The Food and Drug Administration (FDA) is a US authority responsible for the approval and market surveillance of food, drugs, cosmetics, and medical devices. It is authorized to issue its laws, which can be found in 21 CFR. The authority thus acts as both a legislative and executive body.

Content

This page provides manufacturers of medical devices with an overview of the FDA’s requirements and links to relevant articles.

  1. Approval and communication with the authority
  2. Requirements for the QM system
  3. Guidance documents
  4. Support for the approval of devices in the USA

1. Articles on approval and communication

a) Articles on approval procedures

The article “FDA approval of medical devices” provides you with an introduction. It shows you how to

  • determine the correct “Medical Device Panel” and the type of your medical device,
  • classify the device, and
  • select the appropriate approval procedure.
Approval procedure Suitable for devices, …
Premarket Notification PMN, also known as 510(k) for which there is already an approved substantially equivalent device, the so-called predicate device. There are also special forms here.
Abbreviated 510(k) for which the FDA has published guidelines with “special controls”, which the manufacturer applies
Special 510(k) which the manufacturer had already approved and which the manufacturer intends to re-approve following a modification
Premarket Approval (PMA) that are critical and for which there are no benchmark devices
De novo procedure that are not highly critical and for which there are no benchmark devices
Investigational Device Exempt (IDE) used in the context of clinical investigations
Humanitarian Device Exemption which are still experimental and are generally intended for use in terminally ill patients
Breakthrough Medical Devices which are for patients with critical or even life-threatening illnesses and injuries
Safer Technologies Program that increase safety compared to alternative devices and are intended for patients who are less critically ill or injured.
Precertification (Pre-Cert) Pilot Program which are software and represent innovation.

b) Articles on communication with the FDA

The US Department of Health and Human Services has regulated and formalized communication with manufacturers.

Law and official communication channel Area of application
Request for Information Suitable for alignment, e.g., on the classification of a device
Pre-Submission Program (Pre-Sub) Suitable for alignment on the approval strategy
Warning Letter Form 483 Formal letter from the authority in the event of severe deviations found during an FDA inspection, for example. This requires a remediation.
Refuse to Accept Policy Minimum requirements for the submission of approval documents for 510k approval
eCopy-Programm Specifies how approval documents must be structured and submitted electronically
eStar-Programm Successor to the eCopy program
Tip

The Johner Institute supports medical device manufacturers in official communications with the FDA. We help you select the right channel and prepare the meetings so that the authority provides binding information.

c) Further articles

The FDA requires a US Agent & Official Correspondent for the registration of medical devices.

2. Articles on the requirements for the QMS

The Quality System Regulation (QSR) in 21 CFR part 820, which the FDA broadly aligns with the requirements of ISO 13485, is essential. The FDA refers to this new regulation as QMSR, Quality Management System Regulation.

Further information

Please refer to the extensive collection of articles on quality management and ISO 13485.

When inspecting QM systems, the FDA follows the FDA QSIT: Quality System Inspection Technique.

During these audits, the FDA examines the objective evidence. If manufacturers provide this evidence electronically, they must comply with the electronic signature requirements of 21 CFR Part 11.

Development

With the changeover to ISO 13485, the requirements for the following documents or files become partially obsolete: Design history file, device master record, and device history record. However, ISO 13485 requires similar records.

Manufacturers are still obliged to describe:

  • Design input: What you should not forget
  • Design output: What is it and what must it contain?
  • Design verification of medical devices and standalone software
  • Design validation: What you have to prove

3. Articles on the guidance documents

The legal requirements in the USA are often generally applicable. The FDA has, therefore, published countless guidelines.

a) Software

Guidance Document Area of application
Software Validation Software that is a medical device or part of a medical device, as well as software that is used as part of QM processes, e.g., for production control

Please also refer to the articles on process validation and Computerized Systems Validation (CSV).

Interoperable Medical Devices Software with external interfaces, in particular to other medical devices and clinical information systems
Medical Device Data Systems (MDDS) Devices (hardware and/or software) that are primarily intended to transmit data
Leven of Concern Any software: The guidance regulates the scope of the documentation to be submitted.
Off-the-shelf (OTS) Software Software that contains generally available software, in particular libraries
Software-Change This Guidance Document is always relevant if a manufacturer wants to change the software and has to decide whether a new approval is necessary.
Cybersecurity (several guidance documents) Interoperable medical devices that are or that contain software
Further information

Please also note the extensive information on software development, including information on detailed design and mobile medical apps.

The article on the qualification of standalone software is also relevant.

b) Security

Almost all medical device manufacturers whose devices contain or are software must also comply with the IT security and cybersecurity guidelines. The article “Cybersecurity in Medical Devices: The FDA’s Guidance Documents”.

The FDA is generous when it comes to pure security patches.

The FDA recognizes some standards on IT security as “consensus standards,” including UL 2900.

c) Usability

The FDA Human Factors Guidances article is the best place to start, as it presents the two guidance documents and how they interact.

One of these documents is the FDA Human Factors Engineering Guidance.

d) Clinical evaluation

The FDA handles clinical evaluation differently from the EU. For example, devices with a “predicate device” are considered to have provided this evidence. Nevertheless, the FDA has drawn up a guideline on the clinical evaluation of software.

e) Risk management

FDA Benefit-Risk Guidance

FDA MAUDE database: Input for risk management

f) Articles on post-market surveillance and vigilance

The US authorities also have several requirements for the phase after placing on the market, e.g.

  • in 21 CFR part 822 for post-market surveillance,
  • for recalls, and
  • for dealing with safety gaps in the Health Breach Notification Rule.
Caution!

The Federal Trade Commission (FTC) requirements must also be observed in the case of security gaps!

4. Support with the approval of medical devices in the USA

Do you still have questions about approving your medical device in the USA? Then, benefit from free micro-consulting.

The Johner Institute supports medical device manufacturers in all activities:

  • Determining the regulatory & approval strategy (FDA and worldwide)
  • Classification of devices
  • Communication with the authority, e.g. at Q-meetings
  • Registration & listing
  • Remediation (rapid elimination of deviations identified by the FDA)
  • Post-market surveillance

Contact our experts right away.


FDA Pre-Submission Program

With the Pre-Submission Program (“pre-sub” for short), the FDA offers a formal procedure for manufacturers to clarify their regulatory strategy and specific questions before actual approval or market clearance. A pre-sub request is suitable in the preparation of 510(k)s, De Novo Requests, or PMAs, among other things. This can avoid unnecessary costs and effort on…

Details

PDMS (Patient Data Management System): What you should consider from a regulatory perspective

PDMS stands for patient data management system. These clinical information systems are typically used in hospitals, especially in departments that treat patients in intensive care. PMDS are experiencing a new boom in Germany as a result of the funding provided by the Hospital Future Act (Krankenhaus-Zukunftsgesetz, KHZG). This article provides 1. PMDS: Functionalities and requirements Patient data management systems (PDMS)…

Details

Remediation: When things hit the fan

“Remediation” is often synonymous with maximum stress: Notified bodies or authorities such as the FDA have discovered significant deviations that must be remedied with the highest priority and without regard to the workload of employees or budgets. This article will help you to complete such “remediation projects” in such a way that 1. Remediation: First…

Details