I recently attended the Medical Device Summit in Boston. Probably the most interesting presentation I heard was from a Regulatory Affairs manager at GE Healthcare. He said he has submitted well over 100 510(k)s, and over 70 of them had software.
Just in the last year or so, the FDA has been pushing back on software submissions. This is apparently a direct result of the FDA’s hiring of 200 new reviewers that have software experience.
Some of the responses he has been getting on his submissions lately are:
- How do you know you have tested all the software in your device?
- What static analysis tool did you use?
- Please provide a measure of test/requirements coverage
- How much of the software is represented by requirements?
- Have you done analysis to find run-time errors like buffer overruns, null pointer dereferences, and race conditions?
- Please submit all of your software-related documents (instead of just samples)
So the FDA is paying closer attention to software submissions, and companies building medical devices need to make sure they are doing static analysis, unit and integration testing, and code coverage analysis to not only ensure they are delivering quality products to the market, but also that they have an easier time getting FDA approval.