Is the Product a Medical Device?
The first consideration in bringing a medical device to market in the United States is to confirm that the product in question is actually a medical device. The U.S. Food and Drug Administration (FDA or “the agency”) defines a medical device as “an instrument, apparatus, implement, machine, contrivance, implant, in vitro reagent, or other similar or related article, including a component part, or accessory which is: (1) recognized in the official National Formulary, or the United States Pharmacopoeia, or any supplement to them; (2) intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease, in man or other animals; or (3) intended to affect the structure or any function of the body of man or other animals, and which does not achieve its primary intended purposes through chemical action within or on the body of man or other animals and which is not dependent upon being metabolized for the achievement of any of its primary intended purposes.”
This definition distinguishes medical devices from drugs in particular, which achieve their intended use primarily through chemical action or by being metabolized by the body. FDA does consider software to be a medical device when the intended use of the software falls within the definitions above, which includes diagnosis, cure, mitigation, treatment or prevention of diseases or other conditions in man or animals.
How is the Device Classified?
FDA classifies medical devices as Class I, II or III, depending on the risk level of the device, with Class I devices representing the lowest risk (e.g., bandages, medical gloves, etc.) and Class III devices representing the highest risk (e.g., pacemakers, HIV diagnostic tests, etc.).
Is FDA Clearance or Approval Required?
FDA “clears” or “approves” medical devices based on risk level, as represented by their classification. Many Class I devices are exempt from premarket clearance or approval requirements because they are low risk. Class II devices generally require premarket clearance (also called a 510(k) clearance), while Class III devices will require premarket approval (PMA). Premarket clearance is by far the most common pathway to market, with more than 90% of devices being cleared through the 510(k) process.
How Does a Firm Obtain a 510(k) Premarket Clearance?
For most Class II devices, a firm obtains premarket clearance for a new device through what is called a 510(k) submission, in which the company seeking to market the new device prepares a submission to FDA that identifies a predicate device (a predicate device is one that was marketed prior to 1976 or has since obtained a 510(k) clearance) and outlines for FDA how the new device is “substantially equivalent” (SE) to the predicate device. SE means that the new device and the predicate have (a) the same intended use and (b) either the same technological characteristics, or technological differences that do not change its safety and effectiveness. Performance data must be provided as evidence to support an SE determination, but clinical studies are generally not necessary. Other elements of the submission include a user fee, labeling and instructions for use, among others. Once FDA finds a new device to be SE, the firm is permitted to market the device, so long as the device is in compliance with all other FDA laws and regulations (e.g., general controls, special controls, good manufacturing practices, etc.).
There is a user fee associated with submitting a 510(k). For fiscal year 2013, the amount of the fee is $4,960 (USD). Small businesses may be eligible for fee reductions or waivers. FDA is required to rule on a 510(k) submission within 90 days, but the process often takes considerably longer due to questions raised by FDA while it evaluates the submission, which resets the 90-day clock.
How Does a Firm Obtain a PMA?
Class III devices are generally approved through the PMA process, in which FDA will evaluate the safety and effectiveness of a new medical device, independent of any other devices (there is no predicate or other comparison device as there is in the 510(k) premarket clearance process). To obtain PMA, a firm must submit an application that includes sufficient valid scientific evidence, which may include clinical studies, to assure FDA that the medical device is safe and effective for its intended use. The PMA application is distinct from the 510(k) process, which only requires that a medical device be found to be substantially equivalent to an existing, legally marketed medical device.
There is a user fee associated with submitting for PMA. For fiscal year 2013, the amount of the fee is $248,000 (USD), and there are additional fees associated with PMA supplements and annual reports. Small businesses may be eligible for fee reductions or waivers. FDA is generally required to answer a PMA submission within 180 days, but, again, as a practical matter, the process can take considerably longer. For medical devices that require PMA, the firm may market the medical device once FDA finds that the device is safe and effective for its intended use and approves the device.
Is Software Considered a Medical Device?
Software that meets the definition of medical device is considered a medical device and called Medical Device Software. The intended use of the software will often determine whether the software is a medical device. If the software is intended to help diagnose, cure, mitigate, treat or prevent a disease or other condition, then it is Medical Device Software. Software is also considered a medical device when it is the component of any medical device or when it is an accessory to a medical device.
Although FDA has recently stated that smartphones will not by themselves be considered medical devices, the agency has specifically targeted mobile medical applications for smartphones and other mobile computing devices (e.g., tablets), with a focus on those that present the greatest risks to patients when they do not work as intended. If an application meets the definition of a medical device, it is considered Medical Device Software.
Although classification of any medical device, including Medical Device Software, ultimately depends on the level of risk associated with the device, most Medical Device Software will be considered Class II and can also be subject to special controls. We discuss controls in greater detail in our companion document, Medical Device Postmarket Compliance in the United States, but at the basic level, special controls are requirements that FDA believes are needed, in addition to general controls, to ensure the safety and effectiveness of a specific medical device. General controls are applicable to all medical devices and include, among other requirements, device registration and listing; notification and repair, replacement or refund; records and reports; and good manufacturing practices.
Are There Any Special Considerations for Software in the Premarket Process?
Medical Device Software is subject to all of the same requirements as non-software medical devices. There are a few considerations, however, which FDA has identified as being particularly relevant to firms seeking to market Medical Device Software.
Several FDA guidance documents address the special issues relevant to Medical Device Software, particularly in the premarket submission process. Most recently, and of heightened interest to FDA, on June 14, 2013, FDA released a guidance document addressing the cybersecurity issues that should be considered and addressed in premarket submissions for Medical Device Software.1 This guidance document was issued as a complimentary guidance to two other guidance documents geared to Medical Device Software: one addressing the content of premarket submissions for software contained in medical devices2 and another on cybersecurity for networked medical devices containing off-the-shelf software.3 In general, these guidance documents highlight areas of specific concern related to the safety and effectiveness of Medical Device Software and outline FDA’s thoughts on the information needed for the agency to determine that the device will be safe and effective for its intended use, and thus should be included in premarket submission documents.
Are There Special Considerations for Foreign Medical Device Firms?
Regardless of whether a medical device is manufactured in the United States or in another country, it is subject to the same FDA premarket and postmarket compliance requirements. However, any foreign establishment engaged in the manufacture, preparation, propagation, compounding or processing of a device imported into the United States must identify a U.S. agent for that establishment. This is done as part of the establishment registration process (discussed in more detail in our companion Medical Device Postmarket Compliance in the United States document).
Additionally, medical devices are subject to all regular U.S. laws and regulations for the importation of goods.
What Else Should a Firm Consider When Preparing to Enter the U.S. Medical Device Market?
It is never too soon to begin thinking about postmarket compliance requirements and how a company will ensure full compliance with those requirements. Once a medical device receives premarket clearance or approval, FDA will often, if not always, schedule an inspection of the production facilities. In a companion document to this one (Medical Device Postmarket Compliance in the United States), we discuss FDA’s postmarket compliance requirements for medical devices.
1 Content of Premarket Submissions for Management of Cybersecurity in Medical Devices - Draft Guidance for Industry and Food and Drug Administration Staff (http://www.fda.gov/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/ucm356186.htm)
2 Guidance for the Content of Premarket Submissions for Software Contained in Medical Devices (http://www.fda.gov/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/ucm089543.htm#)
3 Guidance to Industry: Cybersecurity for Networked Medical Devices Containing Off-the-Shelf (OTS) Software (http://www.fda.gov/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/ucm077812.htm)
