The Health Sciences Authority (HSA), Singapore’s regulatory agency in the sphere of healthcare products, has published a guidance document dedicated to the life cycle approach in the context of software medical devices. Apart from other aspects, the document addresses the matters related to post-market management of software medical devices. Provisions of the guidance are non-binding in their nature, so in case of any discrepancies with the provisions of the applicable legislation, the latter should prevail.
According to the guidance, efficient post-market monitoring and surveillance procedures are vitally important to ensure that the issues that could arise in the course of using the software for its intended purpose would be duly identified. This applies to the issues that not be effectively identified at the stages of software development, validation, and clinical evaluation. As it was mentioned in the document, new risks may surface when the software is implemented in a broader real world context and is used by a diverse spectrum of users with different expertise.
Hence, in order to ensure the safety of the software used in the country, all the parties involved in operations with the software, including medical device manufacturers (software developers), importers, wholesalers, and registrants should duly fulfill respective obligations in the sphere of post-market monitoring and surveillance with regard to the products they are responsible for. In accordance with the current legislation, they should collect and analyze information about adverse events and other safety-related issues, and also initiate the actions reasonably necessary to address the new risks identified. Such actions include, inter alia, medical device recalls and Field Safety Corrective Actions (FSCA).
The guidance highlights the most important aspects related to post-market monitoring and surveillance, which are applicable in the context of software medical devices.
Field Safety Corrective Actions
The authority acknowledges that the increasing use of software-based medical devices results in the respective increase in the number of safety-related issues associated with them. Moreover, due to the important role such products often play, it is vitally important to ensure the software operates as initially intended by its manufacturer (developer).
Should a safety-related incident occur, it is important for the manufacturer to identify the underlying roots causing the issue, in order to be able to make the changes necessary to ensure the safety of patients. The results of a respective investigation to be undertaken by the manufacturer should be taken into consideration in the course of the following product design and development.
Should the party responsible for a medical device already placed on the market become aware of the safety-related issues and additional risks associated with the product, the appropriate field safety, and corrective actions could be undertaken. As explained by the HSA, a party responsible for a medical device usually undertakes such actions in order to notify other parties involved about the risks associated with the product, as well as the actions to be taken in order to address them.
According to the guidance, the issues associated with software-based medical devices include, inter alia, failures of the device to provide correct test results or therapy (depending on the intended purpose of the product), as well as any malfunctions associated with interactions with other devices or alarms the software should provide. As further described by the HSA, the reasons for malfunctions could appear on different stages starting from the initial design and development, and including the use of the product. The document also provides a list outlining some possible causes of software errors, namely:
- Input is incorrect, incomplete or inconsistent requirements and specifications,
- Incomplete or lack of validation of software prior to initial release,
- Failure to examine the impact of changes during software upgrades or bug fixes,
- Incorrect configuration e.g. failure to upgrade accompanying operating system,
- Incompatibility with 3rd party installed program,
- Software does not properly interface with external devices or other software components/modules.
The authority also mentions that in certain cases safety-related issues and malfunctions could arise from incomplete or inaccurate instructions for use or other issues associated with the documentation accompanying the software.
In order to address the aforementioned issues, medical device manufacturers (software developers) usually implement fixes or updates. In certain cases, the issues are not directly associated with the software, but changes to the software could be useful for mitigating the risks associated with such issues. The HSA also states that such fixes and updates should be implemented immediately without undue delay – once they will become available. Moreover, all such changes should be duly reflected in the respective documentation.
With regard to general requirements related to reporting FSCA, the HSA refers to the respective document GN-10: Guidance on Field Safety Corrective Action (FSCA) Reporting.
As it was mentioned before, any and all the parties involved in operations with software medical devices are responsible for ensuring the continued safety of the products placed on the market. In particular, they are obliged to submit reports related to Adverse Events (AE). As further described in the document, incidents associated with software-based medical devices could impact significantly the safety of patients. Depending on the nature of a particular software medical device in question, such harm could be either direct or indirect. The latter could be caused, for example, by a software used to analyse data deriving from in vitro diagnostic medical devices. In such a case, incorrect information provided by the software could result in wrong diagnosis and incorrect treatment.
Initially, the information to be used as a basis for such reports could derive from various sources including, inter alia, complaints from users. The authority additionally emphasises the importance of investigating potential issues in a timely manner in order to ensure the appropriate actions intended to address them are taken without undue delay. According to the guidance, examples of adverse events software-based medical devices could results from:
- Shortcomings in the design of the software,
- Inadequate verification and validation of the software code,
- Inadequate instructions for use,
- Software bugs introduced during implementation of new features.
In summary, the present HSA guidance outlines the most important points regarding the responsibilities of medical device manufacturers and other parties involved in operations with software-based products with regard to adverse events and actions to be taken in this respect. The document highlights the key aspects to be considered in terms of collecting information about safety-related issues, investigating such cases and implementing the measures reasonably necessary to ensure such issues would not recur.
How Can RegDesk Help?
RegDesk is a next-generation web-based software for medical device and IVD companies. Our cutting-edge platform uses machine learning to provide regulatory intelligence, application preparation, submission, and approvals management globally. Our clients also have access to our network of over 4000 compliance experts worldwide to obtain verification on critical questions. Applications that normally take 6 months to prepare can now be prepared within 6 days using RegDesk Dash(TM). Global expansion has never been this simple.