to this Let’s Talk Risk! conversation with Steve Gompertz, which also includes an open discussion with a live audience. Jump to a section of interest using these timestamps.

    00:01:40 Introduction

    00:03:38 What is risk-based approach and why it is not the same as risk management

    00:06:22 How to practice and demonstrate a risk-based approach

    00:08:15 A practical way to document risk-based approach

    00:11:23 How auditors assess the practice of risk-based approach

    00:13:41 Striking the right balance between documentation and operating culture

    00:17:38 Audience Q&A and general discussion

    00:32:57 Closing comments and key takeaways

    If you enjoyed this podcast, consider subscribing to the Let’s Talk Risk! newsletter.

    Suggested links:

    Understanding risk-based thinking

    Risk-based approach to building a QMS in a startup

    Tips for applying a risk-based approach to auditing Quality Systems

    About Steve Gompertz

    Steve Gompertz is a Partner at QRx Partners, providing consulting services to medical device companies in quality system assessment, development and remediation, audit preparation, SOP and forms development, regulatory body response guidance and quality system education. He has over three decades of industry experience at many leading organizations including Medtronic, Boston Scientific and Canon. He is also a Senior Adjunct Instructor at St. Cloud University. Steve has a Bachelor’s degree in Mechanical Engineering, a mini-MBA certificate in Medical Technology, and multiple certifications including ASQ Manager of Quality/Organizational Excellence, Medical Device Auditor, EU-MDR auditor and MDSAP.

    Let’s Talk Risk! with Dr. Naveen Agarwal is a weekly live audio event on LinkedIn, where we talk about risk management related topics in a casual, informal way. Join us at 11:00 am EST every Friday on LinkedIn.

    Disclaimer

    Information and insights presented in this podcast are for educational purposes only. Views expressed by all speakers are their own and do not reflect those of their respective organizations.



    This is a public episode. If you’d like to discuss this with other subscribers or get access to bonus episodes, visit naveenagarwalphd.substack.com/subscribe
  • “Don’t be comfortable saying, ‘Oh I follow the ISO (13485) to the letter’; it doesn’t matter. You have to comply with 21 CFR 820.”

    In this Let’s Talk Risk! conversation, Neil Di Spirito, helps us understand the full legal context behind the Quality Management System Regulation (QMSR), the amended version of 21 CFR 820 that will go into effect in February 2026.

    Although, the QMSR incorporates the International Standard ISO 13485:2016 by way of reference, there are points of differences and additional requirements for compliance to 21 CFR 820.

    That is why it is important to carefully consider gaps from the current QSR against the full scope of QMSR, not just ISO 13485 requirements. It is not simply a technical matter, but also a legal matter that manufacturers should consider evaluating with help from a legal expert.

    Neil advises manufacturers to consider operating two parallel processes right up to the exact date of QMSR enforcement, gain working experience to appropriately modify their approach for compliance. A good way to do this is through a Quality Plan.

    Listen to this Let’s Talk Risk! conversation with Neil Di Spirito, which also includes an open discussion with a live audience. Jump to a section of interest using these timestamps.

    00:02:45 Introduction

    00:06:45 The legal basis of 21 CFR 820 modification to QMSR

    00:11:20 QMSR lowers the compliance burden by harmonization with ISO 13485

    00:15:59 Recommendations for manufacturers to prepare a transition to QMSR

    00:18:50 Audience Q&A and general discussion

    00:32:28 Closing comments and key takeaways

    If you enjoyed this podcast, consider subscribing to the Let’s Talk Risk! newsletter.

    Suggested links:

    FDA: Frequently asked questions about QMSR

    LTR webinar: Getting ready for QMSR

    About Neil Di Spirito

    Neil Di Spirito is the Principal at DiSpirito Law, PLLC, where he represents pharmaceutical, biologic and medical device companies in regulatory, commercial and FDA enforcement defense matters. He has 20+ years of industry experience in various roles including business management with P&L responsibility. He teaches introductory courses in pharmaceutical and medical device law to FDA new hires and industry legal professionals. He holds an MBA degree with specialization in Pharmaceutical Marketing and Management, and a Juris Doctor, Law degree.

    Let’s Talk Risk! with Dr. Naveen Agarwal is a weekly live audio event on LinkedIn, where we talk about risk management related topics in a casual, informal way. Join us at 11:00 am EST every Friday on LinkedIn.

    Disclaimer

    Information and insights presented in this podcast are for educational purposes only. Views expressed by all speakers are their own and do not reflect those of their respective organizations.



    This is a public episode. If you’d like to discuss this with other subscribers or get access to bonus episodes, visit naveenagarwalphd.substack.com/subscribe
  • “There is a growing awareness that if you bring in Regulatory at the beginning of designing a product, you will end up with a more robust product.

    In this Let’s Talk Risk! conversation, Christine Zomorodian highlights some of the barriers that have traditionally hindered good communication and collaboration between QA/RA and Engineering functions in MedTech. However, she also points out that there is reason to be optimistic about the future.

    Gender roles are changing, with more women entering Engineering and an increasing number of men choosing the QA/RA profession due to availability of graduate level academic programs. Company cultures are also adapting to big advances in compliance infrastructure technologies and the rapidly changing regulatory landscape. Together, these really underscore the importance of open communication and cross-functional collaboration.

    A good tool to foster collaboration is a Quality Plan, which continues to be under-utilized in our industry. But a Quality Plan can help your entire team come together to figure out how you could efficiently achieve a desired goal, whether it is a remediation project or developing a suitable quality system in a startup environment.

    Listen to this Let’s Talk Risk! conversation with Christine Zomorodian, which also includes an open discussion with a live audience. Jump to a section of interest using these timestamps.

    00:01:59 Introduction

    00:05:06 An example of impact of poor cross-functional collaboration

    00:08:36 Traditional barriers to cross-functional collaboration in MedTech

    00:12:05 Optimistic trends helping to improve communication and collaboration

    00:14:00 Audience Q&A and general discussion

    00:29:00 Closing comments and key takeaways

    If you enjoyed this podcast, consider subscribing to the Let’s Talk Risk! newsletter.

    Suggested links:

    Tips for improving collaboration in risk management

    Collaboration is the secret sauce for success in risk management

    About Christine Zomorodian

    Christine Zomorodian is the Founder and Managing Consultant at Gish Consulting, LLC, advising MedTech companies in regulatory strategy, quality assurance, regulatory affairs and engineering process improvement. She also serves as a Person Responsible for Regulatory Compliance (PRRC) for EU-MDR compliance, and a guest lecturer at University of Washington. She has over 25 years of industry experience in various QA/RA roles at multiple global medical device companies. She holds a B.A. degree in International Affairs with concentration in Biology and Communication, and a M.S. degree in Biomedical Regulatory Affairs.

    Let’s Talk Risk! with Dr. Naveen Agarwal is a weekly live audio event on LinkedIn, where we talk about risk management related topics in a casual, informal way. Join us at 11:00 am EST every Friday on LinkedIn.

    Disclaimer

    Information and insights presented in this podcast are for educational purposes only. Views expressed by all speakers are their own and do not reflect those of their respective organizations.



    This is a public episode. If you’d like to discuss this with other subscribers or get access to bonus episodes, visit naveenagarwalphd.substack.com/subscribe
  • “There is a tendency for human factors to be very closely tied to regulatory requirements and nothing else, but human factors as a core discipline is about user-centered design.”

    In this Let’s Talk Risk! conversation, Korey Johnson highlights how the current practice of human factors engineering in the medical device industry is mainly driven by regulatory requirements, which often leads to a check-the-box approach and nothing more.

    But human factors is more about applying a user-centered design philosophy starting from early feasibility and throughout the product development process.

    “Are we designing the right thing, and how do we design the thing right to be able to used well by people, not just safe and effective, but does it drive satisfaction?”

    When viewed as a driver of customer/satisfaction, a user-centered design approach can deliver a sustainable competitive advantage.

    Listen to this Let’s Talk Risk! conversation with Korey Johnson, which also includes an open discussion with a live audience. Jump to a section of interest using these timestamps.

    00:01:47 Introduction

    00:04:25 Regulatory emphasis on human factors in medical devices

    00:06:45 Barriers to implementing user centered design philosophy

    00:08:20 Connecting with risk management and design controls

    00:10:15 Assessing impact of changes in software, AI/ML enabled devices

    00:14:30 Why human factors must be integrated throughout product development

    00:16:50 Audience Q&A and general discussion

    00:37:30 Closing comments and key takeaways

    If you enjoyed this podcast, consider subscribing to the Let’s Talk Risk! newsletter.

    Suggested links:

    AI and UX: Why artificial intelligence needs user experience, Published 2020.

    FDA: Applying human factors and usability engineering to medical devices, Published February 2016.

    ISO: IEC 62366-1:2015; Application of usability engineering to medical devices, Published 2015.

    About Korey Johnson

    Korey Johnson is the Managing Partner at Bold Insight, a leading research and consulting agency providing services in UX research, usability testing and human factors engineering. With over 25 years of industry experience, Korey is passionate about transforming the practice of human factors engineering in medical devices through empowerment, creativity and collaboration. He holds a B.S. degree in Psychology and an M.S. in Human Factors Psychology.

    Let’s Talk Risk! with Dr. Naveen Agarwal is a weekly live audio event on LinkedIn, where we talk about risk management related topics in a casual, informal way. Join us at 11:00 am EST every Friday on LinkedIn.

    Disclaimer

    Information and insights presented in this podcast are for educational purposes only. Views expressed by all speakers are their own and do not reflect those of their respective organizations.



    This is a public episode. If you’d like to discuss this with other subscribers or get access to bonus episodes, visit naveenagarwalphd.substack.com/subscribe