{{ phone }} {{ location }}

Emergo by UL logo

         

Regulatory Updates

As medical device quality assurance and regulatory affairs professionals, it can be challenging to stay on top of changes happening in our industry. Few people have the time to read lengthy articles these days and although many online newsletters exist, they are often packed with PR releases, ads or unrelated information. That is why we started this blog for QA/RA professionals in the medical device and IVD industry. The idea is to give you short updates on quality and regulatory topics that may be of interest to you.

US FDA Clarifies Human Subject Requirements for Clinical Investigations

EMERGO SUMMARY OF KEY POINTS:

  • New US FDA guidance clarifies compliance requirements for clinical trial sponsors, investigators and IRBs whose studies fall under both agency and Department of Health and Human Services (HHS) requirements.
  • The guidance focuses on differences in human subject protection requirements between HHS and FDA clinical investigation regulations.
  • FDA is currently updating its clinical regulations to better align with HHS requirements regarding human subject safety and informed consent issues.

European Internet of Things Cybersecurity Recommendations: Impact for Medical Devices

EMERGO SUMMARY OF KEY POINTS:

  • European regulators have published high-level cybersecurity recommendations for industries including medical devices involved in the Internet of Things (IoT) paradigm.
  • The recommendations are partially intended to help companies meet upcoming European data privacy requirements under the General Data Protection Regulation, or GDPR.
  • The European report cites US FDA guidance regarding medical device cybersecurity principles and recommendations.

Designing Effective Warnings for Medical Devices

EMERGO SUMMARY OF KEY POINTS:

  • Medical device warnings require careful design and communication considerations.
  • Manufacturers should heed warning sign conventions such as signal words.
  • Warnings are not foolproof, but are a necessary component for medical device risk mitigation.

Some people believe that warnings are useless; printed on medical devices only to offer legal protection. Indeed, manufacturers can and have been held liable for the “failure to warn,” and adding warnings neutralizes this claim.

Encryption, FIPS 140 and Medical Devices: Frequently Asked Questions

EMERGO SUMMARY OF KEY POINTS:

  • Pressure from US regulators and healthcare purchasing organizations for medical devices to demonstrate adequate encryption capabilities is increasing.
  • Compliance with the Federal Information Publications Standard (FIPS) 140-2 standard enables manufacturers to demonstrate adequate encryption tools for their devices.
  • FIPS 140-2 compliance is best addressed early in the medical device design phase.

Medical Device Cybersecurity Legislation Advances in US Congress

EMERGO SUMMARY OF KEY POINTS:

  • New legislation introduced in the US House of Representatives would launch a working group headed by the FDA to develop strategies for mitigating cybersecurity risks in medical technology.
  • The proposed legislation builds on recommendations issued by the Health Care Industry Cybersecurity Task Force earlier in 2017.
  • If passed by the full Congress, the legislation would require the FDA-led working group to report on its efforts within 18 months.

FDA Lines Up Participants for Pre-Cert Digital Health Technology Pilot

EMERGO SUMMARY OF KEY POINTS

  • The US FDA has identified nine participants in its digital health technology and software precertification pilot program.
  • FDA Pre-Cert pilot participants include firms such as Apple, Samsung, Fitbit and Johnson & Johnson.
  • The FDA will provide periodic Pre-Cert pilot updates as well as a public workshop in early 2018.

Singapore HSA Clarifies Telehealth and Mobile Medical App Guidelines

EMERGO SUMMARY OF KEY POINTS:

  • The Singapore Health Sciences Authority (HSA) has issued new clarification and an FAQ regarding how telehealth products and mobile medical apps are regulated in the country.
  • HSA plans an immediate market access pathway for mobile medical apps that have already registered in the US, Canada, Australia, Europe and/or Japan.
  • Singapore’s general regulatory approach to telehealth resembles that of the US FDA.

FDA Adds UL 2900 for Medical Device Cybersecurity to List of Recognized Standards

EMERGO SUMMARY OF KEY POINTS:

  • The US FDA has now officially recognized the UL 2900 cybersecurity standard for medical devices.
  • UL 2900-1 covers general cybersecurity requirements for network-connectable devices.
  • FDA medical device applicants may now declare conformity to UL 2900-1 in order to address cybersecurity requirements as part of their US market registration.

FDA Pre-Cert Pilot for Medical Software: Key Questions and Eligibility Criteria

EMERGO SUMMARY OF KEY POINTS:

  • The US FDA will begin its Pre-Certification for Software (Pre-Cert) pilot program for digital health technologies considered medical devices in September 2017.
  • Eligibility requirements for Pre-Cert participation as well as frequently asked questions have been published.
  • As of now, US regulators have not set a deadline for applying to participate in the Pre-Cert program.