Blog

Archive for 510(k)

FDA CCP now accepts FDA eSTAR & eCopy

Finally, we can use the new FDA CCP to eliminate FedEx shipments, and 100% of your submissions will be electronic through the portal.

July 2022 Update for the FDA eCopy process

The FDA created a Customer Collaboration Portal (CCP) for medical device manufacturers. Originally, the portal’s purpose was to provide a place where submitters can track the status of their submissions and verify the deadlines for each stage of the submission review process. Last week, on July 19, the FDA emailed all active FDA CCP account holders that they can upload both FDA eCopy and FDA eSTAR files to the portal 100% electronically. Since our consulting team sends out submissions daily, everyone on the team was able to test the new process. If you have a CCP account, you no longer need to ship submissions via FedEx to the Document Control Center (DCC).

FDA CCP step-by-step uploading process

When you are uploading an FDA eCopy for medical device submission to the Document Control Center (DCC), using the new FDA CCP, the following steps are involved:

  1. Confirm your eCopy complies with FDA’s eCopy guidance.
  2. Compress your eCopy into a “.zip” file.
  3. Sign in to the portal on the login page
  4. Click on the “+” symbol on the left panel of the webpage (if you hover over the “+” symbol, you will see “Send a submission”)
  5. Select your desired upload format (pre-submissions, meeting minutes, breakthrough device designations, and withdrawal letters must be submitted as an eCopy)Format Selection 1024x515 FDA CCP now accepts FDA eSTAR & eCopy
  6. Click on the “Next” button that appears below the selection formats once a format is selected
  7. Drag & drop your single “.zip” file here, or browse for it.
  8. Click on “Send” button to complete the uploading process.Send Step 1024x528 FDA CCP now accepts FDA eSTAR & eCopy
  9. Verify that the FDA CCP site gives you a confirmation for the successful uploading of your submission.Confirmation that eCopy was sent 1024x556 FDA CCP now accepts FDA eSTAR & eCopy

FDA Q&A about the new FDA CCP Submission Uploading Process

  1. Medical Device Academy Question: Who will be permitted to use the FDA CCP to upload submissions for the DCC? FDA Response: We will first offer this feature in batches to people like you who already use CCP so we can study its performance. We will then refine it and make it available to all premarket submitters.
  2. Medical Device Academy Question: What do you need to use the FDA CCP? FDA Response: You don’t need to do anything to participate since you already use CCP. We will email you again when you can start sending your next submissions online.
  3. Medical Device Academy Question: Suppose another consultant asks me to submit an eSTAR or eCopy for them, or I do this for a member of my consulting team. Is there any reason I cannot upload the submission using my account even though the other person is the official submission correspondent and their name is listed on the cover letter? FDA Response: The applicant and correspondent information of the submission is still used when logging the submission in. The submitter (i.e., the person uploading the submission) is not used in any part of the log-in process. The submission portal is essentially replacing snail mail only; once the DCC loads the submission, whether it be from a CD or an online source, the subsequent process is identical to what it used to be, for now.
  4. Medical Device Academy Question: Is there any type of eCopy that would not be appropriate for this electronic submission process (e.g., withdrawal letters, MAF, or breakthrough device designations)? FDA Response: You can use the eCopy option to submit anything that goes to the DCC, so all your examples are fair game, though interactive review responses would still be emailed to the reviewer.
  5. Medical Device Academy Question: How can I get help from the FDA? FDA Response: If you have questions, contact us at CCP@fda.hhs.gov.

Posted in: 510(k), De Novo

Leave a Comment (0) →

What’s new in the 2022 draft cybersecurity guidance?

On April 8, 2022, the FDA released a new draft cybersecurity guidance document to replace the 2018 draft that the industry does not support.

Why was the draft cybersecurity guidance created?

Due to the ubiquitous nature of software and networked devices in the medical industry, the impact of cybersecurity attacks is becoming more frequent and more severe. The WannaCry Ransomeware Attack is just one example of this global cybersecurity issue. The FDA is responding to the need for stronger cybersecurity controls by issuing a new draft cybersecurity guidance for 2022.

The first four paragraphs of the introduction explain why we need this, and WannaCry is mentioned in the second paragraph of the background section. This new guidance is only a draft, but this is the FDA’s third attempt at regulating the cybersecurity of medical devices. The first guidance was finalized in 2014. That’s the 9-page guidance we currently have in effect. The guidance mentions risk 11 times and there is no mention of testing requirements or a bill of materials (BOM). The 2018 draft guidance (24-pages) met with resistance from the industry for a lot of reasons. One of the reasons mentioned by Suzanne Schwartz in an interview is the inclusion of a cybersecurity bill of materials (CBOM). The industry felt it would be too burdensome to disclose all of the hardware elements that are related to cybersecurity. Therefore, the FDA rewrote the 2018 draft and released a new draft on April 8, 2022 (49-pages).

Untitled presentation e1650071404761 What’s new in the 2022 draft cybersecurity guidance?

You might have expected the FDA to soften its requirements in the face of resistance from industry, but the new draft does not appear to be less robust. It is true that the CBOM was replaced by a software bill of materials (SBOM). However, the SBOM must be electronically readable and it must include:

  • the asset(s) where the software resides;
  • the software component name;
  • the software component version;
  • the software component manufacturer;
  • the software level of support provided through monitoring and maintenance from the software component manufacturer;
  • the software component’s end-of-support date; and
  • any known vulnerabilities.

You can be sure that the medical device industry will view providing an SBOM as a hefty burden. After all, a machine-readable SBOM is more complex than UDI labeling requirements. An SBOM will not fit on the “Splash Screen” for anyone’s software application. Companies may provide documentation through the company website with a link in their software to that information. The format of the information could be in the “Manufacturer Disclosure Statement for Medical Device Security (MDS2).” However, MDS2 is a 349-line item Excel spreadsheet to be used as a checklist (i.e. quite a bit longer than the GUDID data elements spreadsheet), and it took the FDA eight years to complete the transition for the UDI Final Rule (i.e. 2013 – 2021).

The 2018 draft cybersecurity guidance document from the FDA required a cybersecurity bill of materials (CBOM). CBOM was defined as “a list that includes but is not limited to commercial, open source, and off-the-shelf software and hardware components that are or could become susceptible to vulnerabilities.” Therefore, the FDA’s change from a CBOM to an SBOM eliminated the requirement to disclose the hardware components. Despite the change in disclosure requirements, manufacturers will still be expected to monitor potential hardware vulnerabilities to cybersecurity attacks. It should also be noted that the language in the PATCH Act (a new bill submitted to the House of Representatives and to the Senate for ensuring the cybersecurity of medical devices) specifically requires manufacturers “to furnish a software bill of materials as required under section 524B (relating to ensuring the cybersecurity).”

 Structure of the draft cybersecurity guidance

The 2022 draft cybersecurity guidance organizes the requirements into four major principles:

  1. cybersecurity as part of device safety and the quality system regulations
  2. designing for security
  3. transparency
  4. submission documentation

The draft cybersecurity guidance recommends the implementation of a Secure Product Development Framework (SPDF). However, there is not much detail provided in the guidance for a SPDF. In the past, the term for this type of process was referred to as a Secure Software Development Lifecycle (i.e. Secure SDLC). However, in February 2022, the NIST Computer Security Resource Center (CSRC) released version 1.1 of the Secure SDLC guidance which is now titled “Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities.” This guidance provides guidance on the implementation of best practices for reducing the risk of software vulnerabilities because existing standards for managing the software development lifecycle do not explicitly address software security (e.g. IEC 62304-1:2015). The SSDF recommends implementing a core set of high-level secure software development practices that can be integrated into your SDLC process. Your software development team will also require cybersecurity training.

Design for security is the second principle of the draft cybersecurity guidance

Under this new draft cybersecurity guidance, the FDA will be evaluating the cybersecurity of devices based on the ability of the device to provide and implement the following security objectives:

  • Authenticity, which includes integrity;
  • Authorization;
  • Availability;
  • Confidentiality; and
  • Secure and timely updatability and patchability.

Transparency of cybersecurity information is for users

The draft cybersecurity guidance seeks to give device users more information pertaining to the device’s cybersecurity controls, potential risks, and other relevant information. This information will be in the form of an SBOM that is electronically readable. This information shall include disclosure of 1) known vulnerabilities or risks, 2) information to securely configure and update devices, and 3) communication interfaces and third-party software.

In addition to providing an SBOM, the FDA draft cybersecurity guidance includes requirements for cybersecurity labeling in section VI(A). There are 15 specific labeling requirements identified by the FDA for sharing with device users to improve the transparency of cybersecurity information. The first of these requirements is recommendations from the manufacturer for cybersecurity controls appropriate for the intended use environment (e.g., antimalware software, use of a firewall, password requirements). This first labeling requirement is identical to the 2018 draft guidance. Several of the other requirements are copied from the 2018 draft guidance, but others are new and/or reworded cybersecurity labeling requirements.

FDA Submission Documentation Requirements

The 2022 FDA draft cybersecurity guidance includes requirements for FDA submission documentation. Submission documentation must include a security risk management plan and report. The draft cybersecurity guidance explains on page 13 (numbered 9) that “performing security risk management is a distinct process from performing safety risk management as described in ISO 14971:2019.” Therefore, instead of using your safety risk management process, your software development team will need to have a different risk management process for software security. Details on the content for security risk management plans and reports can be found in AAMI TIR57:2016 – Principles for medical device security—Risk management. Appendix 2 also provides guidance for the inclusion of a) call flow diagrams, and b) information details for an architecture view.

Cybersecurity testing requirements for your FDA submission

The biggest impact of this new draft guidance may be the requirement for testing. The 2014 guidance has no testing requirement, the 2018 draft guidance mentioned testing 5 times in a few bullet points, but this new draft guidance mentions testing 43 times. The testing requirements for cybersecurity risk management verification include:

  1. Security requirements
  2. Threat mitigation
  3. Vulnerability testing
  4. Penetration testing

This guidance also includes a paragraph with multiple bullets of requirements for each of the four types of testing. This would essentially double the size and scope of the current software section for a 510k submission, and manufacturers will need to create new procedures and templates for their cybersecurity risk management process. For example, penetration testing requirements include the following elements:

  • Independence and technical expertise of testers,
  • Scope of testing,
  • Duration of testing,
  • Testing methods employed, and
  • Test results, findings, and observations.

Differences between the cybersecurity guidance documents

The following table provides a high-level overview comparing the four cybersecurity guidance documents released by the FDA, including the 2016 guidance on post-market management of cybersecurity:

Screenshot 2022 04 16 12.48.51 AM 1024x291 What’s new in the 2022 draft cybersecurity guidance?

Vulnerability management plans

The FDA draft cybersecurity guidance document also has a requirement for manufacturers to develop a plan for identifying and communicating vulnerabilities to device users after the release of the device. The FDA requires this plan to be included in your device submission. The vulnerability management plan should include the following information (in addition to the requirements of the 2016 guidance for postmarket cybersecurity management):

  • Personnel responsible;
  • Sources, methods, and frequency for monitoring for and identifying vulnerabilities (e.g. researchers, NIST NVD, third-party software manufacturers, etc.);
  • Periodic security testing to test identified vulnerability impact;
  • Timeline to develop and release patches;
  • Update processes;
  • Patching capability (i.e. rate at which update can be delivered to devices);
  • Description of their coordinated vulnerability disclosure process; and
  • Description of how manufacturer intends to communicate forthcoming remediations, patches, and updates to customers.

What’s the next step for the draft cybersecurity guidance?

In March the “Protecting and Transforming Cyber Health Care Act of 2022 (PATCH Act)” was introduced to the House of Representatives and the Senate. The goal of the PATCH Act is to enhance medical device security by requiring manufacturers to create a cybersecurity risk management plan for monitoring and addressing potential postmarket cybersecurity vulnerabilities. The FDA seeks comments on the draft cybersecurity guidance through July 7, 2022. Given the support of the new bill in the House of Representatives and Congress, it is likely that the FDA will get the support it needs for this new guidance. 

Posted in: 510(k), Cybersecurity

Leave a Comment (0) →

Human factors process, can we make this easy to understand?

90% of usability testing submitted to the FDA is unacceptable and the root cause is simply a failure to understand the human factors process.

If you submitted no usability testing to the FDA in your 510(k) submission, it would be obvious why the FDA reviewer identified usability as a major deficiency. However, you spent tens of thousands of dollars on usability testing that delayed the 510(k) submission by six months. Despite all of the time and money your company invested in the human factors process, it appears that you need to start over and repeat the entire process again. The CEO is furious, and he wants you to show him where in the 49-page FDA guidance it says that you have to do things differently.

Benefits from the human factors process

  1. Use errors result in serious injuries and death
  2. Easy to use products sell
  3. You will prevent delays in regulatory approval

Why was your rationale for no usability testing rejected?

Unlike CE Marking technical files, the FDA does not require a usability engineering file for all products. Instead, the FDA determines if usability testing is required based upon a comparison of your device’s user interface and a competitor’s user interface (i.e. predicate device user interface). If the user interface is identical, then usability testing may not be required. Instead, your company should be able to write a rationale for not doing usability testing based upon equivalence with the predicate device. If there are differences in your user interface, you will need to provide use-related risk analysis (URRA), identify critical tasks, implement risk controls, and provide verification testing to demonstrate the effectiveness of the risk controls. Even if your device is “easier to use” or “simpler”, you still need to provide the documentation to support this claim in your submission. The FDA also does not allow comparative claims in your marketing for 510(k) cleared devices. Comparative claims require the support of clinical data.

What is the 10-step human factors process?

  1. Define human factors for your device or IVD
  2. Identify use errors
  3. Conduct a URRA
  4. Perform a critical task analysis
  5. Conduct a risk control option analysis
  6. Conduct formative usability testing
  7. Implement risk controls
  8. Conduct summative usability testing
  9. Prepare HFE/UE documentation
  10. Collect post-market surveillance data specific to use errors

There is a YouTube video describing these 10 steps at the bottom of this blog posting.

Why is formative testing needed?

  • Observational study to identify unforeseen use errors
  • Observational study to evaluate risk control options
  • What are the other types of studies?
  • Development of indications for use
  • Development of training materials

Why is the human factors process crazy expensive to outsource?

  • Human factors consultants need time to learn about your device
  • Consultants are more conservative because they cannot afford to fail
  • Justifying your choice of risk controls is difficult because you started too late
  • Your instructions for use (IFU) are inadequate
  • Consultants need to explain the human factors process to you
  • Recruiting subjects is marketing (which may not be their expertise)
  • You are paying for infrastructure (specialized testing facilities)
  • This is a team effort that requires many consulting hours collectively

Why was your Usability Engineering File refused?

  1. Your company provided an application failure modes and effects analysis (aFMEA) to support your justification that residual risks are acceptable. The FDA guidance suggests using risk analysis tools such as an FMEA or fault-tree analysis, but deficiency letters from FDA reviewers recommend a use-related risk analysis (URRA) format that is totally different.

    URRA table example from the FDA 1024x399 Human factors process, can we make this easy to understand?

    Example of a URRA Table provided by the FDA for the Human Factors Process

    The primary problem with using an FMEA or Fault-Tree risk analysis tool is that these tools involve estimation of the severity of harm and the probability of occurrence of harm, while the FDA does not feel it is appropriate to estimate the probability of occurrence of harm. Instead, the FDA instructs companies to assume that use errors will occur and to implement risk controls to mitigate those risks (see URRA example above). Although “mitigation” is unlikely, and use risks will only be reduced, this is the approach the FDA wants companies to use. In addition, the FDA expects your company to provide traceability of risk control implementation to each use-related risk you identified and the FDA expects documentation of verification testing (i.e. usability testing) that shows your risk controls are effective. Finally, the FDA (and ISO 14971, Clause 10) expects you to collect and perform a trend analysis of use errors. Any use errors that are reported should be evaluated for the need to implement additional corrective actions to prevent future use errors. Blaming “user error” is not an acceptable approach. 

  2. You provided risk analysis and human factors testing in your 510(k) submission, but the FDA reviewer said you need to identify critical tasks and provide traceability to each critical task in your summative validation report. – Critical tasks are specifically mentioned in section 3.2 of the FDA guidance on applying human factors and usability engineering–and a total of 49 times throughout the guidance. However, “critical tasks” are not mentioned even once in ISO 14971:2019 or ISO/TR 24971:2020. The term “critical tasks” is not even found in IEC 62366-1:2015. There is mention of “tasks”, and “task” is a formal definition (i.e. Definition 3.14, “Task – one or more USER interactions with a MEDICAL DEVICE to achieve a desired result”). Therefore, companies that are familiar with the ISO Standards and CE Marking process frequently need training on the FDA requirements for the human factors process. After receiving training, then your company will be prepared to modify your usability engineering file documentation to comply with the FDA requirements for human factors.
  3. You completed a summative validation protocol, but the FDA disagrees with your definition of user groups. – Each user has a different level of experience, training, and competency. Therefore, if you define the intended user population too broadly (e.g. healthcare practitioners), the FDA may not accept your summative usability testing. This is the reason that the human factors process begins with defining the human factors for your IVD or device. Radiologists, for example, have the following training pathway:
    • graduate from medical school;
    • complete an internship;
    • pass state licensing exam;
    • complete a residency in radiology;
    • become board certified; and
    • complete an optional fellowship.

Therefore, if you are developing imaging software, you need to make sure your user group includes radiologists that cover the entire range of competencies. In addition, most radiology images are taken by radiology technicians and then reviewed by the radiologist. Therefore, radiology technicians should be considered a completely different user group due to the differences in experience, training, and competency when compared to a radiologist. This simple example doubles the number of users needed because you have two user groups instead of one.

  1. You evaluated 15 users, but the FDA reviewer is asking you to evaluate a larger number of users based upon a special controls guidance document. – The FDA guidance on human factors testing specifies a minimum of 15 users for each user group–not a minimum of 15 users. Therefore, for a device that is for Rx-only and OTC use, you will have at least two user groups that need to be evaluated independently. In addition, some devices have special controls guidance documents that specify usability testing requirements. For example, an OTC blood glucose meter must pass a 350-person lay-user study. Covid-19 self-tests are expected to pass a 30-person lay-user study as another example.
  2. Your usability study was conducted in Australia, but the FDA insists that your usability study must be repeated in the USA. – Most people think of language being the primary difference between two countries, and therefore the author of a study protocol may not perceive any difference between the USA and Australia, Ireland, Canada, or the UK. However, this lack of ability to identify differences between cultural norms shows our own ignorance of cultural differences. International travelers learn quickly about the differences in the interface used for electrical outlets between the USA and other countries. There are also more subtle differences between cultures, such as in which direction do you toggle a light switch to turn on a light, up or down? For devices that are used in a hospital environment, it is critical to understand how your device will interact with other devices and how different hospital protocols might impact human factors.
  3. The FDA reviewer indicated that your usability engineering file does not assess the ability of laypersons to self-select whether your OTC device is appropriate for them. – Devices and IVD devices may have contraindications or indications for use that are specific to an intended patient population or intended user population. In these cases, the user of the device or IVD needs to be able to “self-select” as included or excluded from use. The ability to self-select should be assessed as part of any OTC usability study. The ability to identify suitable and unsuitable patients for treatment is also a common criterion for a usability study involving prescription devices where a physician is the subject of the study.
  4. The FDA reviewer indicated that you did not provide raw data collected by the study moderator. – Data collected during a human factors study is usually subjective in nature, and the FDA may want to conduct their own review and analysis of your data. Therefore, you cannot provide only a testing report that summarizes the results of your study. You must also provide the raw data for the study. It is permitted to provide the data in a tabular format that has been transcribed from paper case report forms or was recorded electronically. You should also consider scanning any paper forms for permanent retention or retaining the paper forms in case there is any question of accuracy in the transcription of the data collected. Finally, it is best practice to record videos of the study participants performing each task and answering interview questions. This will help in filling any gaps in the notes recorded by the moderator, and the recording provides additional objective evidence of the study results.
  5. The FDA reviewer indicated that your study is not valid, because the training provided by moderators was not scripted and training decay was not considered in the design of the study. – Summative usability testing requires that users complete all of the critical tasks identified in your critical task analysis without assistance. It is permitted to provide training to the user prior to conducting the study if the device or IVD is for prescription use and healthcare practitioners are responsible for providing instruction to the user. However, any training provided must be scripted in advance and approved as part of the summative usability testing protocol. This ensures that every subject in the study receives consistent training. Unfortunately, the FDA may still not be satisfied with the design of your study if you do not allow sufficient time to pass between the time that training is provided to the user and when the subject uses the device or IVD for the first time. In general, one hour is the minimum amount of time that should pass between providing user training and when the device or IVD is used for the first time. This is referred to as “training decay” and the duration of time between your scripted training and the user performing critical tasks for the first time should be specified in your summative usability protocol. One solution to address both issues is to provide a video of the instructions to each subject 24-hours in advance of participation in the study.

Additional resources for the human factors process and usability testing

Posted in: 510(k), Design Control, Usability

Leave a Comment (3) →

Feedback options for your pre-sub meeting request

This article analyzes feedback options offered for a pre-submission meeting request and gives you insight into which option is best for you.

Pre submission meeting request feedback options Feedback options for your pre sub meeting request

In 2021 the FDA published an updated guidance document about pre-submission meeting requests (i.e., pre-sub meetings). The purpose of a pre-submission meeting is to ask and obtain answers to your questions directly from the FDA. The guidance document has great advice on what to ask the FDA and what you should not ask. The best time to be asking the FDA questions is before you begin your verification and validation testing. The FDA can give you valuable feedback on your testing plan to demonstrate safety and efficacy, but if you already started your testing it’s too late. Unfortunately, the guidance document has no advice on which method of feedback to select or why.

What is the last section of your pre-sub?

The last section of your pre-submission meeting request should indicate what method of feedback you prefer and what your preferred dates are for a potential meeting with the FDA. There are three options offered for methods of feedback:

  1. a face-to-face meeting
  2. a conference call
  3. an email response

Feedback option 1 – A Face-to-Face Meeting

Some executives believe that face-to-face meetings are critical in establishing relationships with people. However, you need to understand the culture of the people your are trying to build a relationship with. The FDA is an overworked bureaucracy, and government agencies have security concerns. When the FDA meets with visitors they must go to a different building and arrange for their guests to pass through security. This is more work and takes more time. To justify the extra work and time, you need a compelling reason why a face-to-face meeting with the FDA is necessary.

Traveling to the FDA will cost your team money and time that conference calls and emails will not. More importantly, you are limited to one hour for a pre-submission meeting. One hour is barely enough time to ask questions and listen to the answers. You only have minutes to introduce your company, your team and the describe the product. There is no time for relationship building. The best way to impress the FDA is to: 1) prepare thoroughly, 2) conduct an efficient meeting, and 3) ask smart questions.

There is one time when you should visit the FDA face-to-face–if you have a powerful demonstration and video just isn’t good enough.

Feedback option 2 – Conference Call

Conference calls save you time and money, but conference calls also save the FDA time and effort. You won’t personally meet people from the agency, but you can communicate information prior to the meeting and you can provide videos of simulated use for your device. Conference calls do have the advantage of allowing you to mute the call for a moment and make a comment among your team members without the agency listening as well. Whenever you are discussing a performance testing plan or a clinical study protocol with the FDA, you will probably want a conference call to enable clarification questions.

Feedback option 3 – Email

Email responses from the FDA are highly underrated in value. When you specify an email response, you generally receive a response to your questions sooner. You also should receive more information, because each person from the agency is able to provide an hour of their time to write detailed feedback. In a conference call, you are speaking for part of the hour and only one person from the FDA can speak at a time. Therefore, you almost always have less feedback during conference calls and face-to-face meetings. The primary downside to email as a feedback method is that it is not interactive.

Update Related to Covid-19 Pandemic

The FDA is not allowing face-to-face meetings during the Covid-19 pandemic. Three of the pre-subs Medical Device Academy submitted during the pandemic were rejected by the FDA due to insufficient FDA resources. We are also noticing increased delays in the pre-sub timeline. Two pre-subs had a 5-month scheduling lead-time instead of 60-75 days. Due to these delays, we have advised many clients to skip the presub if testing requirements are well defined in guidance documents and predicate 510k summaries. Althought the email option should theoretically result in a faster response from the FDA, during the pandemic we have actually seen that the teleconference options has been faster. My theory is that the teleconferences are require coordinating the schedules of multiple people, and therefore there is more focus by lead reviewers in making sure the feedback is provided in time for the scheduled teleconference. 

Which feedback option will you pick?

Regardless of which feedback method you choose, you can always follow-up with supplemental questions and obtain additional feedback from the FDA after you receive the initial response to your pre-submission meeting request. If you are planning a clinical study, you might seek interactive feedback in a conference call during the pre-submission meeting. Then you can follow-up with a clinical study protocol as a supplement to obtain additional feedback from the FDA.

Additional Resources

If you are interested in learning more about a pre-submission meeting request to the FDA, consider watching and listening to a webinar on the topic.

Posted in: 510(k)

Leave a Comment (1) →

How to find updated FDA forms for a 510k

Before you complete FDA forms for your 510k submission, you need to made sure you have the most updated FDA forms.

How do you know if the FDA form you are using is current?

The FDA assigns numbers to each FDA form and the document control number is found in the bottom left footer of the document. In addition, the top right-hand header of the document will have an expiration date for the form (see the picture below). Often the changes to FDA forms are minor, but you should only submit the current version of the FDA form which has not expired.

FDA Form 3881 screen capture How to find updated FDA forms for a 510k

What happens if you are using an expired FDA form?

In the past, if you included an obsolete document in your submission the FDA would often ignore this an proceed with the review of your submission anyway. Now FDA reviewers will identify the obsolete form and require you to resubmit the document on the current version of the form. If the reviewer is conducting an initial Refusal to Accept (RTA) screening, and one of the required items in the RTA screening are identified, then you will receive an RTA Hold letter and the RTA checklist will include a comment that you have used an obsolete version of an FDA Form.

If there are no deficiencies identified in the RTA checklist, the reviewer may still send you an email asking you to submit the document on the correct form. This could be a formal amendment (e.g. K123456/A001) or it could be as an informal email of the corrected document. This type of request could also be identified after the substantive review is complete in the form of a comment in an Additional Information (AI) Request or as part of an Interactive Review Request. An AI Request must be responded to with a formal supplement submitted to the Document Control Center (DCC) as a supplement to the original submission (e.g. K123456/S001) or as an informal ammendment submitted by email.

Examples of updated FDA forms for your 510k submission

Expired forms are frequently submitted to the FDA because submitters are using templates that have not been properly maintained or the submitter modified a form that was submitted in a previous 510k submission. The most common examples include: FDA Form 3514 (i.e. Submission Coversheet), FDA Form 3881 (i.e. Indications for Use), and the RTA Checklist.

Where can you find updated FDA forms?

Recently one of our clients noticed that the 510k template folder we share with people that have purchased our 510k course included obsolete templates for Financial Disclosure. There are three financial disclosure forms that can be used for a 510k submission or De Novo Classification Request:

  1. FDA Form 3454, Certification: Financial Interest and Arrangements of Clinical Investigator (PDF)
  2. FDA Form 3455, Disclosure: Financial Interest and Arrangements of Clinical Investigators (PDF)
  3. FDA Form 3674, Certification of Compliance, under 42 U.S.C. , 282(j)(5)(B), with Requirements of ClinicalTrials.gov (PDF)

We normally update these FDA forms as soon as the new form is released, but this financial disclosure forms are only used in about 10-15% of 510k submissions.

The current version of most FDA forms can usually be found by simply conducting an internet search for the form using your favorite browser. However, sometimes you may find a copy of the document that was editted by a consultant to facilitate completion of the document as an unsecured PDF or Word document. Although this is convenient, you should not use these “bastardized” forms. You should use the original secured form provided by the FDA. These native forms require Adobe Acrobat to complete the form and save the content. The most current version of the FDA form can be found using the FDA’s Form search tool.

Editing and Signing FDA Forms

Most of the FDA forms are secured and you can only enter information in specific locations. If there is a location for a signature, usually the signature cannot be added in Adobe to the secured form. In these situations, our team will save the document as a “Microsoft Print PDF” format. Once the document has been saved in this “non-native” format, you can manipulate almost anything in the document. Then we will add signatures using the “Fill and Sign” tool in Adobe Acrobat or we will use the “Edit” tool. Editing also gives us ability to make corrections when the document has incorrect information filled in the form somewhere.

Another option for adding dates and signatures is for you to save the document as a non-secure PDF. Then using an electronic signature software tool like Docusign, you can request that another person add their electronic signature or you can add your own electronic signature. Some companies prefer to do this to ensure the electronic signature meets 21 CFR Part 11 requirements, but the FDA accepts scanned images of a signature that was added to the document without certification in a 510k submission. This is even true for the Truthful and Accuracy Statement for a 510k. That document can be attached as a PDF in an FDA eSTAR template or you can electronically sign the eSTAR template if the person preparing the eSTAR is also the person signing the Truthful and Accuracy Statement.

Tips and Tricks for maintaining templates

Our company is a consulting firm, and we do not have a formal document control process that would be typical of our clients. However, we do have a shared Dropbox folder where we maintain the most current version of 510k templates. Any obsolete versions we move to an archive folder. However, there are ways to improve this informal system. You can include a date of the document in the file name. For example, “Vol 4 001_Indications for Use (FDA Form 3881) rvp 2-7-2022.” This indicates that this file is the FDA Form 3881 which is the indications for use form used in Volume 4 of the 510k submission. The document is the first document in that volume. The date the form was revised and saved is February 7, 2022 and the author’s initials are “rvp.”

If you are saving 510k templates you might consider adding an expiration date to the file name. For example, “Vol 4 001_Indications for Use (FDA Form 3881) exp 06-30-2023.” This file name indicates that the form’s expiration date is June 30, 2023. The inclusion of an expiration date in the file name is a visual reminder of when you will need to search for an updated FDA form.

A third way to manage your FDA Forms is to include them in your documents of external origin. ISO 13485:2016, Clause 4.2.4, requires that you maintain control of documents of external origin. Therefore, if your company has a formal quality system, a list or log of documents of external origin is the best way to manage FDA forms. Your log should indicate the date the updated FDA form was created, any parent guidance documents should be cross-referenced, and the expiration date of the FDA form should be identified. By using a log of this type, you can sort the list by expiration date or by the date of creation if there is no expiration date identified. Sorting the list will help your team prioritize which documents need to be reviewed next for new and revised versions.

Additional 510k submission resources

The FDA will be updating the 510k guidance for the new FDA eSTAR template by September 2022. Medical Device Academy will be systematically updating all of our templates and training webinars related to preparation of 510k submissions. We will also be preparing for the transition from FDA eCopy submissions to electronic submissions via a Webtrader Account.

You can keep up-to-date on template revisions in one of two ways:

  1. Purchase our 510k course, and you will receive access to the updated templates as they are created. We will send email notifications each time a template is updated.
  2. Register for our New Blog email subscription for automated email notifications of when a new blog is released about updated FDA forms, templates, and webinars.
  3. Register for our New Webinar email subscription for automated email notifications of when a new or revised webinar is scheduled and for email notification of our newest live streaming YouTube videos.

Posted in: 510(k)

Leave a Comment (0) →

eSTAR draft guidance is here, and wicked eSubmitter is dead.

I hated the the FDA eSubmitter template which was discontinued May 30, 2021. Finally we have eSTAR draft guidance for the new eSTAR template.

eSTAR draft guidance button eSTAR draft guidance is here, and wicked eSubmitter is dead.

History of 510k electronic submissions

The FDA has experimented with a multitude of pilot 510k submission programs over the years to streamline and improve the 510k submission content, formatting, and to facilitate a faster review process. The Turbo 510k program was one of the first successful pilot programs. In 2012 I wrote one of my first blogs about how to improve the 510k process. In September 2018, the FDA launched the “Quality in 510k Review Program Pilot” for certain devices using the eSubmitter electronic submission template. The goal of the this pilot program was to enable electronic submissions instead of requiring manufacturers to deliver USB flash drives to the FDA Document Control Center (DCC). I hated the eSubmitter template, and the FDA finally discontinued availability of the eSubmitter template on May 30, 2021. During the past 15 years, the FDA gradually streamlined the eCopy process too. Originally we had to submit one complete hardcopy, averaging 1,200 pages per submission, and one CD containing an electronic “eCopy.” Today, the current process involves a single USB flash drive and a 2-page printed cover letter, but today’s eCopy must still be shipped by mail or courier to the DCC.

eSTAR Pilot Program is Launched

During the 15-year evolution of the FDA eCopy, CDRH was trying to develop a reliable process for electronic submissions of a 510k. CBER, the biologics division of the FDA, has already eliminated the submission of eCopy submissions and now 100% of biologics submissions must be submitted through an electronic submissions gateway (ESG). In February 2020, CDRH launched a new and improved 510k template through the electronic Submission Template And Resource (eSTAR) Pilot Program. The eSTAR templates include benefits of the deceased eSubmitter template, but CDRH has incorporated additional benefits:

  • the templates use Adobe Acrobat Pro instead of a proprietary application requiring training;
  • support for images and messages with hyperlinks;
  • support for creation of Supplements and Amendments;
  • availability for use on mobile devices as a dynamic PDF;
  • ability to add comments to the PDF; and
  • the content and logic mirrors checklists used by CDRH reviewers.

Medical Device Academy’s experience with the eSTAR Templates

Every time the FDA has released a new template for electronic submissions we have obtained a copy and tried populating the template with content from one of our 510k submissions. Unfortunately, all of the templates have been slower to populate that the Word document templates that our company uses every day. On May 16 we conducted an internal training for our team on the eSTAR submission templates, and we published that training as a YouTube Video (see embedded video below). Then nine days later the FDA released updates to the eSTAR templates (version 0.7). The new eSTAR templates are available for non-IVD and IVD products (ver 0.7 updated May 27, 2021).

Sharon Morrow submitted our first eSTAR template to the FDA in August and we experienced no delays with the 510k submission during the initial uploading to the CDHR database, there was no RTA screening process, and CDRH did not identify any issues during their technical screening process. Shoron’s first eSTAR submission is now in interactive review, which is a better outcome than 95%+ of our 510k submissions. I have several other eSTAR submissions that are almost ready to submit as well. The other 510k consultants on our team are also working on their first eSTAR submissions.

Finally the CDRH releases an FDA eSTAR draft guidance

On September 29, 2021 the FDA released the new eSTAR draft Guidance for 510k submissions. This is a huge milestone because there have not been any draft guidance documents created for pilot programs. The draft indicates that the comment period will last 60 days (i.e. until November 28, 2021). However, the draft also states that the guidance will not be finalized until a date for requiring electronic submissions (i.e. submission via an ESG) is identified. The draft indicates that this will be no later than September 30, 2022. Once the guidance is finalized, there will be a transition period of at least one year where companies may submit via an ESG or by physical delivery to the FDA DCC.

Are there any new format or content requirements in the FDA eSTAR draft guidance?

There are no new format or content requirements in the eSTAR draft guidance, but the eSTAR template itself has several text boxes that must be filled in with summary information that is not specified in the guidance for format and content of a 510k. The information requested for the text boxes is a brief summary of non-confidential information contained in the attachments of the submission. Therefore, these boxes can information that would normally be in the overview summary documentst that are typically included at the beginning of each section of a 510k. If your overview documents do not already have this information, then you may have some additional work to do in order to complete the eSTAR templates. An example of one of these text boxes is provided below:

Summary of electrical mechanical and thermal testing eSTAR draft guidance is here, and wicked eSubmitter is dead.

Another example of additional content required by the eSTAR templates is references to page numbers. Normally the FDA reviewer has to search the submission for information that is required in their regulatory review checklist. In the new templates the submitter is now asked to enter the page numbers of each attachment where specific information can be found. The following is an example of this type of request for a symbols glossary:

Reference to symbols glossary in labeling eSTAR draft guidance is here, and wicked eSubmitter is dead.

Are there any changes to the review timelines for a 510k in the eSTAR draft guidance?

The eSTAR draft guidance indicates that a technical screening will be completed in 15 calendar days instead of conducting a RTA screening. I believe that the technical screening is less challenging than the RTA screening, but the FDA has not released a draft of the technical screening criteria or a draft checklist. I would imagine that the intent was to streamline the process and reduce the workload of reviewers performing a technical screening, but we only have guesses regarding the substance of the technical review and so far our performance is 100% passing (i.e. 1 of 1). The next step in the 510k review process is a substantive review. Timelines for the substantive review are not even mentioned in the new draft guidance, but the FDA usually has the review clock details in Table 1 (MDUFA III performance goals) and Table 2 (MDUFA IV performance goals) of the FDA guidance specific to “Effect on FDA Review Clock and Goals.” In both tables, the goal is 60 calendar days, and our first eSTAR submission completed the substantive review in 60 days successfully. The 180-day deadline for responding to an additional information (AI) request has not changed in the eSTAR draft guidance, but our first submission is now interactive review. I believe this suggests that companies may have a higher likelihood of having an interactive review with their CDRH lead reviewer instead of being placed upon AI Hold, but we won’t have enough submissions reviewed by the FDA to be sure until the end of Q1 2022.

Register for our new webinar on the FDA eSTAR draft guidance

We hosted a live webinar on Thursday, October 21, 2021 @ Noon EDT. The webinar was approximatley 37 minutes in duration. In this webinar we shared the lessons learned from our initial work with the eSTAR template. Anyone that registers for our webinar will also receive a copy of our table of contents template that we updated for use with the eSTAR templates. Unlike a 510k eCopy, an eSTAR template does not require a table of contents but we still use a table of contents to communicate the status of the 510(k) project with our clients. Finally, we reviewed the eSTAR draft guidance in detail. If you would like to receive our new eSTAR table of content template and an invitation to our live webinar, please complete the registration form below.

About the Author

Rob Packard 150x150 eSTAR draft guidance is here, and wicked eSubmitter is dead.
Robert Packard is a regulatory consultant with 25+ years of experience in the medical device, pharmaceutical, and biotechnology industries. He is a graduate of UConn in Chemical Engineering. Robert was a senior manager at several medical device companies—including the President/CEO of a laparoscopic imaging company. His Quality Management System expertise covers all aspects of developing, training, implementing, and maintaining ISO 13485 and ISO 14971 certification. From 2009-2012, he was a lead auditor and instructor for one of the largest Notified Bodies. Robert’s specialty is regulatory submissions for high-risk medical devices, such as implants and drug/device combination products for CE marking applications, Canadian medical device applications, and 510(k) submissions. The most favorite part of his job is training others. He can be reached via phone 802.258.1881 or email. You can also follow him on Google+LinkedIn or Twitter.

Posted in: 510(k), eSTAR

Leave a Comment (3) →

How much does a 510k cost?

How much does a 510k cost is the most common question I receive from customers, and there are three parts to the cost of a 510k.

If you want to save $9,559 on your 510k cost of submission to the FDA, you need to listen to ALL of this video and follow every single step in the process. Most of our clients forget one of the steps and end up paying full price for their 510k.

There are three parts to the 510k cost of submission:

  1. Testing
  2. Submission Preparation
  3. FDA User Fees

The highest cost is testing

The testing cost is the biggest cost, but I think the average is around $100K for our clients. For devices that only consist of software (i.e. software as a medical device or SaMD), the testing costs are less, but the cost of documenting your software validation and cybersecurity will be more extensive than the cost of preparing your 510k and the FDA user fee. The more you can do in-house, the lower the testing costs will be. Biocompatibility testing for a non-invasive device might be only $13,000, but a long-term implant can cost as much as $100,000 for the implantation studies. Sterilization validation testing depends upon the method of sterilization and whether you are doing a single-lot method or a full validation. Typical costs for EO sterilization validation are around $15,000, and then you should add several thousand more for the shelf-life testing.

For devices that are powered and/or have software, you will need to perform software validation in accordance with IEC 62304 ed 1.1 (2015). There are also five FDA guidance documents that apply:

  1. General Principles of Software Validation; Final Guidance for Industry and FDA Staff (January 2002)
  2. Guidance for the Content of Premarket Submissions for Software Contained in Medical Devices (May 2005)
  3. Guidance for Industry, FDA Reviewers and Compliance on Off-The-Shelf Software Use in Medical Devices (September 2019)
  4. Guidance for Industry and Food and Drug Administration Staff Content of Premarket Submissions for Management of Cybersecurity in Medical Devices (October 2014)
  5. Guidance for Industry, FDA Reviewers and Compliance on Postmarket Management of Cybersecurity in Medical Devices (December 2016)

You can do all of the software validation in-house, but some firms choose to outsource the validation of software. In the long-term, you need to learn this, and it pays to hire an expert in IEC 62304 to help your team learn how to document software validation if you have not done this before. Typically, software validation documentation will be between 300 and 1,000 pages in length.

Electrical safety and EMC testing are often the most expensive part of the testing process for our customers. EMC testing should always be done first to make sure that you can pass the immunity and emissions testing. If you have to modify the device to pass the EMC testing, then you will need to repeat any electrical safety testing. The total cost of this testing is typically $50-60K.

Performance testing is the last part of the testing process. Performance testing should be performed on sterile and aged products if your product requires sterility and you are claiming a shelf-life. Most of the testing is benchtop testing only to demonstrate performance. This includes simulated use testing (e.g. summative usability testing), cadaver testing, and computer modeling. Benchtop performance testing is typically tens of thousands of dollars to complete, but you might be able to do the testing in-house. If animal testing is required, this typically costs around $100K. Finally, if a human clinical study is required (i.e. ~10% of 510k submissions). Then you should expect to spend between $250K and $2.5 million. Some simple clinical studies (e.g. IR thermometers) cost less than $100K, but these resemble benchtop performance testing in many ways.

The second highest cost is the cost of submission preparation

Medical Device Academy has two different options for preparation consulting fees. Your first option is hourly consulting fees. The second option is a flat fee. As of September 2021, we are charging $3,850 for pre-submission preparation and $14,410 for 510(k) submission preparation. Therefore, the total cost is $18,260 if you need to request a pre-submission meeting.

510k cost #3 is the cost of the FDA user fee

You have three options for your FDA user fees. The first option is to avoid the FDA altogether and submit to a third-party reviewer. We only recommend one third-party reviewer, because the other companies do not have sufficient experience to have predictable review times and positive outcomes. The quote we received recently was $13,600. If you submit directly to the FDA, the standard user fee is $12,745. If you apply for small business status, and the FDA grants you that status for the fiscal year you are submitting, then the user fee is $3,186.

FY 2022 FDA User Fees for the 510k cost How much does a 510k cost?

Reduce 510k cost by applying for small business status

Every medical device company that has revenues of less than $100 million annually can apply, but you must apply each year. There is no application fee, but you need to complete FDA Form 3602 if you are a US firm. The form must be completed for each subsidiary too. FDA Form 3602A must be completed for foreign firms, and the national tax authority must verify the accuracy of your income statement on the form in order to submit it to the FDA. If your national tax authority refuses to sign the form you can provide a justification, but I don’t know anyone that has successfully done this yet. The qualification review by the FDA requires 60 days. Therefore, you should apply every year in August for the next fiscal year (October 1, 2021 – September 30, 2022, is FY 2022). The form will request that you include your Organization ID #. A Dun & Bradstreet Number (DUNS #) is also required if your firm is located outside the USA. Finally, you need to attach a copy of your tax return. Therefore, you must file your tax return–even if your firm had a loss or had no revenues. You can also take advantage of R&D tax credits in the USA or Canada if you are a start-up device company developing a new device.

About the Author

Rob Packard 150x150 How much does a 510k cost?

Rob Packard is a regulatory consultant with 25+ years of experience in the medical device, pharmaceutical, and biotechnology industries. He is a graduate of UConn in Chemical Engineering. Robert was a senior manager at several medical device companies—including the President/CEO of a laparoscopic imaging company. His Quality Management System expertise covers all aspects of developing, training, implementing, and maintaining ISO 13485 and ISO 14971 certifications. From 2009 to 2012, he was a lead auditor and instructor for one of the largest Notified Bodies. Robert’s specialty is regulatory submissions for high-risk medical devices, such as implants and drug/device combination products for CE marking applications, Canadian medical device applications, and 510(k) submissions. The most favorite part of his job is training others. He can be reached via phone at 802.258.1881 or by email. You can also follow him on Google+LinkedIn, or Twitter.

Posted in: 510(k)

Leave a Comment (0) →

How to pass the FDA Refusal to Accept (RTA) Screening Process

This article helps you understand how to pass the FDA Refusal to Accept (RTA) screening process 510k submissions – updated Sept 2019 version.

Refusal to Accept How to pass the FDA Refusal to Accept (RTA) Screening Process

What is an RTA Checklist?

The “RTA” in RTA Checklist stands for Refuse to Accept. The FDA uses this tool to determine if your 510(k) submissions will be accepted or not for a substantive review. Accepted, not approved because this is simply a verification that the required information is included in your submission. As stated in the 2019 FDA guidance document for the FDA’s Refuse to Accept Policy for 510(k)s “a minimum threshold of acceptability and should be accepted for substantive review.”(Ref.1). That does a nice job summarizing the RTA checklist. It is a tool used to help assess whether or not your submission contains the required information to continue with a more thorough review of the contents of the submission itself. 

What does the Refusal to Accept (RTA) policy apply to?

The Refusal to Accept (RTA) policy applies to all 510k submissions. The RTA checklist or more checklists apply specifically to each 510(k) submission type:

  • Traditional 510k
  • Abbreviated 510k
  • Special 510k

There is a different RTA checklist for each submission type. The checklists can be found within the Refuse to Accept Policy for 510(k)s guidance document. Specifically, in the PDF document that the FDA reissued on September 13, 2019, the checklists can be found in the following areas:

  • Traditional 510k – Appendix A. Page 20 (numbered page 21)
  • Abbreviated 510k – Appendix B. Page 55 (numbered page 56)
  • Special 510k – Appendix C. Page 91 (numbered page 92 )

Note that in the title of the checklist it is referred to as an ‘acceptance checklist.’ It is not called the RTA checklist until you get to the footer of the page. It is also listed as an acceptance checklist on the FDA website. The best way to think of the process is as preliminary screening by the FDA. 

What does the FDA look at during the Refusal to Accept (RTA) screening process?

During the screening process, the assigned RTA screener will review 510k submission and try to identify all of the requirements listed in the applicable RTA checklist. The person screening your submission is required to answer “yes,” “no,” or “n/a” to the questions in the checklist. This person must also enter the document and the page where the information can be found in the submission. Finally, if an element required by the refusal to accept (RTA) checklist cannot be found, then the screener adds a comment at the end of that section in the checklist. The comment will state what your deficiency is and it may even identify a guidance document that can help you address the issue. If you are missing requirements, you will receive an email from the RTA screener with the completed RTA checklist attached. We call this an “RTA Hold” letter. If your submission is not rejected, then your 510k is administratively complete and you will receive an automated email indicating that your submission was accepted and the substantive review will now begin.

Refusal to Accept (RTA) Time Frame

As stated in the guidance document the Refusal to Accept policy includes “an early review against specific acceptance criteria and to inform the submitter within the first 15 calendar days after receipt of the submission if the submission is administratively complete, or if not, to identify the missing element(s).” (Ref. 1). If the assigned screening person is unable to complete the process within 15 calendar days, then you will receive an automated email stating that they were unable to complete the RTA checklist within 15 calendar days and your submission is automatically moved to the substantive review stage of the 510k review process.

Taking the time to perform your own gap analysis before you submit could avoid a simple error. For example, if you forget to include the signed Truthful and Accuracy Statement in your submission it could take 15 days to be notified of that missing element. The person screening your submission could email you to provide this missing element in an interactive review to avoid placing your submission on hold, but they are not required to give you a chance to provide this interactively by email. If you do receive an RTA Hold letter, you might be able to correct missing elements on the same day, but the 510k review clock is automatically reset when your 510k is placed on RTA Hold. There will be another 15-day refusal to accept (RTA) screening of your submission when you respond to an RTA Hold letter.

What to do with the information in the comments of the RTA checklist?

The RTA checklist is the criteria that your submission is being evaluated against. If your submission has deficiencies during the initial review against the RTA Checklist, the FDA will refuse to accept it and the substantive review will not begin until those deficiencies have been corrected. Since the FDA does not hide what they are looking for, or how they will evaluate your submission, use that to your advantage. Assuming that you have correctly determined the type of 510k submission you have, perform a gap analysis of your submission against the RTA checklist. Either perform these actions in-house, or hire an outside consultant to do them for you, but make sure you don’t make the mistake of trying to check your own work because you will miss something. 

Scope of the FDA Refusal to Accept Guidance Document

The scope of the FDA guidance document that is provided for the benefit of the FDA personnel that are reviewing your submission and not specifically for the 510k submitter. It is also for the purpose of providing a loose framework for systematically reviewing submissions in a consistent manner. This ensures all submissions receive equal nonbiased treatment. There are some things that this guidance document does not address or alter by its own admission. One of those things is the “substantial equivalence decision-making process once the submission has been accepted for review.” The refusal to accept (RTA) guidance also does not address FDA user fees. Other guidance documents address those issues.

What are the most common reasons for FDA refusal of your 510k submission?

Although there are dozens of reasons (43 to be exact) why the FDA could reject your submission in the 35-page RTA checklist, most of the refusals (~80%) result from a small percentage (~20%) of reasons. The most common is that your submission is poorly organized. Either you did not provide a table of contents, your submission is not organized in accordance with the sections outlined in the guidance, or the pages of your submission are not properly numbered. When you are trying to review a 1,200-page submission, poor organization is extremely irritating and wastes the reviewer’s time. If it were my decision, I would refuse to complete the entire checklist until you gave me a properly organized submission.

The second most common reason for refusal is the submission of a device description that is not adequate. The FDA needs more detail than most companies provide for the device description because they need to understand what the differences are between your device and the predicate device. This includes much more than just the indications for use. Who are the intended patients and users? What is the intended environment of use? What are the materials for patient-contacting components? What is the source of power for your device? Which design features does your device include when compared to the predicate? What is the user interface for your device? Which accessory devices are needed with your device? You can even make the mistake of being inconsistent in your submission by not repeating the content in the device description in other sections of the 510k submission. It is important to duplicate certain content verbatim in other documents such as the 510k summary, the executive summary, the substantial equivalence comparison, and the instructions for use. Paraphrasing and summarizing certain information will not work.

The third most common reason for refusal of your submission is likely to be related to software validation documentation. In addition to complying with the recognized IEC 62304 standard, you also need to comply with the five software guidance documents that the FDA has published. The FDA and 3rd-party reviewers use an 11-item checklist based upon the 2005 FDA guidance document on software validation documentation. In addition, if your device has any of the following 5 elements, your submission must also comply with the two FDA guidance documents on cybersecurity:

  1. Cloud communication
  2. Network connection (active or not)
  3. Wireless communication in any form
  4. USB/serial ports/removable media
  5. Software upgrades (this includes patches)

Finally, biocompatibility is the one testing section of your 510k submission that is most likely to result in refusal to accept by the FDA out of the seven sections requiring testing reports. There are several reasons why biocompatibility results in more refusals than the other six testing sections. First, the FDA requirements go above and beyond the requirements of the ISO 10993-1 standard. Second, the FDA requires that you submit full testing reports for biocompatibility while you can submit summaries for other sections (e.g. sterilization validation). Third, many submitters try to provide a rationale for why testing is not required for their device, but the FDA has very stringent requirements for the use of a biological risk assessment or a biocompatibility certification statement in lieu of testing.

Do you have to follow the RTA checklist exactly?

You can, but you are also not bound by it. Like all guidance documents they “contain nonbinding recommendations”. The checklist is released as part of a guidance document, so it is a guidance and not a regulatory requirement. That being said, if your submission is missing an element in the checklist, your 510k submission will be considered administratively incomplete unless you provide a clear explanation as to why the checklist element is not applicable to your submission or you explain how you meet the 510k submission requirement in another way.

Medical devices vary wildly and there is no one size fits all approach. The FDA recognizes that and includes some wiggle room that gives them some discretion in reviewing submissions. However, 100% of the 3,500+ submissions received each year are screened using the refusal to accept (RTA) checklist and the screening person’s job is to verify that your submission meets the criteria. As it says in the guidance document:  

“The purpose of the 510(k) acceptance review is to assess whether a submission is administratively complete, in that it includes all of the information necessary for FDA to conduct a substantive review. Therefore, the submission should not be accepted and should receive an RTA designation if one or more of the items noted as RTA items in the checklist are not present and no explanation is provided for the omission(s). However, during the RTA review, FDA staff has the discretion to determine whether missing checklist items are needed to ensure that the submission is administratively complete to allow the submission to be accepted. FDA staff also has the discretion to request missing checklist items interactively from submitters during the RTA review. Interaction during the RTA review is dependent on the FDA staff’s determination that outstanding issues are appropriate for interactive review and that adequate time is available for the submitter to provide supporting information and for FDA staff to assess responses. If one or more items noted as RTA items on the Acceptance Checklist are not present, FDA staff conducting the acceptance review should obtain management concurrence and notify the designated 510(k), contact person, electronically that the submission has not been accepted. “ (Ref. 1).

The portion above notes that explanations may be provided for omitted portions of the submission. So, the answer to the question is that no, you do not have to follow the RTA checklist exactly. However, if you should purposefully omit a section you should provide an explanation and your rationale justifying why the omission is appropriate for your individual device and 510(k) submission. Again, just because you have included an alternative approach or justification does not automatically mean it will be accepted. The FDA personnel that are conducting the acceptance review will judge whether or not your deviation is acceptable.

What if your 510k submission is refused?

If your submission is refused you will be provided with a copy of the completed RTA checklist and each of the deficiencies you must address will be highlighted. Sometimes there will be an attachment to the checklist that has additional issues that are not in the RTA checklist, but the reviewer thinks you may need to address later. You might also see comments that are not highlighted. These are suggestions from the reviewer that you may or may not choose to address.

There is a 180-day timeline for response to an RTA Hold letter. The response must be submitted to the CDRH Document Control Center (DCC) as an eCopy, and the response must be received within 180 days. If the response is not received within 180 days, your submission will be automatically withdrawn on the 181st day. Your response may not be piecemeal. You must address all of the issues in the RTA checklist or your submission will be placed on RTA Hold again (i.e. RTA2). If you are not sure how to organize your response, a previous blog posting and YouTube video address this topic directly.

About the Author

20190531 005146 150x150 How to pass the FDA Refusal to Accept (RTA) Screening ProcessMatthew Walker – QMS, Risk Management, Usability Testing, Cybersecurity

Matthew came to us with a regulatory background that focused on OSHA and NFPA regulations when he was a Firefighter/EMT. Since we kidnapped him from his other career, he now works in Medical Device Quality Management Systems, Technical/Medical Writing, and is a Lead Auditor. Matthew has updated all of our procedures for  He is currently a student in Champlain College’s Cybersecurity and Digital Forensics program, and we are proud to say that he is also a member of both the Golden Keys and Phi Theta Kappa Honor Societies! Matthew participates as a member of our audit team and has a passion for risk management and human factors engineering. Always the mad scientist, Matthew pairs his professional life in regulatory affairs with hobbies in the culinary arts as he also holds a Butchers/Meat Cutters certificate from Vermont Technical College.

Email: Matthew@FDAeCopy.com

Connect on Linkedin: http://www.linkedin.com/in/matthew-walker-214718101/

Posted in: 510(k), FDA

Leave a Comment (1) →

How is your response to an Additional Information Request different from an RTA response?

How is your response to an Additional Information Request different from an RTA response?

A poor RTA response will cause a two-week delay, but an additional information request only gets one chance to avoid the dreaded NSE letter.

An Additional Information Request (i.e. AI Request) is typically received just before the 60th day in a 90-day 510k review, while a Refusal to Accept (RTA) Hold is typically received on the 15th day. If your response to your first RTA Hold (i.e. RTA1) is inadequate, the reviewer will issue another RTA Hold letter (i.e. RTA2) and your 510(k) review clock will be reset to 0 days. You will have another 180-days to respond to RTA2, and issues identified in an RTA Hold are usually easy to address. Most RTA Hold issues also have one or more guidance documents that are available to help you to obtain an RTA Accept letter. You can always request a submission-in-review (SIR) meeting to clarify what information the reviewer needs to address the RTA deficiencies too. If you want to learn more about responding to an RTA Hold, please read last week’s blog. The rest of this article is specific to responding to requests for additional information.

What happens after 60 days during a 510k review?

On the 60th day of the 510k review clock, or a few days prior to the 60th day, the lead reviewer must determine if they need to issue an Additional Information (AI) Request. The alternative to an AI Request is for the lead reviewer to issue a letter indicating that you have entered the Interactive Review Phase. This only happens if the reviewer believes they can make a decision regarding substantial equivalence in the next 30 days. If the decision is to issue an Interactive Review Letter, then the lead reviewer believes that only minor issues remain and there is only the need for interactive email responses between the lead reviewer and the submitter. An interactive review is the ideal outcome of the substantive review process but it rarely happens.

If you receive an Additional Information Request, what are your options?

The AI letter will indicate that you have 10 days to request a clarification meeting with the reviewer. The wording of this section of the AI letter is provided below:

“FDA is offering a teleconference within 10 calendar days from the date on this letter to address any clarification questions you may have to pertain to the deficiencies. If you are interested in a teleconference, please provide (1) proposed dates and (2) a list of your clarification questions via email at least 48 hours before the teleconference to the lead reviewer assigned to your submission. We would like to emphasize that the purpose of the meeting is to address specific clarification questions. The teleconference is not intended for the review of new information, test methods, or data; these types of questions could be better addressed via a Submission Issue Q-Submission (Q-Sub). For additional information regarding Q-Subs, please refer to the Guidance for Industry and FDA Staff on Medical Devices: Requests for Feedback and Meetings for Medical Device Submissions at https://www.fda.gov/media/114034/download.”

If you wait too long to request the teleconference, then FDA will require you to submit a formal pre-sub meeting request or “Submission in Review” (SIR) meeting request. If you request a SIR meeting within 60 days of receiving an AI Request, the FDA will schedule a SIR meeting with you within three weeks of receiving the request–assuming resources are available. If you wait longer than 60 days to request the SIR meeting, then the FDA will default to their normal target of 60-75 days for scheduling a pre-sub meeting. For example, if you submit your SIR meeting request on day 75, and the FDA takes 75 days to schedule the meeting, you will be granted your SIR meeting at 150 days and you will only have 30 days remaining to respond to the AI Request before your submission is automatically withdrawn.

Therefore, it is important to request a clarification meeting immediately after you receive the AI Request. While you are waiting for your clarification meeting, you should immediately begin preparing any draft testing protocols that you want the FDA to provide feedback on during a SIR meeting. Then after you have the clarification meeting, you should submit your SIR meeting request and include any draft testing protocols you have prepared. This may include a statistical sampling rationale, a proposed statistical analysis method, a summative usability testing protocol, or a draft protocol for some additional benchtop performance testing. The FDA can review examples of preliminary data, a protocol, or a proposed method of analysis. The FDA cannot, however, provide a determination of substantial equivalence.

The Most Common Mistakes in Responding to an Additional Information Request

Most companies make the mistake of asking the lead review if they provide specific additional information, “Will this be sufficient to obtain 510(k) clearance?” Unfortunately, the FDA is not able to provide that answer until the company has submitted the additional information and the FDA review team has had time to review it thoroughly. This is done only when the submitter delivers an FDA eCopy to the Document Control Center at CDRH, and the review team is able to review the information. This new information is assigned a supplement number (e.g. S001), and it will typically require three weeks to review the information. Then the lead reviewer may request minor modifications to the labeling, instructions for use, or the 510k summary. This request is an interactive request, and the submitter must respond within a very short period (e.g. 48 hours), and the wording of the request may be “Please provide the above information by no later than COB tomorrow.”

FYI: “COB” means “close of business.” Wow. The FDA loves acronyms.

Best Practices in Responding to an Additional Information Request

If you receive an AI request on a Friday afternoon, 58 days after your initial submission, you should immediately request a clarification teleconference with the FDA reviewer for the following week. The only exception is if you only have minor deficiencies that you feel are completely understood. During the days leading up to the clarification teleconference, your team should send a list of clarification questions to the lead reviewer and begin drafting a response memo with a planned response to each deficiency. After the clarification meeting, you will have approximately 6-7 weeks to submit a SIR meeting request. However, you should not wait that long. Your team should make every effort to submit your SIR meeting request within 2-3 weeks. If the FDA takes 3 weeks to schedule your meeting, then you will have used approximately 6 weeks of your 26 weeks to respond to the AI Request.

In your SIR meeting request, you should always try to provide examples or sample calculations to make sure the FDA review team understands what you are proposing to submit in your supplement. For example, the FDA reviewers do not have enough time to review your entire use-related risk analysis (URRA) in a SIR meeting request. However, you can provide an example of how you plan to document a couple of use-related risks. Then you can show how these risks would translate into critical tasks. Finally, you could provide a draft summative usability testing protocol for FDA feedback. The FDA review team doesn’t have enough time available to review much more. You will only have one hour for your SIR meeting.

How to Prepare Your Response

In section “V” of the FDA guidance on deficiency responses, the FDA recommends that you restate the issue identified by the reviewer in your response. Next, your response should include one of the following:

  1. the information or data requested, or
  2. an explanation of why the issue is not relevant, or
  3. alternate information with an explanation of why the information you are providing addresses the issue.

Before you respond to an AI Request, you should look up any FDA guidance documents referenced in the AI Hold letter to make sure that you address each requirement in the applicable FDA guidance document(s).

The most important technique to learn when you are responding to regulators is to organize your response in a tabular format that is numbered in exactly the same order that the request was made. Typically there will also be sub-parts to certain issues. In that case, you should duplicate the numbers and/or letters of each sub-part and segregate each sub-part in a different row of the table. Personally, I like to alternate the color of the font I use in the table to make it even more obvious which information is a restatement of the reviewer’s comment and which information is the company’s response to the AI Request.

Why you don’t get a second chance to respond to an AI Request

Once you respond to an AI Request, and the DCC receives your FDA eCopy, the FDA review clock will then resume the countdown to 90 days. In our example above, you received the AIR Request on the 58th day. The FDA must review everything you submitted and make a final substantial equivalence decision before the 83rd day because they still need to submit their recommendations to senior management in their branch. If any changes to the labeling, instructions for use, or the 510k are required, you should receive those requests several days before (i.e. 76-83 days). You can respond to interactive requests via email, and then the final SE decision will be made. If you do not respond to all of the deficiencies in the AI Request, the FDA reviewer will not have enough time to request that you address the remaining gaps and finish their review. Therefore, an incomplete AI Response will certainly result in a non-substantial equivalence (NSE) letter.

If you need to respond to an additional information request from the FDA reviewer, we can review your planned response to identify potential gaps. If you need help please use our calendly app to schedule a call with a member of our team.

About the Author

Rob Packard 150x150 How is your response to an Additional Information Request different from an RTA response?

Robert Packard is a regulatory consultant with 25+ years of experience in the medical device, pharmaceutical, and biotechnology industries. He is a graduate of UConn in Chemical Engineering. Robert was a senior manager at several medical device companies—including the President/CEO of a laparoscopic imaging company. His Quality Management System expertise covers all aspects of developing, training, implementing, and maintaining ISO 13485 and ISO 14971 certification. From 2009-2012, he was a lead auditor and instructor for one of the largest Notified Bodies. Robert’s specialty is regulatory submissions for high-risk medical devices, such as implants and drug/device combination products for CE marking applications, Canadian medical device applications, and 510(k) submissions. The most favorite part of his job is training others. He can be reached via phone 802.258.1881 or email. You can also follow him on Google+LinkedIn or Twitter.

Posted in: 510(k)

Leave a Comment (0) →

What are the secrets to success in responding to an FDA RTA Hold?

What are the secrets to success in responding to an FDA RTA Hold?

When an FDA reviewer places your 510k on RTA Hold, there are secrets you can learn to improve your chances of a successful response.

Test your knowledge about the FDA RTA Hold process

Did you know that approximately 50% of 510(k) submissions are placed on RTA Hold? Did you know that you can be placed on RTA Hold multiple times for the same submission? Did you know that the 90-day review clock is reset to “0” when you submit your response? Do you know how to respond to the FDA when the reviewer is incorrect? Did you know that you can avoid the RTA screening process for any 510(k) submission if you use the correct template? Every year there are more than 1,000 submissions placed on RTA Hold, but did you know there is an FDA guidance specifically telling you how to respond to deficiencies? You can learn the secrets to responding to an FDA RTA Hold just by reading this article.

What is an FDA RTA Hold?

When the FDA receives a Traditional 510k submission FDA eCopy, the eCopy is uploaded to the FDA system within hours of the submission being received. If the eCopy does not meet the eCopy format requirements, then the submission will be placed upon eCopy Hold. The official correspondent will receive an automated email indicating that the submission is on eCopy Hold, and the submitter will be asked to correct the submission format to meet the eCopy submission requirements and provide a replacement eCopy. If the FDA user fee has not cleared, then the submission will be placed on User Fee Hold. It is possible to be placed on eCopy Hold and User Fee Hold at the same time.

If your eCopy is accepted, then a reviewer is assigned to screen your submission for compliance with the FDA Refusal to Accept (RTA) policy. The reviewer has 14 days to complete this review, and on the 15th day the reviewer must do one of three things: 1) issue a RTA Hold letter to the submitter, 2) issue an RTA Acceptance letter to the submitter, or 3) issue a letter that states the RTA screening was not completed on-time and the submission was automatically accepted. If your receive an RTA Hold letter, it will be via email from the reviewer and the RTA Checklist will be attached. In the checklist, there will some items highlighted in yellow and deficiencies will be noted in those sections. The reviewer may add additional comments to the checklist, but you are only required to respond to the highlighted sections. The process that the reviewer follows for RTA screening is defined in the FDA guidance for the Refusal to Accept process, and the guidance includes a checklist for traditional, abbreviated, and special 510k submissions. Some companies will fill in these checklists themselves and submit a copy of the checklist with the 510k submission. This is intended to help the reviewer identify where all of the requirements in the RTA checklist can be found. Third-party reviewers require that the company complete the RTA checklist and provide it to them with the eCopy.

How many times can you be placed on hold for the same submission?

Technically there is no limit to the number of times a submission can be placed on RTA Hold, and our firm has seen a few submissions placed on RTA Hold twice in a row. The first RTA Hold is referred to as RTA1, and the response to that RTA Hold is referred to as the first supplement (i.e. K123456/S001). If a second RTA Hold is issued, that hold is RTA2, and the response to that RTA Hold is referred to as the second supplement (i.e. K123456/S002). A response to an eCopy Hold is referred to as an amendment (i.e. K123456/A001).

What happens to the 90-day review clock when you are placed on RTA Hold?

When the FDA reviewer places your submission on RTA Hold, the 90-day review clock is automatically reset. Therefore, even if you respond to an RTA Hold on the same day you receive the RTA Hold, and your submission is received the next day, the “real” review timeline is now 106 days instead of 90. If your submission is placed on RTA Hold twice, then the “real” review timeline is now 122 days instead of 90. If the lead reviewer of your 510k requests additional information, this is referred to as an “AI Request.” We will address this in a future blog, but an AI Request does not reset the review timeline. The AI Request, however, will increase the review timeline. Although we rarely have an RTA Hold, we almost always have an AI Request. This is why our average submission is approximately 125 days (i.e. ~30 days are required to respond to the AI Request.

How should you respond if the FDA reviewer is incorrect?

The average 510(k) submission has grown over time from 300 pages to more than 1,200 pages, but the FDA review “clock” is still 90 days and the RTA screening is limited to 15 days. Therefore, it is not reasonable for you to expect the reviewer to understand and absorb every detail of your submission. If the reviewer can’t find the information they are looking for quickly, the reviewer may state that they could not find the information in the submission or that you did not provide it. If the information is found in the submission, you should provide a reference to the section of the submission, including the document and page number, in your RTA response. You may even choose to quote the information in your response memo if it is brief.

Other times the reviewer may not understand why certain information is not relevant to your submission. In this case, you should restate why the information requested is not relevant. You may want to review relevant FDA guidance documents that explain how to justify why information is not required.  For example, if you did not provide biocompatibility testing reports for some of the endpoints that are identified in ISO 10993-1:2018, then you should either provide a detailed biological risk assessment in accordance with the FDA guidance on the use of ISO 10993-1, or you should provide a biocompatibility certification statement.

If you are not sure why the FDA reviewer stated the information you provided is not acceptable, you might try calling or emailing the reviewer to ask for clarification. If you do this, be respectful of their time and be brief. You should identify who you are (you must be the official submission correspondent to speak with the reviewer), you should identify which submission you are contacting the reviewer about (they are working on many simultaneously), you should restate the issue identified by the reviewer (it may have been an issue of another member of the review team), and then you should indicate where the information can be found in the submission. If they believe this addresses the issue, then they will instruct you to provide that information in an RTA response. If the information does not address the issue, usually they will explain why. Your chances of receiving an email response are also better than speaking to the person on the phone–especially during the Covid-19 pandemic.

FDA eSTAR submissions are not subjected to the RTA screening process

When you use the FDA eSTAR submission instead of creating an eCopy, your submission should already meet all of the RTA screening requirements. The eSTAR includes automation to validate that the submission is administratively complete and therefore the reviewer does not need to do an RTA screening of an eSTAR submission. Therefore, most companies should realize a shorter overall 510k clearance timelines, because they will only have an AI Request and the review clock will not be reset.

Does the FDA offer any guidance on how to respond to deficiencies?

When the FDA writes deficiencies, the reviewer is supposed to follow the FDA guidance for deficiency content and format. However, the RTA checklist deficiencies typically are shorter and may not be as clear as a deficiency in additional information (AI) requests or non-substantial equivalence (NSE) letters. The first part of the deficiency is a reference to the information that was provided by the submitter (i.e. section, page number, or table). In an RTA checklist, each deficiency is provided in the comments section at the end of the section of the checklist. Therefore, if you have a deficiency related to your device description, the deficiency will be written at the end of the device description section of the RTA checklist. The comment will be highlighted in yellow, and there will be a checkbox next to the specific checklist item indicating that the requirement was not met. In the far-right column of the checklist, there will be a reference to the page of the submission where the deficiency can be found.

In the comment there reviewer should explain why the current information does not meet the requirement of the RTA checklist. The reviewer should also clarify the relevance of the deficiency with regard to the substantial equivalence determination. For the example of a deficiency related to your device description, usually, the issue is that your submission has inconsistencies between the various submissions or there is insufficient detail about your device. At the end of the comment, the reviewer should provide an explicit request for the information needed to address the RTA Hold.

In section “V” of the FDA guidance on deficiency responses, the FDA recommends that you restate the issue identified by the reviewer in your response. Next, your response should include one of the following:

  1. the information or data requested, or
  2. an explanation of why the issue is not relevant, or
  3. alternate information with an explanation of why the information you are providing addresses the issue.

Before you respond to an RTA Hold, you should look up any FDA guidance documents referenced in the RTA Checklist to make sure that you address each requirement in the applicable FDA guidance document(s).

The most important technique to learn when you are responding to regulators is to organize your response in a tabular format that is numbered in exactly the same order that the request was made. Typically there will also be sub-parts to certain issues. In that case, you should duplicate the numbers and/or letters of each sub-part and segregate each sub-part in a different row of the table. Personally, I like to alternate the color of the font I use in the table to make it even more obvious which information is a restatement of the reviewer’s comment and which information is the company’s response to the RTA Hold.

Regardless of how well your response is organized, you must respond within 180 days. On the 181st day, your submission will be automatically withdrawn. The agency has granted extensions of an additional 180 days during the Covid-19 pandemic, but that will end and you should verify if you can obtain an extension from the reviewer rather than assume that this will happen. If the 180th day is on a weekend or US holiday, the Document Control Center (DCC) at the FDA will not receive your submission until the next business day. Therefore, you will need to ship your submission earlier to ensure the delivery is received on time. Since most companies are shipping their RTA response via FedEx or UPS to the FDA, you also will want to make sure you take into account customs clearance for international shipments and local holidays where you are. If you are shipping from the UK, for example, you can’t expect FedEx to ship on a British holiday. If you need help with printing and shipping your RTA response, Medical Device Academy offers an eCopy print and ship service for $99/eCopy (including the overnight FedEx fee).

If your 510k submission was placed on RTA Hold by the FDA, we can help you respond to the deficiencies identified by the FDA reviewer. We can also review your planned response to identify potential gaps. If you need help please use our calendly app to schedule a call with a member of our team.

About the Author

Rob Packard 150x150 What are the secrets to success in responding to an FDA RTA Hold?

Robert Packard is a regulatory consultant with 25+ years of experience in the medical device, pharmaceutical, and biotechnology industries. He is a graduate of UConn in Chemical Engineering. Robert was a senior manager at several medical device companies—including the President/CEO of a laparoscopic imaging company. His Quality Management System expertise covers all aspects of developing, training, implementing, and maintaining ISO 13485 and ISO 14971 certification. From 2009-2012, he was a lead auditor and instructor for one of the largest Notified Bodies. Robert’s specialty is regulatory submissions for high-risk medical devices, such as implants and drug/device combination products for CE marking applications, Canadian medical device applications, and 510(k) submissions. The most favorite part of his job is training others. He can be reached via phone 802.258.1881 or email. You can also follow him on Google+LinkedIn or Twitter.

Posted in: 510(k)

Leave a Comment (2) →
Page 1 of 5 12345