FDA Updates Medical Device Software Guidance for First Time in 16 Years

The Food and Drug Administration (FDA) has finally announced an updated software guidance document for Software in a Medical Device (SiMD) or Software as a Medical Device (SaMD). This document, though not legally binding as of yet, will replace the previous FDA guidance document dated May 11, 2005.

In the realm of medical devices and software applications, much has changed in the last 16+ years. The newly issued document is intended “to provide information regarding the recommended documentation to include in premarket submissions for the FDA to evaluate the safety and effectiveness of device software functions” while providing “clarity, simplicity, and harmonization with current best practices and recognized consensus standards.”

The FDA encourages the consideration of the new guidance when developing device software functions and preparing premarket software documentation, but the agency also makes clear that this guidance is not meant to provide recommendations regarding how device software should be developed, verified and validated.

The announcement represents an acknowledgement of the need for updated guidance regarding premarket submissions given significant technological advancements in the past 16 years. “As technology continues to advance all facets of health care, software has become an important part of many products and is integrated widely into medical devices,” said Bakul Patel, the director of FDA’s Digital Health Center of Excellence in the Center for Devices and Radiological Health. The move “seeks to provide [the FDA’s] latest thinking on regulatory considerations for device software functions that is aligned with current standards and best practices.”

Chief among the updates is clarity around determination of Documentation Level. Rather than utilizing Level of Concern, a new set of questions will “prescribe the documents required for premarket FDA submission” in several areas, including:

• Firmware and other means for software-based control of medical devices;
• Stand-alone software applications;
• Software intended to be operated on general-purpose computing platforms;
• Dedicated hardware/software medical devices; and,
• Accessories to medical devices when those accessories contain or are composed of software.

Guidelines for Basic vs. Enhanced Documentation have been reduced to four considerations using a risk-based approach. According to the FDA, the considerations are:

1. The device is a constituent part of a combination product.

2. The device (a) is intended to test blood donations for transfusion-transmitted infections; or (b) is used to determine donor and recipient compatibility; or (c) is a Blood Establishment Computer Software.

3. The device is classified as class III.

4. A failure or latent flaw of the device software function(s) could present a probable risk of death or serious injury, either to a patient, user of the device, or others in the environment of use. These risk(s) should be assessed prior to implementation of risk control measures. Makers should consider the risk(s) in the context of the device’s intended use; the direct and indirect impacts to safety, treatment, and/or diagnosis; and other relevant considerations.

At the end of the day, the updated guidance is designed to prioritize ease and transparency in accordance with modern best practices put in place since the document was last released in 2005. It is not legally binding, and sponsors can “use an alternative approach if it satisfies the requirements of the applicable statutes and regulations.” But implementing the new guidelines will likely have a significant positive impact in a major way: better, clearer documentation.

A finalized document is at least a year away. In the interim, device manufacturers and industry stakeholders will be allowed to offer electronic and written comments until February 2, 2022, including at an FDA webinar on December 16, 2021. Once the comment period closes, the FDA will then be expected to issue a final document within 12 months.

This article is authored by
Quandary Peak Research

Based in Los Angeles, Quandary Peak Research provides software litigation consulting and expert witness services. We rapidly analyze large code bases, design documents, performance and usage statistics, and other data to answer technical questions about the structure and behavior of software systems.