The Food and Drug Administration (FDA) is a US authority responsible for the approval and market surveillance of food, drugs, cosmetics, and medical devices. It is authorized to issue its laws, which can be found in 21 CFR. The authority thus acts as both a legislative and executive body.
Content
This page provides manufacturers of medical devices with an overview of the FDA’s requirements and links to relevant articles.
The article “FDA approval of medical devices” provides you with an introduction. It shows you how to
| Approval procedure | Suitable for devices, … |
| Premarket Notification PMN, also known as 510(k) | for which there is already an approved substantially equivalent device, the so-called predicate device. There are also special forms here. |
| Abbreviated 510(k) | for which the FDA has published guidelines with “special controls”, which the manufacturer applies |
| Special 510(k) | which the manufacturer had already approved and which the manufacturer intends to re-approve following a modification |
| Premarket Approval (PMA) | that are critical and for which there are no benchmark devices |
| De novo procedure | that are not highly critical and for which there are no benchmark devices |
| Investigational Device Exempt (IDE) | used in the context of clinical investigations |
| Humanitarian Device Exemption | which are still experimental and are generally intended for use in terminally ill patients |
| Breakthrough Medical Devices | which are for patients with critical or even life-threatening illnesses and injuries |
| Safer Technologies Program | that increase safety compared to alternative devices and are intended for patients who are less critically ill or injured. |
| Precertification (Pre-Cert) Pilot Program | which are software and represent innovation. |
The US Department of Health and Human Services has regulated and formalized communication with manufacturers.
| Law and official communication channel | Area of application |
| Request for Information | Suitable for alignment, e.g., on the classification of a device |
| Pre-Submission Program (Pre-Sub) | Suitable for alignment on the approval strategy |
| Warning Letter Form 483 | Formal letter from the authority in the event of severe deviations found during an FDA inspection, for example. This requires a remediation. |
| Refuse to Accept Policy | Minimum requirements for the submission of approval documents for 510k approval |
| eCopy-Programm | Specifies how approval documents must be structured and submitted electronically |
| eStar-Programm | Successor to the eCopy program |
The Johner Institute supports medical device manufacturers in official communications with the FDA. We help you select the right channel and prepare the meetings so that the authority provides binding information.
The FDA requires a US Agent & Official Correspondent for the registration of medical devices.
The Quality System Regulation (QSR) in 21 CFR part 820, which the FDA broadly aligns with the requirements of ISO 13485, is essential. The FDA refers to this new regulation as QMSR, Quality Management System Regulation.
Please refer to the extensive collection of articles on quality management and ISO 13485.
When inspecting QM systems, the FDA follows the FDA QSIT: Quality System Inspection Technique.
During these audits, the FDA examines the objective evidence. If manufacturers provide this evidence electronically, they must comply with the electronic signature requirements of 21 CFR Part 11.
With the changeover to ISO 13485, the requirements for the following documents or files become partially obsolete: Design history file, device master record, and device history record. However, ISO 13485 requires similar records.
Manufacturers are still obliged to describe:
The legal requirements in the USA are often generally applicable. The FDA has, therefore, published countless guidelines.
| Guidance Document | Area of application |
| Software Validation | Software that is a medical device or part of a medical device, as well as software that is used as part of QM processes, e.g., for production control
Please also refer to the articles on process validation and Computerized Systems Validation (CSV). |
| Interoperable Medical Devices | Software with external interfaces, in particular to other medical devices and clinical information systems |
| Medical Device Data Systems (MDDS) | Devices (hardware and/or software) that are primarily intended to transmit data |
| Leven of Concern | Any software: The guidance regulates the scope of the documentation to be submitted. |
| Off-the-shelf (OTS) Software | Software that contains generally available software, in particular libraries |
| Software-Change | This Guidance Document is always relevant if a manufacturer wants to change the software and has to decide whether a new approval is necessary. |
| Cybersecurity (several guidance documents) | Interoperable medical devices that are or that contain software |
Please also note the extensive information on software development, including information on detailed design and mobile medical apps.
The article on the qualification of standalone software is also relevant.
Almost all medical device manufacturers whose devices contain or are software must also comply with the IT security and cybersecurity guidelines. The article “Cybersecurity in Medical Devices: The FDA’s Guidance Documents”.
The FDA is generous when it comes to pure security patches.
The FDA recognizes some standards on IT security as “consensus standards,” including UL 2900.
The FDA Human Factors Guidances article is the best place to start, as it presents the two guidance documents and how they interact.
One of these documents is the FDA Human Factors Engineering Guidance.
The FDA handles clinical evaluation differently from the EU. For example, devices with a “predicate device” are considered to have provided this evidence. Nevertheless, the FDA has drawn up a guideline on the clinical evaluation of software.
FDA Benefit-Risk Guidance
FDA MAUDE database: Input for risk management
The US authorities also have several requirements for the phase after placing on the market, e.g.
The Federal Trade Commission (FTC) requirements must also be observed in the case of security gaps!
Do you still have questions about approving your medical device in the USA? Then, benefit from free micro-consulting.
The Johner Institute supports medical device manufacturers in all activities:
What MDR and IVDR confuse and why you should not talk about CAPA. The FDA (in 21 CFR part 820 – QSR) and ISO 13485 differentiate between Unfortunately, the MDR and IVDR do not clearly differentiate between these concepts. Some manufacturers also believe they can combine corrective and preventive actions into one single CAPA process. But…
DetailsAn FDA registration is a legally required registration of “establishments” (such as medical device manufacturers) in an FDA database. The FDA registration should not be confused with the UDI registration in the GUDID database or even an FDA approval. This article answers the most important questions and helps to avoid the most common mistakes in FDA registrations.…
DetailsPDMS stands for patient data management system. These clinical information systems are typically used in hospitals, especially in departments that treat patients in intensive care. PMDS are experiencing a new boom in Germany as a result of the funding provided by the Hospital Future Act (Krankenhaus-Zukunftsgesetz, KHZG). This article provides 1. PMDS: Functionalities and requirements Patient data management systems (PDMS)…
DetailsMedical device cybersecurity is a focus not only for the FDA but also for other legislators and authorities, both in the US and other markets. This is understandable The USA has added requirements for cyber devices to the Food, Drug & Cosmetic Act (FD&C), and the FDA has published several guidance documents on cybersecurity, which…
Details“Remediation” is often synonymous with maximum stress: Notified bodies or authorities such as the FDA have discovered significant deviations that must be remedied with the highest priority and without regard to the workload of employees or budgets. This article will help you to complete such “remediation projects” in such a way that 1. Remediation: First…
DetailsIn 21 CFR part 820, the FDA formulates the requirements for the quality management systems of medical device manufacturers, among others. Thus, 21 CFR part 820 (Quality System Regulation QSR) is or was the counterpart to ISO 13485. 1. QMSR: The amendments to 21 CFR part 820 This is because the FDA decided on February…
DetailsFor many manufacturers of medical devices, an FDA inspection is associated with great stress. Many companies are aware of the possible consequences, such as a public warning letter and even criminal prosecution. But they often don’t know how to avoid these consequences without shutting down the entire company for days. This article shows how This…
DetailsLaws and standards require medical device manufacturers to compile a Software Bill of Materials, the SBOM. However, standardized SBOM formats are not always sufficient to meet these requirements. In particular, medical device manufacturers who do not supply and use SBOMs for their software are no longer accepted in the market. Here are the reasons. 1.…
Details1. Documentation Level: End of Level of Concern On June 14, 2023, the FDA released the guidance document Content of Premarket Submissions for Device Software Functions. This document replaces the guidance document introducing the Level of Concern and only distinguishes between two classes. a) Determination of the classes The FDA no longer defines three “Level…
DetailsLegislators are continually changing the regulatory framework for medical devices, as we have seen in Europe with EU Regulation 2017/745 (MDR) and EU Regulation 2017/746 (IVDR). This then raises the question of how to deal with legacy devices. These are the medical devices that manufacturers have legally placed on the market under the old directives…
Details
Privacy Preference
We need your consent before you can continue on our website. If you are under 16 and wish to give consent to optional services, you must ask your legal guardians for permission. We use cookies and other technologies on our website. Some of them are essential, while others help us to improve this website and your experience. Personal data may be processed (e.g. IP addresses), for example for personalized ads and content or ad and content measurement. You can find more information about the use of your data in our privacy policy. You can revoke or adjust your selection at any time under Settings.
Privacy Preference
If you are under 16 and wish to give consent to optional services, you must ask your legal guardians for permission. We use cookies and other technologies on our website. Some of them are essential, while others help us to improve this website and your experience. Personal data may be processed (e.g. IP addresses), for example for personalized ads and content or ad and content measurement. You can find more information about the use of your data in our privacy policy. Here you will find an overview of all cookies used. You can give your consent to whole categories or display further information and select certain cookies.