INTRODUCTION
Good morning, Mr. Chairman and Members of the Subcommittee. My
name is Dr. Thomas Shope. I am the Acting Director, Division of
Electronics and Computer Science, Office of Science and Technology,
Center for Devices and Radiological Health (CDRH), Food and Drug
Administration (FDA). Having previously testified before this
Subcommittee at the June 26, 1997, hearing, I am pleased to be here today
to provide information on the "Year 2000" date issue a s it relates to
medical devices. Although FDA has not received any information since the
previous hearing to indicate that there will be significant problems with
medical devices, I am here to assist the Subcommittee in its efforts to
examine the issue.
WHAT IS A MEDICAL DEVICE?
According to the definition in the Federal Food, Drug, and Cosmetic Act
(FD&C Act) , a "device" is:
an instrument, apparatus, implement, machine, contrivance, implant, in vitro
reagent, or other similar or related article, including any component, part or
accessory, which is intended for use in the diagnosis of disease or other
conditions, or in the cure, mitigation, treatment, or prevention of disease, in
man or other animals, or intended to affect the structure or any function of
the body and which does not achieve its primary intended purposes through
chemical action and which is not dependent upon being metabolized for the
achievement of its primary intended purposes.
As this definition suggests, many different types of products are properly
regulated as medical devices. Medical devices include over 100,000
products in more than 1,700 categories. These products regulated by FDA
as medical devices range from simple everyday articles, such as
thermometers, tongue depressors, and heating pads, to the more complex
devices, such as pacemakers, intrauterine devices, fetal stents, and kidney
dialysis machines.
FDA is responsible for protecting public health by helping to ensure that
medical devices are safe and effective. FDA carries out its mission by
evaluating new products before they are marketed; assuring quality control
in manufacture through inspection and enforcement activities; and
monitoring adverse events in already marketed products, taking action,
when necessary, to prevent injury or death. A device manufacturer must
comply with all the requirements of the FD&C Act, including:
establishment registration and device listing, premarket review, use of good
manufacturing practices (GMPs), reporting adverse events, and others.
As diverse as medical devices are, so are the range and complexity of
problems which can arise from their use. These problems include
mechanical failure, faulty design, poor manufacturing quality, adverse
effects of materials implanted in the body, improper
maintenance/specifications, user error, compromised sterility/shelf life, and
electromagnetic interference among devices.
Any computer software which meets the legal definition of a medical
device is subject to applicable FDA medical device regulations. Medical
devices which use computers or software can take several forms including:
embedded microchips which are part of, or components of, devices; non-embedded software
used with, or to control, devices or record data from
devices; or individual software programs which use or process patient data
to reach a diagnosis, aid in therapy, or track donors and products.
An issue which has been identified as warranting review is the impact of the
"Year 2000" on some medical device computer systems and software
applications. These products could be impacted by the "Year 2000" date
problem only if they use a date in their algorithm or calculations, or in
record keeping; and a two-digit year format was used in their design.
Manufacturers of such products are the only reliable source of information
as to the details of the methods used in the programming and whether these
two conditions are met. While we are in the process of reviewing this issue,
we do not currently believe that there will be any major impact on medical
device safety.
Embedded Software
Computer software frequently is embedded as a "component" of devices,
i.e., software contained on a microchip to control device operation.
Examples of such devices are: pacemakers, infusion pumps, ventilators, and
many others. It is unlikely that most of these products would be impacted
by the "Year 2000" - problem. Almost none of these devices require
knowledge of the current date to operate safely and effectively. For
example, pacemakers do not use the current date in their operation.
Non-embedded software is intended to be operated on a separate computer,
often a personal computer or work station. Such software devices may be
used to enhance the operation of another device or devices and, further,
may use the two-digit year format. It is possible that non-embedded
software devices may rely on the current date for proper operation and,
further, may use the two-digit year format. Such products might be affected
by the "Year 2000" date change.
An example of non-embedded software is a computer program used to plan
radiation therapy treatments delivered using radioactive isotopes as the
radiation source (teletherapy or brachytherapy). These treatments possibly
could be affected if the computer program used to calculate the radiation
dose parameters uses only a two-digit year representation. The calculation
of the length of time since the source was last calibrated could be in error
and thus lead to an incorrect treatment prescription.
Other examples of non-embedded software devices include: conversion of
pacemaker telemetry data; conversion, transmission, or storage of medical
images; off-line analysis of ECG data; digital analysis and graphical
presentation of ECG data; calculation of rate response for a cardiac
pacemaker; perfusion calculations for cardiopulmonary bypass; and
calculation of bone fracture risk from bone densitometry data. While there
is a chance that the two-digit format may affect the performance of these
software devices, we believe that the "Year 2000" risk will be mitigated
through proactively working with manufacturers.
Letter to Medical Device Manufacturers
In light of our review of the impact of the "Year 2000" on some medical
device computer systems and software applications, CDRH sent a letter in
July to 13,407 medical device manufacturers, 8322 domestic manufacturers
and 5,085 foreign manufacturers, to ensure that manufacturers address this
issue and review both embedded and non-embedded software products. We
reminded manufacturers that, in addition to potentially affecting the
functioning of some devices, the two-digit year format also could affect
computer-controlled design, production, or quality control processes. We
requested that the manufacturers review the software used to determine if
there is any risk.
CDRH recommended specific actions to ensure the continued safety and
effectiveness of these devices. For currently manufactured medical devices,
manufacturers should conduct hazard and safety analyses to determine
whether device performance could be affected by the "Year 2000" date
change. If these analyses show that device safety-or effectiveness could be
affected, then appropriate steps should be taken to correct current
production and to assist customers who have purchased such devices. For
computer-controlled design production, and quality control processes,
manufacturers should assure that two-digit date formats or computations do
not cause problems beginning January 1, 2000.
In our letter to industry, we reminded manufacturers that under the GMP
regulation and the current Quality System Regulation (which became
effective June 1 and incorporates a set of checks and balances in
manufacturers' design processes to assure a safe, effective finished product),
they must investigate and correct problems with medical devices. This
includes devices which fail to operate according to their specifications
because of inaccurate date recording and/or calculations.
As a result of our letter, we expect manufacturers who identify products
which have a date-related problem which can pose a significant risk to the
patient to take the necessary action to remedy the problem. This might
include notification of device purchasers so that their device can be
appropriately modified before the "Year 2000." Manufacturers who
discover a significant risk presented by a date problem are required to
notify CDRH and take appropriate action. Again, we do not anticipate any
significant problems with individual medical devices, however, we want to
ensure the-continued safety and effectiveness of these devices.
For future medical device premarket submissions, manufacturers of devices
whose safe operation could be affected by the "Year 2000" date change will
be required to demonstrate that the products can perform date recording and
computations properly, i.e., "Year 2000" compliant.
CONCLUSION
Thank you, Mr. Chairman, for the opportunity to tell you about the issue of
"Year 2000" and medical devices. Let me assure you, we at FDA take this
issue very seriously as we do all problems which could affect the public
health. We are committed to a scientifically sound regulatory environment
which will provide Americans with the best medical care. In the public
interest, the FDA's commitment to industry must be coupled with a
reciprocal commitment: that medical device firms will meet high standards
in the design, manufacture, and evaluation of their products. We recognize
that this can only be attained through a collaborative effort -- between FDA
and industry -- grounded in mutual respect and responsibility. The
protections afforded the American consumer, and the benefits provided the
medical device industry, cannot be underestimated.