2-day In-person Seminar on Software Risk Analysis Tools for Medical Devices and Risk Mitigation at San Diego

The FDA recalls related to software performance are on the increase for at least five years at the time of this writing. Software failures were behind 24 percent of all the medical device recalls in 2011, according to data from the FDA. Similar to hardware, software also has hazards (any source of harm) and hazardous situations which transform a hazard into harm. We must identify hazards and identify what event can turn them into harm and write software specifications to prevent such combinations. The risk management tools such as FMEA (Failure Mode and Effects Analysis), FTA (Fault Tree Analysis) can help to mitigate software risks. These tools are covered in the Chapter 4. The mitigations from using the tools become the new requirements in the software specification

Why companies are prone to having past problems in new devices? One of the main reasons seems to be the "weak cognition." It is usually the result of short term memory, inattention to details, insufficient vigilance, or multitasking. This unsafe work propagates unknowingly because of not engaged or disengaged employees, insufficient understanding of customer needs, splitting design among several designers, and ineffective risk analysis. Another big reason is that ineffective device management procedures often touted as 'best practices', are like a bad virus with long incubation period and no early warning, resulting into sudden catastrophic malfunction of the device. Most companies still hold individuals responsible for mistakes instead of fixing the management process.

The goal is to develop and implement risk balance throughout the design, coding, installation and device use process. It includes FDA guidance on incorporating human factors into risk and FDA guidance on premarketing risk assessment. The important areas include assessing resources requires, a good policy, good methods for assessing the effectiveness including the effectiveness of the management policy, qualifications of personnel.

You have to do risk analysis using the tools in ISO 14971. It is one of the first things FDA will ask for! It is required by law (21 CFR Section 820) and appears on regulatory submission checklists. In addition, it will help define validation that should be done to prove the safety of your actual device use. You can also eliminate costs associated with recalls and lawsuits.

For the medical device industry, there are numerous standards now in play that guide the product development cycle. The internationally recognized IEC 62304 standards prescribe the software development processes, activities, and tasks for effective medical device software development. IEC 62304 specifically calls out that the manufacturer shall apply a risk management process complying with ISO 14971. Both the FDA and IEC 62304 specify the use of ISO 14971. Under IEC 62304, the manufacturer must specify a safety classification to each software system according to the possible effects on the patient, operator, or others resulting from a hazard to which the software system can contribute.

·         Overview of ISO 14971

·         Overview of IEC 63204

·         The best tools for risk analysis

·         Application of tools such as PHA,FMEA,FTA

·         Identifying missing requirements in specifications

·         Intelligent problem fixing before they happen

·         Paradigms for efficiency and efficacy of risk control

·         World class best practices in risk analysis

·         Accounting for risks from unintended use and misuse

·         Case histories

·         All Senior Managers

·         Software Engineers and Managers

·         All Hardware Engineers and Managers

·         Software team Leaders

·         R&D Staff

·         Software Testers

·         Quality Assurance Staff

·         Regulatory Staff

·         Marketing Staff

·         Servicing Staff

·         Product Safety Staff

·         FDA requirements for software risk analysis

·         What constitutes software under FDA requirements

·         Software risk management through good design practices

·         Principles of efficient risk analysis

·         Overview of ISO 14971 for software

·         Role of probability in software development

·         FDA guidance for software risk assessment for pre-market approval

·         Good practices for requirements analysis

·         Negative requirements analysis

·         Workshop on negative requirements analysis

·         Six hat thinking for efficient risk analysis

·         Software risk prediction using Preliminary Hazard Analysis

·         Assigning the criticality based on the probability of the harm and severity for each hazard

·         Mitigating risks using world class practices

·         Workshop on PHA

·         Risk Analysis using Software Functions FMEA

·         Workshop on Software FMEA

·         Module level FMEA

·         Code level FMEA

·         Workshop on code level FMEA

·         Risk Analysis Using the Fault Tree Analysis

·         Constructing fault trees

·         Workshop on Fault Tree Analysis

·         Design improvements through Fault Tree Analysis

·         Device alarms requirements to avoid user risks

·         Risk analysis for interoperability performance

·         Risk management through good design control

·         Risk assessment for human factors

·         Risk control of unexpected use and misuse

·         Risk control through software verification

·         Risk control through software validation

·         Risk control for software maintenance

·         Developing safety assurance cases

·         Controlling off-the-shelf software risks

·         Selecting software structure for safety

·         Selecting software architecture for safety

·         Maintaining effectiveness of controls during risk analysis, risk evaluation and risk Control

·         Defensive programming

·         Management responsibility

·         FDA documentation requirements

·         Summary

Author - Safer Hospital Care (Taylor & Francis), Patient System Safety 
Dev Raheja, MS,CSP, author of the books Preventing Medical Device Recalls and Safer Hospital Care, is an international risk management, patient safety and quality assurance consultant for medical device, healthcare and aerospace industry for over 25 years. Prior to becoming a consultant in 1982 he worked at GE Healthcare as Supervisor of Quality Assurance/Manager of Manufacturing Engineering, at Cooper Industries as Chief Engineer, and at Booz-Allen & Hamilton as Risk Management consultant for variety of industries. His clients include Johnson & Johnson, Siemens Medical Systems, Medtronic, Carl Zeiss, Warner-Lambert, Zimmer Holdings, and DuPont. He has served as Adjunct Professor at the University of Maryland for five years for its PhD program in Reliability Engineering. He is a Fellow of American Society for Quality and recipient of its Austin Bonis Award for Reliability Education Advancement, former chair of the Reliability Division, and member of the Biomedical Division. He is a Senior Member of IEEE.

Location: San Diego, CA     Date: October 8th & 9th, 2015       Time: