Guest Column | July 5, 2019

Safety, Usability, And Security: A Look At Our Path To FDA Clearance

By George Gray, CTO, Ivenix

FDA Draft Guidance

Receiving our U.S. Food and Drug Administration (FDA) 510(k) clearance was a multi-year journey for Ivenix, and the road was rigorous and exhaustive, as it should be. Ninety percent of patients receive an IV at some point during their hospital stay, so it’s critical that infusion pumps delivering potentially life-saving drugs are safe, intuitive and secure.

We are the first-ever (and only) infusion pump system to be cleared under more stringent guidelines the FDA adopted back in 2014 to address persistent errors, adverse drug events and pump malfunctions. The FDA adopted these stricter guidelines because outdated technology in current pumps have consistently led to critical errors -- and even deaths -- pump recalls and cybersecurity threats. In fact, more than half of the 1.5 million adverse drug events reported annually to the FDA are attributed to infusion-related errors.

Under the new FDA guidance, we spent almost three years testing and reviewing our product with the FDA. We provided more than 50,000 pages of documentation on all aspects of the design and the results of thousands of hours of testing that we performed. With its new guidance, the FDA raised the bar substantially in many areas -- most notably in safety, usability and cybersecurity.

Safety And Usability

We had to demonstrate that our pump was safe under all conditions. Similar to other 510(k) clearance processes, we had to demonstrate the safety and efficacy of a predicate device, but the FDA challenged us to improve in those areas where they historically saw safety issues in the other infusion pumps, not just the predicate device we referenced.

We also had to be precise about how we controlled medication flow and were required to perform extensive testing to demonstrate that we could control flow under all clinical conditions. No existing pump on the market today had to meet that bar. Current IV pumps on the market were permitted to test under controlled lab settings and then document in their user guides the areas with which they could not guarantee their stated accuracy.

The FDA also recently increased the scope of its comprehensive hazards analysis. We had to detect, annunciate and mitigate any possible fault that could potentially cause patient harm. We had to account for and prevent anything and everything that could possibly go wrong and demonstrate this to the FDA.

On the usability front, we needed to demonstrate through exhaustive testing that users would not make critical mistakes when using our pump. This is an area that we were passionate about and the reason our pump is so easy to use. To achieve this, we built our own in-house hospital simulation lab. We recruited new users for each study who had never previously been introduced to our pump.

We conducted hundreds of hours of research testing over several years with 23 user-research groups with more than 300 registered nurses, 55 user-research interviews and surveys, and 19 formative large-volume pump usability tests with more than 200 infusion therapy providers. In all, our team did 398 hours of testing. We also undertook four formative drug library usability tests with 16 clinical pharmacists for 52 total hours testing.

Our team also did exhaustive testing with untrained participants to validate the use safety of our system. Among the group of 69 critical care nurses, med-surg nurses and anesthesia providers, half of the group were untrained. Each session lasted up to three and a half hours and we exposed users to 155 potential use errors and 38 potential hazards. No critical use errors occurred during testing. Even among the untrained group who have never seen the pump before, there were no errors during testing.


Demonstrating that an infusion pump can protect, detect and mitigate cyberattacks is another new area of the FDA guidance and it’s a critical one. With today’s cybersecurity landscape, we believed this was a necessary requirement for any modern infusion system and architected it in from the start. In addition to our risk assessments and a set of product specifications and designs showing how we would address those security risks, it’s also required to provide third-party testing to validate that our product will stand up against hackers. And then, like any safety risk, were required to address any identified critical vulnerabilities discovered during that testing.

Unlike other risks in the system, cyberthreats are a moving target. So our team had to demonstrate how we would protect our pump against attacks, detect when an attack occurred and mitigate against one once it did occur.

It was a long and exhaustive process, and along the way, we always considered the FDA our partner in safety. Yes, they were a tough partner, but they also helped us up our game and ensure that our product is truly safe and effective in this modern healthcare environment.

About The Author

George Gray is CTO of Ivenix.