ISO 13485 was revised in 2016 with several new requirements and a stronger emphasis on risk and planning. In fact, the older 2003 version did not define the term “risk” under Terms and Definition (Clause 3). A considerable amount of detail is now provided to clarify the concept of risk, which pertains to safety or performance requirements of the medical device or meeting applicable regulatory requirements within the scope of the revised standard.
As medical devices increasingly become more interconnected with other devices, hospital networks and even smartphones, cybersecurity risks are quite real. Managing these risks is a product life cycle issue because they are continually evolving and may arise due to circumstances not completely foreseen during their development.
All ASR data files going back to 1999 are now available on FDA’s website. It is a large data set with over a million individual reports of device related injuries and malfunctions. We have started looking into this data and plan to provide insights that will help all of us better understand this information.
Recently, I had an opportunity to hear directly from FDA leaders during a fire-side chat at the Xavier Health AI Summit in Cincinnati, OH. Alonza Cruse, Director, FDA - Office of Regulatory Affairs and Bakul Patel, Associate Director, FDA – Center for Devices and Radiological Health, each shared their views on how AI is shaping FDA’s thinking in nearly all of its operations. It was very encouraging to hear that the FDA wants to build a collaborative relationship with the industry and “stand out of your way” to help realize the true potential of AI in Healthcare.