Header graphic for print

Inside Medical Devices

Updates on Developments for Medical Devices from Covington & Burling LLP

China Releases New Notification Procedures for Class I Medical Devices

Posted in Device Regulation in China

The China Food and Drug Administration (CFDA) issued a Notice on Items Related to Class I Medical Device Notifications (Notice) to establish new notification procedures for Class I medical devices, which includes in vitro diagnostics.  This Notice is one of several that CFDA issued at the end of May 2014 related to the implementation of its recently completely revised Medical Device Supervision and Administration Regulation (MDR), which became effective on June 1, 2014.

The revised MDR changed the procedure for placing a Class I medical device on the market from a registration procedure to a government notification procedure.  According to the Notice, both import and domestic manufacturers may now submit materials via a new form (which was attached to the Notice).  Once submitted, a municipal food and drug regulatory authority (for domestically manufactured devices) or CFDA (for imported devices) will make an “on the spot” determination as to the completeness of those materials.  If the submission is complete, then the Agency will issue a notification certificate, and the device may be placed on the market.  If the Agency rejects the submission and requires additional materials, it will explain its reasons for doing so.  CFDA will also publish basic information contained in the notification on its website.

For Class I devices that that have already been registered under registration procedures prior to the implementation of the revised MDR in June 2014, the applicant must complete notification procedures prior to the expiration of the registration.  If the device is no longer considered a Class I device according to the classification catalogue, which was recently released by CFDA, then the manufacturer will need to follow separate procedures to re-register the device as a Class II or Class III device, as the case may be.

If CFDA or the municipal food and drug regulatory authority has already accepted an application for registration of the device submitted prior to June 2014, the applicant should withdraw the application.  The Notice states that regulatory authorities will not review these applications.  The applicant should then refile through the notification procedures.

CFDA has been using these types of notices, which it does not put through the normal notice and comment process, instead of issuing new and more comprehensive implementation regulations for the MDR.  The Agency had published proposed implementation regulations in March 2014, but it has not yet finalized them.  Medical device manufacturers doing business in China should continue to monitor for notices of this sort that might be issued by CFDA, as well as for more comprehensive implementation regulations for the revised MDR.

FDA Issues Draft Guidance on Benefit-Risk Considerations

Posted in FDA Device Regulation

On July 15, 2014, FDA issued a draft guidance entitled “Benefit-Risk Factors to Consider When Determining Substantial Equivalence in Premarket Notifications [510(k)] with Different Technological Characteristics,” which describes the benefit and risk factors that FDA may consider during the review process for a 510(k) submission (“draft guidance”).  This draft guidance applies to both diagnostic and therapeutic devices.  FDA makes clear at the outset that the draft guidance is not intended to change the 510(k) premarket review standard or impose extra burden on a 510(k) submitter to provide additional performance data.

During review of a 510(k) submission, FDA must determine whether a new device is “substantially equivalent” to a legally marketed “predicate device.”  As the first step in the review, FDA first considers whether the new device and the predicate device have the same intended use.  In the second step, FDA considers whether the new and predicate devices have the same or a different technology.  If the technologies are different, then FDA decides whether the different characteristics raise different questions of safety and effectiveness.  The newly issued draft guidance addresses the next step in the 510(k) review.

The draft guidance describes the principal benefit-risk factors that FDA may consider after the Agency has determined that there are different technological characteristics between the new and predicate devices, and that the new device that does not raise different questions of safety and effectiveness.  The factors discussed in the draft guidance assist FDA in determining whether the new device is “as safe and effective” as the predicate device and, ultimately, whether FDA can make a substantial equivalence determination.  The draft guidance includes examples of benefit-risk evaluations during a 510(k) review.

FDA explains in the draft guidance that performance data may be necessary to assess safety and effectiveness.  Performance data may include data from both non-clinical and clinical testing.  The principal benefit-risk factors that FDA may consider are then provided, with a description of each factor.  FDA makes clear that not all the factors may be applicable to each 510(k) submission and that each factor is considered in comparison to the predicate device. 

The draft guidance includes many of the same benefit-risk factors discussed in the FDA guidance issued in March 2012, “Factors to Consider When Making Benefit-Risk Determinations in Medical Device Premarket Approval and De Novo Classifications,” which discusses the principal benefit-risk factors FDA considers during the review process for premarket approval (PMA) applications and de novo classification requests.  The benefit factors that reviewers may consider during the review of a 510(k) submission include the type of benefit(s); magnitude of the benefit(s); probability of the patient experiencing one or more benefit(s); and the duration of effect(s).  The risk factors listed in the 510(k) draft guidance include severity, types, number and rates of harmful events associated with the use of the device; probability of a harmful event; probability of the patient experiencing one or more harmful event(s); duration of harmful events; and risk from false-positive or false-negative results for diagnostics. 

FDA also lists “additional factors” that FDA may consider during the review of a 510(k) submission.  One noteworthy “additional factor” is “patient tolerance for risk and perspective on benefit.”  This factor was also discussed in the PMA/De Novo Guidance, and FDA held a public workshop in 2013 regarding ways to incorporate patient perspectives on “meaningful benefits” and “acceptable risks” of new medical devices (see our previous post here).  The draft guidance also lists the “benefit for the healthcare professional or caregiver” as a factor that FDA may consider.  FDA states that its review of a 510(k) may take into account whether the device may benefit healthcare professionals or caregivers by improving the way they care for the patients and consequently improving patient outcomes. 

Finally, FDA discusses how postmarket data may play a role in the review of a 510(k).  FDA indicates that FDA may consider the extent to which postmarket controls could be considered as a mechanism to reduce the extent of the premarket data for 510(k) submissions.

FDA Issues Long-Awaited Draft Guidance Documents Concerning Internet/Social Media

Posted in FDA Device Regulation, First Amendment

Recently, the United States Food and Drug Administration (FDA) released two long-awaited draft guidance documents pertaining to internet and social media:

The first draft guidance outlines FDA’s current thinking concerning how manufacturers of drugs, biological products, and medical devices should respond to misinformation about their products posted by third parties on internet/social media platforms.  FDA recognizes that information created by third parties is not always accurate and may be “dangerous or harmful to public health.” Therefore, the guidance provides firms various methods to correct such misinformation.

The second draft guidance focuses on FDA’s current thinking concerning the presentation of benefit and risk information on electronic/digital platforms that have character space limitations. FDA’s guidance provides examples of platforms to which the guidance applies, such as “tweets” on Twitter and “sponsored links” on search engines, like Google and Yahoo. This guidance does not cover promotion on product websites, webpages on social media networking platforms (i.e., Facebook, YouTube), or online web banners, since FDA has concluded that these forums “do not impose the same character space constraints as online microblog messaging and online paid search.”

A summary and analysis of the draft guidance documents can be found in Covington & Burling LLP’s e-alert (available here).

In addition, these new guidance documents come on the heels of a guidance issued on January 14 of this year focused on the drug industry, entitled Fulfilling Regulatory Requirements for Postmarketing Submissions of Interactive Promotional Media for Prescription Human And Animals Drugs and Biologics. Our analysis of the January 2014 Guidance is available here.  FDA has said that it plans to release another draft guidance concerning the internet/social media, Internet/Social Media Advertising and Promotional Labeling of Prescription Drugs and Medical Devices–Use of Links, later this year.

Comments and suggestions regarding the two newly-published draft guidance documents should be submitted by September 15, 2014.

FDA Relaxes Regulation of Certain Software Devices

Posted in FDA Device Regulation, Medical Information Technology

On June 20, 2014, FDA issued a draft guidance entitled “Medical Device Data Systems, Medical Image Storage Devices, and Medical Image Communications Devices,” informing manufacturers and others “that the Agency does not intend to enforce compliance with the regulatory controls” that apply to these three types of devices.

Medical device data systems (MDDS), medical image storage devices, and medical image communications devices have been regulated as Class I, 510(k)-exempt devices. Although exempt from premarket review, they have been subject to other FDA regulatory requirements.  In addition, the 510(k) exemption was subject to certain limitations (21 CFR 880.9 & 892.9), including premarket notification for MDDS intended to be used in a system assessing the risk of cardiovascular disease or in diabetes management.

FDA makes clear in the draft guidance that the regulatory controls which FDA would no longer enforce for these types of devices include registration and listing, premarket review, postmarket reporting, and the quality system regulation.  In addition, the limitations on the 510(k) exemption for these devices would not be enforced.

According to the draft guidance, MDDS are “hardware or software products that transfer, store, convert formats, and display medical device data.”  A MDDS does not modify the data or control the functions or parameters of any connected medical device and is not used for active patient monitoring.  MDDS are classified at 21 CFR 880.6310.  A medical image storage device is a device that provides electronic storage and retrieval functions for medical images (21 CFR 892.2010).  Finally, a medical image communications device is a device that provides electronic transfer of medical image data between medical devices (21 CFR 892.2020).

FDA announced this policy to not regulate these types of devices because FDA has “gained additional experience” with these devices since FDA’s issuance of a final regulation down-classifying MDDS in February 2011 from Class III to Class I, and based on this experience has determined that these devices pose a low risk to the public.  Bakul Patel, a senior policy advisor at CDRH, notes in a June 20, 2014 FDA blog post that this draft guidance is consistent with the health information technology (health IT) report issued by FDA, Office of the National Coordinator for Health Information Technology, and Federal Communication Commission in April 2014.  The health IT report proposes a risk-based regulatory framework for health IT, with FDA’s regulatory oversight focused on the higher risk devices.  Patel states in the blog post that the policy proposed in the draft guidance will encourage greater innovation for these systems that are “critical to the success of digital health” and are “the foundation for intercommunication and interoperability among devices and between medical devices and other health IT.”

The draft guidance proposes conforming revisions to the Mobile Medical Applications Guidance (Mobile Apps Guidance) that was issued on September 25, 2013 (see our previous blog post on the Mobile Apps Guidance here).  The revisions to the Mobile Apps Guidance would shift these types of devices from the category of mobile apps that FDA intends to regulate to the category that are subject to enforcement discretion.

CFDA Clarifies Implementation Issues for New Medical Device Regulation

Posted in Device Regulation in China

By John Balzano

On June 1, 2014, the newly revised Medical Device Supervision and Administration Regulations (revised MDR) took effect.  The revised MDR has changed medical device regulation in China significantly (described here), but some of the revised provisions conflict with implementing rules for the prior MDR that are still legally effective.  Although the China Food and Drug Administration (CFDA) has released proposed revised drafts of many of these implementing rules, none have been finalized.  Approximately one week prior to the effective date of the revised MDR, CFDA released a Notice on Issues Related to the Implementation of the MDR (Notice) which is intended to resolve some of these conflicts.

The Notice clarifies three issues.  First, for most aspects of medical device registration, manufacturers should rely on “currently effective provisions” until the new rules are finalized and go into effect.  The Notice also articulates that medical device registrations issued after June 1, 2014, will now have a five year license term, which the revised MDR expanded from the original 4 years.

Second, device manufacturers and distributors of class II and III devices should continue to rely on the current “administrative rules and guidance documents” for their operations, pending new rules.  This clarification appears to mean, for example, that some class II device distributors will still need to obtain a distribution license.  The revised MDR requires that distributors of class II devices undergo only notification procedures with local authorities and exempts them from holding a distribution license.  However, the new draft implementing rules on device distribution have not yet been finalized.  The device distribution rules still in effect now do not contain this broad exemption from licensure requirements for class II device distributors.  Under the current rules, the class II device must be on a list before a distributor will be exempt from licensure requirements.

Third, for illegal conduct taking place before June 1, 2014, the prior MDR and its provisions on penalties will apply.  However, the Notice grants an important exception if the conduct is no longer illegal or carries a lighter punishment under the revised MDR.  In that case, the provisions of the revised MDR will apply.  For all illegal conduct occurring after June 1, 2014, the provisions of the revised MDR will apply.

The Notice has clarified some of the other issues that may arise with the implementation of the revised MDR.  Therefore, medical device manufacturers and distributors doing business in China should carefully consider the guidance provided by the Notice to assure compliance with the applicable MDR requirements.  We will continue to monitor for the final versions of new implementing rules.

Device Manufacturers Selling Their Products to the U.S. Government May Soon Be Required to Detect and Report Counterfeit or Nonconforming Items

Posted in Government Contracts

Medical device manufacturers that sell their products to the U.S. government may soon be required to implement programs for the detection and reporting of counterfeit or nonconforming end items and parts.  On June 10, 2014, the Federal Acquisition Regulatory (FAR) Council issued a proposed rule that would require government contractors to report to the Government-Industry Data Exchange Program (GIDEP) the use and delivery of counterfeit items, suspect counterfeit items, and major or critical nonconforming items that have multiple applications in contractors’ work, and that suppliers provided to contractors and other customers with nonconformances that were not detected by the suppliers’ internal quality control systems.  The proposed rule would also require contractors to report counterfeit and suspect counterfeit items to contracting officers when the items were purchased for delivery to the U.S. Government, regardless of whether contractors actually deliver or  intend to deliver the items.  In addition, the proposed rule would require contractors periodically to screen reports submitted to GIDEP in an effort to avoid using or delivering counterfeit, suspect counterfeit, or nonconforming items.  The proposed rule applies to contracts for commercial and commercially available off-the-shelf items, which implicates medical devices sold on the Department of Veterans Affairs’ medical equipment supply schedule or otherwise sold to government purchasers.

The proposed rule is one of a number of recent efforts to address the risks presented by counterfeit items. The FAR Council issued the proposed rule approximately one month after the Department of Defense (DoD) issued a final rule requiring DoD contractors subject to the Cost Accounting Standards, as well as their subcontractors, to implement internal controls for detecting and reporting counterfeit electronic parts as required by the National Defense Authorization Act for Fiscal Year 2012.  The proposed rule also follows the European Parliament’s endorsement of a recent recommendation to assign unique identifiers to medical devices as a means to trace counterfeit items, which we discussed in a recent post, and FDA’s publication of its final rule implementing a “unique device identifier” (UDI) system for devices, as discussed in another prior post.

The proposed rule recognizes that the danger posed by counterfeit and nonconforming items “extends far beyond electronic parts and can impact the mission of all Government agencies.”  The proposed rule  highlights a policy letter issued by the Office of Federal Procurement Policy that recognizes that counterfeit and nonconforming items can pose a risk to public safety and health.

In its current form, the proposed rule could have a substantial economic impact on device manufacturers that sell their products to the U.S. government.  Manufacturers may be required to incur significant expense in modifying their purchasing systems to screen for counterfeit, suspect counterfeit, and nonconforming items, which could require measures above and beyond compliance with the FDA’s UDI requirements.  In addition, the rule would require manufacturers to subject their suppliers to similar requirements, ensuring that each tier of a manufacturer’s supply chain implements measures to detect and report covered items.  However, the proposed rule provides minimal guidance on compliance with its detection and reporting requirements.  Unlike DoD’s final rule, which as previously reported provides contractors with explicit guidelines with respect to their internal control systems, the proposed rule merely directs contractors to “avoid the use and delivery of” counterfeit, suspect counterfeit, or nonconforming items, apparently leaving the means of implementing the proposed rule’s requirements to contractors’ discretion.  Manufacturers may be forced to balance the risk of being found noncompliant with the expense of establishing additional internal controls.  Manufacturers may also need to consider costs associated with potential civil liability arising out of the rule’s reporting requirements.  Although the rule protects DoD contractors from civil liability arising out of reporting counterfeit electronic parts, the rule does not extend this protection to other contractors.

A public meeting on the proposed rule was held in Washington, D.C. on June 16, 2014.  Comments are due on or before August 11, 2014.

New UK Guidance on Software as a Medical Device

Posted in Device Regulation in Europe

The UK Medicines and Healthcare Products Regulatory Agency (MHRA) has published guidance on software as a medical device, including apps.  The guidance aims to assist those working in healthcare, and software developers, to determine whether a specific piece of stand-alone software or an app constitutes a medical device.  The MHRA provides illustrative examples of software, specifically apps, that are considered to be medical devices, a summary of the current regulatory device regime, in particular its application to systems, and advice on how to comply with the necessary regulatory requirements.

The guidance defines stand-alone software (also known as software as a medical device) as “software which has a medical purpose which at the time of it being placed onto the market is not incorporated into a medical device.”  The definition is similar to that agreed recently by the International Medical Device Regulators Forum (see our previous post).  The MHRA makes clear that software, including apps, that have a medical purpose and meet the definition of medical device in the Medical Devices Directive will be regulated by the MHRA as devices and will have to undergo a conformity assessment.

Software Applications

The guidance states that decision support or decision making apps are most likely to be considered as medical devices by the MHRA.  That is, apps that apply some form of automated reasoning, such as a simple calculation, a decision support algorithm or a more complex series of calculations e.g., dose calculations, symptom tracking, clinicians guide.  This includes software which provides personalised guidance based on information the app has about a specific individual and makes use of data entered by them, provided by point of care devices or obtained via health records.

The MHRA clarifies that a key determination in assessing whether an app is a medical device is if a healthcare professional is likely to rely on the output of the app and not review the raw/source data.  If an app only provides information to assist a healthcare professional make a clinical decision based on their own knowledge the software may not be considered a medical device.


Software used to interpret or interpolate patient data stored on a server via a remote point of care patient monitor is likely to be a medical device.

Individual medical devices must be CE marked, but the MHRA does not require each component of a system, such as a telehealth system, to be CE marked as a medical device unless they are placed on the market as a single product.  For example, items such as the hub and possibly the remote monitor (depending on the claims of the manufacturer) do not have a medical purpose and therefore may not be CE marked.  However, the Medical Devices Directive requires the whole system to be safe.  This is particularly pertinent to stand alone software, where the manufacturer must demonstrate compatibility with the recommended hardware platforms.  In cases where the system incorporates components which do not bear a CE marking or where the chosen combination of components is not compatible in view of their manufacturer’s original intended use, the system will be treated as a device in its own right.

FDA Launches OpenFDA To Ease Access to FDA Datasets — Which Creates Opportunities for Developers of Mobile Medical Apps

Posted in FDA Device Regulation, Privacy

Last week, FDA launched openFDA­—its new, open government initiative.  Created in response to an executive order on transparency, openFDA will provide access to many of the agency’s health data sets.  FDA is encouraging developers of websites and mobile medical apps to process FDA’s health data so it is more useful for the public, clinicians, and researchers.

On June 2, 2014, the agency published a database with millions of drug adverse event reports—the first step for openFDA.  While adverse event report records were previously available under the Freedom of Information Act (FOIA) or by downloading large amounts of encoded files, the process of obtaining them can be slow and difficult.  The openFDA database makes the adverse event reports easier to access and search using an Application Program Interface (API).  “OpenFDA will make our publicly available data accessible in a structured, computer-readable format,” wrote Taha Kass-Hout, Chief Health Informatics Officer of FDA, in an openFDA blog post.

FDA’s hope is that pharmaceutical companies, researchers, and software developers will use this information about adverse events to identify emerging public health concerns.  FDA has stated that it will not release any data that could be used to identify individuals or reveal other private information.

Software developers and mobile app developers might have new opportunities to process and package the information in ways that consumers can use and understand.  For example, developers could create a mobile medical app that allows consumers to learn whether other users of a drug have suffered the same adverse events.  (For information about how FDA regulates mobile medical apps, see our e-alert from September on FDA’s final mobile medical app guidance.)

OpenFDA’s adverse event datasets could be mined for numerous types of uses.  Drug companies will have easier access to adverse event statistics.  Consumers could obtain more information about adverse events occurring with drugs they are taking or might take.  Lawyers might mine the dataset for use in lawsuits involving adverse effects of prescription drugs.  The pharmaceutical industry is said to be “cautiously supportive” of the openFDA initiative, but urges that patients should receive information about a medicine in the context of both the benefits and the risks.

In the next few months, FDA expects to release additional information to openFDA, including records related to product labels and recalls of all FDA-regulated products, including medical devices.  We will continue to follow the evolution of openFDA.

FDA Issues Report on 2012 QSR Enforcement Activities

Posted in FDA Device Regulation

FDA recently issued a report entitled “Food and Drug Administration (FDA) Medical Device 2012 Quality System Data, FDA Inspectional Observations (Form 483) and Warning Letter Citations” (the Report), which highlights the key 2012 inspection and warning letter findings related to compliance with the medical device Quality Systems Regulations (QSRs).

As reflected in the charts below, which are taken from the Report, the number of quality system inspections has been generally increasing in recent years.  According to the report, between 2005 and 2012, FDA’s routine QSR inspections increased by a total of 37%, and by 93% with respect to foreign firms.

Routine QSR Surveillance Inspections

In 2012, FDA issued 4,243 FDA Form 483 observations citing QSR deficiencies.  The frequency with which specific quality subsystems were cited in these 483s, as compared to citations for the same subsystems over the previous ten years, is reflected in the chart below.

Inspectional Observations 2003 – 2012 by Quality Subsystem

The three most frequent 2012 inspectional observations related to corrective and preventative action procedures (CAPAs) (378 observations), complaint files (349 observations), and quality system audits (234 observations).  Also of note, the number of observations related to device history records increased significantly in 2012 (190 observations).

Partly as a result of the increased number of inspections, FDA issued significantly more warning letters citing QSR violations in 2012 than it did in 2011.  In 2012 alone, FDA issued 164 warning letters that included QSR citations (an increase of 44 letters over 2011).

FDA Official Action Indicated Inspections and Warning Letters with Quality System Citations

Violations related to CAPAs and production and process controls were the most common warning letter citations, each appearing in 30% of the letters.  Two QSR violations appeared with greater frequency in warning letters than in FDA’s inspectional observations:  failures in design history documentation (51 letters) and failures in process validation (49 letters).

Device companies should pay close attention to the types of observations and alleged violations cited in FDA Form 483s and warning letters.  In the coming months, we will post summaries of recent FDA enforcement activity with respect to QSR compliance.

FDA Issues Draft Guidance on Voluntary Consensus Standards

Posted in FDA Device Regulation

On May 13, 2014, FDA announced the availability of a draft guidance entitled “Appropriate Use of Voluntary Consensus Standards in Premarket Submissions for Medical Devices.”  When finalized, the guidance will supersede FDA’s September 2007 guidance on the use of consensus standards.  The draft guidance is intended to provide further clarity to industry and FDA staff regarding the appropriate use of consensus standards in medical device premarket submissions.

In the draft guidance, FDA reiterates that device sponsors can use consensus standards to demonstrate certain aspects of safety and effectiveness in a premarket approval application (PMA) or certain aspects of substantial equivalence in a 510(k) submission.  Sponsors may submit a “Declaration of Conformity” to an FDA-recognized consensus standard in which the submitter certifies that its device conforms to all applicable requirements under the standard.  The use of consensus standards can “provide clearer regulatory expectations” and “streamline premarket review.”  FDA notes, however, that submitters do not always appropriately use consensus standards.  For example, submitters may attempt to use consensus standards that FDA does not recognize or which do not apply to the particular type of device.  Such improper use of consensus standards can hinder FDA’s review of the submission.

As FDA explained in the Federal Register notice, the draft guidance proposes two policy changes.  First, a submitter may no longer use a Declaration of Conformity if it deviates from the FDA-recognized consensus standard.  Second, a submitter may no longer use a promissory statement—a statement indicating that the device will conform to the consensus standard prior to marketing—to support a premarket submission.  FDA expects that the device will conform to the consensus standard prior to submission.

The draft guidance also contains additional information on the use of consensus standards that was not contained in the 2007 guidance.  For instance, the draft guidance explains the information that submitters should provide when filling out the Standards Data Report for 510(k)s (FDA Form 3654).  Submitters should, for example, identify the consensus standard by its complete title, state whether it is FDA-recognized, and provide adequate justifications for any deviations from the standard.  In addition, the draft guidance explains that FDA may establish a transition period when the agency recognizes a newer version of a consensus standard.  A transition period allows a submitter to continue development of the device according to the earlier version of the consensus standard.  FDA notes, however, that if a newer version of a consensus standard addresses a known safety issue, FDA may ask the submitter to satisfy the portions of the newer standard that address the safety issue.  After the expiry of the transition period, FDA expects that submitters will be able to meet the requirements of the newer consensus standard.

FDA requests comments on the draft guidance by August 11, 2014.