FDA Pre-Submission Cover Letter



Similar documents
Tidepool FDA Pre-submission Draft Meeting Minutes

Tidepool Informational Pre-submission Meeting

CLOUDFOUNDRY.ORG FOUNDATION SOFTWARE GRANT AND CORPORATE CONTRIBUTOR LICENSE AGREEMENT ( AGREEMENT )

Intel Corporation Software Grant and Corporate Contributor License Agreement ("Agreement")

Breakout Sessions: FDA s Regulation of Mobile Health and Medical Applications

BMC Remedy Action Request System 7.0 Open Source License Agreements

THE P4 LANGUAGE CONSORTIUM MEMBERSHIP AGREEMENT

Thank you for your interest in contributing to GENIVI Alliance ("We" or "Us").

Guidance for Industry

Regulation of Mobile Medical Apps

CONTRIBUTION AGREEMENT VERSION 1.1

Medical Device Data Systems, Medical Image Storage Devices, and Medical Image Communications Devices

Developing a Mobile Medical App? How to determine if it is a medical device and get it cleared by the US FDA

Boost Libraries Boost Software License Version 1.0

Mayfair EULA for Journal Office

EVALUATION OF AUTOMATIC CLASS III DESIGNATION FOR STUDIO on the Cloud Data Management Software DECISION SUMMARY

Open Source Used In Cisco IronPort Encryption SDK

User Agreement. Quality. Value. Efficiency.

Risk based 12/1/2015. Digital Health Bakul Patel Associate Director for Digital Health Office of Center Director.

Guidance for Industry

Open Source Software used in the product

MTConnect Institute Public Comment and Evaluation License Agreement

Oracle Endeca Information Discovery Integrator

ACOT WEBSITE PRIVACY POLICY

RTI Monitor. Release Notes

END USER USER-SUBJECT-TO- QUALIFICATION SOFTWARE LICENSE AGREEMENT

1.1 Certain software, known as SOFTWARE, was developed at STANFORD with grant support from the U.S. Government.

Services Agreement between Client and Provider

The KPMG-NL Big Data team 16 March 2015

Mobile Medical Applications

Medical Device Software

This is a legal agreement ("Agreement") between the undersigned (either an individual or an entity)

Use of Electronic Health Record Data in Clinical Investigations

WEBSITE TERMS & CONDITIONS. Last updated March 27, 2015

Mobile Medical Application Development: FDA Regulation

Development Process. Simon Cockayne Misc Track

PERFORCE End User License Agreement for Open Source Software Development

ENHANCED HOST CONTROLLER INTERFACE SPECIFICATION FOR UNIVERSAL SERIAL BUS (USB) ADOPTERS AGREEMENT

Adapting Agile Software Development to Regulated Industry. Paul Buckley Section 706 Section Event June 16, 2015

Terms of Use. Please read these terms and conditions before using this Site. By continuing to use this Site, you agree to the Terms of Use.

PLANTTOGETHER REFERRAL PARTNER AGREEMENT. Updated: January 1, 2015

READ THIS AGREEMENT CAREFULLY.

INTEL SOFTWARE LICENSE AGREEMENT (OEM / IHV / ISV Distribution & Single User)

Open Source Used In Cisco D9865 Satellite Receiver Software Version 2.20

NON-COMMERCIAL LICENSE AGREEMENT BETWEEN THE REGENTS OF THE UNIVERSITY OF CALIFORNIA AND LICENSEE

Product Lifecycle Management in the Medical Device Industry. An Oracle White Paper Updated January 2008

Open Source in the Real World: Beyond the Rhetoric

END USER LICENSE AGREEMENT ( EULA )

Guidance for Industry Computerized Systems Used in Clinical Investigations

AgaMatrucx. NV2 21 Salem, NH oz (k) Sumnmary

Realex Payments Gateway Extension with 3D Secure for Magento. User Guide to Installation and Configuration. StudioForty9

ZIMPERIUM, INC. END USER LICENSE TERMS

Open Source Used In LDSF 1.7.2

Individual Contribution License Agreement Strategy. Mark Radcliffe DLA Piper Silicon Valley Office

AMERICAN INSTITUTES FOR RESEARCH OPEN SOURCE SOFTWARE LICENSE

Electronic Document and Record Compliance for the Life Sciences

INTEL SOFTWARE LICENSE AGREEMENT

An Introduction to Open Source Software and Licensing

Infoset builds software and services to advantage business operations and improve patient s life

Mobile Medical Applications: FDA s Final Guidance. M. Elizabeth Bierman Anthony T. Pavel Morgan, Lewis & Bockius, LLP

Web Site Development Agreement

Provider secure web portal & Member Care Information portal Registration Form

Mobile Banking and Mobile Deposit Terms & Conditions

Adobe Connect Add-in for Microsoft Outlook Third Party Software Notices and/or Additional Terms and Conditions

Apache Software Foundation This product includes software developed by the Apache Software Foundation (

Testing in a Medical Device Context Limitations are few

Third Party Terms. Third Party License(s) of Terracotta Ehcache Opensource (TOE) Version :00

Covered California. Terms and Conditions of Use

RSA Two Factor Authentication

Terms of Use The Human Face of Big Data Website

Which Apps Does FDA Regulate?

Contains Nonbinding Recommendations

Fulfilling HIPAA Compliance by Eliminating

CLOUD TECH SOLUTION AT INTEL INFORMATION TECHNOLOGY ICApp Platform as a Service

Templates. FDA Mobile Medical App Regulations. Your own sub headline This is an example text. Your Logo

CITRIX SYSTEMS, INC. SOFTWARE LICENSE AGREEMENT

FDA Perspective on Closed-Loop Studies

How To Use Adobe Software

Medical Device Data Systems, Medical Image Storage Devices, and Medical Image

Shiny Server Pro: Regulatory Compliance and Validation Issues

4. ACCESS TO THE SITE

PLEASE CAREFULLY REVIEW THESE TERMS AND CONDITIONS BEFORE PROCEEDING:

Learning Management System Evaluation Guide

USB 3.0 ADOPTERS AGREEMENT

The Impact of 21 CFR Part 11 on Product Development

Intland s Medical Template

Open Source Used In Cisco TelePresence TC Console TC7.1

Open Source Used In Cisco Instant Connect for ios Devices 4.9(1)

erecording Best Practices for Recorders

WI-FI ALLIANCE INTELLECTUAL PROPERTY RIGHTS POLICY

Certified ScrumMaster (CSM) Content Outline and Learning Objectives January 2012

STANFORD BUSINESS SOFTWARE, INC. MINOS TM 5.5 ORDER FORM (GOVERNMENT)

21 CFR Part 11 Implementation Spectrum ES

C-DAC Medical Informatics Software Development Kit End User License Agreement

Open Source Used In Cisco WebEx Media Server 1.5

RSA Two Factor Authentication. Feature Description

purchased and is using the Products including the online classroom ("Customer" or "You") and the individuals accessing the Products ("End Users").

Open Source Used In T28.12CP2 Client Component (Chat, Poll, QA, FT, FB, Notes, RP)

RockWare Click-Wrap Software License Agreement ( License )

AGREEMENT AND TERMS OF USE

Transcription:

3 physical copies and 1 ecopy to: U.S. Food and Drug Administration Center for Devices and Radiological Health Document Control Center WO66 G609 10903 New Hampshire Avenue Silver Spring, MD 20993 0002 Attention: Stayce Beck, CDRH Courtney Lias, CDRH Bakul Patel, CDRH FDA Pre-Submission Cover Letter Q Sub Type: Pre Submission Tidepool will share current product development plans. We look forward to feedback from the FDA. Mailing address: Tidepool Project 555 Bryant St. #429 Palo Alto, CA 94301 Primary Contact: Howard Look, President and CEO, Founder Email: howard@tidepool.org Cell: (redacted from public web copy) Ecopy Statement: The ecopy is an exact duplicate of the paper copy. Contents: 001_Tidepool_FDA_Pre Submission_2014 09.pdf (Howard Look signature redacted from public web copy) Name of Devices (software applications): Blip, TIdepool Uploader, Nutshell, Tidepool Platform Tidepool FDA Pre submission, September 2014 Page 1

Table of Contents Proposed Agenda for the October 14, 2014 Informational Meeting 20 minutes: Live demo of Blip and Nutshell, brief description of the Tidepool Uploader and Tidepool Platform 40 minutes: Discussion about Tidepool s regulatory pathway Overview of Tidepool Mission, open source, non profit Tidepool Product Descriptions and Live Demonstrations Blip (please also see http://vimeo.com/95307245) Tidepool Uploader Nutshell Tidepool Platform Proposed Intended Use Disease State: Insulin dependent diabetes Over the counter Overview of Product Development Timeline Development practices Specific Questions Treatment of Blip, the Tidepool Uploader, and Nutshell under MDDS Establishment of a Master File for the Tidepool Platform Reading Diabetes Device Data via Published Protocols and Reverse Engineered Protocols Method for Feedback In person meeting, scheduled for October 14, 2014. Tidepool attendees: Howard Look, President and CEO Brandon Arbiter, VP of Product and Business Development Kent Quirk, VP of Engineering Follow up feedback Please send email to howard@tidepool.org, brandon@tidepool.org, kent@tidepool.org We are happy to schedule follow up phone calls or video conferences Appendix A: Tidepool s Volunteer/Contributor License Agreement Tidepool FDA Pre submission, September 2014 Page 2

Overview of Tidepool Tidepool is an open source, non profit entity with 501(c)(3) status. Our mission is to reduce the burden of managing diabetes through software technology, and our initial focus is on type 1 diabetes (T1D). Tidepool is a small startup. We have nine employees located around the world. Six of our employees have T1D and two have family members with T1D. Product Descriptions Blip is a web application that displays consolidated, retrospective data from diabetes devices. These devices may include insulin pumps, continuous glucose monitors (CGM) and blood glucose meters (BGM). Notes can also be entered using the Blip web interface or an accompanying mobile web application. Figure 1: Blip Tidepool FDA Pre submission, September 2014 Page 3

The Tidepool Uploader is a software application that connects to diabetes devices through a computer, reads the device data, and uploads that data to the secure, cloud hosted Tidepool Platform back end. Figure 2: Tidepool Uploader concept wireframe Tidepool FDA Pre submission, September 2014 Page 4

Nutshell is a mobile application that makes it easy to keep track of meals eaten. Retrospective data from diabetes devices is displayed along with contextual information about the meal (meal name, location and time eaten). Figure 3: Nutshell The Tidepool Platform is a secure, HIPAA compliant, cloud back end for hosting diabetes device data and related contextual information. Software applications use RESTful API endpoints to transfer, store and retrieve data. The Tidepool Platform is designed to allow an ecosystem of applications that can share the same data if the user authorizes them to do so. The platform is also architected to keep device data separate from personal identifying information (PII), enabling an anonymized research database. The Tidepool Platform mitigates risk around the provenance and validity of data. Specifically, all data that passes through the platform is versioned and given a cryptographic digital signature. Tidepool FDA Pre submission, September 2014 Page 5

This enables data validation checks and establishes a audit trail for changes to the data. For more technical detail, please see this document. Of other potential interest to the FDA: The Tidepool Platform will be a excellent mechanism to store and analyze closed loop artificial pancreas system data, enabling ongoing research including pre and post market safety and efficacy studies. Proposed Intended Use Tidepool s current products, Blip, the Tidepool Uploader and Nutshell, are intended to be used by people with insulin dependent diabetes to assist in accessing and reviewing their therapy data. Tidepool s products collect and display information gathered from diabetes devices such as insulin pumps, CGMs and BGMs. The products also collect and display contextual information entered through the software or gathered from other sources like fitness monitors and other mobile and web applications. Tidepool s products are also intended to be used by caregivers (e.g., doctors, nurses, certified diabetes educators, clinic staff) as well as by other people to whom the people with diabetes would like to share their device and contextual data (e.g., a parent, friend, teacher or school nurse). Tidepool intends to distribute its applications freely to consumers over web and mobile channels. Overview of Product Development Timeline Tidepool began its development efforts in earnest in July, 2013 with the development of Blip and the Tidepool Platform. Tidepool has also developed prototypes of Nutshell as well as other applications based on the Tidepool Platform. In May, 2014, UCSF began an IRB approved pilot study of Blip. This study is primarily a usability and feasibility study, looking at patient and provider use of Blip. As of September 11, 2014, the study has enrolled 30 out of 48 patients. Tidepool is in discussions with other clinical centers that desire to test Tidepool s software, notably: Joslin Diabetes Center, which hopes to study the use of Nutshell. Stanford Children s Health, which hopes to study the use of the Tidepool Uploader and Blip. UCSF, which hopes to conduct a follow on study on provider use of Blip and the Tidepool Uploader. Pending further discussions with the FDA about our regulatory pathway and filing requirements, Tidepool FDA Pre submission, September 2014 Page 6

Tidepool s goal is to have Blip available for distribution by the end of calendar year 2014. Development Practices Highlights Here is a brief overview of Tidepool s software development practices. Tidepool is actively engaged with multiple FDA consultants and others experienced in the implementation of 21 CFR 820. We are guided by the principles outlined in AAMI TIR45. Open source code: Tidepool's product development is conducted as a series of open source, open development projects. Our source code, development practices and architecture documentation are all available for inspection and contribution at github.com/tidepool org and developer.tidepool.io. Tidepool reviews and maintains governance over all contributed code. Agile: Tidepool uses an agile development methodology based on Scrum. We follow Scrum best practices by maintaining backlogs and burndown charts and by engaging in sprints, daily standups, and regular retrospectives that engender continuous improvement and accountability. Requirements Traceability: Tidepool uses Trello as our mechanism for tracing requirements from concept through to implementation, testing and delivery. Verification and Validation: Tidepool uses a combination of manual ( black box ) and automated ( white box ) testing to perform verification and validation. Human Factors: Tidepool makes extensive use of formative evaluation for human factors and usability. We perform in person visits with pilot test users and actively respond to ongoing feedback through our support channel. Data validity, authenticity, and provenance: The Tidepool Platform is architected to mitigate risk around the provenance and validity of data. All data that passes through the platform is versioned and given a cryptographically secure identifier. This enables data validation checks and an audit trail to be established. For more technical detail, please see this document. Tidepool FDA Pre submission, September 2014 Page 7

Specific Questions Blip In reading MMA and the Draft MDDS guidance in detail, it would seem that Blip falls under enforcement discretion: Blip does not make treatment recommendations or perform patient specific analysis or alter previously prescribed therapy. Blip is not used for diagnosis. Blip is intended to be used retrospectively, not for real time or active patient monitoring. Blip is not intended to replace or discourage seeking medical treatment; in fact, Blip makes it easier for patients to engage with their health care providers to retrospectively review their diabetes data. This MMA enforcement discretion example also seems to describe Blip well: Mobile apps that allow a user to collect, log, track and trend data such as blood glucose, blood pressure, heart rate, weight or other data from a device to eventually share with a health care provider, or upload it to an online (cloud) database, personal or electronic health record. [Added June 11, 2014]. The Tidepool Uploader reads retrospective data from insulin pumps, continuous glucose monitors, and blood glucose meters. With regard to MDDS, it would appear that we would also fall under enforcement discretion under the new draft guidance: The platform does not modify the data, and it does not control the functions nor parameters of any of the devices from which it reads. The new guidance removes the diabetes carve out. Specific questions: Will Blip fall under MMA and MDDS enforcement discretion? Will Nutshell fall under MMA and MDDS enforcement discretion? Will the Tidepool Uploader fall under MMA and MDDS enforcement discretion? Assuming the only near term applications to make use of it are Blip and Nutshell, will the Tidepool Platform fall under MMA and MDDS enforcement discretion? Tidepool Platform Master File We expect that there will be future applications built upon the Tidepool Platform that will not fall under enforcement discretion. In the past, we ve been given verbal guidance that the best mechanism to enable that will be for Tidepool to establish a Master File with the FDA. Specific questions: Is establishing a Master File for the Tidepool Platform still the best course of action? Given the iterative nature of Tidepool s software development process, what is the best Tidepool FDA Pre submission, September 2014 Page 8

mechanism for keeping that Master File up to date? At its core, the Tidepool Platform is simply a cloud based database storage mechanism that exposes application programming interfaces (APIs) for storing and retrieving diabetes related data. Assuming that the Tidepool Platform is established via Master File, does Tidepool bear additional responsibility to ensure that other third party application developers or device makers are using it in a way consistent with FDA regulations? Or is that the responsibility of the third party? Device Protocols Wherever possible, Tidepool is taking the approach of getting official protocol specifications from device manufacturers. For example, we have done this with Dexcom, Insulet and Asante Solutions. In other cases, the Tidepool application imports data that was exported from existing software management solutions like Medtronic CareLink and Diasend, consistent with these services intended use to enable further evaluation of the data by the patient. Specific questions: To date, not all device makers have been willing to publish their device data protocols. In some cases, we are able to use reverse engineering of the device protocol that enables the Tidepool Uploader to read the device data. We find that this can provide a more accurate representation of the protocol since it characterizes actual operation of the device. If we are able to show through empirical testing that the data we retrieve from the device is accurate, are their any other concerns or risks that we should be aware of from the FDA s perspective? Engaging with Volunteer Contributors and Testers As a non profit organization and an open source project, we have both paid employees and volunteer contributors. Although Tidepool currently has nine full time employees, we also engage the services of outside volunteer contributors in many areas: Software development User interface design Usability and human factors design and testing Quality assurance (verification and validation) Tidepool has begun having all volunteers agree to a Volunteer/Contributor License Agreement (VCLA, attached, and also found here). Since our software is still under development, we've made it very clear to all volunteers that software under test is not to be used for therapy changes or medical decision making. Specifically, the VCLA says: Tidepool FDA Pre submission, September 2014 Page 9

8. No use of unregulated products for therapy adjustment or medical decision making. I acknowledge that through this relationship, I may perform testing of and/or provide feedback for diabetes management software that is not currently approved for use by any regulatory agency. As such, I agree that I will not use pre release Tidepool software to inform, influence, or direct any therapy adjustments or medical decision making in any way. Specific question: Does the FDA have any feedback about this approach? Tidepool FDA Pre submission, September 2014 Page 10

Introduction APPENDIX A: TIDEPOOL PROJECT, A CALIFORNIA NON-PROFIT CORPORATION VOLUNTEER/CONTRIBUTOR LICENSE AGREEMENT Thank you for your interest in the projects being administered by Tidepool Project ( Tidepool ). The form of license below is a document that clarifies the terms under which You, the person listed below, may contribute software source code, documentation, project management, product management, testing, graphic design, user interface design or other software-related services (the Contributions ) to the project. We appreciate your participation in our project, and your help in improving our products, so we want you to understand what will be done with the contributions that you make. This license is for your protection as well as the protection of Tidepool and its licensees; it does not change your rights to use your own contributions for any other purpose. This agreement also makes it clear that you may be contributing, using, or testing software that may be regulated by the FDA or other regulatory agency. With this agreement, you agree that you will not use pre-release Tidepool software to inform, influence, or direct any therapy adjustments or medical decision making in any way. Please complete the following information about you and the Contributions, and either: a) sign, scan and email it to legal@tidepool.org, or, b) sign and mail a hard copy to Tidepool Project, 555 Bryant St. #429, Palo Alto, CA 94301, or c) if you are an an individual, and your employer is not in the business of developing software or medical technology, or otherwise may not claim rights in the Contributions, you may send the following text as an email to legal@tidepool.org, or as a comment with your GitHub pull request: I agree to the terms of Tidepool Project s Volunteer/Contributor License Agreement as it exists at http://tidepool-org.github.io/tidepoolvcla.pdf on <TODAY S DATE>. If you have questions about these terms, please contact us at legal@tidepool.org. Agreement This agreement is between ( You ) and Tidepool Project ( Tidepool ). You and Tidepool agree: 1. You grant us the ability to use the Contributions in any way. You hereby grant to Tidepool a non-exclusive, irrevocable, worldwide, royalty-free, sub-licenseable, transferable license under all of Your relevant intellectual property rights (including copyright, patent, and any other rights), to use, copy, prepare derivative works of, distribute and publicly perform and Tidepool FDA Pre submission, September 2014 Page 11

display the Contributions on any licensing terms, including without limitation: (a) open source licenses like the GNU General Public License (GPL), the GNU Lesser General Public License (LGPL), the Common Public License, the Berkeley Science Division license (BSD) or the Tidepool Open Access to Health Data License; and (b) binary, proprietary, or commercial licenses. 2. Grant of Patent License. You hereby grant to Tidepool a worldwide, non-exclusive, royalty-free, irrevocable, license, under any rights you may have, now or in the future, in any patents or patent applications, to make, have made, use, offer to sell, sell, and import products containing the Contribution or portions of the Contribution. This license extends to patent claims that are infringed by the Contribution alone or by combination of the Contribution with other inventions. 3. Limitations on Licenses. The licenses granted in this Agreement will continue for the duration of the applicable patent or intellectual property right under which such license is granted. The licenses granted in this Agreement will include the right to grant and authorize sublicenses, so long as the sublicenses are within the scope of the licenses granted in this Agreement. Except for the licenses granted herein, You reserve all right, title, and interest in and to the Contribution. 4. You are able to grant us these rights. You represent that You are legally entitled to grant the above license. If Your employer has rights to intellectual property that You create, You represent that You have received permission to make the Contributions on behalf of that employer, or that Your employer has waived such rights for the Contributions. 5. The Contributions are your original work. You represent that the Contributions are Your original works of authorship, and to Your knowledge, no other person claims, or has the right to claim, any right in any invention or patent related to the Contributions. You also represent that You are not legally obligated, whether by entering into an agreement or otherwise, in any way that conflicts with the terms of this license. For example, if you have signed an agreement requiring you to assign the intellectual property rights in the Contributions to an employer or customer, that would conflict with the terms of this license. 6. We determine the code and other works that are in our products. You understand that the decision to include the Contribution in any product or source repository is entirely that of Tidepool, and this agreement does not guarantee that the Contributions will be included in any product. 7. No Implied Warranties. Tidepool acknowledges that, except as explicitly described in this Agreement, the Contribution is provided on an AS IS BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OR CONDITIONS OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY, OR FITNESS FOR A PARTICULAR PURPOSE. Tidepool FDA Pre submission, September 2014 Page 12

8. No use of unregulated products for therapy adjustment or medical decision making. I acknowledge that through this relationship, I may perform testing of and/or provide feedback for diabetes management software that is not currently approved for use by any regulatory agency. As such, I agree that I will not use pre-release Tidepool software to inform, influence, or direct any therapy adjustments or medical decision making in any way. Please sign: Date: Full name: E-Mail: Mailing Address: Telephone: Fax: Country: If you are employed as a software engineer, or if your employer is in the business of developing software or medical technology, or otherwise may claim rights in the Contributions, please provide information about your employer s policy on contributing to open source projects, including the name of the supervisor to contact in connection with such contributions: Tidepool FDA Pre submission, September 2014 Page 13

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information