Clinical Evidence
OculiRX is pursuing FDA 510(k) clearance as a Class II Software as a Medical Device (SaMD). This page summarizes device specifications, safety controls, software quality metrics, and cybersecurity posture.
Device Specifications
| Product Code | QTO |
| Classification | Class II SaMD |
| Predicate Device | K220090 (Visibly) |
| Regulation | 21 CFR 886.1700 |
| Test Types | Snellen Chart, Tumbling E (adaptive staircase) |
| Age Range | 18-40 years |
| Distance | 50cm (IPD-based tracking) |
| Calibration | Credit card method (ISO/IEC 7810) |
Safety Controls
Squint Detection
Real-time MediaPipe FaceMesh iris tracking detects squinting behavior during the exam. The exam is paused and the patient is warned to prevent unreliable measurements.
Distance Tracking
Continuous IPD-based distance estimation ensures the patient maintains the required 50cm distance. Out-of-range distances trigger an on-screen correction prompt.
Anti-Cheat Controls
Tab-switching detection, randomized optotype presentation order, time-per-response limits, and gaze direction monitoring prevent exam manipulation.
Medical Intake Screening
Pre-exam questionnaire screens for contraindications including recent eye surgery, known eye disease, cataracts, glaucoma, and other conditions outside the intended use population.
Geofencing
Exams are restricted to jurisdictions where OculiRX holds valid regulatory clearance. IP-based and GPS-based location verification enforces geographic boundaries.
Refractive Limits
Results outside the correctable range of -8.00 to +4.00 diopters sphere (with up to -2.00 cylinder) are flagged for mandatory in-person referral rather than prescription generation.
Software Quality Metrics
Static Analysis
ESLint with strict TypeScript rules, Prettier formatting, and pre-commit hooks enforce code quality on every commit. Zero lint warnings policy.
Lighthouse CI
Automated Lighthouse audits run in CI on every pull request. Performance, accessibility, best practices, and SEO scores are tracked over time.
Type Safety
Strict TypeScript configuration with no implicit any, strict null checks, and exhaustive pattern matching. Drizzle ORM provides end-to-end type-safe database queries.
Clinical Validation
Study Design
Prospective, single-site, paired-comparison study. Each subject receives both the OculiRX digital exam and a standard phoropter refraction by a licensed optometrist.
Endpoints
Primary: agreement of sphere, cylinder, and axis within clinically acceptable tolerances. Secondary: exam completion rate, time-to-completion, and patient satisfaction.
Cybersecurity
Encryption
AES-256 encryption at rest via AWS KMS customer-managed keys. TLS 1.3 encryption in transit with HSTS enforced. Database connections use SSL with certificate verification.
HIPAA Compliance
Full HIPAA technical, administrative, and physical safeguards. Business Associate Agreements with all vendors. PHI access audit logging retained for 6 years.
Security Headers
Content Security Policy, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, and Strict-Transport-Security headers configured on all responses.
SAST & SBOM
Static Application Security Testing integrated into CI pipeline. Software Bill of Materials (SBOM) generated for every release per FDA cybersecurity guidance.
Access Control
Role-based access control with 8 distinct roles and 34+ granular permissions. TOTP-based two-factor authentication. Enterprise SSO via SAML 2.0 and OIDC.
Infrastructure
Hosted on AWS with SOC 2 Type II certification. Database in isolated VPC with no public internet access. S3 buckets with public access blocked and server-side encryption.
Regulatory Pathway
| Submission Type | 510(k) Premarket Notification |
| Device Class | Class II |
| Product Code | QTO — Instrument, Visual Acuity Screening |
| Predicate | K220090 — Visibly Online Vision Test |
| Quality System | 21 CFR Part 820 (QSR) / ISO 13485 |
| Risk Management | ISO 14971 — FMEA with 17 hazard items, all RPNs < 100 |
| Software Lifecycle | IEC 62304 — Class B software, agile lifecycle |
| Cybersecurity | FDA Premarket Cybersecurity Guidance (2023), SBOM per EO 14028 |