The week of February 1, 2021, Lachman Consultants held their inaugural Medical Device Week: A Lachman Learning Experience™. The week combined blogs and a webinar that touched on several different topics involving AI and diagnostics, data governance, SDLC infrastructure, change control, cybersecurity, as well as organizational maturity. Despite the name of the week, many of the concepts that were covered over the course of the week clearly impact and are applicable to all FDA-regulated products, not just medical devices.

The first blog covered machine learning in diagnostics, which has been a very hot topic, particularly around software as a medical device (SaMD). This topic involves stakeholders that do not typically engage with the FDA (such as software engineers). In the recent past, FDA has been engaging with these stakeholders through a number of different venues, including public forums, workshops, and patient engagement meetings, as well as standards organizations. As a result of these innovations, FDA created the Digital Health Office, which compiled feedback from all stakeholders into an action plan to involve industry and the Agency on machine learning; FDA intends to publish draft guidance in 2021. In addition, FDA is committed to continuing to harmonize the Good Machine Learning Practice development to improve the use of machine learning. Companies that are seeking to position themselves for the future, by using Machine Learning to develop quality products, utilize real-world performance, identify manufacturing efficiencies, manage cyber security, or improve client engagement. They first need to ensure that their data governance and software development lifecycle processes are leveraging best practices to establish the foundation for the harmonized GMLP. Lachman Consultants can help establish GMLP processes within devices and diagnostics.

The second blog post covered an area near and dear to our hearts as consultants, data integrity, and data governance during a product life cycle. This means not only data generated during manufacturing operations, but also post-market data available on social media platforms, as well as information in health care systems’ Electronic Health Records. These myriad sources of data were certainly not even a twinkle in the eye of the creators of Enterprise Resource Planning systems, which were built to connect the financial and product data, and to monitor resources (both product and human) to support product inventory. Post-market data sources for monitoring can allow organizations to be smarter regarding product quality and continuous improvement. This means that ERP system implementations must address both fiscal integrity and drive Total Product Lifecycle by ensuring that implementation is not just a top-down approach to align with fiscal requirements but also a bottom-up approach to consider all device data needs. This will result in having better aligned data throughout the organization and with the ever-growing post‑market data. Data governance which aligns both top-to-bottom and bottom-to-top approaches is the foundation for both high quality data and organizational efficiencies and leads to better products with higher ROIs. Lachman Consultants has a great deal of experience in assessment of data governance policies, and we can certainly help guide you in this area.

The posts were broken up midweek by a webinar on “FDA Incentivizing: Organizational Maturity to Drive Product Quality” on February 3, 2021. It covered the programs put in place by both CDER and CDRH to drive industry to compete for quality and journey from compliance to quality. From regulatory relief to pilots evaluating mandatory programs, FDA is looking towards organizational excellence as the mechanism to improve patient safety while accelerating approvals. Organizational maturity is about establishing organizational clarity, transparency, and using data to make decisions from top to bottom and bottom to top. But often that is where it stops, and middle management scrambles to meet the measurable metrics as the staff at ground level are left sprinting to meet the SMART goals. Transparency allows leadership to have greater visibility into the operations at the lowest level. This is easier said than done, and why it is not just the model that is important, but the process to systematically build the infrastructure to have transparency. This infrastructure is based on data alignment, and a culture of engagement. Governance framework and enterprise architecture results in transparency which then allows leadership to make the right decisions at the right time. Facilitating the conversations across teams has a two-fold effect, it ensures the right bearing for the long-term trajectory and builds the innate understanding and staff alignment. The results are clarity of goals throughout the fabric of the organization, alignment to reap efficiencies, and better data to proactively yield improvements.

Software Development Lifecycle (SDLC) infrastructure was the subject of the third blog post during Medical Device Week. In today’s modern systems, Software Development Infrastructure platforms with collaboration features allow for stakeholders to virtually collaborate during the software lifecycle, beginning with user requirements, linking them with risk, allowing code to be linked to the detailed specification task activities, and enabling the presence of interdependencies. With modern SDIs, organizations need to define their procedures for collaboration, development, and test activities to ensure that the right stakeholders evaluate the right level of information at the right time. What is right for your organization? The answer is: It depends. The rate of software releases, the complexity of the code, and the ability to leverage the infrastructure to GMP applications are just some factors to consider. Lachman Consultants can help you determine what is right for your organization and help develop processes and procedures to be complaint and bring both the greatest efficiency and ROI.

Cybersecurity from bench to bedside and the rapid pace of product development was covered in the 4th blog. As regulated products move between operating systems, at times the cost to upgrade is too great and product upgrades are not smooth. Medical and combination products at times require significant code changes to update, and at times, devices using old OS are on the market for years in parallel with next generation products. These devices that run on old OSs are a cybersecurity risk, which may ultimately lead to a patient safety risk. In a clinical setting, hospitals can segment their networks so that the risk is minimized, but this results in no single master data file for any one patient. Add to the complexity of smart homes and the ubiquity of Wi-Fi and Bluetooth, and you can understand how Dick Cheney managed to turn off his pacemaker’s remote monitoring. In the medical device and combination product world, cybersecurity resilience is within the realm of the Quality Management System. Cybersecurity resilience should be evolved by adopting best practices across the disciplines of security management, business continuity management, and information technology operations management. Assessing a domain via a Cyber Resilience Review (CRR) will provide an organization with an understanding of its Maturity Indicator Level (MIL). Lachman Consultants can help you to conduct a CRR self-assessment so you, as an organizational leader, know where you stand regarding cyber resiliency.

The blogs and webinar were drafted and presented by Vizma Carver, a Senior Associate in the Compliance Practice, whose distinguished career includes the following: directing world-wide teams to develop first generation healthcare, biotech and national security solutions; leading the Department of Defense (DoD) Military Health System (MHS) technical stack integration, implementation and security of global longitudinal Electronic Medical Record and clinical registries (AHLTA), and Health Information Exchange system with the Veterans Health Affairs VistA System (CHDR, BHIE-AHLTA) and implementing clinical data security protocols to include LDAP Single-Sign on Security.