up a level
post article
search
admin
Contact
main
|
| FDA Validation a Threat to Free/OSS? |
 |
 |
 |
 Posted by I. Valdes on Monday April 15, 2002 @ 05:59 PM
from the FDA dept.
Arnaud Le Breton wrote in asking about the 'regulatory aspects' of medical open source especially in view of the FDA's recent revised document "General Principles of Software Validation: Final Guidance for Industry and FDA Staff" which includes the following statement: '...computer systems used to create, modify, and maintain electronic records and to manage electronic signatures are also subject to the validation requirements. (See 21 CFR §11.10(a).) Such computer systems must be validated to ensure accuracy, reliability, consistent intended performance, and the ability to discern invalid or altered records.' This could be VERY bad for the fledgling free and open source medical software industry if they have to pay for such validation. The complete text of Le Breton's letter and discussion is within: Digg this article
Hello,
First let me thank you for your informative linuxMedNews page.
The plan was to use GNU/LINUX as the OS for a medical device. I've developed only on Unixes systems and is fervent Linux enthusiast.
Linux seems like a rather nice choice, as you already know I guess :), but I came to realize that my lack of experience with medical issues has prevented me to foresee the regulatory aspect of the project, which I have been reminded of recently.
To make this mail short, I have gotten hold of the document issued by the FDA, entitled "General Principles of Software Validation : Final
Guidance for Industry and FDA Staff".
It is a more complete version of the draft from 1997, and is more general then the document about Off-The-Shelf software use in medical devices from 1999.
I understand that the liability problem is important, but I fear that those legislation may prevent the free software model to succeed within medical software close to the patients (I think about the Linux Anaesthesia Modular Devices Interface, aka LAMDI project for example, that should not be used on humans).
(http://www.umanitoba.ca:8080/lamdi/index_html)
I took the chance to email as you are probably very updated about this topic, in hope to get some information, and your point of view about all this.
I am wondering starting up a project in order to maybe join forces between several people/companies interested in Linux or Free SW in
general for use in the medical sector, and medical device (Linux Medical Consortium, or something similar).
Thanks in advance for any informations or comments you may share with me, especially if you already know of devices that use Free software
and that have obtained an FDA approval.
Best Regards,
-- arnaud LE BRETON
<
|
>
|
|
The Fine Print: The following comments
are owned by whoever posted them.
( Reply )
|
|
Over 10 comments listed.
Printing out index only. |
Re: FDA Validation a Threat to Free/OSS?
by I. Valdes on Monday April 15, 2002 @ 06:07 PM
|
| "I am wondering starting up a project in order to maybe join forces between several people/companies interested in Linux or Free SW in general for use in the medical sector, and medical device (Linux Medical Consortium, or something similar)."
Thank you for your important letter Arnaud, There is already the Open Source Health Care Alliance (OSHCA) with website here and mailing list here.
Hope this helps,
-- IV
|
[
Reply to this ]
|
|
|
Re: FDA Validation a Threat to Free/OSS?
by Ron C. on Monday April 15, 2002 @ 10:12 PM
|
| Off-The-Shelf software use in medical devices...
I was wondering. By "devices" do you mean those devices that are some how hooked up to a patient, or somehow regulating something in or going to a patient, e.g., heart rate, flow of fluid, etc. ? That is my reading of the FDA document.
If that is the case, then wouldn't "devices" (e.g., a PC) that does not "touch" the patient, but only keeps track of records, schedules, facts, etc., not come under the FDA rubric? That might imply that software, such as FreePM, wouldn't be affected by the above-identified FDA rules.
|
[
Reply to this ]
|
|
|
Re: FDA Validation a Threat to Free/OSS?
by Richard Schilling on Monday April 15, 2002 @ 10:50 PM
|
FDA approved medical devices are generally those devices that are connected to a patient, and used by a health care practitioner to make treatment decisions. Any such devices require a high quality of software that meets certain criteria, and the FDA plays an important role in verifying that quality. The approval process keeps bad software out of pacemakers and CAT scan machines.
Getting FDA approval is costly, but if specific Open Source based medical devices get that approval, the credibility of Open Source applications will be strengthened.
Processing data that originates from existing FDA approved medical devices with Open Source software is a worthwhile effort and would serve the medical community greatly.
|
[
Reply to this ]
|
|
|
Re: FDA Validation a Threat to Free/OSS?
by david mertens on Tuesday April 16, 2002 @ 10:23 AM
|
If this requirement exists, then it would apply to all operating systems in the same way. Not only the open source world would have to face validation but also the closed source vendors. This would require them to open up their sources, at least to the FDA and all client audit teams. I think they may even have bigger problems with that than the open source people. I think no OS vendor would be interested to have his operating system validated, leaving the entire industry to whoever comes up with a validated OS first.
|
[
Reply to this ]
|
Re: FDA Validation a Threat to Free/OSS?
by Arnaud LE BRETON on Tuesday April 16, 2002 @ 11:49 AM
|
For those of you who are not aware of it, there is also an older
document (from 1999 but still valid) about "Off-The-Shelf Software Use
in Medical Devices" located at :
http://www.fda.gov/cdrh/ode/guidance/585.html
From my understanding, any device/system needs to follow the described
rules for development in order to be approved by the FDA. However how
deep one needs to document the development process is related to the
level of consequence of the system, i.e. a life critical device
directly connected to a patient needs thorough documentation and more
testing than a less critical one.
A solution could be to create a structure, or use an existing one in
order to go through the process of documenting and testing GNU/Linux
(maybe a given kernel, a given version of GCC, all the associated GNU
tools, etc), so that everyone interested in using Linux could then
refer to this effort and participate as new elements would be added to
the pool of software.
A list of device actually using Free-software and approved by the FDA
would be a first step toward this.
|
[
Reply to this ]
|
Re: FDA Validation a Threat to Free/OSS?
by Tom Poe on Thursday April 18, 2002 @ 03:14 AM
|
Hello: Validation of Open Source software/OS, is quite straightforward, compared to proprietary software. The use of Open Source software/OS is also a desired approach, I suspect, in the "eyes" of the regulatory bodies. Use of software/OS that can be efficiently audited by FDA staff without undue burden assists the agency that must operate within a constrained budget. I suspect you will have a most receptive welcome to discuss your questions and concerns.
Respectfully,
Thomas A. Poe, M.D.
Director
WORLDCCR
http://www.worldccr.org/
|
[
Reply to this ]
|
Re: FDA Validation a Threat to Free/OSS?
by Brian Gorbe on Thursday April 18, 2002 @ 06:05 PM
|
I have been involved for years with software validation under FDA regulations. I have just a few observations:
1. FDA's primary concern is patient safety. When it comes to software, devices, drugs, whatever, they will evaluate the risk to safety in determining how much testing, control, and validation is required.
2. In classifying software (or anything else) as a medical device, patient contact is not required. Bloodbank software (i.e., tracking donors and blood types) is classified as devices by FDA and such software must be registered with FDA. The issue is safety. Corrupted bloodbank records could result in someone receiving the wrong blood type.
3. The end-user is ALWAYS responsible for validating the SYSTEM as it is used. A software vendor cannot claim that their software is "validated" and relieve the end-user of that responsibility. A vendor cannot test all applications of their product on all possible hardware using all possible operating systems. So it is up to the end-user to validate the software on their hardware with their OS in the manner they will use the software (e.g., if they will not use a certain feature, they do no have to validate that feature). The end-user can contract out the actual work, as long as the end-user takes responsibility for the work (i.e., reviews and approves protocols, reports, etc.). Please note that the end-user may be an institution, department, or specific person.
4. FDA considers software validation to encompass the entire development life cycle. Requirement documents, design documents, commented source code, and test documents are all part of the validation package. The more of these documents the developers/vendors can supply the end-user, the easier it is to validate and the happier FDA will be.
5. In the 1980's there was contention between FDA, industry (primarily drug manufacturers), and vendors over the availability and inspection of source code. FDA backed off (who could compel Microsoft to release the source code to Excel?). Open source software has the advantage of meeting FDA's concerns and relieving industry of various NDA and escrow entaglements.
|
[
Reply to this ]
|
|
|
Re: FDA Validation a Threat to Free/OSS?
by Elmer Fittery on Wednesday April 02, 2003 @ 05:07 PM
|
I am working a contract at BioMerieux in St. Louis, MO. The device they are developing software for is based on the embedded OS - RTXC 3.0. The current version of RTXC is 3.2. Anyhow, all software tools are required to be validated. This doesn't apply to just LINUX/GNU open source software, but also to things like Word, Excel, Emacs, VI, etc....
IMHO, the idea that a tool like Word needs has be validated is redicilous. Focus should be on the application and not on tools used to develope an application. Focus on testing the functionality of the software.
JMHO.
|
[
Reply to this ]
|
|
The Fine Print: The following
comments are owned by whoever posted them.
( Reply )
|
|
