Examining the Regulators
Despite the strong action it took against Multidata, FDA watchers say the agency-one of the few empowered to regulate software in any fashion-still does not go far enough to insure the integrity of the computer programs that are the brains of medical devices. "Thinking the FDA is some sort of watchdog group is an exaggeration," says Bob Morton, a software-quality expert and a former head of the FDA unit in charge of radiation-therapy equipment.
The FDA approves medical devices under one of two mechanisms: premarket approval or premarket notification.
"The problem with human review is that its not infallible," says Jonathan Jacky, a radiation-oncology research scientist now working at Microsoft Research, Microsofts computer-science research organization. Humans, he says, "just might overlook something."
The FDA admits that it doesnt have the manpower to look at every line of code and "things do get missed," according to Timothy Ulatowski, director of compliance at the FDA unit that oversees medical devices.
Indeed, some bugs are even allowed in the software. According to FDA documents, a list of all bugs left in a system must be submitted, plus documentation that those bugs arent a safety concern.
The FDA also asks manufacturers to submit a schedule for when they plan to fix the bugs. None of the bugs, however, can be considered a safety issue. Multidata says it submitted its bug list to the FDA and that it fixed all bugs.
The FDAs task will only get more difficult as time goes on. While the number of medical devices approved has remained steady-roughly 4,000 products a year for each of the last five years-the devices and their software are becoming more pervasive and more complex. Already, about half the medical devices approved for market contain software, and FDA watchers expect that percentage to grow. "Each iteration of [a] device tends to put more software in," says Morton.
And, Morton says, "devices are being released before theyre ready." He wont name companies or products, citing confidentiality agreements, "but its true," he says.
The FDA, in its defense, maintains that its up to the task. If anyone wants to know how tough the FDA is, says Ulatowski, "ask Multidata." Next Page: Back in Panama.