Guide to the FDA Regulation of Medical Devices
The FDA regulation of medical devices is conducted via the Administration’s Center for Devices and Radiological Health (CDRH), which not only regulates firms that manufacture, repackage, relabel, and import medical devices, but also regulates radiation-emitting products such as x-ray systems and ultrasound equipment throughout their product lifecycles.
To simplify medical device regulation, CDRH has classified approximately 1,700 generic types of medical devices and grouped them into sixteen medical specialties or “panels” (see 21 CFR Chapter I, Subchapter H). Each type of generic device is assigned to one of three regulatory classes depending on the level of risk the device poses to the patient or user and the level of control necessary to assure the safety and effectiveness of the device.
Class I Devices
Under the FDA regulation of medical devices, Class I Devices are most often devices not intended to support or sustain life and that are unlikely to pose a significant risk of illness or injury. Examples include elastic bandages, manual stethoscopes, surgical masks, and tongue depressors.
Because they are classified as low risk devices, Class I Devices only have to comply with the FDA General Controls and the “records” and the “complaint file” clauses of the Good Manufacturing Practices (GMP) requirements. They are generally exempted from premarket notification (510(k)) and premarket approval unless the device appears in the Reserved Medical Devices Database.
Class II Devices
Class II Devices have a higher risk profile than Class I Devices and require more stringent FDA regulation of medical devices to provide assurances of their effectiveness and safety. Examples include catheters, pregnancy test kits, blood transfusion kits, and powered wheelchairs.
Devices in this class have to comply with the FDA General Controls, the GMP requirements, and – when necessary – special controls. In addition, unless a device appears in the Reserved Medical Devices Database, it is necessary for the device to go through the 510(k) process or – if no similar “predicate” device exists – through the De Novo Classification Request process.
Class III Devices
Class III Devices are high-risk devices that support or sustain human life, are implanted, prevent the impairment of human health, and/or present a potential risk of illness or injury that the general controls and special controls do not mitigate. Medical devices in this class include defibrillators, pacemakers, breast implants, and some diagnostic software as a medical device solutions.
Almost all Class III Devices require premarket approval (PMA) from the FDA before being marketed. The process for obtaining PMA varies according to the nature of the Class III Device, but the FDA regulation of medical devices in this class most often consists of a clinical trial, a fully documented quality management system, and a plan for post-market surveillance.
How the FDA Regulates Medical Devices
In addition to the pre-market FDA regulation of medical devices, the FDA monitors medical device safety once devices have been approved through several mechanisms. A frequent condition for Class III approval is a post-market surveillance study, and the FDA reviews reports of the studies and conducts inspections of manufacturing facilities to ensure compliance with the device’s standard operating procedures and the manufacturer’s or vendor’s quality management system.
The FDA also runs two programs for receiving reports of problems relating to FDA approved products and medical devices. The first program – “MedWatch” – enables manufacturers, vendors, healthcare providers, and members of the public to voluntarily report problems via a web portal. The second program – Form FDA 3500 – is a mandatory reporting requirement when a patient dies or suffers a serious injury due to the use of, or the malfunction of, an FDA approved product or medical device.
If an FDA approved product is subsequently found to be unsafe – or a manufacturer is found not to be following approval requirements – the FDA can issue warning letters requesting that corrective action is taken or the medical device is recalled. If the manufacturer fails to voluntarily take corrective action or recall the medical device, the FDA can issue a mandatory recall and pursue civil and criminal penalties of up to $100,000 per violation depending on the nature of the violation.
FDA Regulation of Medical Devices and Healthcare Compliance Requirements
While the FDA regulation of medical devices mostly applies to manufacturers, importers, and vendors, healthcare organizations also have FDA compliance requirements. The two main FDA compliance requirements for healthcare organizations are the mandatory Form FDA 3500 requirements mentioned above and the User Facility Reporting Requirements (Form FDA 3419) required by 21 CFR Part 803.33.
Healthcare organizations must also comply with any post-market surveillance activities required by the FDA as part of the conditions for approval, and comply with any device recall notifications issued by the FDA. The failure to comply with the FDA regulation of medical devices can be referred to the FDA’s Office of Regulatory Affairs, which has the authority to pursue civil monetary penalties.
Healthcare organizations that have questions about compliance requirements, or that do not yet have policies and procedures in place to comply with the FDA reporting requirements, are advised to seek professional compliance advice.
