R-TF-007-003 Periodic Safety Update Report (PSUR) 2023_001
Table of contents
General information
| Description | |
|---|---|
| Legal manufacturer name | AI Labs Group S.L. |
| Trademark | Legit.Health |
| Medical device(s) covered by this PSUR | Legit.Health Plus |
| Notified body name and organization number | BSI number 2797 |
| PSUR reference number assigned by the manufacturer | 2023_001 |
| Version number of the PSUR | Check the version in the GitHub document history |
| Data collection period covered | 01/2021-09/2023 |
Executive summary
As we prepare for the imminent market introduction of our device, we establish a robust foundation of safety and quality assurance that aligns with our commitment to excellence and patient well-being.
This Periodic Safety Update Report (PSUR) has been compiled to provide a comprehensive overview of the safety and performance of our software medical device.
The data presented in this report has been meticulously collected and analysed, ensuring a thorough evaluation of the previous generation of our software medical device. The Corrective and Preventive Actions (CAPA) section provides a comprehensive overview of the actions taken to address any issues, demonstrating our commitment to continuous improvement and adherence to quality standards.
The Post-Market Surveillance (PMS) data, including information on serious incidents, Field Safety Corrective Actions (FSCA), and trend reports, further attest to the robustness of our safety and performance monitoring systems. No serious incidents or FSCAs were reported, indicating a satisfactory safety profile for the previous device generation.
Utilization of previous generation data
Given that the device has not yet been introduced to the market, this PSUR predominantly relies on data from the previous generation of the device, which has demonstrated a commendable safety and performance record. By meticulously analyzing this historical data, we have gleaned valuable insights and identified areas for continuous improvement, ensuring that the upcoming iteration of our device is built upon a foundation of proven efficacy and safety.
The Corrective And Preventive Action (CAPA) section of this report details the various incidents identified through our rigorous post-market surveillance of the previous device generation, as well as the proactive measures taken to address these issues.
We are confident that the data and insights presented in this report provide a solid foundation for the future PSUR of our device.
Device characterization and description
Pending notified body approval to be placed on the market
| Information | |
|---|---|
| Device name | Legit.Health Plus (hereinafter, the device) |
| Model and type | NA |
| Version | 1.1.0.0 |
| Basic UDI-DI | 8437025550LegitCADx6X |
| Certificate number (if available) | MDR 792790 |
| EMDN code(s) | Z12040192 (General medicine diagnosis and monitoring instruments - Medical device software) |
| GMDN code | 65975 |
| Class | Class IIb |
| Classification rule | Rule 11 |
| Novel product (True/False) | FALSE |
| Novel related clinical procedure (True/False) | FALSE |
| SRN | ES-MF-000025345 |
Status of the device can be:
- on the market,
- no longer placed on the market,
- recalled,
- field safety corrective action initiated.
Intended use or purpose
Intended use
The device is a computational software-only medical device intended to support health care providers in the assessment of skin structures, enhancing efficiency and accuracy of care delivery, by providing:
- quantification of intensity, count, extent of visible clinical signs
- interpretative distribution representation of possible International Classification of Diseases (ICD) categories.
Quantification of intensity, count and extent of visible clinical signs
The device provides quantifiable data on the intensity, count and extent of clinical signs such as erythema, desquamation, and induration, among others; including, but not limited to:
- erythema,
- desquamation,
- induration,
- crusting,
- xerosis (dryness),
- swelling (oedema),
- oozing,
- excoriation,
- lichenification,
- exudation,
- wound depth,
- wound border,
- undermining,
- hair loss,
- necrotic tissue,
- granulation tissue,
- epithelialization,
- nodule,
- papule
- pustule,
- cyst,
- comedone,
- abscess,
- draining tunnel,
- inflammatory lesion,
- exposed wound, bone and/or adjacent tissues,
- slough or biofilm,
- maceration,
- external material over the lesion,
- hypopigmentation or depigmentation,
- hyperpigmentation,
- scar,
- ictericia
Image-based recognition of visible ICD categories
The device is intended to provide an interpretative distribution representation of possible International Classification of Diseases (ICD) categories that might be represented in the pixels content of the image.
Device description
The device is a computational software-only medical device leveraging computer vision algorithms to process images of the epidermis, the dermis and its appendages, among other skin structures. Its principal function is to provide a wide range of clinical data from the analyzed images to assist healthcare practitioners in their clinical evaluations and allow healthcare provider organisations to gather data and improve their workflows.
The generated data is intended to aid healthcare practitioners and organizations in their clinical decision-making process, thus enhancing the efficiency and accuracy of care delivery.
The device should never be used to confirm a clinical diagnosis. On the contrary, its result is one element of the overall clinical assessment. Indeed, the device is designed to be used when a healthcare practitioner chooses to obtain additional information to consider a decision.
Intended medical indication
The device is indicated for use on images of visible skin structure abnormalities to support the assessment of all diseases of the skin incorporating conditions affecting the epidermis, its appendages (hair, hair follicle, sebaceous glands, apocrine sweat gland apparatus, eccrine sweat gland apparatus and nails) and associated mucous membranes (conjunctival, oral and genital), the dermis, the cutaneous vasculature and the subcutaneous tissue (subcutis).
Intended patient population
The device is intended for use on images of skin from patients presenting visible skin structure abnormalities, across all age groups, skin types, and demographics.
Intended user
The medical device is intended for use by healthcare providers to aid in the assessment of skin structures.
User qualification and competencies
In this section we specificy the specific qualifications and competencies needed for users of the device, to properly use the device, provided that they already belong to their professional category. In other words, when describing the qualifications of HCPs, it is assumed that healthcare professionals (HCPs) already have the qualifications and competencies native to their profession.
Healthcare professionals
No official qualifications are needes, but it is advisable if HCPs have some competencies:
- Knowledge on how to take images with smartphones.
IT professionals
IT professionals are responsible for the integration of the medical device into the healthcare organisation's system.
No specific official qualifications are needed, but it is advisable that IT professionals using the device have the following competencies:
- Basic knowledge of FHIR
- Understanding of the output of the device.
Use environment��
The device is intended to be used in the setting of healthcare organisations and their IT departments, which commonly are situated inside hospitals or other clinical facilities.
The device is intended to be integrated into the healthcare organisation's system by IT professionals.
Operating principle
The device is computational medical tool leveraging computer vision algorithms to process images of the epidermis, the dermis and its appendages, among other skin structures.
Body structures
The device is intended to use on the epidermis, its appendages (hair, hair follicle, sebaceous glands, apocrine sweat gland apparatus, eccrine sweat gland apparatus and nails) and associated mucous membranes (conjunctival, oral and genital), the dermis, the cutaneous vasculature and the subcutaneous tissue (subcutis).
In fact, the device is intended to use on visible skin structures. As such, it can only quantify clinical signs that are visible, and distribute the probabilities across ICD categories that are visible.
Sales
Given that the device has just been introduced to the market, it has not yet generated any sales. However, we have gathered and analysed the sales data from the previous generation of the device to provide a foundational understanding of its market performance and potential.
The previous generation was first available by the end of 2020, when we obtained the Spanish manufacturer license. Since then we have signed contracts with 21 customers, ranging from remote to on-site use of the device, and from government-run care providers to for-profit care providers. During this period, more than 4500 reports have been created by more than 500 practitioners who have used the product to help more than 1000 patients.
Size and other characteristics of the population using the device
In this section, we aim to provide a comprehensive evaluation of the population exposure to the device, delineating its utilization across various patient demographics and settings.
It is imperative to note that our commitment to data privacy and safety is paramount; hence, we intentionally refrain from collecting demographic information that is not essential for providing our services, as the General Data Protection Regulation requires in the following provision:
- Article 5.1.c: Data Minimization
- Article 25: Privacy by design
These stipulations are mandatory for any organization processing the personal data of individuals within the EU.
Patient exposure and device usage
Over the course of the previous generation of the device's availability in the market, we have observed a significant engagement, with more than 4500 reports generated, aiding over 1000 patients. This utilization encompasses more than 500 practitioners, demonstrating the device's acceptance and integration into clinical practice.
The device has found application in diverse settings, ranging from remote consultations to on-site medical evaluations, and is employed by a spectrum of care providers including government-run institutions and private for-profit entities.
Our records indicate that since obtaining the Spanish manufacturer license at the end of 2020, we have successfully established partnerships with 21 customers. This varied customer base has contributed to the extensive usage and adaptability of the device across different patient populations and healthcare settings.
Patient populations and usage patterns
Given our stringent privacy protocols, we do not have access to demographic data of the patients using the device. This approach aligns with our commitment to ensuring privacy and safeguarding patient information, a feature designed to uphold safety and data protection.
Despite this limitation in demographic data availability, our extensive usage records provide valuable insights into the device's adoption and application trends. The most notable of these trends is the two clinical situations in which the device was used, being:
- First consultations.
- Follow-up consultations, specially pertaining chronic patients.
During follow-up consultation, the most commonly represented ICD categories are psoriasis, acne, atopic dermatitis, followed by urticaria and hidradenitis suppurativa. Regarding first consultations, the distribution of ICD categories is very heterogeneous.
We meticulously monitor the usage patterns to identify any deviations from expected utilization and to ensure equitable access across different patient groups.
Equitable Usage and Representation
Up to this point, we have not identified any issues concerning over-represented or under-represented patient groups. Our vigilant monitoring and continuous evaluation processes are in place to promptly detect any disparities or anomalies in device usage across various patient populations.
We remain dedicated to ensuring that the device serves its intended purpose effectively and is accessible to all eligible patients, irrespective of their background or healthcare setting. Our commitment to safety, privacy, and efficacy drives our efforts to constantly improve and adapt our practices, ensuring the device continues to be a reliable tool in clinical settings.
PMS: Vigilance and CAPA information
Serious incidents
We have not registered any serious incident using the previous generation of the device during the period reviewed.
Field Safety Corrective Actions (FSCA)
We have not registered any FSCA using the previous generation of the device during the period reviewed.
Trend reports
As we have previously mentioned, the device is new, but we have focused on the the previous generation of the device and we have found that during this period analyzed there have been no trends and deviations that could have required actions in relation to its safety and performance.
In Activity 4 of the T-007-005 PMCF evaluation report, the survey results in 2023 show a consistent positive trend in user satisfaction and perceived benefits of the device, with users in both primary and secondary health care specialties reporting similar positive experiences.
It is worth mentioning that the Activity 2 of the Post-Market Clinical Follow-up (PMCF) Plan yeld interesting information about the performance of the device, but nothing that could be considered a trend.
Corrective And Preventive Action (CAPA)
The following table shows all the CAPAs that we have opened, and includes information on what action was performed, the title of the CAPA and a description of what happened, among other things.
| Type of action | Initiation date | Summary | Status | Reference number | Description | Root cause | Effectiveness if closed |
|---|---|---|---|---|---|---|---|
| Corrective actions | 13/Sep/23 1:39 PM | 2023-09-13_R-006-001_API service does not respond within 60 seconds | Corrective and preventive actions | R006001-58 | One of our customers related that they had had issues with our service since the 7th of September. When they sent an image to our API, they did not get a response within 60s timeout window. They also reported that not a single patient had had a successful analysis since then. | Initially, two options seemed probable: # That the customer was sending the API call with a mistake. # That this is an actual problem of the API, related to the fact that we added the endpoint ai.legit.health, instead of having only the endpoint ia.legit.health. After more investigation, the second option became more likely, for two reasons: A. The timing matches, since we added the endpoint ai.legit.health around the time of the complaint B. The instances that we are aware of people using the new endpoint (ai.legit.health) do not report any problems. However, we should keep in mind that: C. This should not have generated any issues, because we did not change anything in the pre-existing endpoint (ia.legit.health) we simply added a new one. Due to all of this, the investigation does require to opening a CAPA. After more investigation, it turns out that the issue happened because we restarted the servers for maintenance reasons, but the restart of the endpoint ia.legit.health could not load the domain check model and, despite being active, did not return the response. | |
| Corrective actions | 01/Jun/23 2:10 PM | 2023-06-01_R-006-001_The images of pigmented skin lesions of the diagnosis dataset (LegitHealth-DX) are biased | Corrective and preventive actions | R006001-57 | Taig found that when he sent to the API a picture of a nevus, depending on the zoom performed on the image, the result changed from a high percentage of being nevus to a high percentage of being melanoma or another skin lesion, as it can be observed in the attached images. | The images of the LegitHealth-DX dataset present a very high heterogeneity. There are close-up images of lesions and also images where the lesion is far away and there is so much context (as in the last image of the hand). This may make the model learn the wrong patterns to classify lesions in some cases, as some of the classes may have only one type of image (e.g. close-up shots). This issue is currently being solved by manually annotating all the images of the LegitHealth-DX dataset. This annotation involves cropping the areas of the image that correspond to the lesion. Later in training, the model will be fed with both the full image AND the crops, hopefully making it capable of learning to focus on the correct elements of the image and ignore other contextual noisy patterns (e.g. cloth, hands, dirt, background…). | |
| Preventive actions | 24/May/23 9:26 AM | 2023-05-02_R-006-001_Algorithm performance results did not match with the skin conditions that were being photographed | Solved | R006001-56 | Our customer Consultant Connect informed us that they have been using our API to review and analyse 50 photos and they spotted that the results from the API did not match with the skin conditions that were being photographed. Only 8 out of the 50 photos had a correct diagnosis. They are obviously concerned that, for whatever reason, the AI is not producing the right answers. | The first step was to ask Rabi to share with us more information about how they performed the test and the images they have used for it. After a preliminary analysis of them, we found that their quality was not adequate to perform the analysis: As an example, in the image of the leg shown here we found two important issues that may have caused the output to be wrong. !leg.png|width=180,height=180! # Firstly, it seems to be a photo of a photo. I looks like that someone took a picture, printed the picture, and then took a digital picture of the printed picture. That is not the type of situation in which the AI has been trained, and that could have been a factor in confusing the AI. # Secondly, the issue is that the image is not centred on the lesions. The AI needs to receive images in which the region of interest is the main feature of the image. However, in that image, there is more chair, mode floor, more jacket and more door than there are lesions. The right way of reporting the condition would be cropping the image to centre it on the lesion, but the quality is not ideal with the image. !leg_1.png|width=264,height=262! !leg_2.png|width=128,height=124! As another example, the following image is neither centred on the lesions and the lesion is surrounded by artefacts that can affect the algorithm performance. !mole.png|width=179,height=180! Again, cropping the image to centre it on the lesion, the image sent to the API will be the one shown below, which quality is not proper contributing to the output being wrong. !mole_2.png|width=124,height=98! To sum up, we have demonstrated that the performance of the algorithm is not compromised and the problem reported was caused by the inappropriate quality of the images used for the analysis, that do not comply with the minimum requirements established to obtain satisfactory results. | Yes |
| Corrective actions | 03/May/23 8:03 AM | 2023-04-27_R-006-001_The DIQA results after analysis of images with low quality are higher than expected | Corrective and preventive actions | R006001-55 | During a kick-off session at the Ribera Molina Hospital, physicians took an image (see attached) of a pigmented lesion of Taig and found that the DIQA assigned was unexpectedly high (76). Additionally, we have received the same feedback from the Torrejón Hospital saying that the image quality is not good enough. | The Medical Data Science team suggests a combination of different aspects: _ The DIQA threshold is set to 50. Given the limitations of the current model, this threshold may need to be increased. _ The app sends the image well, the only thing is that in the preview it shows a very ugly image with reduced quality. * Many times the overall image is pretty decent and then the crop over the area of interest is bad. However, the main reason for this undesirable performance is that the current version of DIQA model was mostly trained on non-medical images (only ~900 images were actually dermatological). Future versions of this model will use many more medical images in training. | |
| Corrective actions | 28/Apr/23 2:55 PM | 2023-04-27_R-006-001_The algorithm results after analysis of benign pigmentation images are suspiciously high | Corrective and preventive actions | R006001-54 | During a kick-off session at the Ribera Molina Hospital, physicians took images with different camera devices (see attached) of two benign pigmented lesions of Taig and found that the malignancy score was high in both cases: * Image 1 results: ** DIQA score 76 ** Is Malignant Suspicion 45.5 ** Conclusions *** Malignant melanoma: 39.33 _ Nevus: 24.10 _ Actinic keratosis: 9.06 * Image 2 results: ** DIQA score 76 ** Is Malignant Suspicion 91.4 ** Conclusions *** Malignant melanoma: 48.60 _ Basal cell carcinoma: 42.05 _ Vascular lesion: 1.40 After that, Taig took another image (image 3) with his mobile and got a high malignancy score again: _ DIQA score 81 _ Is Malignant Suspicion 75.55 ** Conclusions ** Malignant melanoma: 74.40 ** Nevus: 10.93 | The reason for this behaviour is that the model is overfitting to some classes due to the current class imbalance in our dataset (LegitHealth-DX). We need to add more data and train the model again. Also manually annotating the dataset and extracting crops of the lesions in every image may improve model performance as it would learn not to focus on the noisy elements of an image and pay attention to the actual lesion. See [https://legithealth.atlassian.net/browse/R006001-57|https://legithealth.atlassian.net/browse/R006001-57|smart-link] for more details on how image cropping is being carried out. | |
| Corrective actions | 28/Mar/23 7:52 AM | 2023-03-28_R-006-001_ICD-coded diseases requirement is included at the DHF | Corrective and preventive actions | R006001-53 | During the risk management review I found that the ICD-coded disease requirement was not properly documented within the DHF, but included on a Trello card at the Product development workspace. | The Technical Responsible did not know that this requirement should be documented at the DHF. | |
| It does not require action | 08/Feb/23 1:51 PM | 2023_02_08_R-006-001_Findings from the ICON audit were not registered at the NC. CAPAs tool | Solved | R006001-52 | During the periodic Quality Management Annual Review I found that the observations performed by FDA during the audit performed on behalf of ICON had been properly managed as the procedure in place (GP-006 Non-conformities. Corrective and preventive actions), but they were just recorded at the auditor document and not at our NC and CAPAs tool as indicated in the mentioned procedure. | I forgot to register the observations as I perform all the procedure and documented it on the auditor form. | Yes |
| It does not require action | 08/Feb/23 1:40 PM | 2022_12_22_R-006-001_It is recommended to define a training matrix | Solved | R006001-51 | During the audit performed by FDAQRC on behalf of ICON they stated a recommendation to us: To ensure the appropriate training of employees, it is recommended a training matrix is defined to document the training required per role. | NA | Yes |
| It does not require action | 08/Feb/23 1:35 PM | 2022_12_22_R-006-001_QMS onboarding training records missing | Solved | R006001-50 | During the audit performed by FDAQRC on behalf of ICON they found a minor observation that stated that there were multiple instances of non-compliance to company policies and procedures: * Per Human Resources and Training (GP-005), new employee training includes a QMS introduction (i.e., Quality Manual, QMS Introduction, Quality Manual Annexes 1-3), however this information was not found in the employee individual training records. | This training was included at the GP-005 Human resources and training procedure recently and any new employee had joined the company since then. Nevertheless, as previously mentioned, QMS training had been performed a few days before the audit and the individual records were waiting for the training evaluation to be completed. | Yes |
| Preventive actions | 08/Feb/23 1:32 PM | 2022_12_22_R-006-001_Annual review cycle in 2021 was missed for many procedures | Solved | R006001-49 | During the audit performed by FDAQRC on behalf of ICON they found a minor observation that stated that there were multiple instances of non-compliance to company policies and procedures: * Annual review cycle in 2021 was missed for many procedures. Some examples are Quality Planning (GP-002), Internal Audit (GP-003), Human Resources and Training (GP-005), Non-conformity, Corrective and Preventative Actions (GP-006), Purchases and Suppliers Evaluation (GP-010), Design, Redesign and Development (GP-012), Risk Management (GP-013), Infrastructure and Facilities (GP-018). | We have only reviewed the procedures that have suffered modifications during the last period due to a lack of resources. | Yes |
| It does not require action | 08/Feb/23 1:24 PM | 2022_12_22_R-006-001_Approval procedure must be clarified and properly performed to have separation of roles on it | Solved | R006001-48 | During the audit performed by FDAQRC on behalf of ICON they found a major observation that stated that some procedures were inadequate: * Separation of roles is not clarified in procedural documents (driven by individuals not process) – In a non-conformity record, it was noted that approvals were done by the same individual. Even though this was acknowledged as a deficiency, it was not captured as a requirement in procedural documents. For the immediate issue, AI Labs Group resolved it, by re-assigning the role to another individual. A. Medela acknowledged that with a lean team, team members had to perform multiple roles. | We did not know that the approvals must be performed by different individuals, we believed that with the different roles it was enough. | Yes |
| It does not require action | 08/Feb/23 1:20 PM | 2022_12_22_R-006-001_JDs management procedure must be clarified and properly performed | Solved | R006001-47 | During the audit performed by FDAQRC on behalf of ICON they found a major observation that stated that some procedures were inadequate: * JDs are to be signed when an update of change is needed – This requirement was verbally shared; however, it was not captured in procedural documents. The procedures require the JD to be signed. | The JDs were signed by the employees and the General Manager, but we have forgotten to include this requirement at the Human Resources procedure. | Yes |
| Preventive actions | 08/Feb/23 1:16 PM | 2022_12_22_R-006-001_CVs management procedure must be clarified and properly performed | Solved | R006001-46 | During the audit performed by FDAQRC on behalf of ICON they found a major observation that stated that some procedures were inadequate: * CVs are to be signed and dated annually – This requirement was verbally shared; however, it was not captured in procedural documents. Of the three (3) CVs reviewed, one (1) CV was signed and dated. | We did not know that all the CVs needed to be signed and dated annually. | Yes |
| It does not require action | 08/Feb/23 1:08 PM | 2022_12_22_R-006-001_Training procedure must be clarified and properly performed | Solved | R006001-45 | During the audit performed by FDAQRC on behalf of ICON they found a major observation that stated that some procedures were inadequate: * Capturing of procedural training – A. Medela confirmed procedural training recently started and is being evaluated. At the time of the audit, evidence of QMS training could not be presented. | As the QMS training was performed a few days before the audit, the records were not complete during the audit, as the efficacy evaluation was pending to be performed. | Yes |
| Corrective actions | 27/Jan/23 9:52 AM | 2023-01-27_R-006-001_Some TF records for the 2021 period are missing | Corrective and preventive actions | R006001-44 | There are no evidence of TF documentation review and update for the 2021 and 2022 periods, neither for the following activities performance: _ Risk management _ Clinical evaluation * PMS activities | Last records found were created at the end of 2020, along with the manufacturer license application and obtention. We planned then to transition to the new MDR and to prepare all the documents and records according to this new regulation during the following year, but the Notified Bodies' bottleneck made it impossible to achieve during this period. | |
| Corrective actions | 10/Jan/23 5:17 PM | 2023-01-10_R-006-001_When uploading a photo of atopic dermatitis, the app is 99,98% sure that it's psoriasis | Corrective and preventive actions | R006001-43 | Taig found that when he logged in the app as a doctor using his e-mail and the Chrome navigator, and he uploaded a photo of atopic dermatitis, the app was 99,98% sure that it is psoriasis. | The Medical Data Science team looked for the image in the LegitHealth-DX dataset and it confirmed that it had been assigned the wrong pathology (psoriasis). They also detected other images from the same source that may also lead to the same undesired behaviour. Moreover, a closer analysis of the list of conditions of the DX dataset suggests that some conditions that currently coexist in the class list (i.e. the list of conditions that the model can predict) may be causing the model to learn the wrong patterns when classifying the images. This means that not only they will have to remove inconsistently labelled images but also work on the definition of a coherent taxonomy of conditions. | |
| Preventive actions | 13/Dec/22 10:51 AM | 2022-12-13_R-006-001_Missing written withdrawal procedure | Solved | R006001-42 | During the last internal audit performed on November 2022 it was observed that the withdrawal procedure is in place, but it is not described on any procedure. | The production and design and development team though that if was sufficient with the GP-004 Vigilance System procedure | Yes |
| Preventive actions | 13/Dec/22 9:19 AM | 2022-12-13_R-006-001_Tickets tools usage is not explained in any document | Solved | R006001-41 | During the internal audit performed last November 2022 it was found that all general communications received from clients will be registered in the NC template, but it is not explained the usage of the tickets tool in place to note down the communications that are not NC. | The platform was recently in use and it was being tested before updating the procedure. | Yes |
| Preventive actions | 12/Dec/22 2:27 PM | 2022-12-12_R-006-001_Inconsistent number of nonconformities found on different quality records | Solved | R006001-40 | During the last internal audit performed on November 2022 it was found that the number of nonconformities reflected at the Annual Management Review does not match with the Indicators file. | The incidence was caused as the quality procedures were being perfomed by various members of the staff, and also the external consultant, and the number of Non-conformities were not controlled by the same person. | Yes |
| Preventive actions | 12/Dec/22 2:09 PM | 2022-12-12_R-006-001_QMSR has not been performed as stated at the Quality procedures | Solved | R006001-39 | During the internal audit performed last November 2022 it was observed that although it is mentioned at the quality procedures that the information and conclusions from the QMS documentation backup validation must be compiled at the QMSR report, it has not been performed. | It was forgotten to compile the summary of the backup validation tests in the QMSR | Yes |
| Preventive actions | 12/Dec/22 11:28 AM | 2022-12-12_R-006-001_Required translators competencies are not specified | Solved | R006001-38 | Although there is a translation procedure in place, it does not specify the competencies required for the translators. | The auditor did not find the mínimum competencies required for the translation during the audit. | N/A |
| Corrective actions | 07/Dec/22 2:33 PM | 2022-12-07_R006-001_Quality indicators for the 2022 period are missing | Solved | R006001-37 | During the last internal audit performed in November 2022 (NC-09) no evidence of the establishment and monitoring of quality indicators for the 2022 period was found. | The Quality Manager forgot to create the record for the 2022 period | Yes |
| Corrective actions | 07/Dec/22 2:10 PM | 2022-12-07_R-006-001_Software version is not included at the product labelling | Solved | R006001-36 | During the last internal audit performed in November 2022 (NC-08) it was detected that the software version was not included at the product labelling. | The design & development team were not aware of the need to include the software version on product labelling. | Yes |
| Corrective actions | 07/Dec/22 1:55 PM | 2022-12-07_R-006-001_Design reviews are not performed by a person without direct responsibility for the design stage | Solved | R006001-35 | During the last internal audit performed in November 2022 (NC-07) it was noticed that there is no evidence of design reviews conducted by a person who does not have direct responsibility for the design stage. | The design and development team does not know the necessity of performing the DHF records by a person without direct responsibility for the design stage. | Yes |
| Corrective actions | 07/Dec/22 1:34 PM | 2022-12-07_R-006-001_Product requirements do not include approval evidence | Solved | R006001-34 | During the last internal audit performed in November 2022 (NC-06) it was noticed that, although the deliverables, tests and product releases were approved signatures, the product requirements do not include approval evidence. | The design and development team does not know the necessity of registering approval evidences to the product requirements. | Yes |
| Corrective actions | 07/Dec/22 11:20 AM | 2022-12-07_R-006-001_Personnel education certificate are missing | Solved | R006001-33 | During the last internal audit performed in November 2022 (NC-05) it was noticed that personnel education certificates are not compiled within the employees files as evidence of their education. | We did not know that we must compile all the personnel education certificates. | Yes |
| Corrective actions | 07/Dec/22 11:10 AM | 2022-12-07_R-006-001_PRRC and QM Job descriptions do not cover their responsibilities to report to the GM and to promote awareness of the regulatory and other requirements | Solved | R006001-32 | During the internal audit performed last November 2022 (NC-04) it was observed that the PRRC and QM job descriptions do not specify the required reporting to the General Manager, nor their responsibility to promote the awareness of regulatory and other requirements through the organisation. | During the JD preparation and revision it was not noticed that the reporting line to the General Manager was missing. In addition, we did not know that it was required to include in the JDs their responsibility to promote the awareness of regulatory and other requirements through the organisation. | Yes |
| Corrective actions | 07/Dec/22 10:44 AM | 2022-12-07_R-006-001_Backups verification yearly evidence is missing | Solved | R006001-31 | During the internal audit performed last November 2022 (NC-03) it was found that although the procedures specified that the backups verification must be performed yearly for the QMS and DHF, there is no evidence for the verification performed a year after the last one done. | It was forgotten to perform the period backups verification | Yes |
| Corrective actions | 07/Dec/22 10:01 AM | 2022-12-07_R-006-001_2_Quality objectives for the 2022 period are missing | Solved | R006001-30 | During the internal audit performed last November (NC-02) it was observed that there was no evidence of the establishment and monitoring of quality objectives for the 2022 period. | Quality and General Manager did not know they need to create an objectives' record yearly. | Yes |
| Corrective actions | 05/Dec/22 3:05 PM | 2022-12-05_R-006-001_There is no evidence of external documentation identification and control | Solved | R006001-29 | During the internal audit performed last November (NC-01) it was noticed that the ISO 13485 requirement 4.2.4f was not being fulfilled since no evidence was found of external documentation identification and control. | We were not aware of the importance of having the external documentation identified and internally controlled. | Yes |
| It does not require action | 31/Oct/22 5:00 PM | 2022-09-26_R-006-001_Conflic of interest due to Quality Manager and Design and Development Manager being the same person | Solved | R006001-28 | Based on the job descriptions of the Quality Manager and the Design and Development Manager roles held by the same individual, the following Design and Development Manager responsibilities are examples of direct conflict of interest with the Quality Manager role: 1) To prepare the design and development documentation, 2) To notify the Quality Manager or the PRRC of any non-conformity, deviation, need or abnormality, 3) To request training from the Quality Manager and attend said training, 4) To notify the existence of non-conforming products or materials to the Quality Manager for their correct identification, documentation, segregation, evaluation and control. Conducting an internal audit is of particular importance if the Company plans to undergo an ISO 13485 pre-certification inspection. | The initial small team of the company forced us to assume several roles. | Yes |
| Preventive actions | 10/Oct/22 5:35 PM | 2022-09-26_R-006-001_Lack of access management and traceability policy | Solved | R006001-27 | Although the Company uses role-based permissions to control access rights, there is no procedure outlining the access management process, including a lack of traceability and policies for role-based permissions and individual access rights (e.g., periodic review of audit logs/trails). The Infrastructure List and Control Plan (T-018-001) referenced in SOP GP-018 Infrastructure and Facilities, lists only two items, the Quality Manager's laptop, and AWS server. The annual log audit for AWS does not have an entry under “previous” and the “next” review was due 17-Dec-2020. In addition, the laptop monthly checklist verification was dated 10-Nov-2020 under “previous.” It is not clear whether this document has not been maintained up-to-date, or the required verifications are not being performed as required by the plan. | The document was outdated and did not reflect the current access management and traceability procedures. | Yes |
| It does not require action | 10/Oct/22 3:00 PM | 2022-09-26_R-006-001_Auditee was unable to demonstrate that any specifications for the product were available at the time the DoC was issued | Solved | R006001-25 | By signing the DoC on 12-Oct-2020 the Company should have been able to demonstrate on this date the product was in compliance with the essential requirements set in the MDD, all the applicable requirements listed in the standards were met, and all the required technical documentation was developed. For example, MDD Annex I, paragraph 3, requires evidence to demonstrate that the device achieves the performances intended by the manufacturer, but the Auditee was unable to demonstrate that any specifications for the product were available at the time the DoC was issued. | There was a mismatch with the dates due to the lack of a software version number on the Declaration of Conformity (DoC), and thus, missing the updated Declaration of Conformity (DoC). | Yes |
| It does not require action | 28/Sep/22 7:17 PM | 2022-09-26_R-006-001_Traceability between the risk matrix and the design input should be improved | Solved | R006001-24 | Traceability between the risk matrix and the design input should be improved, with reference to the requirement set out in ISO 13485:2016, clause 7.3.3, but also to create a connection between risk management and usability studies, as required by IEC 62366-1:2015, clause 5.2. | We did not see the need for this at the time. | Yes |
| It does not require action | 28/Sep/22 7:14 PM | 2022-09-26_R-006-001_Second version of GP-018 is incorrectly versioned and it is missing in the R-001-001_21_0001_Control of Documents and Records document | Solved | R006001-22 | A revision to SOP GP-018 Infrastructure and Facilities was issued on 25-Aug-2022. The revision does not detail the reason for change and continues to indicate version 01 despite being version 02. Furthermore, the SOP index provided along with the revised SOP (R-001-001_21_0001_Control of Documents and Records) was not updated to reflect this change. | The cause has been found to be a clerical error and was solved in the first assessment. | Yes |
| It does not require action | 28/Sep/22 5:40 PM | 2022-09-26_R-006-001_The partial implementation of the requirements set out in the ISO 13485:2016 standard appear to be in contrast with the Company's public claims. | Solved | R006001-19 | Despite being acceptable to start with a lean QMS that matures with the Company's growth, the partial implementation of the requirements set out in the ISO 13485:2016 standard appear to be in contrast with the Company's public claims (Figure 1). The Legit.Health team agreed to correct this statement. | The website maintenance team included the ISO 13485:2016 in the website without sufficient context and it could be misinterpreted. | Yes |
| It does not require action | 28/Sep/22 5:38 PM | 2022-09-26_R-006-001_Despite GP-001 states all QMS documents shall be in PDF Format, all technical documentation concerning product development is managed through Atlassian Confluence | Solved | R006001-18 | Despite paragraph 9.2 of SOP GP-001 Documents and Records Control stating all QMS document (including technical file documentation) shall have “current files in PDF Format,” all technical documentation concerning product development (namely, Legit.Health product requirements, testing documents, and release approvals) is managed through Atlassian Confluence, a web-based wiki. Standard ISO 13485:2016 requires that documents must be reviewed and approved, (e.g., have signatures and date, or use of workflows in Confluence), and, if reviewed or modified, they must be re-approved. It was possible to review that Confluence provides a complete history of changes to each document, but it was not possible to identify a method of enforcing document review, approval, and re-approval processes. This raises concerns in the Company's ability to assemble a design technical file, including history of all the changes that were implemented and approved, throughout the development lifecycle. | The way we managed the technical documentation concerning product development was not considered in GP-001 and thus the use of software like Atlassian was only described in GP-018. | Yes |
| It does not require action | 28/Sep/22 5:35 PM | 2022-09-26_R-006-001_The Declaration of Conformity (DoC) lacks the software version | Solved | R006001-17 | Due to the lack of a software version number on the Declaration of Conformity (DoC), the DoC declares conformity for an unspecified number of devices. Wording that does not contain any restrictions in terms of DoC applicability does not comply with regulatory requirements for traceability and identification of the device model. The DoC is of paramount importance for the company because it is one of the elements that allows the product to stay on the market under the Medical Device Directive 94/42/EEC. | We didn't consider it was necessary to update the declaration of conformity with each software version. | Yes |
| Preventive actions | 28/Sep/22 5:29 PM | 2022-09-26_R-006-001_The lack of an internal audit to date is in deviation with the responsibilities set out in the SOP GP-003 Internal Audit | Solved | R006001-16 | The lack of evaluating the implementation of the QMS through an internal audit is a concern as Top Management does not have a representative understanding of the Company's level of compliance with internal procedures, and applicable regulations and standards. Conducting an internal audit is of particular importance if the Company plans to undergo an ISO 13485 pre-certification inspection. The lack of an internal audit to date is in deviation with the responsibilities set out in the SOP GP-003 Internal Audit, where the manager is required to annually approve the internal audit plan and to determine the internal auditors assigned. | We were not planning to be certified at that time and it was not considered necessary. | Yes |
| It does not require action | 28/Sep/22 5:26 PM | 2022-09-26_R-006-001_There is a direct conflict of interest with the Quality Manager's role and the required independence of operational management in the substitution table | Solved | R006001-15 | Despite SOP GP-003 Internal Audit stating, “The auditor shall be independent of the process audited or be external of AI LABS GROUP SL,” Mr. Medela acts as the substitute for several roles under the responsibility of Ms. Aguilar, including the role of the CEO, which is a direct conflict of interested with the Quality Manager's role and the required independence of operational management. | The limited number of people in the initial organizational chart left no option but to substitute each other's roles, with all its inherent limitations. | Yes |
| It does not require action | 26/Sep/22 2:35 PM | 2022-09-26_R-006-001_Roles in the SOPs are not harmonized with job descriptions and the organizational chart | Solved | R006001-14 | Roles in the SOPs are not harmonized with job descriptions and the organizational chart. For example, the R&D Manager referenced in SOP GP-001 Documents and Records Control is not present in the Company's organigram. | The roles have evolved since the constitution of the company and both the organizational chart and job descriptions did not reflect the current reality of the company. | Yes |
| It does not require action | 26/Sep/22 2:34 PM | 2022-09-26_R-006-001_The organizational chart contains discrepancies between the roles represented in the substitution matrix | Solved | R006001-13 | The organizational chart provided contains discrepancies between the roles of Mr. Medela and Ms. Aguilar as represented in the substitution matrix (e.g., Mr. Medela appears as responsible for HR in the substitution matrix, but Ms. Aguilar is represented as HR Director in the organigram). | The clerical error was due to the confusion with the colors in the substitution table. | Yes |
| It does not require action | 26/Sep/22 2:29 PM | 2022-09-26_R-006-001_Members of the senior management team that do not appear on the high-level organizational chart | Solved | R006001-12 | There are members of the senior management team that do not appear on the high-level organizational chart representing Top Management, such as Taig Mac Carthy, co-founder and COO, and Gerardo Fernández, co-founder and CTO. | The roles have evolved since the constitution of the company and the organizational chart did not reflect the current reality of the company. | Yes |
| Corrective actions | 26/Sep/22 2:25 PM | 2022-09-26_R-006-001_Basic security controls and patch management procedures are missing | Solved | R006001-11 | There are no procedures on the basic security controls and patch management requirements to ensure the protection of company equipment and data from cybersecurity vulnerabilities such as malware and phishing attacks (e.g., unauthorized access to the network, timely software patches, etc.). | We considered that it was covered in the existing SOPs. | Yes |
| It does not require action | 26/Sep/22 2:19 PM | 2022-09-26_R-006-001_Evidence demonstrating that manual/cloud backup took place and annual testing are missing | Solved | R006001-10 | Weekly backups performed in accordance with the SOP are on an unencrypted external hard drive and kept in an office. Furthermore, the Quality Manager is responsible for testing the backup on an annual basis by selecting a random collection of data that includes “an entire backward traceability as defined in the Procedure GP-016 Traceability and identification,” and recorded in a management system report as “YYYY-MM-DD_QMSR_nnn.” Although it was indicated evidence of backups performed by the cloud provider could be requested, there was no evidence demonstrating these reviews take place, including those of the manual backups on the external HDD and the annual testing of the backup function as required by SOP. | GP-001 did not describe well how backups were generated and tested. | Yes |
| It does not require action | 26/Sep/22 2:15 PM | 2022-09-26_R-006-001_Inappropriate signature method poses compliance risks | Solved | R006001-9 | It appears documents are approved using an image of one's signature that is inserted into the documents, such as the SOPs. This practice is permitted in accordance with SOP GP-001 Documents and Records Control section 9.2.3 which indicates “The signature can be printed in paper format or a scanned signature in image format guarded by each person;” however, this is not in compliance with applicable electronic record and data integrity regulatory requirements. If handwritten signatures are not used, electronic/digital signatures must meet the provisions of electronic signatures according to applicable regulations (i.e., validated, secure, nonrepudiation, full name, date and time, and reason). | We transformed a paper-based system into a digital system. In the previous paper-based QMS documentation, the user would sign the document on paper for its approval. When switching to the electronic format, we implemented an equivalent method: uploading a picture of the signature. We were not aware that a digital QMS would require such a higher degree of compliance requisites. | Yes |
| Corrective actions | 26/Sep/22 2:13 PM | 2022-09-26_R-006-001_Documentation available for the software was not sufficient to demonstrate adequate security and that intended use requirements have been met | Solved | R006001-8 | Standard ISO 13485:2016 clauses 4.1.6 and 7.5.6 requires validating computer software for its intended use according to an established protocol when used as part of production or the quality system. The validation documentation available for these systems (e.g., Confluence, Google Workspace, JIRA) were not sufficient to demonstrate adequate security and intended use requirements have been met. | The documentation for the software was considered as sufficient. | Yes |
| Corrective actions | 26/Sep/22 2:08 PM | 2022-09-26_R-006-001_Records of changes, their review, and any necessary actions were not available for review | Solved | R006001-7 | Standard ISO 13485:2016, clause 7.3.9 requires that records of changes, their review, and any necessary actions shall be maintained. Procedure GP-012 Design, re-design and development addresses change control in paragraph 9.10, but no record was available for review. | We considered that it was sufficient with the detailed procedures in GP-012. | Yes |
| Preventive actions | 26/Sep/22 11:54 AM | 2022-09-26_R-006-001_Additional training or certifications in privacy and GDPR should be completed by the employees | Corrective and preventive actions | R006001-6 | Given the Quality Manager's role in privacy, additional training, or certifications in privacy and GDPR should be completed. Although an internal training in data privacy was provided by the COO who indicated he is an externally certified in ISO 27001, given ISO 27001 is a framework for managing IT security and sets out the specification for an information security management system (ISMS), this would not be sufficient for personnel to lead as one of the individuals responsible for data protection and GDPR compliance. Source: Critical finding 5 from Alira Health audit. | Training in data privacy was considered as sufficient. | Yes |
| It does not require action | 26/Sep/22 11:52 AM | 2022-09-26_R-006-001_Employee CVs are missing | Solved | R006001-5 | The Curriculum Vitae (CV) is a key document in providing an overview of an individual's work experience, in addition to educational background and history within the company; therefore, all employees should have a CV as part of their complete training record to demonstrate their qualifications for their appointed role. Source: Critical finding 5 from Alira Health audit. | Despite the company had in possession the CVs, those were not included in the correct folder of the QMS. | Yes |
| It does not require action | 26/Sep/22 11:49 AM | 2022-09-26_R-006-001_Scoring cards used to represent evidence of training acknowledgement by employees are not signed | Solved | R006001-4 | The “scoring card” used to represent evidence of training acknowledgement by employees is not signed despite having a field for signature. For example, the scoring card presented for Ignacio Hernandez included his typed name and date, but the signature field was empty. The SOP on training should require the signing and dating of a training record contemporaneously as evidence of training taking place upon completion of the training activity. Source: Critical finding 5 from Alira Health audit. | The data fields od the scoring card were considered as sufficient evidence. | Yes |
| It does not require action | 26/Sep/22 11:45 AM | 2022-09-26_R-006-001_GP-005 Human Resources and Training does not include a requirement for training on SOPs and regulations | Solved | R006001-3 | There is no training plan or matrix and training records for personnel training on SOPs. Procedure GP-005 Human Resources and Training does not include a requirement for training on SOPs and regulations. In order to demonstrate employees have fulfilled their training requirements, for example in reading and understanding SOPs, documented evidence is required. More importantly, there is a concern that insufficient importance is placed on the purpose of SOPs by the Quality Manager, Top Management, and remaining personnel in ensuring consistency, and reproducibility of activities to deliver a high quality and consistent product. Having procedures in the QMS that meet the requirements of standards such as ISO 13485:2016 is not sufficient in demonstrating compliance if they are not being followed and if there is no documented evidence of training maintained. Source: Critical finding 5 from Alira Health audit. | The described training in GP-005 was considered as sufficient training for the personnel. | Yes |
| It does not require action | 22/Sep/22 10:16 AM | 2022-09-26_R-006-001_Supplier qualifications and records are missing | Solved | R006001-2 | Procedure GP-010 Purchases and Suppliers' Evaluation states that “approved suppliers will be required to provide a copy of the QMS certificate implemented in the company, if available,” it would be appropriate to file the ISO 9001:2015 certificate, in addition to documenting their review of the publicly available information as evidence the activity was performed. For instance, companies managing healthcare data must follow strict industry regulations to ensure data privacy and security. The Company must perform their due diligence to ensure their selected service provider meets the required data security requirements. Since AWS uses multiple data centers across the globe, it is the Company's responsibility to ensure the geolocation of the data under their control meet the necessary data privacy requirements. Source: Critical finding 6 from Alira Health audit. | The clerical error was due to the change of location of the QMS as part of the new process of certification for a new device. | Yes |
| It does not require action | 22/Sep/22 10:12 AM | 2022-09-26_R-006-001_Evaluation of supplier classification is not performed appropriately | Solved | R006001-1 | GP-010 Purchases and Suppliers' Evaluation indicates the evaluation is based on the impact of the services or components on the quality of the finished product. For instance, Atlassian, the developer of JIRA and Confluence is classified as non-crucial; however, this system is used to track the development and testing of their product. As a result, the evaluation of supplier classification is not performed appropriately, in accordance with GP-010. Source: Critical finding 6 from Alira Health audit. | Different interpretation of the requirement. | Yes |
R-006-001-56 is the only non-conformity that may have led to more serious harm, as we found that the device was not producing the right results. We demonstrated that the performance of the device was not compromised and the problem reported was caused by the inappropriate quality of the images used for the analysis, that do not comply with the minimum requirements established to obtain satisfactory results. To prevent the incidence from happen again we updated the IFU with detailed specifications and diagrams on how to take the images.
PMCF information
Feedback and complaints
During the period analyzed we received 3 customer complaints. Two of them were considered non-conformities and the corresponding CAPAs were implated:
- One complaint not related to clinical features about the device service interrupted. The final preventive action implemented was to add additional testing.
- The othe complaint that led to a CAPA was the non-conformity
R-006-001-56mentioned in the previous section related to the device clinical performance. Although we demonstrated that the performance was not compromised, to prevent the incidence from happen again we updated the IFU with detailed specifications and diagrams on how to take the images. - The other complaint was related to a customer who had not properly understood the operation of the device and there was no need to open a CAPA.
We have also received communications from customers, mainly related to the platform we provide to access to the device and the problems customers experience when logging in (such as missing passwords or lack of knowledge on how to log in).
Scientific literature review of relevant specialist or technical literature
Public databases and registry data
All the literature reviewed is listed in the R-TF-015-002 Preclinical and clinical evaluation record.
Publicly available information about similar medical devices
The adverse events for similar devices were investigated evaluating post market surveillance (PMS) incidents or alerts in various international regulatory databases, as it is detailed at the R-TF-007-005 PMCF 2023_001 report.
There were no issues related to the similar devices or methodologies in any of these databases. This indicates that the similar devices are safe and perform as specified by the different manufacturers for the specific intended use. In view of these results we conclude that similar devices are safe and stable.
Other data sources
We could not find real-world data related to safety and performance of the device different to the data that we already accounted for in R-TF-015-002 Preclinical and clinical evaluation record.
Specific PMCF information
This section includes a summary of the finding generated from the analsis of specific PMCF activities performed, and the conclusions documented in the T-007-005 PMCF evaluation report.
In Activity 2, a comprehensive performance analysis of the device was conducted by reviewing and analyzing all reports generated during its time in the market. The primary objective was to thoroughly understand the device's performance across different iterations and identify any instances of unsuccessful performance. The analysis also aimed to confirm the device's safety and performance, identify potential product misuse, and monitor for emergent risks. This evaluative approach ensures a robust understanding of the device's operational efficacy and safety, while proactively identifying areas for improvement and risk mitigation. The conclusion was that the device is safe and correctly achieves its intended purpose.
In Activity 4, the survey results in 2023 show a consistent positive trend in user satisfaction and perceived benefits of the device, with users in both primary and secondary health care specialties reporting similar positive experiences. The application appears to have addressed some of the concerns raised in 2022, such as image quality and diagnostic capabilities, resulting in improved ratings and user recommendations. This suggests that ongoing development and enhancements have been successful in meeting user needs and expectations.
Activity 1 showed that there is vast literature around the safety and the perfomance of the device. Review of 272 Clinical Studies: Covering various AI solutions for early skin cancer diagnosis, the study found an average high accuracy across different skin cancers. However, concerns were raised about the size, variability, and source of the study populations.
In Activity 3, the evaluated devices and applications generally demonstrated high levels of safety, performance, and effectiveness, contributing positively to dermatological practices. However, some concerns related to data diversity and study population characteristics were noted, indicating areas for future improvement.
Summary and conclusions
- New or emerging risks
- New benefits
- Benefit-risk profile changed
Validity of the collected data
It is important to acknowledge that the data's validity is somewhat limited by the fact that the device has not yet been introduced to the market. As such, the report predominantly relies on historical data and our proactive measures to anticipate and mitigate potential issues.
Overall conclusions
Based on the data analyzed from the previous generation of the device, we can conclude that our device demonstrates a strong safety and performance record. The absence of serious incidents and FSCAs is indicative of the device's reliability and the effectiveness of our quality management and surveillance systems.
The data on device utilization, particularly in clinical settings for first and follow-up consultations, provides valuable insights into the device's applicability and potential impact on patient care. The equitable usage and representation section confirms our commitment to ensuring the device's accessibility and effectiveness across diverse patient populations.
In summary, while the data presented in this report is somewhat limited due to the device's pending market introduction, the information derived from the previous generation provides a solid foundation, affirming our device's safety and performance. Our ongoing efforts to monitor, evaluate, and improve our device will continue to be guided by our commitment to patient safety, device efficacy, and quality excellence.
Analysis of CAPAs
Types of CAPAs
- It does not require action: 24
- Corrective actions: 19
- Preventive actions: 11
The majority of the incidents are classified as It does not require action, followed by Corrective actions and Preventive actions. This indicates a significant number of incidents were addressed without the need for extensive corrective or preventive measures.
Status of CAPAs
- Solved: 46
- Corrective and preventive actions: 8
A large portion of the incidents are marked as Solved, reflecting the effectiveness of the actions taken. There are also instances still under Corrective and preventive actions, indicating ongoing efforts to resolve these issues.
Commitment to improvement
Transparent documentation and status tracking
The CAPA table provides transparent documentation of each incident, including initiation dates, detailed descriptions, and the current status of the corrective or preventive actions. This level of transparency is indicative of our commitment to accountability and our dedication to keeping all stakeholders informed of our continuous improvement efforts.
Proactive identification and resolution
The incidents logged in the CAPA table span various types, ranging from issues related to API service responsiveness to algorithm performance. Our team has promptly identified and initiated corrective and preventive actions, as evidenced by the diversity of the incidents reported and the comprehensive details provided. This showcases our ability to not only react to issues as they arise but also to anticipate potential challenges and mitigate them proactively
Rigorous Analysis and Root Cause Identification
For each reported incident, a thorough analysis was conducted to ascertain the root cause, ensuring that our corrective actions are well-informed and targeted. This rigorous approach to problem-solving ensures that we address the core of the issue, preventing recurrence and bolstering the reliability of our device.
Actions taken by the manufacturer
In our commitment to ensuring the safety and optimal performance of our software medical device, we have undertaken a series of comprehensive and strategic actions.
Proactive Monitoring and Incident Management
Our vigilant post-market surveillance system has played a crucial role in the early detection and management of incidents. Through rigorous monitoring and swift responsiveness, we have ensured that potential issues are identified promptly, allowing for immediate intervention and mitigation.
Comprehensive Investigation and Root Cause Analysis
Upon identification of an incident, our team has engaged in exhaustive investigations to ascertain the root causes. This thorough analysis is critical for implementing effective corrective and preventive actions, ensuring that the solutions address the core of the issue and prevent recurrence.
Implementation of Corrective and Preventive Actions
The Corrective And Preventive Action (CAPA) table in the PSUR outlines the diverse range of actions taken to address identified incidents. These actions, ranging from software updates and algorithm enhancements to training programs and process improvements, underscore our proactive approach to enhancing device safety and performance.
Quality Assurance and Continuous Improvement
Our quality assurance processes have been integral in validating the effectiveness of the implemented actions. Through continuous monitoring and evaluation, we have ensured that the corrective and preventive actions have yielded the desired outcomes, enhancing the device's safety and performance.
Training and Awareness Programs
Considering the complaint related to customer misunderstanding, there may be a need to enhance user education and provide clearer instructions or training on how to operate the device.
Recognizing the importance of human factors in device safety, we have instituted comprehensive training and awareness programs for our employees. These initiatives aim to foster a culture of safety and excellence, ensuring that our team is well-equipped to contribute to the device's ongoing improvement.
Transparency and Stakeholder Communication
We have maintained open lines of communication with all stakeholders, providing transparent updates on our actions and the status of incidents. This transparency is a testament to our commitment to accountability and our dedication to fostering trust with healthcare professionals, patients, and regulatory bodies.
Record signature meaning
- Author: JD-004 María Diez
- Reviewer: JD-003 Taig Mac Carthy
- Approver: JD-005 Alfonso Medela