Let's chat

Navigating  FDA Software Validation | Diffco

Vadim Peskov
Vadim Peskov
Navigating  FDA Software Validation | Diffco

Navigating FDA software validation creates a more streamline journey from development to launch.

Software development for medical applications is booming. Applications impact everything in the healthcare market, from patient communications to medical devices to back-office functions. With patient safety being so important, the FDA validation process is an important step to ensure compliance.

For example, the $1.1 billion market for “software as a medical device” is expected to quintuple over the next decade. And the broader category of “healthcare software as a service” — encompassing patient portals, telemedicine, ePrescribing, and more — is expected to grow from $12.5 billion in 2020 to well over $50 billion by 2028.

But developing software for medical applications is a complex task to U.S. Food and Drug Administration (FDA) regulations. If you market a medical-related product, or an app that monitors personal health, you need to know your legal obligations — and ensure your development team follows FDA guidance and software requirements.

(The Diffco development team includes experts in healthcare apps development who understand the FDA’s latest “Policy for Device Software Functions and Mobile Medical Applications.” Diffco can augment your internal development team with additional resources or provide a completely outsourced software development service to ensure compliance with excellent quality.)

At a high level, here’s what you should know about FDA software validation rules governing healthcare-related software applications:

  • The FDA focuses on regulating software that is “intrinsic” to medical devices, including any software that they consider to be a “medical device” in and of itself.
  • The FDA uses “enforcement discretion” for certain health-related applications that pose a low risk to patients. (“Discretion” means that the FDA does not plan to apply the Federal Food, Drug, and Cosmetic Act to these types of applications.)

Obviously, it’s critical for you to understand where your medical-related software falls in this spectrum.

Premarket Submissions

This is the process of submitting information about a medical software product to the U.S. Food and Drug Administration (FDA) prior to its marketing and commercial distribution. The purpose of this submission is to obtain FDA compliance so the product can go to market. The premarket submission process is a critical step in the development of medical software products, as it provides the FDA with information about the product’s design, performance, and safety, so the agency can determine whether it meets the standards for use in medical applications.

The type of premarket submission required for FDA-regulated software can vary depending on the intended use and software risks. The process may include submitting a 510(k) premarket notification, a premarket approval application (PMA), or a de novo request. Specific requirements  vary for the type of individual type of submission. Fortunately, the FDA offers guidance so each test case can (hopefully) move smoothly through the validation process.

Software Validation and Oversight

Software that requires FDA software validation and regulation can take many forms, far beyond firmware that directly controls a medical device. A general-purpose computing or mobile platform is considered a regulated medical device if it includes certain capabilities.

The FDA considers the following software to be subject to software validation and oversight:

  1. Software that connects (directly or remotely/wirelessly) to a medical device to control or analyze data from that device. Examples include mobile platform apps that remotely control patient-monitoring devices, such as blood pressure cuffs and insulin pumps. Some software of this kind can also qualify as a regulated “accessory” to a medical device.
  2. Mobile medical applications (MMAs) that use attachments, displays, sensors, or other functions to emulate a regulated medical device. Examples include mobile platforms that: connect to a blood glucose strip reader to act as a blood sugar meter; use a smart phone’s built-in accelerometer to monitor sleep apnea; use sensors to create an electronic stethoscope; or display radiological images as a diagnosis aid.
  3. Software that provides patient-specific outputs that healthcare professionals, patients, caregivers, or others use to diagnose, treat, or help prevent disease. Examples include software that calculates dosages for radiation therapy or detects and triggers alarms for conditions such as stroke, sepsis, heart arrhythmia, or out-of-range blood glucose.

FDA Approval Through Software Development

If your app is subject to FDA regulations, it requires formal FDA approval. Your development team needs to prove to the FDA that your application meets their strict standards for medical device accuracy, quality, and risk and safety with software validation.

That means you need to apply best practices and general principles throughout your software development process and test your apps rigorously and incrementally. To ensure your application is on track for FDA approval, your testing regimen should include the following elements:

  • Source control (to track and manage code changes)
  • Formal test case reviews (to ensure that test design and execution are conducted under the highest level of quality oversight)
  • Code freezes before each new test cycle begins (to ensure that already-executed test cases continue to work as expected)
  • Comprehensive execution cycles (to run 100% of the test cases in each cycle)
  • Formal sign-offs on every test (to ensure that all tests are documented)

Even after your software wins FDA approval, you need to continue applying the same level of oversight to remain FDA-compliant. That means continuous development best practices and ongoing testing as you enhance existing functionality and add new features.

This process has proven effective. The FDA has already cleared a number of MMAs, including cardiac monitoring software under 21 CFR 870.2300, an electronic blood pressure monitor under 21 CFR 870.1130, and a perinatal monitoring system under 21 CFR 884.2740.

Medical Device Software Quality Assurance

Quality assurance is important for medical software aiming for FDA validation. By passing quality software requirements, it ensures the FDA of its safety, effectiveness, and product quality . This is particularly important in the medical field, where errors or failures could result in serious harm to patients. Patient safety is a top concern in the validation process.

Under FDA guidance, the medical device software undergoes rigorous testing and documentation. Quality system software should demonstrate it meets the highest standards. In addition, this testing helps identify and address potential issues prior to any release. By meeting these quality standards, the FDA can be confident in granting approval for use in medical applications.

FDA Enforcement Discretion

Just as important as understanding if your app requires FDA approval is knowing if it DOESN’T. That knowledge can save you immeasurable time and money.

In general, the FDA will exercise “enforcement discretion” (that is, not take regulatory action) on software that helps patients self-manage their conditions without providing specific treatments or treatment prompts, or that automates simple tasks for healthcare professionals.

HOWEVER, the FDA warns that some software in this category MIGHT be considered medical device software. So you need to be careful.

Following are the main types of software for which the FDA plans to exercise “enforcement discretion”:

  1. Clinical decision support software to help patients manage their health (as a supplement to, and without the active oversight of, a professional healthcare provider). Examples include apps that use simple prompts to help patients who have heart disease, hypertension, or diabetes manage their weight, nutrition, exercise, salt intake, or medication dosing.
  2. Software that is designed specifically to capture supplemental images to help patients convey potential medical conditions to healthcare professionals. Examples include apps that use a mobile device’s built-in camera to document or transmit pictures of a condition to a medical professional to augment a verbal description of that condition.
  3. Software that performs simple, routine calculations for clinical practices, including apps with general functions (spreadsheets, non-medical charts, timers, calculators, etc.) that are tailored for clinical use. Examples of such tools include calculators for body mass index (BMI), arterial pressure, stroke scale, baby delivery date, or newborn APGAR score.

If you need help to determine if your healthcare software requires FDA software validation approval or not, Diffco can provide expert advice. And if your app does require FDA software validation approval, Diffco can apply its healthcare experience and software development best practices to help you launch your product. If you would like to talk, please contact us today.