How Safety Assurance Cases Can Improve Your FDA Submissions

By Steve Hartman and Nick Oshman, Sterling Medical Devices

Software is everywhere, including medical devices. Even traditionally hardware-dependent medical device companies are designing innovative products that increasingly rely on software to perform their functions safely and effectively. Software itself may be considered a medical device if it can be defined as an instrument, apparatus, implant, in vitro reagent, or accessory, among other things described in FDA guidance that specifies what constitutes a medical deviceⁱ.

As the number of medical devices that rely on software for operation continues to rise, and as software becomes more complex in design and functionality, concerns about medical device safety and effectiveness increase. But, in this environment of constant innovation, evaluating device safety is becoming increasingly difficult.

A recent FDA report points to software design failures as the most common cause for medical device recallsⁱⁱ. However, an approach that has been used since 2010 to evaluate the safety of infusion pumps is garnering interest from medical device companies to help address these challenges: Safety Assurance Casesⁱⁱⁱ.

A safety assurance case offers a promising answer to the question of how to streamline processes for FDA reviewers, because it allows them to clearly understand what a medical device developer is claiming for its software, and then helps guide the reviewers through evidence that supports the developer’s safety and efficacy claims. Instead of presenting FDA reviewers with piles of evidence minus any guidance, a safety assurance case enables the reviewers to follow a structured map that focuses on specific evidence of safety claims, which can result in faster submission evaluations.

Elements Of A Sound Safety Assurance Case

A safety assurance case is a methodology that uses a set of disciplines to structurally demonstrate that a safety claim is fulfilled, and that risk management is a systematic life cycle process to identify, control, and evaluate safety risks (as defined by your quality management system)ⁱⁱⁱ.

In a safety assurance case, a top-level claim is supported by a structured argument (rationale) built on evidence that supports the top-level claim (e.g., that the infusion pump is comparably safe).  Subsidiary claims in the argument further support the top-level claim (e.g., software shall notify the user when battery is low). There can be additional lower-level claims with supporting evidence, as well.

A safety assurance case argument is based on the potential risk and the system’s complexity. The three elements of an assurance case are claims, evidence, and arguments:

• The claim is a statement about a property of the system — typically, contained and/or driven by a requirements specification. 
• The evidence should provide information demonstrating the validity of the claim.  This evidence may include verification and/or validation results including, but not limited to, test data, experiment results, and analysis.  The evidence should also address the relevance to the claim, whether the evidence directly supports the claim, and whether it is providing sufficient coverage of the claim.
• The arguments should link the evidence to the claim, providing a detailed description of what is being proven, as well as identifying specific evidence that supports the claimⁱⁱⁱ.

Use Of The Safety Assurance Case For Medical Devices

In order to understand what a safety assurance case is and what it is involved in creating one, it is important to understand its origin in the medical device industry. Infusion pumps, in particular, are at the center of the safety conversation for good reason. Software makes it possible for physicians to define infusion pump parameters based on a variety of factors (e.g., patient weight and height) for continuous and measured administration of medicine dosages to patients. Some infusion pumps even allow patients to self-medicate, as in patient-controlled analgesia, where a patient has some control over their own epidural drug delivery for pain relief.

Recent events have shown that it is now feasible to hack into an infusion pump, which can cause dangerous system malfunctions and result in the delivery of harmful, even deadly, doses of medication to patients^iv. This scenario illuminates a darker side of the increasingly complex software in medical devices, especially infusion pumps. But infusion pump problems are not new.

More than 56,000 medical device reports (MDRs) between 2005 and 2009 pointed to faulty design in infusion pumps, of which one percent were reported as deaths. The FDA recalled 87 infusion pump products and, soon thereafter, launched the Safety Assurance Case Pilot Program. The FDA launched the pilot program to learn about safety assurance case concerns across the industry and to gather information about how to provide clarity on safety assurance case development.

In its 2010 Letter to Infusion Pump Manufacturers, the FDA reported infusion pump device problems that ran the gamut from software error messages and human factors to battery and alarm failure, and concluded that “systemic problems with device design, manufacturing, and adverse event reporting” existed^v. In response to its findings, the FDA structured a guidance document to help uncover and address infusion pump problems before premarket notification 510(k) clearance. In April 2010, the FDA issued draft guidance on safety assurance cases with the intent to improve infusion pump quality and to reduce the number of recalls^vi.

How Does A Safety Assurance Case Help In The Regulatory Process?

A safety assurance case has similarities to a legal case: It is a legal claim that your product is safe. It is an overarching document that:

• Presents all claims that can be easily linked, as well as the supporting evidence to demonstrate the validity of safety claims
• Provides a formal method that demonstrates the validity of a claim, presenting a convincing argument supported by scientific evidence
• Leverages risk-based and scientific methods to help discuss and draw conclusions based on statistical measurements of the system’s reliability

For regulators, a safety assurance case can help to connect the dots in a structured way. It helps them to see your claim and supporting evidence. For medical device manufacturers, a safety assurance case can align medical device product development with FDA expectations. Additionally, safety assurance cases can help medical device manufacturers gain faster regulatory approvals, because those companies that move toward best practices in leveraging safety assurance case principles can clearly demonstrate the safety of a medical device product in a single document, making it easier for the FDA to review.

Are Safety Assurance Cases Required For Regulatory Approval?

The short answer is no. However, the FDA recommends safety assurance cases for determining substantial equivalence for infusion pumps^vi.  While safety assurance cases are not yet required for 510(k) clearance of an infusion pump, they are growing in popularity among medical device manufacturers in the U.S. and Europe because they allow regulators to perform spot checks and more quickly determine the safety and effectiveness of infusion pumps.

The fact is that safety assurance cases could be expanded to other delivery systems. Historically, the FDA has expanded its regulations in this manner; first it emphasizes one area and, after seeing an initiative’s effectiveness over some measure of time, the agency expands it to other areas. Therefore, medical device developers should become familiar with building good safety assurance cases for their products.

Conclusions

Pinpointing the most relevant technical risks in medical devices is increasingly difficult as medical device software grows more complex in terms of design and functionality, making the FDA clearance process for medical device software more complex, lengthy, and full of inconsistencies. What’s more, FDA reviewers are constantly challenged to raise their level of expertise, and to spend more time reviewing submissions.

When FDA reviewers can clearly understand what a medical device developer is claiming for its software, it helps to streamline the review process. While using safety assurance cases in medical device development processes is currently limited to infusion pumps today, preparing for a potential expansion of the regulation beyond infusion pumps may be a best practice worth consideration.

About The Authors

Steven Hartman is an engineering manager at Sterling Medical Devices with almost 20 years of medical device experience, driving medical device development from concept prototyping all the way through cost optimization of a finished medical device. With his success in launching numerous medical devices, including contrast infusion systems, impedance monitoring devices, Hospital Database Informatics Systems, and Software Connectivity Solutions, Steve offers expertise of Quality System management and a broad knowledge of regulatory compliance with respect to the FDA and CE. Steve holds five patents from the U.S. Patent Office in the field of medical device technology.

Nick Oshman is an engineering manager at Sterling Medical Devices with over 10 years of engineering, verification and validation, and risk management experience. Leveraging his expertise in Quality Systems and practices, and applying ISO 14971 to risk management process, Oshman manages a team of developers, system engineers, and test engineers on medical device development.  Additionally, he performs technical file assessments and leads DHF remediation projects for medical device customers for FDA and CE submissions.

Resources

1. U.S. Food and Drug Administration, “Is The Product A Medical Device?” 
2. FDA Center for Devices and Radiological Health Office of Compliance Division of Analysis and Program Operations, “Medical Device Recall Report FY2003 to FY2012.”
3. U.S. Food and Drug Administration, “Assurance Cases for External Infusion Pumps."
4. Wired, “Drug Pumps Security Flaw Lets Hackers Raise Dose Limits."
5. U.S. Food and Drug Administration, “Letter to Infusion Pump Manufacturers, April 23, 2010."
6. U.S. Food and Drug Administration, “Infusion Pumps Total Product Life Cycle: Guidance for Industry and FDA Staff."