Recall or advisory notice sufficient for software

K

Kary13

#1
Hi all,
Our product is only software, classified as class II device with regards to CMDR and FDA and class I according to MDD.

I have written a procedure for recall and advisory notice, but now that I come to the recall section, I am wondering if this is necessary... I don't see a situation where I would absolutely need a recall instead of an advisory notice (with confirmation)? :bonk:

Any thoughts?

Thanks
 
Elsmar Forum Sponsor

Jen Kirley

Quality and Auditing Expert
Staff member
Admin
#2
I'm not familiar with the differenced between Class 1 and Class 2 etc., but I suppose they deal with risk.

1) Does the software run something that could harm or kill someone if it malfunctioned or did not work as it was intended to?

2) Is the software protected from changes by the user?

If both 1) and 2) are yes, I would advocate a recall.

If 1) is yes and 2) is no, an advisory might be enough but I would give the user the choice.

If both 1) and 2) are no, I would not recall, but would run an advisory notice.

Keep in mind that we are talking potential liability issues here. I am not a lawyer; this is a good question for a legal team.

I hope this helps!
 
K

Kary13

#3
To clarify:

Software is used by diagnosticians in order to assist them in their diagnostic (!) task. Therefore, the "only" harm that can be caused to the patient relates to a bad diagnosis.

My point for the "no recall necessary" beeing: even if I get all the software CDs back, it still does not assure me that it isn't used anymore since a software can be installed on a PC and run without the CD in...

Thanks!
 

Jen Kirley

Quality and Auditing Expert
Staff member
Admin
#4
When software does not function as intended and contributes to a misdiagnosis that results in a patient receiving an unneeded procedure or does not receive a needed procedure, then harm can be done and liability could result.

Even though you would have no way to be sure they use the revised software, alerting the physicians of the revision and offering them a new CD in exchange for the old one could help reduce liability if you can show due diligence in timeliness and thoroughness of your approach. It may provide you with a needed defense in event a claim is made against you. Again, consult with legal counsel on liability matters; I am not a lawyer and this advice is not legally binding, nor is it suitable for substituting for qualified legal counsel.
 
K

Kary13

#5
Thanks a lot for your answer!

Just want to make sure I understand:
So you basically agree with me that advisory notice, possibly together with provision of new software version, could be sufficient instead of a recall right?

I'll pass on the verification to the lawyers...

Thanks again!
 

Jen Kirley

Quality and Auditing Expert
Staff member
Admin
#6
No. I would opt for the recall based on the potential risk involved if the software does not function as intended. What I was trying to say was this: the software should be replaced, even if the user does not end up using the new version. The act of replacing it in a timely and effective way should help protect you in event a claim is made.
 
Last edited:
G

gholland

#7
In my opinion you have a class II recall situation.

Class II: Represents a situation in which the use of or exposure to a violative product may cause temporary or medically reversible adverse health consequences or where the probability of serious adverse health consequences is remote. The FDA must be notified in the event of a Class II recall.


I would immediately put the notification to your customers to stop using the software and notify FDA.

You are asking for trouble if you don't recall the software. Lawsuits and regulatory action are possible with mis-diagnosis.
 

yodon

Staff member
Super Moderator
#8
In my opinion you have a class II recall situation.

Class II: Represents a situation in which the use of or exposure to a violative product may cause temporary or medically reversible adverse health consequences or where the probability of serious adverse health consequences is remote. The FDA must be notified in the event of a Class II recall.


I would immediately put the notification to your customers to stop using the software and notify FDA.

You are asking for trouble if you don't recall the software. Lawsuits and regulatory action are possible with mis-diagnosis.
But what would constitute a software recall? What if, say, the software is a web service running on a remote server?

Certainly the notification to the user needs to be made and maybe the extra step of confirming the user understands the situation and stops using the product is in order. I just don't see how "recalling software" makes much sense here.

I would hope that someone with legal experience could chime in. Interesting discussion.
 

Jen Kirley

Quality and Auditing Expert
Staff member
Admin
#9
I agree this is an interesting, worthwhile and important discussion. :agree1:

I am not a lawyer, and I'm not aware of any fellow Covers who are lawyers. In spite of that, I believe I can address the question of risk in context, if not specifics.

If you write code and produce disks of software that could impact people's health or well being via diagnosis, failure to diagnose or misdiagnosis, there is some potential liability involved. A good faith effort to do the best you can in finding errors or shortcomings could help protect you from litigation and damages.

If you host a server that allows the software to be used and service is interrupted, which results in harm, there could also be problems with liability. However, in my view they are more narrow than those of creating the software.

If you are merely providing access to the software, there is no issue of recall. However, you are responsible to ensure that you acquire, and are providing your customers access to the most recent, accurate software version available. I would also advocate retaining the old software versions in an archive. This is basic document control (revision control).

If you create the software and provide its access on a server internal to your, then recall is not an issue but revision control is. You would need to make sure the most recent and accurate version is running on the server, and that users have access to only that version. Failure to do that could raise liability concerns if harm is done. Again, you should retain the old software versions in an archive. In fact, the FDA probably demands it.

I hope this helps!
 
K

Kary13

#10
So basically, the point in all this is:

(1) Ensure that customer do not install an old version which could result in some risks
(2) Keep track of old version for "document" control...

Hence, in our case where we produce and distribute the cd, the recall of the cds themselves could be necessary in order to ensure proper disposal of the old software version and hence avoid someone installing an old version on a computer. This would be the way of showing that we (as a company) did our best effort to prevent enjury although this does not ensure no one will use the old version if it is still installed on a computer... :rolleyes:

I agree with Jennifer on the way to "act" when providing a software through a server although I gotta admit that to my point of view, even distributing medical software through an internal server seems to cause a certain type of problem regarding document control since you somehow lose control over the product distributed (was it burned on a cd after download? how many times? etc...) I also have to admit that similar issue can occur even when you are providing cds.

Therefore, wouldn't it be better to ensure that every installation needs to be registered through internet when installed on a new computer? That way, companies could:

(1) Ensure proper version of the software is installed and not an old one found in the corner of the establishment

(2) Track on which computers software is installed

(3) and on a company point of view: ensure that the number of installation made is within the licence agreement.

Thanks to all for your input by the way... You are a great help to me!!!
 
Thread starter Similar threads Forum Replies Date
D Implementing ISO 13485:2003 - 8.5.1 - Advisory Notices - Recall Procedure ISO 13485:2016 - Medical Device Quality Management Systems 12
J Rework or Recall 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 10
D Shipping and recall questions ISO 13485:2016 - Medical Device Quality Management Systems 2
R Product Recall - medical devices in the hospital warehouse Canada Medical Device Regulations 2
J Mislabeling - Consider this an FDA notified recall? CFR 806.10 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
A Recall/Adverse event report procedures in Kuwait/Qatar/Kenya Other Medical Device and Orthopedic Related Topics 3
shimonv Recall - Is there a European regulation for recalls of products EU Medical Device Regulations 4
M Informational The FDA Takes Action to Protect Patients from Risk of Certain Textured Breast Implants; Requests Allergan Voluntarily Recall Certain Breast Implants a Medical Device and FDA Regulations and Standards News 0
S 21 CFR 810 - Medical Device Recall Authority - Contract Manufacturing Other US Medical Device Regulations 1
I Japanese medical device recall requirements & procedure for foreign manufacturers Japan Medical Device Regulations 4
J Recall Effectiveness - Accessory to Medical Devices shipped through Distributors Customer Complaints 3
J Health Canada Field Action/Recall MDR Requirements Canada Medical Device Regulations 9
chris1price Is there a regulatory (MDD, MDR, FDA, ISO, etc) requirement to perform a mock recall? CE Marking (Conformité Européene) / CB Scheme 4
B Health Canada Recall Definition - Seeking Clarification Canada Medical Device Regulations 5
J Calibration Recall - Lost Gages procedure example wanted General Measurement Device and Calibration Topics 4
B Do Software Upgrades Fall Under the Definition of Recall per SOR/98-202? Canada Medical Device Regulations 4
Q Open Medical Device Recall: Are there consequences? Other US Medical Device Regulations 1
R Testing a Product Recall Process IEC 27001 - Information Security Management Systems (ISMS) 8
D Class II Sterile Product Shelf Life Labeling - Should we do a recall? Nonconformance and Corrective Action 4
T FDA Requirements - Class 1 Exempt Medical Device Recall ISO 13485:2016 - Medical Device Quality Management Systems 2
Marc NHTSA calls for nationwide Takata airbag recall World News 1
S Korean Post Market Surveillance and Recall Regulations Other Medical Device Regulations World-Wide 3
B Japan Medical Device Recall Requirements Japan Medical Device Regulations 4
A Medical Device Recall Responsibilities between different Company Groups ISO 13485:2016 - Medical Device Quality Management Systems 3
S Dimensional Issues because of the last years FORD Recall Manufacturing and Related Processes 2
S Medical Device Product Recall per EU Requirements EU Medical Device Regulations 2
M Writing a Manufacturing Recall Procedure Document Control Systems, Procedures, Forms and Templates 3
L Medical Device Reporting vs Recall/Correction: What action to take? US Food and Drug Administration (FDA) 5
Ronen E Abbott Voluntary Recall of FreeStyle lnsulinx? Blood Glucose Meters Other Medical Device and Orthopedic Related Topics 0
W Calibration Recall or Due Dates - Latitude Calibration Frequency (Interval) 14
S New Draft FDA Guidance to distinguish b/w Recall and Product Enhancement & Reporting Other US Medical Device Regulations 15
G Gage Recall Analysis - Threaded Plug Gage has failed Calibration General Measurement Device and Calibration Topics 10
AnaMariaVR2 FDA hits China Plant - OTC DRUG Nationwide Recall US Food and Drug Administration (FDA) 2
M GM Cruze Recall - Seems that the Cruze can catch fire World News 6
Ronen E Nidek Medical Class I recall: Medical Mark5 Nuvo Lite Oxygen Concentrators Other US Medical Device Regulations 0
W How do you determine the initial recall date for instrumentation? General Measurement Device and Calibration Topics 1
D Recall, Safety Notice or Training? - Medical Device with two identical complaints 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 15
G How to conduct a Toy Recall (College Question) Customer and Company Specific Requirements 2
E What is a "Recall form in a Manufacturing Facility"? Quality Manager and Management Related Issues 6
D Outside the US Recall (in the EU) on a CE Marked Product - File it in the USA? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 3
E AS9100 Equipment Calibration Recall Methods and Requirements AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 5
S SFDA Regulation of Medical Device Recall (Interim) - MOH decree No. 82 China Medical Device Regulations 1
A Missing expiry date on Class II Medical Device - Recall/Not? What are EU Requirements EU Medical Device Regulations 2
A Medical Device Safety Alert equal to a Recall? Other US Medical Device Regulations 3
K Vigilance, MDR, Recall, Complaint Procedures - Can this all be one single procedure ISO 13485:2016 - Medical Device Quality Management Systems 3
N Recall Procedure example wanted Document Control Systems, Procedures, Forms and Templates 3
T Is Positive Recall for in-process Product allowed in AS9100 AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
Q General Medical Device Recall Flowchart wanted ISO 13485:2016 - Medical Device Quality Management Systems 3
M Definition Recall - Definition of AS9100 Section 7.6 F for Recall Definitions, Acronyms, Abbreviations and Interpretations Listed Alphabetically 15
K Product Recall and Withdrawal ? Example procedure wanted Food Safety - ISO 22000, HACCP (21 CFR 120) 7

Similar threads

Top Bottom