Constructing Safety Assurance Cases for Medical Devices Arnab Ray, PhD Senior Research Scientist Fraunhofer USA Center for Experimental Software Engineering.

Slides:



Advertisements
Similar presentations
Basic Principles of GMP
Advertisements

Writing Good Use Cases - Instructor Notes
Advanced Piloting Cruise Plot.
Requirements Engineering Process
Chapter 24 Quality Management.
Chapter 1 The Study of Body Function Image PowerPoint
1 Copyright © 2013 Elsevier Inc. All rights reserved. Chapter 1 Embedded Computing.
International Organization International Organization
1 Unit A: General Agricultural Machinery Lesson 4: Maintaining A Safe Environment around Agricultural Machinery.
FUEL SUPPLY SYSTEM.
The Managing Authority –Keystone of the Control System
Module N° 7 – Introduction to SMS
Human Performance Improvement Process
State of New Jersey Department of Health and Senior Services Patient Safety Reporting System Module 2 – New Event Entry.
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Title Subtitle.
DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.
FACTORING ax2 + bx + c Think “unfoil” Work down, Show all steps.
1 Term 2, 2004, Lecture 9, Distributed DatabasesMarian Ursu, Department of Computing, Goldsmiths College Distributed databases 3.
Module 2 Sessions 10 & 11 Report Writing.
World Health Organization
Using outcomes data for program improvement Kathy Hebbeler and Cornelia Taylor Early Childhood Outcome Center, SRI International.
Gaining Senior Leadership Support for Continuity of Operations
Site Safety Plans PFN ME 35B.
REVIEW: Arthropod ID. 1. Name the subphylum. 2. Name the subphylum. 3. Name the order.
1 How to Enter Time. 2 Select: Log In Once logged in, Select: Employees.
Quality Assurance/Quality Control Plan Evaluation February 16, 2005.
Effectively applying ISO9001:2000 clauses 6 and 7.
Safety Cases: Purpose, Process and Prospects John McDermid, OBE FREng University of York UK.
Let’s watch a DVD… DVD Instructor Notes
Biopharmaceutical Quality
Overview of FDA Device Regulations
1. 2 Its almost time to take the FCAT 2.0! Here are some important explanations and reminders to help you do your very best.
ABC Technology Project
John Ogilvie High School - CfE Physics
Replacement Reagent Policy Update
1 Undirected Breadth First Search F A BCG DE H 2 F A BCG DE H Queue: A get Undiscovered Fringe Finished Active 0 distance from A visit(A)
VOORBLAD.
Differences and similarities between HACCP and Risk Analysis
1 Breadth First Search s s Undiscovered Discovered Finished Queue: s Top of queue 2 1 Shortest path from s.
A Process to Identify the Enduring Skills, Processes, & Concepts for your Content Area 1.
BIOLOGY AUGUST 2013 OPENING ASSIGNMENTS. AUGUST 7, 2013  Question goes here!
Factor P 16 8(8-5ab) 4(d² + 4) 3rs(2r – s) 15cd(1 + 2cd) 8(4a² + 3b²)
CONTROL VISION Set-up. Step 1 Step 2 Step 3 Step 5 Step 4.
© 2012 National Heart Foundation of Australia. Slide 2.
Lets play bingo!!. Calculate: MEAN Calculate: MEDIAN
Science as a Process Chapter 1 Section 2.
Understanding Generalist Practice, 5e, Kirst-Ashman/Hull
Chapter 5 Test Review Sections 5-1 through 5-4.
25 seconds left…...
H to shape fully developed personality to shape fully developed personality for successful application in life for successful.
Januar MDMDFSSMDMDFSSS
Analyzing Genes and Genomes
We will resume in: 25 Minutes.
©Brooks/Cole, 2001 Chapter 12 Derived Types-- Enumerated, Structure and Union.
Database Administration
Intracellular Compartments and Transport
PSSA Preparation.
VPN AND REMOTE ACCESS Mohammad S. Hasan 1 VPN and Remote Access.
Immunobiology: The Immune System in Health & Disease Sixth Edition
Essential Cell Biology
Immunobiology: The Immune System in Health & Disease Sixth Edition
"Determining the Regulatory Pathway to Market" Classification Heather S. Rosecrans Director, 510(k) Staff Office of Device Evaluation Center for Devices.
+ Medical Devices Approval Process. + Objectives Define a medical device Be familiar with the classification system for medical devices Understand the.
Linda M. Chatwin, Esq. RAC Business Manager, UL LLC
Presentation transcript:

Constructing Safety Assurance Cases for Medical Devices Arnab Ray, PhD Senior Research Scientist Fraunhofer USA Center for Experimental Software Engineering Rance Cleaveland, PhD Professor, Department of Computer Science University of Maryland

The Food And Drug Administration Federal body charged with the responsibility of protecting the public health by assuring the safety, efficacy and security of human and veterinary drugs, biological products, medical devices, our nations food supply, cosmetics, and products that emit radiation 2

The Regulatory Process 3 510(k): device to be marketed is as safe and effective, that is, substantially equivalent (SE), to a legally marketed device that is not subject to premarket approval (PMA) PMA: Approval based on a determination by FDA that the PMA contains sufficient valid scientific evidence that provides reasonable assurance that the device is safe and effective for its intended use or uses

Outline Of Talk Problem with medical device submissions to the FDA Safety assurance casesa solution? More problems with that Some light inside the tunnel 4

Definition of Safety Safety: Does not harm the patient (i.e. it cannot do something bad) –e.g. introduce an air bubble into bloodstream Effectiveness: Does something good (clinically) –e.g. a device that claims to detect early signs of a particular type of cancer actually does what it claims 5

The General Problem Manufacturers: –The PMA/510(k) process is expensive –Procedures and expectations from the FDA, they claim, are not clearly defined –Regulatory regime provides a high cost of entry for new players 6

The General Problem Regulators –Submissions become more complex Software ! –Time given to regulators to take decisions has remained same –Submissions remain unstructured Table of contents pointing to different sections of submission is provided How the different sections contribute to safety argument not clear 7

External Infusion Pumps An infusion pump infuses fluids, medication or nutrients into a patient's circulatory system Problematic class of devices responsible for a number of adverse events every year Includes insulin pumps, patient-controlled analgesic pumps 8

Guidance for Industry and FDA Staff FDA recommends that you submit your information through a framework known as an assurance case or assurance case report 9

Manufacturers & Assurance Cases More regulatory overhead Do I have to redo everything I have in terms of pictures? Where should I start? What would be acceptable evidence for the FDA? How deep should we argue? 10

Our Thesis In any approval worthy device submission, the safety assurance case already exists, albeit in an implicit and undocumented form Safety assurance case: Formally and explicitly codifies the logical trail of reasoning for a devices safety 11

The Paper Outlines an approach for safety assurance case argumentation –Goal: Serves as the logical glue for different parts of the submission 12

Example Used The Generic Infusion Pump (GIP) Project Goal: Create an exemplar set of hazards, requirements, models for GIPs Example: GPCA (Generic Patient Controlled Analgesic Pump) 13

14 Note: Safety arguments vary by operating environment A PCA pump safe for home may not be safe in a moving van !

What is Safe? In order to claim a device does nothing bad –Comprehensively define bad (bad=anything that causes injury or death to human beings i.e. hazards) 15

16 How do we establish this?

All hazards? Theoretically impossible to claim all hazards have been identified Strategies for arguments –Reference to standards –Past adverse events (We handle all adverse events reported in the past to FDA) –Predicate device (We handle same set of hazards as this product on market) 17

18

19

Example The principle: If bubble size is greater than X microns, then hazard air-in-line has occurred. The patient is not impacted if infusion is stopped before bubble reaches bloodstream and he is notified –Need to establish that this principle is correct 20

21 Mechanism?

Mechanism Exclusively mechanical or electrical Exclusively software (e.g. a range check for drug safe limits) Combination of all of them (mechanical + electrical+ software) 22

Example Sensor is mechanism that detects bubble size Once safe limit is crossed, signal goes to software controller Controller –sends message to alarm module –stops mechanical pump 23

Proof Obligations? Entire mechanism is able to detect bubble size appropriately (Time from bubble introduction to detection) + (Time from detection to stoppage of infusion)< Safe limit such that bubble does not reach bloodstream 24

Safety Requirements A number of mechanism-specific constraints on implementations R1: An air-bubble must be detected by sensor within t time units of its introduction. R2: The controller software can transition from an infusion mode to an alarming mode within s time units of hazard detection by sensor. R3: No infusion should be possible in the alarming mode. R4: An alarm should be sufficiently loud to be heard. R5: The time between the detection of an air-bubble and its entry into the patients bloodstream is more than s+t time units. 25

Safety Requirements Set of safety requirements –is relevant (no safety requirement not linked to a hazard) –is exhaustive (all aspects of the principle of hazard detection, harm prevention and recovery have been translated to requirements) –is trustworthy (the safety requirements are internally consistent i.e. do not contradict each other) 26

27

Mechanisms Satisfy Requirements Depends on the mechanism as to how its behavior is captured –Behavior of fully mechanical & electrical systems can be captured by specifications (motor speed, voltage rating etc) Software systems are more problematic 28

More Sub-claims The software system satisfies the set of safety requirements may broken down into sub-claims with a development standard (e.g. IEC 62304) as reference –One sub-claim for every step of the process (product specific) –Overall compliance with standard 29

Conclusions And Future Directions No need to re-do what you have already done Fill in the logical gaps While a perfect assurance case may not be possible, something is better than nothing Security Assurance Cases? 30

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.