This article provides suggestions on what cybersecurity documentation to include in a 510(k) submission for medical devices that only include a USB port.

The IEC 62304 standard requires medical device manufacturers describes their software’s structure and identify the software items, but how granular should your items be?

The “Unresolved Anomalies” document is required for the FDA’s pre-market submissions. This article includes best practices, FAQs, and examples for writing this document.

A practical guide of developing an algorithm from idea to FDA clearance.

Practical suggestions and tips for authoring SBOMs for medical devices and for using them to monitor for cybersecurity vulnerabilities.

Medical device design begins with design inputs. The FDA says developing your design inputs is “the single most important design control activity,” yet writing good design inputs is difficult. This article presents Innolitics’ answers questions our clients frequently ask us about design inputs and analyzes a number of poorly written example requirements.

A transcription of the 2022 Draft Cybersecurity Guidance.

A transcription of the US FDA’s 2019 “Off-The-Shelf Software Use in Medical Devices” guidance document.

A transcript of the FDA’s draft guidance document that lists what software-related documents are needed for a 510(k) and other premarket submissions. This replaces the 2005 guidance.

A transcription of the US FDA’s 2016 “Postmarket Management of Cybersecurity in Medical Devices” Guidance Document.

An example Socratic dialogue exploring various definitions of software maintenance and construction, agile, and the validity of the building/software analogy.

A transcription of the FDA’s 2002 “General Principles of Software Validation” Guidance Document, which outlines principles for validating medical device software as well as software used to design, develop, or manufacture medical devices.

This article explains why code reviews are essential for growing a 10x software engineering team. The first part of the article is theoretical, while the remainder uses this theory to make practical suggestions about using GitHub pull requests for code reviews.

The 21st Century Cures Act removed FDA’s regulatory oversite of certain types of “General Wellness” products. While this revision is a great opportunity for industry, it is also a cause of confusion and ambiguity. What products will the FDA consider to be “General Wellness” devices? It’s an important question! We’ve seen the FDA crush business ventures when they reclassify a General Wellness device to be a medical device. In this article, we will help you answer this question for your device.

A convenient transcription of the FDA’s 2018 cybersecurity guidance for software engineers. It includes a list of suggested cybersecurity design controls to secure your device and a list of the cybersecurity documentation you need to include in your premarket submissions.

We describe the SKUASH debugging methodology for medical device software defect investigation and documentation. We’ve used this method for several years on client projects, including an industry leading medical-device company with hundreds of installations around the world.

The DICOM standard is complicated and different medical devices support it to different extents. A DICOM Conformance Statement is a detailed technical document accompanying most devices that outlines exactly which features of the standard are supported.

Innolitics’ DICOM Standard Browser helps users locate metadata in DICOM files. This article describes how Arjun Venkata, an intern at Innolitics, incorporated example values from DICOM files into the browser using a set of Python scripts.

In our first public 10x talk, we explore how common cybersecurity pitfalls can be mitigated using fuzzing—a modern software testing technique used at scale by companies like Google and Facebook. The high-profile Heartbleed bug is used as an example of how fuzzing can be effective.

A brief homage to our friend and extraordinary developer, Willy Mills. He was the first engineer we brought on our team and we were fortunate to work with him for several years. We present some of the lessons and stories he has shared with us.

How can machine learning help us improve medical images for human viewers or image processors? This article describes one machine learning method (generative adversarial networks) that has been adopted by the medical imaging community to enhance medical images.

A nicely formatted transcription of the FDA’s 1997 “Design Controls Guidance for Medical Device Manufacturers.” Design controls are an interrelated set of practices and procedures that are incorporated into the design and development process that make make systematic assessment of the design an integral part of development.

Want to know how we develop safe, effective, and FDA compliant machine learning algorithms? This article describes how we develop machine learning algorithms, points out common pitfalls, and makes documentation recommendations.

Completing a web form requires an investment of time and energy by the user. An accidental navigation can destroy this investment. This article implements a simple yet robust confirmation that is displayed before a destructive navigation occurs.

Should your medical application be built for the cloud, native, or a hybrid approach? In this article, we compare six deployment strategies and how each relates to HIPAA compliance.

This article provides an introduction to the US regulations that apply to medical software. To keep the article to the point, we omit some details that we feel are distracting and typically unimportant.

There are many approaches to choosing a medical imaging segmentation algorithm. In this article, we provide an overview of how to choose a neural network architecture for medical image segmentation.

Annotating medical images is time-consuming and expensive. In this article, we explain how self-supervised learning can stretch limited training data and compare it to transfer learning. We also explore three self-supervised learning medical imaging tasks.

The DICOM standard’s purpose is to facilitate interoperability between medical imaging systems from different vendors. The standard defines a file format for storing medical images, protocols so applications can exchange them, and a conformance format so buyers can determine which systems can (hopefully) interoperate. But perhaps most importantly, DICOM provides a standardized model of reality. This information model is the foundation on which interoperability is laid.

Available since 1995, the DICOM Toolkit (DCMTK) can be helpful to anyone working on systems that use the Digital Imaging and Communications in Medicine (DICOM) standard. This DCMTK introduction is of interest to those exploring DICOM for the first time, as well as those familiar with it but wanting to take a renewed look at the DICOM tools landscape.

Text-based chat eliminates a lot of the feedback available during in-person conversations. In this article, we suggest how to use Slack’s features to make up for some of this missing feedback. Tips also apply to other platforms.

Does your team struggle to communicate on conference calls? Do people seem distracted, or are they perpetually interrupting one another? In this article, we provide five suggestions extracted from what we have learned over the many years we’ve worked remotely.

Make has been used extensively for forty years and offers incremental builds, parallelization, and a declarative syntax. In this post we’ll take a look at how the .DELETE_ON_ERROR special target helps eliminate possible downstream problems in your makefiles. You’ll also come to understand why most makefiles should include it.

Experienced radiologists can identify the anatomical location of an axial CT slice within a second. They may say the slice is “near the apex of the heart” or “at the C7 vertebrae.” These anatomical landmarks are difficult to describe or detect using manually created features, but neural networks excel at this sort of pattern recognition. Can we create a neural network capable of performing slice localization with similar speed and accuracy to a radiologist?

If you followed along with our last post, we developed a deep-learning model that achieves our goal of identifying Simpsons characters in an image. However, as with all software development tasks, getting a working program is only half the battle. In order to maintain a program and fix bugs, the developer must understand the system– in particular, they must understand how it fails as well as how it succeeds. This can be quite a difficult task for deep-learning models, as they are black-boxes by nature of their construction. However, there are some techniques we have at our disposal to open up the black box and get a view into what is happening in our trained model; these can help us to find “bugs” in the model’s learning and even indicate how to resolve them. Among the many techniques to visualize the internals of a deep learning model, we will be focusing on the use of class activation maps.

Deep-learning models are ideal candidates for building image classification systems. In this article, we demonstrate how to leverage Keras and pre-trained image recognition models to create an image classifier that identifies different Simpsons characters.

Many medical applications run within a closed network. This arrangement can make investigating software bugs more difficult because the only readily available information is an (often vague and incomplete) recounting of the problem, a zip file filled with system and application logfiles, and the application source code.

Refactoring a codebase means changing its internal structure without altering its observable behaviour. Refactoring is an essential tool for keeping an evolving codebase maintainable. This article is a commentary on a book chapter about refactoring code—Chapter 24 of Code Complete.

In this article, we explore how to extend async JavaScript functions using a functional design pattern—the decorator.

In this post, we provide a set of exercises that should help you solidify your knowledge of BASH. Note that these are NOT introductory level questions, and they assume that you are starting with a working knowledge of Linux and BASH.

Poor code quality can be an extremely expensive problem to fix. This article describes what code quality is, why its important, and how to handle issues related to it.

Developers often don’t think about database connection pools until they are having connection problems. This article explains the purpose of connection pools, how they work, and how to tune them, while remaining agnostic to a particular implementation. It also discusses other types of object pools.

Picking the right programming language for a project can be an important business decision, and making the wrong choice is usually expensive. After reading this, you should have enough background to have an informed conversation with your development team.