The FDA’s database for medical device recalls has a search function that includes a pull-down menu for the root cause of the recall. These root causes correspond to the single “FDA Determined Cause” on each recall notice. There are six different entries on the menu that use the word software. These are (in the order as listed) Software Design Change, Software Manufacturing/Software Development, Software Change Control, Software Design, Software Design (Manufacturing Process), and Software in the Use Environment. Each recall found for each of these six reasons uses only of them, suggesting that they are distinct and mutually exclusive both in their meaning and as causes. I could not find any explanation of these six terms and how they are distinguished from each other, and an inquiry to FDA on this was not answered.
In 2017 there were 11 recalls which the FDA identified as caused by Software Design Change. Although not clear in most of the listed recalls, this category presumably means that at some point the software did not produce the problem that resulted in the recall, but that a subsequent change in the software created the problem. Alternatively, the change might have home come before the product was released.
There were seven recalls for Software Manufacturing/Software Deployment, five from one company for the same issue in different products, and two others. Software Change Control was the given reason for three recalls, but in none of these was it obvious that the problem arose from a change.
Software Design was the reason given for 154 recalls, with some of these pertaining to closely related problems from the same manufacturer. Among these recalls it was reported that the manufacturer’s communication to customers had a variety of names including Urgent Medical Device Correction, Urgent Field Safety Notice, Urgent—Field Safety Notice Medical Device Correction, Field Correction Notice, Field Safety Notice, Customer Safety Advisory Notice, Important Medical Device Advisory, Medical Device Safety Notification Letter, Important Medical Device Information, Advisory Notice, Urgent Important Safety Notification, and Urgent Medical Device Recall This diversity of communication titles likely does not enhance user recognition and processing of these notifications. It also seems to be inconsistent with an FDA recall guidance document that states that letters should be “conspicuously marked, preferably in bold red type, on the letter and the envelope: “medical device recall [or correction].” In one case it was reported in the recall notice that, “There will be no communication to the customer. Notification shall only go to the <product name> Product Specialist and Branch Managers as this action is not a customer facing issue.” Or, in other words, there is something wrong with the product, but we won’t be telling the customer what it is.
The category of Software Design (Manufacturing Process) was identified in eight recalls. Most of these had no clear association with manufacturing. However, one recall noted that, “Devices were incorrectly programmed during manufacturing.” With regard to three recalls from one manufacturer in this category, I learned the term “hot fix,” which has interesting definitions elsewhere associated with being quickly completed and correspondingly not thoroughly tested.
The final cause category of Software in the Use Environment had 12 recalls. With the level of detail provided in the FDA recall notices, it is not possible to tell why these were designated as “use environment” while those in other categories were not, or why the recalls here were not categorized in one of the other subgroups.
The recall database also has a function for quick searches. Entering “software” in this box yielded only 32 recalls rather than the 193 tallied above. The FDA Determined Cause for many of these recalls were curious in that they did not use any of the software terms discussed above. The causes that were used included Unknown/Undetermined, Device Design, Radiation Control for Health and Safety Act, Component Change Control, and Process Design. The Unknown category also introduced another notification term: Cybersecurity Advisory. This recall also illustrated the occasional delay between action by the manufacturer and the FDA. The advisory letter was dated Aug. 28, 2017 while the recall notice had a “create date” of Dec. 28, 2017. Other recalls did use three of the six software-related terms addressed above. One might have expected that a general word search using “software” would yield all of the 193 recalls found using the six specific software categories, plus perhaps some others that had been categorized in other ways but included software issues. This expectation was not met.
Categorization of the causes of software related recalls can be useful in determining what issues in software design, testing and change deserve greater attention. Being able to effectively search a database for software-related recalls using meaningful categories would enable this purpose. But having six different software-related categories without a public definition set does not enhance this goal, nor does a word search function that clearly fails to deliver.
William Hyman, ScD, is an adjunct professor of biomedical engineering at The Cooper Union and a consultant in New York. He is also a professor emeritus of biomedical engineering at Texas A&M University.