Four Examples of SiMD IV&V Gone Wrong
When we go to a hospital or doctor’s office to be treated, we know that sometimes things might not go perfectly. Typically, we worry about the human elements. What happens if I don’t respond to the prescription my doctor gives me? What if a mistake during a routine surgery leaves me injured?
However, one all-too-real possibility is the device being used to perform life-saving treatment fails when you need it most. As medical devices grow more complex, so too does the software that drives them. While FDA medical device regulations are among the strictest in the world, devices can still get to market with hidden problems that have potential to cause great harm if not found quickly.
When they do, they are subject to a recall—a costly endeavor that sometimes requires all devices to be repaired and replaced. According to McKinsey & Company, “non-routine quality events” cost the medical device industry an average of $2.5-$5 billion per year, with an average of one major quality event per year that results in a 13% stock price drop across the industry. It’s a big problem, and it isn’t going away any time soon. Medical devices recalls hit a two year high in Q2 of this year, with safety and software issues the leading concerns.
One way the FDA prevents this is through mandating Independent Verification & Validation (IV&V) for all Class II and Class III devices. Essentially, IV&V is a 3rd party running tests and producing documentation to show regulators that the product will perform as intended. While this process helps catch most problems before they occur in the field, sometimes things slip through the cracks.
There are two main categories of medical device software: Software as a Medical Device (SaMD) and Software in a Medical Device (SiMD), also referred to as embedded software. As the applications and testing procedures for these categories are slightly different, for the purposes of our discussion let’s focus on SiMD.
Four Examples of SiMD IV&V Gone Wrong
SpaceLabs’ Arkon anesthesia delivery system
Trouble started with the system as early as 2013, when reports began to trickle in claiming that the system would, without warning, enter a “failure state” that would render the device inoperable—even if the device was in use. This was a serious concern, as it required intervention to manually deliver oxygen and gas to the patient, potentially causing Hypoxemia and death in severe instances.
In 2014, the FDA issued a class one recall of the device, mandating a software update to solve the issue and strongly advising against its use until doing so. Sixteen units were affected by this action.
Unfortunately, the root cause of the issue was never truly addressed, and the FDA was forced to issue another recall of the device in 2017—this one larger in scope, with 110 units requiring immediate upgrades.
Despite all the time and money spent developing this device, SpaceLabs was ultimately forced to discontinue the production and sale of the entire product line in 2019, facing additional recalls in other countries such as Canada. Devices still in the field will cease to be supported sometime in 2026.
While we’ll never know what exact issues caused this device to ultimately fail, had it been caught early on in the development phase instead of in the field, it may have been able to keep the product on the market.
Vyaire Medical Bellavista 1000/1000e Series Ventilators
During the COVID-19 pandemic, ventilators made international news, drawing attention to their life-saving ability to provide oxygen to those unable to breathe on their own.
But what if one of those ventilators were to fail, causing the patient to suddenly need to take an unassisted breath? That’s exactly what happened with Vyaire Medical Bellavista’s 1000/1000e Series Ventilators.
With pressure on ventilator manufacturers to increase production and optimize their systems, a software update intended to make the system safer had the opposite effect. After installing software version 6.0.1600.0, a memory conflict would occur when setting the data communication to a specific port, triggering an alarm and causing the device to malfunction.
While there were thankfully no fatalities from this incident, it was still one of the more serious events in recent years with 18 complaints and seven injuries.
The adverse reaction of the existing device to the software update hammers home the need for thorough IV&V that treats an upgraded device as a brand new one, subject to the same rigorous testing procedures that ensure the device will function when it matters most.
Covidien Puritan Bennett 840 Series Ventilator
In December of 2013, this ventilator was recalled due to a software issue that would trigger a diagnostic code, ceasing all function and triggering a safety alarm. Because ventilators are typically only used for patients that can’t breathe on their own, this issue was obviously taken seriously, given another Class 1 designation by the FDA.
While this issue was fixed relatively quickly, the device has been recalled multiple times in the years following for various problems, even after the 2015 acquisition of Covidien by Medtronic. It is still on the market today, deployed in hospitals and care centers around the world.
So what went wrong? Based on publicly available information, it seems like a software issue that thorough unit testing would have caught during IV&V.
Medtronic Synergy Cranial Software and Stealth Station S7 Cranial Software
Another repeat offender was Medtronic’s neurosurgery navigation tool. The Synergy Cranial Software and Stealth Station system allows surgeons to navigate complex procedures with precision by providing 3D images of a patient’s brain to clearly identify anatomical structures and surgical tools.
In 2018, reports began to surface of the navigational software not aligning correctly, causing potential for serious harm. Neurosurgeons using the software as a guide would see that their tool had not yet reached its intended target, when in reality it had. When this occurs, the surgeon could potentially insert the tool too deeply and damage the brain.
5,487 devices were recalled in 2019, with an additional 943 devices recalled due to a similar issue in 2021. Despite initially receiving regulatory approval, this type of software error likely could have been avoided through more diligent unit testing that accounted for all potential variables.
How can I avoid a recall?
A common thread throughout these events was that each situation resulted from a software testing plan that wasn’t designed or executed properly. It shows that the FDA and other regulators aren’t perfect, and that regulatory approval does not equal a device is 100% safe from causing harm and exposing manufacturers to liability.
The best way to avoid being on a list like this is to build Independent Verification & Validation into your product launch strategy from the very beginning. Understanding the limitations of safety-critical applications can help structure your product development in a way that is safe, sustainable, and profitable.
© 2019 by General Digital Corporation. All Rights Reserved