Blog

Archive for 510(k)

Four easy ways 510k and De Novo content is different

It’s a common misconception that FDA De Novo content is very different from FDA 510k submission content, but is that true?

What do you think the De Novo content differences are?

Most people think the difference between a 510k and a De Novo is time and money. That conclusion is based upon a very important assumption: a 510k will not require clinical data, and a De Novo will require clinical data. That assumption is not always correct. 10-15% of 510k submissions include clinical data to support the performance claims, and last year our team submitted three De Novo submissions that did not include any clinical data. So what are the differences between a 510k and a De Novo content?

We use the same FDA eSTAR template for both types of FDA submissions, and on the first page of the eSTAR template, we identify if the submission is a 510k or De Novo. If we select De Novo, the eSTAR will be pre-populated with four unique De Novo content requirements that are not found in a 510k. The four unique requirements are:

  1. identifying alternative practices and procedures for the same indications
  2. recommending a classification, providing a justification for that classification, and explaining what efforts were taken to identify a suitable 510k product code
  3. providing a written benefit/risk analysis starting with the clinical benefits of your device
  4. recommendations for special controls for your new product code based upon the risks to health and the mitigation measures for each risk

Alternate practices and procedures 1024x547 Four easy ways 510k and De Novo content is different

What alternative practices and procedures are currently available?

The unique De Novo content requirement is to provide a description of alternative practices and procedures for treatment or diagnosis of the same indications that you are proposing for your subject device. This is a subsection of the device description section in the FDA eSTAR template. Your should description should include other 510k-cleared products, drugs, and even products that have similar indications but are not identical. The description of alternative practices and procedures must also be attached as a document in the section for benefits, risks, and mitigation measures. To maintain consistency throughout your submission, you should create the document for attachment first and copy and paste the content into the text box at the end of the device description section.

You need to recommend a classification in your De Novo

The unique De Novo content requirement is found in a section titled “Classification.” There is a shorter classification section included in 510k submissions, but the 510k version only has four cells. The first three are populated by selecting one of the options from a dropdown menu, and the fourth cell is only used if your subject device includes other product classification codes.

Classification 1024x346 Four easy ways 510k and De Novo content is different

The De Novo version of the eSTAR is identical for the first row of the classification section, but then you must select a proposed product classification (i.e., Class 1 or Class 2) in accordance with FDA Classification Procedures (i.e., 21 CFR 860). The third cell is a text box for you to enter your justification for the proposed classification. Next, the FDA requires you to enter a proposed classification name. Finally, at the end of the classification section, the FDA requires that you provide a classification summary or reference to a previous NSE 510k submission.

A Benefit/Risk Analysis is required in the De Novo Content

For new devices, the FDA uses a benefit/risk analysis to decide if a device should be authorized for marketing in the USA.  This process includes humanitarian device exemptions, De Novo applications, and Premarket Approval submissions. The FDA has a guidance document that provides guidance for FDA reviewers and the industry. The most important aspect is, to begin with, the benefits of the device and to provide a quantitative comparison of benefits and risks. Many De Novo submissions have been rejected because the submitter did not provide objective evidence of clinical benefits for the subject device.

Benefit Risk Analysis 1024x210 Four easy ways 510k and De Novo content is different

The FDA guidance documents are helpful for creating a benefit/risk analysis, but you can also find information in the ISO/TR 24971:2020–the guidance for the application of ISO 14971:2019. Our company also includes a template for a benefit/risk analysis as part of our risk management procedure (i.e., SYS-010).

What are your recommended Special Controls?

In FDA De Novo Classification Decision Summaries, there is a table provided that identifies the identified risks to health and the recommended mitigation measures for each risk category. In the FDA eSTAR, you are required to add a similar table for De Novo content. The only difference between the table in summary and the eSTAR is that the eSTAR table has a third column where the FDA wants you to reference the supporting data provided for each mitigation measure–including the document and page within the document. The FDA also provided an example table in the eSTAR, copied below.

Risk Mitigation Table Four easy ways 510k and De Novo content is different

The above table for the risks to health and mitigations needs to be translated into a list of recommended Special Controls for Class II devices. Since most De Novo applications are for Class II devices, you will need to convert each of your mitigations into a corresponding Special Control and type these controls into the text box provided in the FDA eSTAR.

Special Controls Four easy ways 510k and De Novo content is different

What else is different from a 510k?

There are no additional mandatory elements that you need to include in a De Novo application, but there are several elements of a 510k submission that are not included in a De Novo. The most obvious of these sections is the Substantial Equivalence Comparison Table in the section labeled “Predicates and Substantial Equivalence.” Another difference is that you are more likely to need clinical data to support a De Novo application than for a 510k submission. It is also possible that subsequent 510k submissions for the same product code may not need to provide clinical data because the 510k process only requires a demonstration of substantial equivalence rather than clinical benefits outweighing risks to health. The FDA review time for a Traditional 510(k) varied between 190 and 210 days in 2022, while the De Novo review timeline averaged 390 days in  2022. Finally, the FDA user fees for 510k submissions are far less than those for a De Novo application.

Posted in: 510(k), De Novo

Leave a Comment (0) →

The best human factors questions in every successful FDA meeting are?

What are the best human factors questions to ask the FDA during a pre-submission meeting, and what information content do you need in a 510k?

Talk to the FDA before human factors validation

The FDA did not start enforcing the requirement to apply human factors and usability engineering to medical device design until 2017 because the final version of the human factors guidance document was not released until February 3, 2016. Approximately ninety percent of the human factors testing reports submitted to the FDA in 510k pre-market submissions are deficient because the 510k submission content only includes the final summative testing report. The FDA needs a complete usability engineering file, and the human factors information needs to comply with FDA guidelines for the format and content of a 510k pre-market submission–not just IEC 62366-1:2015.

What human factors information does the FDA want?

For several years, FDA submission deficiency letters indicated that you should not include the frequency of occurrence in your estimation of use-related risks, but the FDA never provided this information in a guidance document. On December 9, 2022, the FDA finally released a draft human factors guidance regarding the format and content of a 510k pre-market submission. The new draft guidance includes the requirement for a use-related risk analysis (URRA) in table 2 (copied below).

Table 2 example of tabular format for the URRA 1024x354 The best human factors questions in every successful FDA meeting are?

In this new draft FDA guidance, the FDA identifies three different human factors submission categories. For the first category, only a conclusion and high-level summary are needed. For the second category, a user specification is also needed. For the third category, you need a comprehensive human factors engineering report with the following elements described in Section IV of the draft FDA guidance:

Submission Category 1, 2, and 3

  • Conclusion and high-level summary

Submission Category 2 and 3

  • Descriptions of intended device users, uses, use environments, and training
  • Description of the device-user interface
  • Summary of known use problems

Submission Category 3 only

  • Summary of preliminary analyses and evaluations
  • Use-related risk analysis to analyze hazards and risks associated with the use of the device
  • Identification and description of critical tasks
  • Details of validation testing of the final design

Before you spend tens of thousands or hundreds of thousands of dollars on human factors testing, you want to make sure the FDA agrees with your human factors testing plan. Otherwise, you will pay for the testing twice: once for your initial submission and a second time in your response to the FDA request for additional information to address deficiencies. Testing can cost more than your electrical safety testing. The facility needs to have the right equipment and space for the testing, you need support personnel to set up the equipment, you need to recruit participants, you need to compensate participants, and you need device samples.

When can you ask the FDA human factors questions?

The FDA cannot provide consulting advice on a submission, and the agency will not review data during pre-submission meetings. The FDA can provide feedback on protocols, specifications, and scientific justifications. Therefore, you should submit questions to the FDA in a pre-submission when you have a draft protocol, a draft specification, or a draft justification for why a task is not critical. Pre-submissions are “non-binding.” You can change your design and approach to human factors. Therefore, don’t wait until your information is 100% finalized. Share your documentation at the draft stage during the development phase and before your design freeze. You need these answers when you are planning a study and obtaining quotes. 

What are the best human factors questions to ask in a pre-sub?

In the FDA guidance for pre-submission meetings, the FDA provides suggested questions to ask:

  • Does the Agency have comments on our proposed human factors engineering process?
  • Is the attached use-related risk analysis plan adequate? Does the Agency agree that we have identified all the critical tasks?
  • Does the Agency agree with our proposed test participant recruitment plan for the human factors validation testing?

The above examples are only suggestions, but the best approach is to provide a brief example of what the human factors information will look like and ask the FDA to comment on the examples. The FDA does not have time to review data during a pre-sub meeting, but the FDA can review a few rows extracted from your URRA and comment on your proposed approach to the human factors process.

Human factors questions that are not appropriate

The FDA pre-submission guidance cautions you only to ask 3-4 questions for each meeting request because the FDA has difficulty answering more questions in a 60-minute teleconference. Therefore, you should not ask questions already answered in the FDA guidance. The new draft guidance includes examples of when a device modification can leverage existing human factors information and when new information is needed to support a premarket submission. Instead of asking a question specific to leveraging existing human factors information, instead, provide your rationale for leveraging existing data and ask if the FDA has any concerns with your overall approach to human factors.

Recommended human factors action items

Create a procedure for your human factors process that includes detailed instructions for creating the information required in a usability engineering report and templates for each document.

Posted in: 510(k), FDA, Human Factors, Usability

Leave a Comment (0) →

Software validation documentation for a medical device

Learn why you need to start with software validation documentation before you jump into software development.

When do you create software validation documentation for a medical device or IVD?

At least once a week, I speak with the founder of a new MedTech company that developed a new software application as a medical device (SaMD). The founder will ask me to explain the process for obtaining a 510(k), and they want help with software validation documentation. Many people I speak with have never even heard of IEC 62304.

Even though they already have a working application, usually, validation documentation has not even been started. Although you can create all of your software validation documentation after you create a working application, certain tasks are important to perform before you develop software code. Jumping into software development without the foundational documentation will not get your device to market faster. Instead, you will struggle to create documentation retroactively, and the process will be slower. In the end, the result will be a frustrating delay in the launch of your device.

What are the 11 software validation documents required by the FDA?

In 2005 the FDA released a guidance document outlining software validation documentation content required for a premarket submission. There were 11 documents identified in that guidance:

software validation documentation 1024x385 Software validation documentation for a medical device

What the FDA guidance fails to explain is that some of these documents need to be created before software development begins, or your software validation documentation will be missing critical design elements. Therefore, it is important to create a software development plan that schedules activities that result in those documents at the right time. In contrast, four of the eleven documents can wait until your software development is complete.

Which of the software validation documents can wait until the end?

The level of concern only determines what documents the FDA wants to review in a submission rather than what documents are needed for a design history file. In fact, the level of concern (LOC) document is no longer required as a separate document in premarket submissions using the FDA eSTAR template because the template already incorporates the questions that document your LOC. The revision level history document is simply a summary of revisions made to the software during the development process, and that document can be created manually or automatically at the end of the process, or the revision level history can be a living document that is created as changes are made. The traceability matrix can also be a living document created as changes are made, but its only purpose is to act as a tool to provide traceability from hazards to software requirements, to design specifications, and finally to verification and validation reports. Other software tools, such as Application Lifecycle Management (ALM) Software, are designed to ensure the traceability of every hazard and requirement throughout the entire development process. Finally, unresolved anomalies should only be documented at the time of submission. The list may be incomplete until all verification and validation testing is completed, and the list should be the shortest at the time of submission.

What documentation will be created near the end of development?

The software design specification (SDS) is typically a living document until your development process is completed, and you may need to update the SDS after the initial software release to add new features, maintain interoperability with software accessories, or change security controls. The SDS can not begin, however, until you have software requirements and the basic architecture defined. The verification and validation activities are discrete documents created after each revision of the SDS and must therefore be one of the last documents created–especially when provided to the FDA as a summary of the verification and validation efforts.

Which validation documents do you need first?

At the beginning of software development, you need a procedure(s) that defines your software development process. That procedure should have a section that explains the software development environment–including how patches and upgrades will be controlled and released. If you don’t have a quality system procedure that defines your development process, then each developer may document their coding and validation activities differently. That does not mean that you can’t improve or change the procedure once development has begun, but we recommend limiting the implementation of a revised procedure when making major software changes and discussing how revisions will be implemented for any work that remains in progress or has already been completed.

When do the remaining software validation documents get created?

The remaining four software validation documents required for a premarket submission to the FDA are:

  1. Software description
  2. Software hazard analysis
  3. Software requirements specification (SRS)
  4. Architecture design chart

Your development process will be iterative, and therefore, you should be building and refining these four documents iteratively in parallel with your software code. At the beginning of your project, your design plan will need a brief software description. Your initial software description needs to include the indications for use, a list of the software’s functional elements, and the elements of your user specification (i.e., intended patient population, intended users, and user interface). If you are using lean startup methodology, the first version of your device description will be limited to a minimal viable product (MVP). The target performance of the MVP should be documented as an initial software requirements specification (SRS). This initial SRS might only consist of one requirement, but the SRS will expand quickly. Next, you need to perform an initial software hazard analysis to identify the possible hazards. It is important to remember that software hazards are typically hazardous situations and are not limited to direct physical harm. For each potential hazard you identify in your hazard analysis, you will need a software requirement to address each hazard, and each requirement needs to be added to your SRS. As your software becomes more complex by adding software features, your device description needs to be updated. As you add functions and requirements to your software application, your SRS will need updates too. Finally, your development team will need a tool to track data flow and calculations from one software function to the next. That tool is your architecture design chart, and you will want to organize your SRS to match the various software modules identified in your architecture diagram. This phase is iterative and non-linear, you will always have failures, and typically a team of developers will collaborate virtually. Maintaining a current version of the four software documents is critical to keeping your development team on track.

How do you perform a software hazard analysis?

One of the most important pre-requisite tasks for software developers is conducting a hazard analysis. You can develop an algorithm before you write any code, but if you start developing your application to execute an algorithm before you perform a software hazard analysis, you will be missing critical software requirements. Software hazard analysis is different from traditional device hazard analysis because software hazards are unique to software. A traditional device hazard analysis consists of three steps: 1) answering the 37 questions in Annex A of ISO/TR 24971:2020, 2) systematically identifying hazards by using Table C1 in Annex C of ISO 14971:2019, and 3) reviewing the risks associated with previous versions of the device and similar competitor devices. A software hazard analysis will have very few hazards identified from steps 1 and 2 above. Instead, the best resource for software hazard analysis is IEC/TR 80002-1:2009. You should still use the other two standards, especially if you are developing software in a medical device (SiMD) or firmware, but IEC/TR 80002-1 has a wealth of tables that can be used to populate your initial hazards analysis and to update your hazard analysis when you add new features.

How do you document your hazard analysis?

Another key difference between a traditional hazard analysis and a software hazard analysis is how you document the hazards. Most devices use a design FMEA (dFMEA) to document hazards. The dFMEA is a bottom-up method for documenting your risk analysis by starting with device failure modes. Another tool for documenting hazards is a fault tree diagram.

A fault tree is a top-down method for documenting your risk analysis, where you identify all of the potential causes that contribute to a specific failure mode. Fault tree diagrams lend themselves to complaint investigations because complaint investigations begin with the identification of the failure (i.e., complaint) at the top of the diagram. For software, the FDA will not allow you to use the probability of occurrence to estimate risks. Instead, software risk estimation should be limited to the severity of the potential harm. Therefore, a fault tree diagram is generally a better tool for documenting software risk analysis and organizing your list of hazards. You might even consider creating a separate fault tree diagram for each module of your software identified in the architecture diagram. This approach will also help you identify the potential impact of any software hazard by looking at the failure at the top of the fault tree. The higher the potential severity of the software failure, the more resources the software team needs to apply to developing software risk controls and verifying risk control effectiveness for the associated fault tree.

Posted in: 510(k), FDA, Software Verification and Validation

Leave a Comment (0) →

510k Electronic Submission Guidance for FDA 510k Submissions

This article provides an overview of the new 510k electronic submission guidance document that the FDA released in September 2022.

What’s included in the 510k electronic submission guidance?

As with any FDA guidance, there is an introduction and background regarding the reason for the new 510k electronic submission guidance document (i.e., eSTAR guidance). In the scope section, the FDA specifies that this document is specific to 510k submissions using the eSTAR template. The FDA has plans to release a similar De Novo submission guidance for using the eSTAR template. In the “Significant Terminology” section of the guidance, the FDA provides definitions for each of the different types of submissions: eCopy, eSubmitter, etc. Then the next to last section of the electronic submission guidance, the FDA provides a table outlining all of the sections of the new eSTAR template. The table is reproduced later in this article. If you are interested in a tutorial on completing each section outlined in the table, we recommend purchasing Medical Device Academy’s 510(k) Course. The last section of the eSTAR guidance indicates the timing for compliance with the new guidance.

What is the deadline for compliance with the guidance?

In this new 510k electronic submission guidance document, the FDA indicates that using the eSTAR template and compliance with the eSTAR guidance is voluntary until October 1, 2023. Therefore, after FY 2023, all 510k submissions must be submitted as an eSTAR submission instead of using the older traditional 510k submission format. The FDA also provides a hyperlink for requesting a Customer Collaboration Portal (CCP) account.

What’s missing from this 510k submission guidance?

The new 510k electronic submission guidance does not provide information regarding the receipt date for electronic submissions made through the new customer collaboration portal (CCP) created by CDRH. The image below is a screen capture of the current CCP upload webpage. It includes the following statement, “Send your submission before 16:00 ET on a business day for us to process it the same day.” This statement was added sometime in August or September, but the FDA has not released a detailed explanation. This statement makes it clear that the FDA is not promising to process a submission the “same day” if the submission is received after 4:00 pm ET. However, “processed” does not have the same meaning as “receipt date.”

Another element missing from this new guidance is a reference to human factors documentation. For any devices that have a user interface that is different from the predicate device, and for software devices, the FDA requires documentation of your human factors process to make sure that differences in the user interface do not result in new or different risks when compared to the predicate device. The 2016 FDA guidance for human factors has not been updated, but FDA reviewers continue to issue deficiencies related to the objective evidence provided in a 510k for human factors validation.

CCP screen capture 1024x619 510k Electronic Submission Guidance for FDA 510k Submissions

The FDA must be consistent in the wording for “Hours for Receipt of Submission” because this affects submissions at the end of the fiscal year, but it also affects any submissions with a deadline for response to an RTA Hold, AI Response, and IDE submissions. The CDER and CBER divisions of the FDA address the need for defining the date of receipt in a guidance document specific to this topic, “Providing Regulatory Submissions in Electronic Format–Receipt Date.” Below is a screen capture copied from page 4 of the guidance.

Electronic Submission 510k Electronic Submission Guidance for FDA 510k Submissions

Another element missing from this new guidance is a reference to human factors documentation. For any devices that have a user interface that is different from the predicate device, and for software devices, the FDA requires documentation of your human factors process to make sure that differences in the user interface do not result in new or different risks when compared to the predicate device. The 2016 FDA guidance for human factors has not been updated, but FDA reviewers continue to issue deficiencies related to the objective evidence provided in a 510k for human factors validation.

What are the new sections for a 510k submission?

In 2019, the FDA released a guidance document on the “Format of Traditional and Abbreviated 510(k)s.” That guidance outlines the 20 sections of a traditional 510k submission that have been used for decades. However, the new 510k electronic submission guidance has no numbering for the sections of the eSTAR template, and there are 22 sections instead of 20 sections. Several of the new sections are elements of the current FDA submission cover sheet (i.e., FDA Form 3514), and some sections exist in the 2019 guidance that were eliminated, such as: “Class III Summary and Certification.” Therefore, Medical Device Academy is recreating 100% of our 510k training webinars to explain how our 510k templates are used with the 510k eSTAR template and how to fill in the PDF form. To prevent confusion between the two formats, we are using letters for each section in the eSTAR template instead of numbers (i.e., A-V instead of 1-20). Table 1 from the new eSTAR guidance is reproduced below for your information.

Information Requested Description
A Submission Type Identification of key information that may be useful to FDA in the initial processing and review of the 510(k) submission, including content from current Form FDA 3514, Section A.
B Cover Letter / Letters of Reference Attach a cover letter and any documents that refer to other submissions.
C Submitter Information Information on submitter and correspondent, if applicable, consistent with content from current Form FDA 3514, Sections B and C.
D Pre-Submission Correspondence & Previous Regulator Interaction Information on prior submissions for the same device included in the current submission, such as submission numbers for a prior not substantially equivalent (NSE) determination, prior deleted or withdrawn 510(k), Q-Submission, Investigational Device Exemption (IDE) application, premarket approval (PMA) application, humanitarian device exemption (HDE) application, or De Novo classification request.
E Consensus Standards Identification of voluntary consensus standard(s) used, if applicable. This includes both FDA-recognized and nonrecognized consensus standards.
F Device Description Identification of listing number if listed with FDA.

Descriptive information for the device, including a description of the technological characteristics of the device including materials, design, energy source, and other device features, as defined in section 513(i)(1)(B) of the FD&C Act and 21 CFR 807.100(b)(2)(ii)(A). Descriptive information also includes a description of the principle of operation for achieving the intended effect and the proposed conditions of use, such as surgical technique for implants; anatomical location of use; user interface; how the device interacts with other devices; and/or how the device interacts with the patient.

Information on whether the device is intended to be marketed with accessories.

Identification of any applicable device-specific guidance document(s) or special controls for the device type as provided in a special controls document (or alternative measures identified that provide at least an equivalent assurance of safety and effectiveness) or in a device-specific classification regulation, and/or performance standards. See “The 510(k) Program: Evaluating Substantial Equivalence in Premarket Notifications [510(k)].

G Proposed Indications for Use (Form FDA 3881) Identification of the proposed indications for use of the device. The term indications for use, as defined in 21 CFR 814.20(b)(3)(i), describes the disease or condition the device will diagnose, treat, prevent, cure, or mitigate, including a description of the patient population for which the device is intended.
H Classification Identification of the classification regulation number that seems most appropriate for the subject device, as applicable.
I Predicates and Substantial Equivalence Identification of a predicate device (e.g., 510(k) number, De Novo number, reclassified PMA number, classification regulation reference, if exempt and limitations to exemption are exceeded, or statement that the predicate is a preamendments device).

The submission should include a comparison of the predicate and subject device and a discussion why any differences between the subject and predicate do not impact safety and effectiveness [see section 513(i)(1)(A) of the FD&C Act and 21 CFR 807.87(f)]. A reference device should also be included in the discussion, if applicable. See “The 510(k) Program: Evaluating Substantial Equivalence in Premarket Notifications [510(k)].

J Design/Special Controls, Risks to Health, and Mitigation Measures Applicable to Special 510(k) submissions only.

Identification of the device changes and the risk analysis method(s) used to assess the impact of the change(s) on the device and the results of the analysis.

Risk control measures to mitigate identified risks (e.g., labeling, verification). See “The Special 510(k) Program.

K Labeling Submission of proposed labeling in sufficient detail to satisfy the requirements of 21 CFR 807.87(e). Generally, if the device is an in vitro diagnostic device, the labeling must also satisfy the requirements of 21 CFR 809.10. Additionally, the term “labeling” generally includes the device label, instructions for use, and any patient labeling. See “Guidance on Medical Device Patient Labeling.
L Reprocessing Information for assessing the reprocessing validation and labeling, if applicable. See “Reprocessing Medical Devices in Health Care Settings: Validation Methods and Labeling.
M Sterility Information on sterility and validation methods, if applicable. See “Submission and Review of Sterility Information in Premarket Notification (510(k)) Submissions for Devices Labeled as Sterile.
N Shelf Life Summary of methods used to establish that device performance is maintained for the entirety of the proposed shelf-life (e.g., mechanical properties, coating integrity, pH, osmolality), if applicable.
O Biocompatibility Information on the biocompatibility assessment of patient contacting materials, if applicable. See “Use of International Standard ISO 10993-1, ‘Biological evaluation of medical devices – Part 1: Evaluation and testing within a risk management process.’”
P Software/Firmware Submission of applicable software documentation, if applicable. See “Guidance for the Content of Premarket Submissions for Software Contained in Medical Devices.
Q Cybersecurity/Interoperability Submission of applicable information regarding the assessment of cybersecurity, if applicable. See “Content for Premarket Submissions for Management of Cybersecurity in Medical Devices” and “Design Considerations and Premarket Submission Recommendations for Interoperable Medical Devices.
R Electromagnetic Compatibility (EMC), Electrical, Mechanical, Wireless and Thermal Safety Submission of the EMC, Electrical, Mechanical, Wireless and Thermal Safety testing for your device or summarize why testing is not needed. See “Electromagnetic Compatibility (EMC) of Medical Devices” and “Radio Frequency Wireless Technology in Medical Devices.
S Performance Testing For non-in vitro diagnostic devices: Provide information on the non-clinical and clinical test reports submitted, referenced, or relied on in the 510(k) for a determination of substantial equivalence. See “Recommended Content and Format of NonClinical Bench Performance Testing Information in Premarket Submissions.

For in vitro diagnostic devices: Provide analytical performance, comparison studies, reference range/expected values, and clinical study information.

T References Inclusion of any literature references, if applicable.
U Administrative Documentation Inclusion of additional administrative forms applicable to the submission, including but not limited to a general summary of submission/executive summary (recommended), a Truthful and Accuracy Statement, and a 510(k) Summary or statement.
V Amendment/Additional Information (AI) response Inclusion of responses to Additional Information requests.

Important information in the eSTAR guidance

In Table 1 above, there are 14 hyperlinks to various FDA guidance documents. These links are extremely helpful when you have questions about a specific question. Unfortunately, the 510k electronic submission guidance document will quickly become out-of-date as guidance documents are updated and are made obsolete. In particular, one of the A-list final guidance documents planned for FY 2023 is the FDA cybersecurity guidance. We expect that guidance to be updated and released any day.

Posted in: 510(k), eSTAR

Leave a Comment (7) →

What is MDUFA V?

MDUFA V is the agreement between the FDA and the medical device industry to fund the review of medical device submissions by the FDA.

What is MDUFA V?

The Medical Device User Fee and Modernization Act (MDUFMA or MDUFA) is a set of agreements between the Food and Drug Administration (FDA) and the medical device industry to provide funds for the Office of Device Evaluations (ODE) to review medical device submissions. FDA user fees were first authorized via MDUFMA in 2002 for FY 2003. Each MDUFA reauthorization has lasted five years, and FY 2023 will be the 21st year.

How are the MDUFA V user fees decided?

Section 738A(b)(1) of the FD&C Act requires that FDA consult with a range of stakeholders, including representatives from patient and consumer advocacy groups, healthcare professionals, and scientific and academic experts, in developing recommendations for the next MDUFA five-year cycle. The FDA initiated the reauthorization process by holding a public meeting on October 27, 2020, where stakeholders and other public members were allowed to present their views on the reauthorization. The following is a list of the four industry groups represented in the MDUFA V negotiations with the FDA:

The FD&C Act further requires that FDA continue meeting with the representatives of patient and consumer advocacy groups at least once every month during negotiations with the regulated industry to continue discussions of stakeholder views on the reauthorization and their suggestions for changes.

What are FDA user fees?

At the very core of it, the FDA user fees fund the FDA Office of Device Evaluation (ODE) budget. Without these user fees, the FDA cannot begin reviewing a medical device submission. This includes 510k, PMA, and De Novo submissions. Before the FDA assigns a reviewer to your submission, you must pay the appropriate device user fee in full unless eligible for a waiver or exemption. If you pay the user fee by credit card, you will need to allow a few extra days for the user fee to clear. Otherwise, your submission will be placed on “User Fee Hold.” Small businesses may qualify for a reduced fee. The FDA will announce the user fees for FY 2024 in a Federal Register notice next August 2023.

When does MDUFA V take effect?

Our team regularly checked the announcement of the MDUFA V user fees from August until last week’s announcement. The announcement of the FY 2023 user fees was delayed because Congress did not approve the MDUFA reauthorization until the last week of September. The new user fees were originally expected to take effect on October 1, 2022, but the announcement of actual user fees for 2022 was announced on October 5, 2022. This was two months later than expected.

Why was MDUFA V delayed, and will it happen again?

MDUFA V was delayed because the user fee reauthorization requires an act of Congress. The House of Representatives approved the Food and Drug Amendments of 2022 on June 8, 2022. However, the Senate did not file a bill until after the August recess. There were also differences between the legislation proposed by the House and the Senate. Therefore, to ensure that the FDA did not have to furlough employees when MDUFA IV funding expired, a temporary reauthorization was approved and signed by the President on September 30, 2022. The short-term continuing resolution is a temporary stopgap to continue funding the FDA until December 16, 2022. However, the continuing resolution covers funding for medical device user fees through September 30, 2027. Therefore, the device industry can expect the FDA to continue to operate regardless of the outcome of temporary policies that expire this December. Still, similar delays occurred with previous MDUFA reauthorization, and we expect more of the same US partisan politics between August 2027 and the November 2027 election.

<

How much did MDUFA V user fees increase?

The increase is dependent upon the fee type. Annual registration fees are increasing by 14.47% (i.e., $5,672 to $6,493). The MDUFA V user fees increased by a stupendous amount (+55.90%) from $12,745 to $19,870 for the 510k user fees. Yikes! De Novo Classification Requests increased by 17.79% from $112,457 to $132,464. Other submissions increased by similar amounts. For more details, check out the table below (also posted on our homepage).

20190810 075548 300x225 What is MDUFA V?

FDA User Fee FY 2023 represents a 55.90% increase in the 510(k) user fee

FY 2023 User Fees 1024x587 What is MDUFA V?

Do user fees ever decrease?

If we lived in a magical world where gas prices dropped and stayed low, the inflation-adjusted pricing would decrease for FDA user fees. That has happened once, but I fit into skinny jeans once too.

Why is August 1st important?

August 1st is the first day the FDA starts to accept Small Business Certification Requests for the new fiscal year. That means any small business that wants to keep small business status needs to reapply, and any new business that qualifies for small business status must also apply. The importance of applying for small business status is how much you could save on your submission. The FDA will complete its review of the Small Business Certification Request within 60 calendar days of receipt. Upon completion of the review by the FDA, the FDA will send you a decision letter with your small business designation number or a justification for denial.

Does small business status expire?

Yes, small business status expires. The small business status expires on September 30 of the fiscal year it is granted. A new MDUFA Small Business Certification Request must be submitted and approved each fiscal year to qualify as a small business. If you forget to reapply for small business status on August 1, you can reapply anytime during the year. Still, you will temporarily lose small business status from October 1 until the qualification is renewed. The good news is there is no fee associated with the submission of a Small Business Certification Request. For more information, please visit our webpage dedicated to small business qualifications.

Posted in: 510(k), De Novo, FDA

Leave a Comment (1) →

FDA CCP now accepts FDA eSTAR & eCopy

Finally, we can use the new FDA CCP to eliminate FedEx shipments, and 100% of your submissions will be electronic through the portal.

July 2022 Update for the FDA eCopy process

The FDA created a Customer Collaboration Portal (CCP) for medical device manufacturers. Originally, the portal’s purpose was to provide a place where submitters can track the status of their submissions and verify the deadlines for each stage of the submission review process. Last week, on July 19, the FDA emailed all active FDA CCP account holders that they can upload both FDA eCopy and FDA eSTAR files to the portal 100% electronically. Since our consulting team sends out submissions daily, everyone on the team was able to test the new process. If you have a CCP account, you no longer need to ship submissions via FedEx to the Document Control Center (DCC).

FDA CCP step-by-step uploading process

When you are uploading an FDA eCopy for medical device submission to the Document Control Center (DCC), using the new FDA CCP, the following steps are involved:

  1. Confirm your eCopy complies with FDA’s eCopy guidance.
  2. Compress your eCopy into a “.zip” file.
  3. Sign in to the portal on the login page
  4. Click on the “+” symbol on the left panel of the webpage (if you hover over the “+” symbol, you will see “Send a submission”)
  5. Select your desired upload format (pre-submissions, meeting minutes, breakthrough device designations, and withdrawal letters must be submitted as an eCopy)Format Selection 1024x515 FDA CCP now accepts FDA eSTAR & eCopy
  6. Click on the “Next” button that appears below the selection formats once a format is selected
  7. Drag & drop your single “.zip” file here, or browse for it.
  8. Click on “Send” button to complete the uploading process.Send Step 1024x528 FDA CCP now accepts FDA eSTAR & eCopy
  9. Verify that the FDA CCP site gives you a confirmation for the successful uploading of your submission.Confirmation that eCopy was sent 1024x556 FDA CCP now accepts FDA eSTAR & eCopy

FDA Q&A about the new FDA CCP Submission Uploading Process

  1. Medical Device Academy Question: Who will be permitted to use the FDA CCP to upload submissions for the DCC? FDA Response: We will first offer this feature in batches to people like you who already use CCP so we can study its performance. We will then refine it and make it available to all premarket submitters.
  2. Medical Device Academy Question: What do you need to use the FDA CCP? FDA Response: You don’t need to do anything to participate since you already use CCP. We will email you again when you can start sending your next submissions online.
  3. Medical Device Academy Question: Suppose another consultant asks me to submit an eSTAR or eCopy for them, or I do this for a member of my consulting team. Is there any reason I cannot upload the submission using my account even though the other person is the official submission correspondent and their name is listed on the cover letter? FDA Response: The applicant and correspondent information of the submission is still used when logging the submission in. The submitter (i.e., the person uploading the submission) is not used in any part of the log-in process. The submission portal is essentially replacing snail mail only; once the DCC loads the submission, whether it be from a CD or an online source, the subsequent process is identical to what it used to be, for now.
  4. Medical Device Academy Question: Is there any type of eCopy that would not be appropriate for this electronic submission process (e.g., withdrawal letters, MAF, or breakthrough device designations)? FDA Response: You can use the eCopy option to submit anything that goes to the DCC, so all your examples are fair game, though interactive review responses would still be emailed to the reviewer.
  5. Medical Device Academy Question: How can I get help from the FDA? FDA Response: If you have questions, contact us at CCP@fda.hhs.gov.

Posted in: 510(k), De Novo

Leave a Comment (3) →

What’s new in the 2022 draft cybersecurity guidance?

On April 8, 2022, the FDA released a new draft cybersecurity guidance document to replace the 2018 draft that the industry does not support.

Why was the draft cybersecurity guidance created?

Due to the ubiquitous nature of software and networked devices in the medical industry, the impact of cybersecurity attacks is becoming more frequent and more severe. The WannaCry Ransomeware Attack is just one example of this global cybersecurity issue. The FDA is responding to the need for stronger cybersecurity controls by issuing a new draft cybersecurity guidance for 2022.

The first four paragraphs of the introduction explain why we need this, and WannaCry is mentioned in the second paragraph of the background section. This new guidance is only a draft, but this is the FDA’s third attempt at regulating the cybersecurity of medical devices. The first guidance was finalized in 2014. That’s the 9-page guidance we currently have in effect. The guidance mentions risk 11 times and there is no mention of testing requirements or a bill of materials (BOM). The 2018 draft guidance (24-pages) met with resistance from the industry for a lot of reasons. One of the reasons mentioned by Suzanne Schwartz in an interview is the inclusion of a cybersecurity bill of materials (CBOM). The industry felt it would be too burdensome to disclose all of the hardware elements that are related to cybersecurity. Therefore, the FDA rewrote the 2018 draft and released a new draft on April 8, 2022 (49-pages).

Untitled presentation e1650071404761 What’s new in the 2022 draft cybersecurity guidance?

You might have expected the FDA to soften its requirements in the face of resistance from industry, but the new draft does not appear to be less robust. It is true that the CBOM was replaced by a software bill of materials (SBOM). However, the SBOM must be electronically readable and it must include:

  • the asset(s) where the software resides;
  • the software component name;
  • the software component version;
  • the software component manufacturer;
  • the software level of support provided through monitoring and maintenance from the software component manufacturer;
  • the software component’s end-of-support date; and
  • any known vulnerabilities.

You can be sure that the medical device industry will view providing an SBOM as a hefty burden. After all, a machine-readable SBOM is more complex than UDI labeling requirements. An SBOM will not fit on the “Splash Screen” for anyone’s software application. Companies may provide documentation through the company website with a link in their software to that information. The format of the information could be in the “Manufacturer Disclosure Statement for Medical Device Security (MDS2).” However, MDS2 is a 349-line item Excel spreadsheet to be used as a checklist (i.e. quite a bit longer than the GUDID data elements spreadsheet), and it took the FDA eight years to complete the transition for the UDI Final Rule (i.e. 2013 – 2021).

The 2018 draft cybersecurity guidance document from the FDA required a cybersecurity bill of materials (CBOM). CBOM was defined as “a list that includes but is not limited to commercial, open source, and off-the-shelf software and hardware components that are or could become susceptible to vulnerabilities.” Therefore, the FDA’s change from a CBOM to an SBOM eliminated the requirement to disclose the hardware components. Despite the change in disclosure requirements, manufacturers will still be expected to monitor potential hardware vulnerabilities to cybersecurity attacks. It should also be noted that the language in the PATCH Act (a new bill submitted to the House of Representatives and to the Senate for ensuring the cybersecurity of medical devices) specifically requires manufacturers “to furnish a software bill of materials as required under section 524B (relating to ensuring the cybersecurity).”

 Structure of the draft cybersecurity guidance

The 2022 draft cybersecurity guidance organizes the requirements into four major principles:

  1. cybersecurity as part of device safety and the quality system regulations
  2. designing for security
  3. transparency
  4. submission documentation

The draft cybersecurity guidance recommends the implementation of a Secure Product Development Framework (SPDF). However, there is not much detail provided in the guidance for a SPDF. In the past, the term for this type of process was referred to as a Secure Software Development Lifecycle (i.e. Secure SDLC). However, in February 2022, the NIST Computer Security Resource Center (CSRC) released version 1.1 of the Secure SDLC guidance which is now titled “Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities.” This guidance provides guidance on the implementation of best practices for reducing the risk of software vulnerabilities because existing standards for managing the software development lifecycle do not explicitly address software security (e.g. IEC 62304-1:2015). The SSDF recommends implementing a core set of high-level secure software development practices that can be integrated into your SDLC process. Your software development team will also require cybersecurity training.

Design for security is the second principle of the draft cybersecurity guidance

Under this new draft cybersecurity guidance, the FDA will be evaluating the cybersecurity of devices based on the ability of the device to provide and implement the following security objectives:

  • Authenticity, which includes integrity;
  • Authorization;
  • Availability;
  • Confidentiality; and
  • Secure and timely updatability and patchability.

Transparency of cybersecurity information is for users

The draft cybersecurity guidance seeks to give device users more information pertaining to the device’s cybersecurity controls, potential risks, and other relevant information. This information will be in the form of an SBOM that is electronically readable. This information shall include disclosure of 1) known vulnerabilities or risks, 2) information to securely configure and update devices, and 3) communication interfaces and third-party software.

In addition to providing an SBOM, the FDA draft cybersecurity guidance includes requirements for cybersecurity labeling in section VI(A). There are 15 specific labeling requirements identified by the FDA for sharing with device users to improve the transparency of cybersecurity information. The first of these requirements is recommendations from the manufacturer for cybersecurity controls appropriate for the intended use environment (e.g., antimalware software, use of a firewall, password requirements). This first labeling requirement is identical to the 2018 draft guidance. Several of the other requirements are copied from the 2018 draft guidance, but others are new and/or reworded cybersecurity labeling requirements.

FDA Submission Documentation Requirements

The 2022 FDA draft cybersecurity guidance includes requirements for FDA submission documentation. Submission documentation must include a security risk management plan and report. The draft cybersecurity guidance explains on page 13 (numbered 9) that “performing security risk management is a distinct process from performing safety risk management as described in ISO 14971:2019.” Therefore, instead of using your safety risk management process, your software development team will need to have a different risk management process for software security. Details on the content for security risk management plans and reports can be found in AAMI TIR57:2016 – Principles for medical device security—Risk management. Appendix 2 also provides guidance for the inclusion of a) call flow diagrams, and b) information details for an architecture view.

Cybersecurity testing requirements for your FDA submission

The biggest impact of this new draft guidance may be the requirement for testing. The 2014 guidance has no testing requirement, the 2018 draft guidance mentioned testing 5 times in a few bullet points, but this new draft guidance mentions testing 43 times. The testing requirements for cybersecurity risk management verification include:

  1. Security requirements
  2. Threat mitigation
  3. Vulnerability testing
  4. Penetration testing

This guidance also includes a paragraph with multiple bullets of requirements for each of the four types of testing. This would essentially double the size and scope of the current software section for a 510k submission, and manufacturers will need to create new procedures and templates for their cybersecurity risk management process. For example, penetration testing requirements include the following elements:

  • Independence and technical expertise of testers,
  • Scope of testing,
  • Duration of testing,
  • Testing methods employed, and
  • Test results, findings, and observations.

Differences between the cybersecurity guidance documents

The following table provides a high-level overview comparing the four cybersecurity guidance documents released by the FDA, including the 2016 guidance on post-market management of cybersecurity:

Screenshot 2022 04 16 12.48.51 AM 1024x291 What’s new in the 2022 draft cybersecurity guidance?

Vulnerability management plans

The FDA draft cybersecurity guidance document also has a requirement for manufacturers to develop a plan for identifying and communicating vulnerabilities to device users after the release of the device. The FDA requires this plan to be included in your device submission. The vulnerability management plan should include the following information (in addition to the requirements of the 2016 guidance for postmarket cybersecurity management):

  • Personnel responsible;
  • Sources, methods, and frequency for monitoring for and identifying vulnerabilities (e.g. researchers, NIST NVD, third-party software manufacturers, etc.);
  • Periodic security testing to test identified vulnerability impact;
  • Timeline to develop and release patches;
  • Update processes;
  • Patching capability (i.e. rate at which update can be delivered to devices);
  • Description of their coordinated vulnerability disclosure process; and
  • Description of how manufacturer intends to communicate forthcoming remediations, patches, and updates to customers.

What’s the next step for the draft cybersecurity guidance?

In March the “Protecting and Transforming Cyber Health Care Act of 2022 (PATCH Act)” was introduced to the House of Representatives and the Senate. The goal of the PATCH Act is to enhance medical device security by requiring manufacturers to create a cybersecurity risk management plan for monitoring and addressing potential postmarket cybersecurity vulnerabilities. The FDA seeks comments on the draft cybersecurity guidance through July 7, 2022. Given the support of the new bill in the House of Representatives and Congress, it is likely that the FDA will get the support it needs for this new guidance. 

Posted in: 510(k), Cybersecurity

Leave a Comment (0) →

Human factors process, can we make this easy to understand?

90% of usability testing submitted to the FDA is unacceptable and the root cause is simply a failure to understand the human factors process.

If you submitted no usability testing to the FDA in your 510(k) submission, it would be obvious why the FDA reviewer identified usability as a major deficiency. However, you spent tens of thousands of dollars on usability testing that delayed the 510(k) submission by six months. Despite all of the time and money your company invested in the human factors process, it appears that you need to start over and repeat the entire process again. The CEO is furious, and he wants you to show him where in the 49-page FDA guidance it says that you have to do things differently.

Benefits from the human factors process

  1. Use errors result in serious injuries and death
  2. Easy to use products sell
  3. You will prevent delays in regulatory approval

Why was your rationale for no usability testing rejected?

Unlike CE Marking technical files, the FDA does not require a usability engineering file for all products. Instead, the FDA determines if usability testing is required based upon a comparison of your device’s user interface and a competitor’s user interface (i.e. predicate device user interface). If the user interface is identical, then usability testing may not be required. Instead, your company should be able to write a rationale for not doing usability testing based upon equivalence with the predicate device. If there are differences in your user interface, you will need to provide use-related risk analysis (URRA), identify critical tasks, implement risk controls, and provide verification testing to demonstrate the effectiveness of the risk controls. Even if your device is “easier to use” or “simpler”, you still need to provide the documentation to support this claim in your submission. The FDA also does not allow comparative claims in your marketing for 510(k) cleared devices. Comparative claims require the support of clinical data.

What is the 10-step human factors process?

  1. Define human factors for your device or IVD
  2. Identify use errors
  3. Conduct a URRA
  4. Perform a critical task analysis
  5. Conduct a risk control option analysis
  6. Conduct formative usability testing
  7. Implement risk controls
  8. Conduct summative usability testing
  9. Prepare HFE/UE documentation
  10. Collect post-market surveillance data specific to use errors

There is a YouTube video describing these 10 steps at the bottom of this blog posting.

Why is formative testing needed?

  • Observational study to identify unforeseen use errors
  • Observational study to evaluate risk control options
  • What are the other types of studies?
  • Development of indications for use
  • Development of training materials

Why is the human factors process crazy expensive to outsource?

  • Human factors consultants need time to learn about your device
  • Consultants are more conservative because they cannot afford to fail
  • Justifying your choice of risk controls is difficult because you started too late
  • Your instructions for use (IFU) are inadequate
  • Consultants need to explain the human factors process to you
  • Recruiting subjects is marketing (which may not be their expertise)
  • You are paying for infrastructure (specialized testing facilities)
  • This is a team effort that requires many consulting hours collectively

Why was your Usability Engineering File refused?

  1. Your company provided an application failure modes and effects analysis (aFMEA) to support your justification that residual risks are acceptable. The FDA guidance suggests using risk analysis tools such as an FMEA or fault-tree analysis, but deficiency letters from FDA reviewers recommend a use-related risk analysis (URRA) format that is totally different.

    URRA table example from the FDA 1024x399 Human factors process, can we make this easy to understand?

    Example of a URRA Table provided by the FDA for the Human Factors Process

    The primary problem with using an FMEA or Fault-Tree risk analysis tool is that these tools involve estimation of the severity of harm and the probability of occurrence of harm, while the FDA does not feel it is appropriate to estimate the probability of occurrence of harm. Instead, the FDA instructs companies to assume that use errors will occur and to implement risk controls to mitigate those risks (see URRA example above). Although “mitigation” is unlikely, and use risks will only be reduced, this is the approach the FDA wants companies to use. In addition, the FDA expects your company to provide traceability of risk control implementation to each use-related risk you identified and the FDA expects documentation of verification testing (i.e. usability testing) that shows your risk controls are effective. Finally, the FDA (and ISO 14971, Clause 10) expects you to collect and perform a trend analysis of use errors. Any use errors that are reported should be evaluated for the need to implement additional corrective actions to prevent future use errors. Blaming “user error” is not an acceptable approach. 

  2. You provided risk analysis and human factors testing in your 510(k) submission, but the FDA reviewer said you need to identify critical tasks and provide traceability to each critical task in your summative validation report. – Critical tasks are specifically mentioned in section 3.2 of the FDA guidance on applying human factors and usability engineering–and a total of 49 times throughout the guidance. However, “critical tasks” are not mentioned even once in ISO 14971:2019 or ISO/TR 24971:2020. The term “critical tasks” is not even found in IEC 62366-1:2015. There is mention of “tasks”, and “task” is a formal definition (i.e. Definition 3.14, “Task – one or more USER interactions with a MEDICAL DEVICE to achieve a desired result”). Therefore, companies that are familiar with the ISO Standards and CE Marking process frequently need training on the FDA requirements for the human factors process. After receiving training, then your company will be prepared to modify your usability engineering file documentation to comply with the FDA requirements for human factors.
  3. You completed a summative validation protocol, but the FDA disagrees with your definition of user groups. – Each user has a different level of experience, training, and competency. Therefore, if you define the intended user population too broadly (e.g. healthcare practitioners), the FDA may not accept your summative usability testing. This is the reason that the human factors process begins with defining the human factors for your IVD or device. Radiologists, for example, have the following training pathway:
    • graduate from medical school;
    • complete an internship;
    • pass state licensing exam;
    • complete a residency in radiology;
    • become board certified; and
    • complete an optional fellowship.

Therefore, if you are developing imaging software, you need to make sure your user group includes radiologists that cover the entire range of competencies. In addition, most radiology images are taken by radiology technicians and then reviewed by the radiologist. Therefore, radiology technicians should be considered a completely different user group due to the differences in experience, training, and competency when compared to a radiologist. This simple example doubles the number of users needed because you have two user groups instead of one.

  1. You evaluated 15 users, but the FDA reviewer is asking you to evaluate a larger number of users based upon a special controls guidance document. – The FDA guidance on human factors testing specifies a minimum of 15 users for each user group–not a minimum of 15 users. Therefore, for a device that is for Rx-only and OTC use, you will have at least two user groups that need to be evaluated independently. In addition, some devices have special controls guidance documents that specify usability testing requirements. For example, an OTC blood glucose meter must pass a 350-person lay-user study. Covid-19 self-tests are expected to pass a 30-person lay-user study as another example.
  2. Your usability study was conducted in Australia, but the FDA insists that your usability study must be repeated in the USA. – Most people think of language being the primary difference between two countries, and therefore the author of a study protocol may not perceive any difference between the USA and Australia, Ireland, Canada, or the UK. However, this lack of ability to identify differences between cultural norms shows our own ignorance of cultural differences. International travelers learn quickly about the differences in the interface used for electrical outlets between the USA and other countries. There are also more subtle differences between cultures, such as in which direction do you toggle a light switch to turn on a light, up or down? For devices that are used in a hospital environment, it is critical to understand how your device will interact with other devices and how different hospital protocols might impact human factors.
  3. The FDA reviewer indicated that your usability engineering file does not assess the ability of laypersons to self-select whether your OTC device is appropriate for them. – Devices and IVD devices may have contraindications or indications for use that are specific to an intended patient population or intended user population. In these cases, the user of the device or IVD needs to be able to “self-select” as included or excluded from use. The ability to self-select should be assessed as part of any OTC usability study. The ability to identify suitable and unsuitable patients for treatment is also a common criterion for a usability study involving prescription devices where a physician is the subject of the study.
  4. The FDA reviewer indicated that you did not provide raw data collected by the study moderator. – Data collected during a human factors study is usually subjective in nature, and the FDA may want to conduct their own review and analysis of your data. Therefore, you cannot provide only a testing report that summarizes the results of your study. You must also provide the raw data for the study. It is permitted to provide the data in a tabular format that has been transcribed from paper case report forms or was recorded electronically. You should also consider scanning any paper forms for permanent retention or retaining the paper forms in case there is any question of accuracy in the transcription of the data collected. Finally, it is best practice to record videos of the study participants performing each task and answering interview questions. This will help in filling any gaps in the notes recorded by the moderator, and the recording provides additional objective evidence of the study results.
  5. The FDA reviewer indicated that your study is not valid, because the training provided by moderators was not scripted and training decay was not considered in the design of the study. – Summative usability testing requires that users complete all of the critical tasks identified in your critical task analysis without assistance. It is permitted to provide training to the user prior to conducting the study if the device or IVD is for prescription use and healthcare practitioners are responsible for providing instruction to the user. However, any training provided must be scripted in advance and approved as part of the summative usability testing protocol. This ensures that every subject in the study receives consistent training. Unfortunately, the FDA may still not be satisfied with the design of your study if you do not allow sufficient time to pass between the time that training is provided to the user and when the subject uses the device or IVD for the first time. In general, one hour is the minimum amount of time that should pass between providing user training and when the device or IVD is used for the first time. This is referred to as “training decay” and the duration of time between your scripted training and the user performing critical tasks for the first time should be specified in your summative usability protocol. One solution to address both issues is to provide a video of the instructions to each subject 24-hours in advance of participation in the study.

Additional resources for the human factors process and usability testing

Posted in: 510(k), Design Control, Usability

Leave a Comment (4) →

Feedback options for your pre-sub meeting request

This article analyzes feedback options offered for a pre-submission meeting request and gives you insight into which option is best for you.

Pre submission meeting request feedback options Feedback options for your pre sub meeting request

In 2021 the FDA published an updated guidance document about pre-submission meeting requests (i.e., pre-sub meetings). The purpose of a pre-submission meeting is to ask and obtain answers to your questions directly from the FDA. The guidance document has great advice on what to ask the FDA and what you should not ask. The best time to be asking the FDA questions is before you begin your verification and validation testing. The FDA can give you valuable feedback on your testing plan to demonstrate safety and efficacy, but if you already started your testing it’s too late. Unfortunately, the guidance document has no advice on which method of feedback to select or why.

What is the last section of your pre-sub?

The last section of your pre-submission meeting request should indicate what method of feedback you prefer and what your preferred dates are for a potential meeting with the FDA. There are three options offered for methods of feedback:

  1. a face-to-face meeting
  2. a conference call
  3. an email response

Feedback option 1 – A Face-to-Face Meeting

Some executives believe that face-to-face meetings are critical in establishing relationships with people. However, you need to understand the culture of the people your are trying to build a relationship with. The FDA is an overworked bureaucracy, and government agencies have security concerns. When the FDA meets with visitors they must go to a different building and arrange for their guests to pass through security. This is more work and takes more time. To justify the extra work and time, you need a compelling reason why a face-to-face meeting with the FDA is necessary.

Traveling to the FDA will cost your team money and time that conference calls and emails will not. More importantly, you are limited to one hour for a pre-submission meeting. One hour is barely enough time to ask questions and listen to the answers. You only have minutes to introduce your company, your team and the describe the product. There is no time for relationship building. The best way to impress the FDA is to: 1) prepare thoroughly, 2) conduct an efficient meeting, and 3) ask smart questions.

There is one time when you should visit the FDA face-to-face–if you have a powerful demonstration and video just isn’t good enough.

Feedback option 2 – Conference Call

Conference calls save you time and money, but conference calls also save the FDA time and effort. You won’t personally meet people from the agency, but you can communicate information prior to the meeting and you can provide videos of simulated use for your device. Conference calls do have the advantage of allowing you to mute the call for a moment and make a comment among your team members without the agency listening as well. Whenever you are discussing a performance testing plan or a clinical study protocol with the FDA, you will probably want a conference call to enable clarification questions.

Feedback option 3 – Email

Email responses from the FDA are highly underrated in value. When you specify an email response, you generally receive a response to your questions sooner. You also should receive more information, because each person from the agency is able to provide an hour of their time to write detailed feedback. In a conference call, you are speaking for part of the hour and only one person from the FDA can speak at a time. Therefore, you almost always have less feedback during conference calls and face-to-face meetings. The primary downside to email as a feedback method is that it is not interactive.

Update Related to Covid-19 Pandemic

The FDA is not allowing face-to-face meetings during the Covid-19 pandemic. Three of the pre-subs Medical Device Academy submitted during the pandemic were rejected by the FDA due to insufficient FDA resources. We are also noticing increased delays in the pre-sub timeline. Two pre-subs had a 5-month scheduling lead-time instead of 60-75 days. Due to these delays, we have advised many clients to skip the presub if testing requirements are well defined in guidance documents and predicate 510k summaries. Althought the email option should theoretically result in a faster response from the FDA, during the pandemic we have actually seen that the teleconference options has been faster. My theory is that the teleconferences are require coordinating the schedules of multiple people, and therefore there is more focus by lead reviewers in making sure the feedback is provided in time for the scheduled teleconference. 

Which feedback option will you pick?

Regardless of which feedback method you choose, you can always follow-up with supplemental questions and obtain additional feedback from the FDA after you receive the initial response to your pre-submission meeting request. If you are planning a clinical study, you might seek interactive feedback in a conference call during the pre-submission meeting. Then you can follow-up with a clinical study protocol as a supplement to obtain additional feedback from the FDA.

Additional Resources

If you are interested in learning more about a pre-submission meeting request to the FDA, consider watching and listening to a webinar on the topic.

Posted in: 510(k)

Leave a Comment (1) →

How to find updated FDA forms for a 510k

Before you complete FDA forms for your 510k submission, you need to made sure you have the most updated FDA forms.

How do you know if the FDA form you are using is current?

The FDA assigns numbers to each FDA form and the document control number is found in the bottom left footer of the document. In addition, the top right-hand header of the document will have an expiration date for the form (see the picture below). Often the changes to FDA forms are minor, but you should only submit the current version of the FDA form which has not expired.

FDA Form 3881 screen capture How to find updated FDA forms for a 510k

What happens if you are using an expired FDA form?

In the past, if you included an obsolete document in your submission the FDA would often ignore this an proceed with the review of your submission anyway. Now FDA reviewers will identify the obsolete form and require you to resubmit the document on the current version of the form. If the reviewer is conducting an initial Refusal to Accept (RTA) screening, and one of the required items in the RTA screening are identified, then you will receive an RTA Hold letter and the RTA checklist will include a comment that you have used an obsolete version of an FDA Form.

If there are no deficiencies identified in the RTA checklist, the reviewer may still send you an email asking you to submit the document on the correct form. This could be a formal amendment (e.g. K123456/A001) or it could be as an informal email of the corrected document. This type of request could also be identified after the substantive review is complete in the form of a comment in an Additional Information (AI) Request or as part of an Interactive Review Request. An AI Request must be responded to with a formal supplement submitted to the Document Control Center (DCC) as a supplement to the original submission (e.g. K123456/S001) or as an informal ammendment submitted by email.

Examples of updated FDA forms for your 510k submission

Expired forms are frequently submitted to the FDA because submitters are using templates that have not been properly maintained or the submitter modified a form that was submitted in a previous 510k submission. The most common examples include: FDA Form 3514 (i.e. Submission Coversheet), FDA Form 3881 (i.e. Indications for Use), and the RTA Checklist.

Where can you find updated FDA forms?

Recently one of our clients noticed that the 510k template folder we share with people that have purchased our 510k course included obsolete templates for Financial Disclosure. There are three financial disclosure forms that can be used for a 510k submission or De Novo Classification Request:

  1. FDA Form 3454, Certification: Financial Interest and Arrangements of Clinical Investigator (PDF)
  2. FDA Form 3455, Disclosure: Financial Interest and Arrangements of Clinical Investigators (PDF)
  3. FDA Form 3674, Certification of Compliance, under 42 U.S.C. , 282(j)(5)(B), with Requirements of ClinicalTrials.gov (PDF)

We normally update these FDA forms as soon as the new form is released, but this financial disclosure forms are only used in about 10-15% of 510k submissions.

The current version of most FDA forms can usually be found by simply conducting an internet search for the form using your favorite browser. However, sometimes you may find a copy of the document that was editted by a consultant to facilitate completion of the document as an unsecured PDF or Word document. Although this is convenient, you should not use these “bastardized” forms. You should use the original secured form provided by the FDA. These native forms require Adobe Acrobat to complete the form and save the content. The most current version of the FDA form can be found using the FDA’s Form search tool.

Editing and Signing FDA Forms

Most of the FDA forms are secured and you can only enter information in specific locations. If there is a location for a signature, usually the signature cannot be added in Adobe to the secured form. In these situations, our team will save the document as a “Microsoft Print PDF” format. Once the document has been saved in this “non-native” format, you can manipulate almost anything in the document. Then we will add signatures using the “Fill and Sign” tool in Adobe Acrobat or we will use the “Edit” tool. Editing also gives us ability to make corrections when the document has incorrect information filled in the form somewhere.

Another option for adding dates and signatures is for you to save the document as a non-secure PDF. Then using an electronic signature software tool like Docusign, you can request that another person add their electronic signature or you can add your own electronic signature. Some companies prefer to do this to ensure the electronic signature meets 21 CFR Part 11 requirements, but the FDA accepts scanned images of a signature that was added to the document without certification in a 510k submission. This is even true for the Truthful and Accuracy Statement for a 510k. That document can be attached as a PDF in an FDA eSTAR template or you can electronically sign the eSTAR template if the person preparing the eSTAR is also the person signing the Truthful and Accuracy Statement.

Tips and Tricks for maintaining templates

Our company is a consulting firm, and we do not have a formal document control process that would be typical of our clients. However, we do have a shared Dropbox folder where we maintain the most current version of 510k templates. Any obsolete versions we move to an archive folder. However, there are ways to improve this informal system. You can include a date of the document in the file name. For example, “Vol 4 001_Indications for Use (FDA Form 3881) rvp 2-7-2022.” This indicates that this file is the FDA Form 3881 which is the indications for use form used in Volume 4 of the 510k submission. The document is the first document in that volume. The date the form was revised and saved is February 7, 2022 and the author’s initials are “rvp.”

If you are saving 510k templates you might consider adding an expiration date to the file name. For example, “Vol 4 001_Indications for Use (FDA Form 3881) exp 06-30-2023.” This file name indicates that the form’s expiration date is June 30, 2023. The inclusion of an expiration date in the file name is a visual reminder of when you will need to search for an updated FDA form.

A third way to manage your FDA Forms is to include them in your documents of external origin. ISO 13485:2016, Clause 4.2.4, requires that you maintain control of documents of external origin. Therefore, if your company has a formal quality system, a list or log of documents of external origin is the best way to manage FDA forms. Your log should indicate the date the updated FDA form was created, any parent guidance documents should be cross-referenced, and the expiration date of the FDA form should be identified. By using a log of this type, you can sort the list by expiration date or by the date of creation if there is no expiration date identified. Sorting the list will help your team prioritize which documents need to be reviewed next for new and revised versions.

Additional 510k submission resources

The FDA will be updating the 510k guidance for the new FDA eSTAR template by September 2022. Medical Device Academy will be systematically updating all of our templates and training webinars related to preparation of 510k submissions. We will also be preparing for the transition from FDA eCopy submissions to electronic submissions via a Webtrader Account.

You can keep up-to-date on template revisions in one of two ways:

  1. Purchase our 510k course, and you will receive access to the updated templates as they are created. We will send email notifications each time a template is updated.
  2. Register for our New Blog email subscription for automated email notifications of when a new blog is released about updated FDA forms, templates, and webinars.
  3. Register for our New Webinar email subscription for automated email notifications of when a new or revised webinar is scheduled and for email notification of our newest live streaming YouTube videos.

Posted in: 510(k)

Leave a Comment (0) →
Page 1 of 5 12345