U.S. flag An official website of the United States government

On Oct. 1, 2024, the FDA began implementing a reorganization impacting many parts of the agency. We are in the process of updating FDA.gov content to reflect these changes.

U.S. Food and Drug Administration
  1. Home
  2. Inspections, Compliance, Enforcement, and Criminal Investigations
  3. Compliance Actions and Activities
  4. Warning Letters
  5. Becton, Dickinson, and Company/CareFusion 303, Inc. - 691601 - 11/22/2024
  1. Warning Letters

WARNING LETTER

Becton, Dickinson, and Company/CareFusion 303, Inc. MARCS-CMS 691601 —

Delivery Method:
Via Email
Product:
Medical Devices
Recipient:
Recipient Name
Mr. Thomas E. Polen
Recipient Title
President & CEO
Becton, Dickinson, and Company/CareFusion 303, Inc.

1 Becton Drive
Franklin Lakes, NJ 07417
United States

(b)(6)
Issuing Office:
Center for Devices and Radiological Health

United States

WARNING LETTER

11/22/2024

Dear Mr. Polen:

During an inspection of your firm located in San Diego, California on May 6, 2024 through May 22, 2024, an investigator (or investigators) from the United States Food and Drug Administration (FDA) determined that your firm manufactures Pyxis Medication Management System medical devices including, but not limited to, Pyxis MedStation ES, Pyxis ES Anesthesia, and Pyxis MedBank (hereafter also referred to as Pyxis) Under section 201(h) of the Federal Food, Drug, and Cosmetic Act (the Act), 21 U.S.C. § 321(h), these products are devices because they are intended for use in the diagnosis of disease or other conditions or in the cure, mitigation, treatment, or prevention of disease, or to affect the structure or any function of the body.

Quality System Regulation

This inspection revealed that these devices are adulterated within the meaning of section 501(h) of the Act, 21 U.S.C. § 351(h), in that the methods used in, or the facilities or controls used for, their manufacture, packing, storage, or installation are not in conformity with the current good manufacturing practice requirements of the Quality System regulation found at Title 21, Code of Federal Regulations (CFR), Part 820.

We received a response from Vipul Sheth, VP of Quality, MMS dated June 13, 2024 and additional responses dated July 31, 2024 and September 20, 2024 concerning our investigator’s observations noted on the Form FDA 483 (FDA 483), List of Inspectional Observations, that was issued to your firm. We address this response below, in relation to each of the noted violations. These violations include, but are not limited to, the following:

1. Failure to establish and implement procedures for corrective and preventive actions as required by 21 CFR 820.100(a).

For example, you were found to have 544 open tickets for software defects of which 111 were categorized as Catastrophic or Severe patient harm. Four (4) were noted to have
cybersecurity vulnerabilities. Of 256 open tickets for server software issues, 55 for thermal effects were categorized as Catastrophic or Severe. Your CAPA # 8438925 was not found to be complete.

The adequacy of your firm’s response cannot be determined at this time.

You provided an Issue and Defect Tracking procedure and stated that closure of “Tickets” will be tracked in a risk-prioritized manner by June 30, 2025 and conduct training. You state that you established a quality metric that monitors the timely closure of “Defects” and presented to the FY2024 Q3 Quarterly Management Review meeting to determine the definition of metric. You have not provided the results of the management review. You also stated you will enhance your (b)(4). You have not provided evidence of implementation of these corrective actions.

2. Failure to establish procedures for receiving, reviewing, and evaluating complaints by a formally designated unit as required by 21 CFR 820.198(a).

For example, for 8 complaints [04168007, 04167379, 04170044, 04178943, 04179552, 041686160, 04208805, and 04211537] during the December 2023 to January 2024 time period, for issues with the Pyxis (b)(4) server, e.g., servers offline at three hospitals and required shutdown, none of the complaints were evaluated for MDR reporting. You stated that MDR reportability is not done for (b)(4) server complaints because the server is not a medical device, and that the server is not part of the Pyxis system. Your firm provided evidence of a regulatory assessment as (b)(4) Server Baseline Regulatory Assessment, DIR #10000428322.

Your firm uses the (b)(4) system to document complaints and has a Complaint Handling Procedure. You also have a Complaint Investigation procedure, but you stated you only perform investigations for MDR reportable complaints. In a review of two spreadsheets, Case Notes for Reportable was noted as N/A. Your firm was found to have approximately 92, 083 complaints for delay in delivery of medications due to freezing, shut down, or malfunction including complaints and 70 complaints for wrong medications dispensed, without evidence of investigation. Also, eight (8) complaints reported potential electrical safety issues with the Pyxis MedBank Dispensing Cabinet, however none were investigated.

The adequacy of your firm’s response cannot be determined at this time.

You stated that complaint investigations were not comprehensive with event details, patient or device information, and components linked to complaints were not always requested to be returned. You state that your (b)(4) database has limitations in making updates or corrections to Case Notes details. You have not provided evidence of implementation of corrective actions for these deficiencies. In addition, you have not provided supporting evidence of your CAPA 10308384 to enhance complaint handling/MDR procedures or your CAPA to investigate thermal issues with complaints to determine root cause and if CAPAs will be implemented.

3. Failure of design validation to include adequate risk analysis as required by 21 CFR 820.30(g).

For example, your firm’s System Hazard Analysis for the MedStation ES System failed to take into consideration higher severity risks such as a complaint reporting a patient death possibly due to delay in accessing medications. In addition, since 2022, there have been multiple reports of life-threatening situations involving Pyxis delay in dispensing medications. For example, complaint 3799113 (system stopped responding during cardiac arrest); 4042263 (users tried to remove required medications to prevent patient from drowning but took too long and patient rushed to hospital); 03842764 (system did not dispense Propofol during a procedure, patient woke up during surgery); 4453386 (wrong CUBIE opened causing significant delay during emergency event, unresponsive patient); 3534347 (patient blood clot and Heparin not showing as available); 4059672 (system did not allow users to remove lorazepam for seizure patient); and 3559647 (system stopped during procedure requiring tracheostomy).

Your MedBank System Hazard Analysis identifies five electrical hazards with a severity of harm of Critical or Catastrophic. You stated that all Pyxis systems are IEC 60601 compliant except MedBank because MedBank is not intended for patients as it is used in a pharmacy. You produced a certifying organization (UL) email apparently stating MedBank is a medical device but does not fall within the scope of IEC 60601-1. You stated MedBank falls within IEC 61010, Safety Requirements for Electrical Equipment for Measurement, Control, and Laboratory Use and our investigator noted to you that 61001 pertains to laboratory equipment. There were 8 complaints with electrical issues. You did not provide records to demonstrate that the MedBank devices are compliant with the IEC 60601 standard to ensure that electrical safety hazards are mitigated.

Your Pyxis MedStation ES Medication Dispensing system applications allow sharing data and communicating with other systems as described in your Product Risk Management Plan BD Pyxis MedStation ES System. In complaint 4420172, it reported the Pyxis CIISAFE ES system opening the wrong doors for medications after all stations were re-installed after a cyber-attack. You acknowledged that threat modeling procedures have been implemented to assess exploitability of cybersecurity vulnerabilities and possible patient harm. You stated that you conducted (b)(4). You have not established a process for assessing the exploitability of cybersecurity vulnerabilities and the severity of patient harm if the vulnerability were to be exploited.

The adequacy of your firm’s response cannot be determined at this time.

You stated that you are taking action through CAPA to ensure risk management files to consider postmarket data. You stated that you have Product Risk Management and Product Risk Management – Released Product procedures but that Product Support Engineers (PSE) are not always included as part of the investigation process. Your Complaint Handling procedure does not require escalation to PSE, and you state that you will enhance the complaint handling and risk management processes. You have not provided evidence of implementation of corrective actions for complaint handling and risk management.

For the FDA-cited example, you stated that complaint 2397210 was not escalated but was part of CAPA 3078666 to improve the design history file. You stated that the complaint was considered in the System Hazard Analysis (SHA) from May 7, 2024 but not for what FDA cited, e.g., delayed medication. Per your SHA, the harm severity is Catastrophic. You stated that you have received other complaints to indicate delayed medication hazard and should be Catastrophic. You have not provided evidence of implementation of corrective actions for this harm severity issue.

You escalated the threat modeling process and updated security procedures, but it is not evident as to your completion of product security deliverables for the next revision of the Pyxis MedStation ES, review/revise all product security deliverables for all Dispensing products, and performance of an assessment of the current process to AAMI and FDA guidance documents on cybersecurity to determine whether additional enhancements are required. It is also not evident as to the status of your CAPA 10315457.

Medical Device Reporting (MDR)
Our inspection revealed that your firm’s Pyxis devices are misbranded under section 502(t)(2) of the Act, 21 U.S.C. § 352(t)(2), in that your firm failed or refused to furnish material or information respecting the device that is required by or under section 519 of the Act, 21 U.S.C. § 360i, and 21 CFR Part 803 – Medical Device Reporting. Significant violations include, but are not limited to, the following:

1. Failure to submit a report to the FDA no later than 30 calendar days after the day that your firm received or otherwise became aware of information, from any source, that reasonably suggests that a device that it markets has malfunctioned and this device or a similar device that your firm markets would be likely to cause or contribute to a death or serious injury, if the malfunction were to recur, as required by 21 CFR 803.50(a)(2). For example:

  a. The information included for Complaint# 02840390 describes an adverse event occurring as the result of malfunction of your firm’s Pyxis MedStation ES System (i.e. unexpected reboot) while in use. The MDR#2016493-2020-00001 received by FDA describes an event where the patient sustained a serious injury resulting from your firm’s same device malfunction. This report establishes precedence that the referenced malfunction would be likely to cause or contribute to a death or serious injury, if it were to recur. There is no information included for the complaint that justifies that the referenced malfunction would not be likely to cause or contribute to a death or serious injury. Your firm became aware of the event on October 25, 2022. However, the corresponding MDR#2016493-2024-00410 was received by FDA on June 11, 2024, which is beyond the required 30 calendar day timeframe.

  b. The information included for Complaint# 03595420 describes an adverse event occurring as the result of malfunction of your firm’s Pyxis MedStation ES System (i.e. missing patient data) while in use. The MDR#2016493-2022-99102 received by FDA describes an event where the patient expired as a result of the firm’s same malfunction. This report establishes precedence that the referenced malfunction would be likely to cause or contribute to a death or serious injury, if it were to recur. There is no information included for the complaint that justifies that the referenced malfunction would not be likely to cause or contribute to a death or serious injury. Your firm became aware of the event on June 27, 2023. However, the corresponding MDR#2016493-2024-00415 was received by FDA on June 11, 2024, which is beyond the required 30 calendar day timeframe.

  c. The information included for Complaint# 02653489 reasonably suggests that your firm’s Pyxis MedStation ES System malfunctioned (i.e. drawer inaccessibility) during use. Your firm had previously initiated recall Z-1015-2013 for the same malfunction. Per the Preamble, in the Medical Devices; Medical User Facility and Manufacturer Reporting, Certification and Registration; Final Rule, 60 Fed. Reg. 63585 (Dec. 11, 1995), Comment 12, a malfunction is reportable if the manufacturer takes or would be required to take an action under sections 518 or 519(g) of the act as a result of the malfunction of the device or other similar devices. There is no information in the complaint to rule out that the referenced malfunction would not be likely to cause or contribute to a death or serious injury if it were to recur. Your firm became aware of the event on August 29, 2022. However, the corresponding MDR#2016493-2024-00408 was received by FDA on June 11, 2024, which is beyond the required 30 calendar day timeframe.

  d. The information provided for Complaint #03500083, #03708861, and #04422892 describes malfunctions (i.e. power failure) of your firm’s Pyxis MedBank ES System emitting smoke or burning smell in a hospital setting. We consider the nature of such an oxygen-enriched environment potentiates the possibly of a fire resulting in a death or serious injury if it were to recur. There is no information in the complaints that justified that these events were not the result of a device malfunction. Your firm became aware of Complaint #03500083 on May 25, 2023, Complaint #03708861 on August 3, 2023, and Complaint #04422892 on March 12, 2024, and FDA received the corresponding MDRs #2016493-2024-00400, #2016493-2024-00401, and #2016493-2024-00404 on June 11, 2024, which exceeds the required 30-calendar-day reporting timeframe.

The adequacy of your firm’s responses dated June 13, 2024, July 31, 2024 and September 20, 2024 cannot be determined at this time. In the response, your firm references that it initiated on June 5, 2024, CAPA #10308384 to improve its complaint identification and MDR reporting processes. This includes process and procedural improvements, as well as a transition to its (b)(4) system for its Pyxis Dispensing products. These are intended to be long-term corrective actions aimed to ensure timely complaint management, MDR assessment, and reporting. Additionally, your firm plans to conduct a retrospective review of complaint records stored in the (b)(4) electronic tool for cases opened from February 1, 2022 to the present and submit newly identified MDRs. However, your firm has not provided evidence of completing all the planned corrective actions, including the retrospective review of complaint records and staff training.

Corrections and Removals
Our inspection also revealed that your firm’s Pyxis devices are misbranded under section 502(t)(2) of the Act, 21 U.S.C. § 352(t)(2), in that your firm failed or refused to furnish material or information respecting the device that is required by or under section 519 of the Act, 21 U.S.C. § 360i, and 21 CFR Part 806 – Medical Devices; Reports of Corrections and Removals. Violations include, but are not limited to, the following:

1. Failure to submit a Report of Correction or Removal, initiated to remedy a violation which may present a risk to health, within 10 working days of initiating such correction or removal, as required by 21 CFR § 806.10. For example:

  a. CareFusion issued a Product Advisory, dated 2/14/2023, and a follow-up 1/9/2024, to customers describing three door/drawer failure situations, described in MMS-22-4590, MMS-23-4599, and MMS-23-4634. Dispensing system door/drawer failure can lead to a delay or inability to dispense medications, which may present a risk to health. This action meets the definition of a medical device correction or removal initiated to remedy a violation which may present a risk to health, for which you are required to submit a Report of Correction or Removal to FDA. As of October 31, 2024, you did not submit a Medical Device Report of Correction or Removal to FDA for this action.

  b. Your firm issued a (b)(4), described in MMS-23-4697, for the MedStation ES system software on 3/17/2023. You issued an Urgent Medical Device Correction, dated 4/5/2023, announcing ES 1.7.4 software updates for Alternate Location Tooltip Error and Upload Data Error. Failure of the alternate location tooltip feature for a multi-item order can contribute to a delay in therapy, which may present a risk to health. This action meets the definition of a medical device correction or removal initiated to remedy a violation which may present a risk to health, for which you are required to submit a Report of Correction or Removal to FDA. As of October 31, 2024, you did not submit a Medical Device Report of Correction or Removal to FDA for this action.

c. CareFusion issued Customer Release Notes dated September 2023, describing BD Pyxis MedBank system release software v1.3.4. This update, described in MMS-23-4884, was intended to resolve the MedBank cabinet allowing dispense of a medication requiring RxVerify Validation Code without the validation code being entered. Dispensing without the validation code could lead to removal and/or administration of an incorrect dose, or incorrect medication to a patient, which may present a risk to health. This action meets the definition of a medical device correction or removal initiated to remedy a violation which may present a risk to health, for which you are required to submit a Report of Correction or Removal to FDA. As of October 31, 2024, you did not submit a Medical Device Report of Correction or Removal to FDA for this action.

Your firm’s response to the FDA-483, dated June 13, 2024, does not address Reports of Corrections or Removals. As of October 31, 2024, you have not submitted Reports of Correction or Removal to FDA for the actions described herein.

Your firm should take prompt action to address any violations identified in this letter. Failure to adequately address this matter may result in regulatory action being initiated by the FDA without further notice. These actions include, but are not limited to, seizure, injunction, and civil money penalties.

Other federal agencies may take your compliance with the FD&C Act and its implementing regulations into account when considering the award of federal contracts. Additionally, should FDA determine that you have Quality System regulation violations that are reasonably related to premarket approval applications for Class III devices, such devices will not be approved until the violations have been addressed. Should FDA determine that your devices or facilities do not meet the requirements of the Act, requests for Certificates to Foreign Governments (CFG) may not be granted.

Please notify this office in writing within fifteen business days from the date you receive this letter of the specific steps your firm has taken to address the noted violations, as well as an explanation of how your firm plans to prevent these violations, or similar violations, from occurring again. Include documentation of the corrections and/or corrective actions (which must address systemic problems) that your firm has taken. If your firm’s planned corrections and/or corrective actions will occur over time, please include a timetable for implementation of those activities. If corrections and/or corrective actions cannot be completed within fifteen business days, state the reason for the delay and the time within which these activities will be completed. Your firm’s response should be comprehensive and address any violations included in this Warning Letter. If you believe that your products are not in violation of the FD&C Act, include your reasoning and any supporting information for our consideration as part of your response.

Your firm’s response should be sent to Jeffrey Wooley, Acting Assistant Director at CDRHWarningLetterResponses@fda.hhs.gov. Please include in the subject line, CMS case #691601 when replying. If you have any questions about the contents of this letter, please contact: Raymond W. Brullo, Compliance Officer raymond.brullo@fda.hhs.gov.

Finally, you should know that this letter is not intended to be an all-inclusive list of the violations at your firm’s facility. It is your firm’s responsibility to ensure compliance with applicable laws and regulations administered by FDA. The specific violations noted in this letter and in the Inspectional Observations, FDA 483, issued at the close of the inspection may be symptomatic of serious problems in your firm’s manufacturing and quality management systems. Your firm should investigate and determine the causes of any violations and take prompt actions to address any violations and bring the products into compliance.

Sincerely yours,
/S/

RDML Sean M. Boyd, MPH, USPHS
Director
Office of Regulatory Programs
Office of Product Evaluation and Quality
Center for Devices and Radiological Health 

cc: 

Connor L. Bates, President, Medication Management Systems at (b)(6)
Vipul Sheth, VP of Quality, Medication Management Systems at (b)(6)

Back to Top