regulatory and quality system professionals | 919.313.3960
Meet FDA Requirements

Meet FDA Requirements

Meet FDA Requirements for Medical Device Company Compliance Most medical device executives know they need FDA clearance to legally market and promote their product in the U.S. Beyond FDA approval, understanding how to effectively commercialize a medical device product means adapting to industry and legal expectations for operating as a medical device company. These expectations ensure that you deliver safe and effective products. Knowledge and experience is required to do this effectively and to avoid costly mistakes. At this point, it’s important to realize that although we talk about the FDA as a regulatory body, it is, in fact, a law enforcement agency with the powers associated with such authorities. The FDA can cite, fine and prosecute for violations of laws, such as 21 CFR Part 820 or 21 CFR Part 11. The laws the FDA enforces are administrative laws that are part of a national regulatory scheme, like police law and international trade. Medical device companies not compliant with 21 CFR Part 820, and other applicable regulations, make themselves vulnerable to FDA enforcement practices. The tricky part is that the FDA doesn’t tell you how to operate as a compliant company. You have the flexibility to implement the necessary processes to satisfy the applicable regulations and support them with your own compliance practices. However, you’re expected to fully understand the intent of the regulations and meet those expectations—regardless of your size and resources. While FDA enforcement actions rarely result in jail time for executives, they can force expensive corrections and cause significant damage to your reputation. Truly, it’s best to comply to FDA requirements willingly and...
How to Structure a New Medical Device Business

How to Structure a New Medical Device Business

There’s More to Being a Medical Device Business than IP and R&D An emerging medical device business tends to focus their energy on product development and R&D. This is understandable because medical device founders are often first experienced innovators. As innovators, there’s a natural affinity to maintain a continued focus on product development and maturation. Having a clear IP position and strategy is an important factor for attracting capital, which could further emphasize the importance of R&D, product development and market analysis. Nevertheless, being and growing as a viable medical device business catering to the U.S. market requires much more than R&D, positioning your IP and measuring how big your market is. It involves developing an operational framework that structures your organization as a medical device company (Figure 1) and enables the commercialization of your product. Some Medical Device Business Requirements: Regulatory Affairs Risk Assessment and Risk Management found in FDA Guidances and ISO 14971 Compliance to IEC 62304 to manage software risks Quality Management Design Controls that are included in FDA 21 CFR Part 820 QMS requirements you might find in Part 820 and ISO 13485 FDA 21 CFR Part 11, if your device incorporates software Safety Complying with IEC 60601-1 3rd Edition and its collateral standards Clinical data or a clinical trial When wrestling with regulatory, quality and safety issues, executives fresh to the medical device industry often take uncertain or delayed steps as they navigate the path to becoming a medical device company. The biggest mistakes we see emerging medical device business executives make include delaying the development of their regulatory strategy and their quality system, which...
Medical Device Data Systems and Data Integrity

Medical Device Data Systems and Data Integrity

Time to Take a Closer Look at FDA MDDS Moves The FDA recently released a new draft guidance document for Medical Device Data Systems (MDDS). The FDA defines MDDS as “hardware or software products that transfer, store, convert formats and display medical device data. An MDDS does not modify the data, and it does not control the functions or parameters of any connected medical device. MDDS are not intended to be used in connection with active patient monitoring.” The core issue it raises, I believe, is one of data integrity. More on that later. Explaining the Medical Device Data Systems Draft Guidance The new draft guidance cites the growing trend “that many medical devices be interoperable with other types of medical devices and with various types of health information technology.” And further “since down-classifying MDDS, the FDA has gained additional experience with these types of technologies, and has determined that these devices pose a low risk to the public,” the FDA wrote. “Therefore, the FDA does not intend to enforce compliance with the regulatory controls that apply to MDDS devices, medical image storage devices and medical image communications devices.” The FDA’s interest in this kind of risk based approach has pleased a great many. On the one hand, the draft guidance demonstrates a proactive approach by the FDA for addressing the explosion of mobile health applications in the light of pending legislation on the same topic in the US Congress. It frees application developers to innovate without the additional burden of regulatory compliance, and it dovetails with the rapidly expanding electronic health ecosystem servicing the informational appetites of healthcare...
Life Science Cloud Vendor Selection Part 2

Life Science Cloud Vendor Selection Part 2

Technology Strategies to Ensure Benefits and Mitigate Risk Options to Discuss with your Life Science Cloud Vendor Cloud computing is defined to have several deployment models, each of which provides distinct trade-offs which are migrating applications to a cloud environment. NIST defines the cloud deployment models as follows: Private cloud: The cloud infrastructure is operated solely for an organization. It may be managed by the organization or a third party and may exist on premise or off premise. Community cloud: The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns (e.g. mission, security requirements, policy, and compliance considerations). It may be managed by the organizations or a third party and may exist on premise or off premise. Public cloud: The cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services. Hybrid cloud: The cloud infrastructure is a composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e g , cloud bursting for load-balancing between clouds). Choosing the correct deployment can depend on who needs to access the service, budget and security concerns. Private clouds are the most secure and most expensive. Private clouds allow companies to have isolated sections of a cloud where you can launch resources in a virtual network. You can have complete control over your virtual networking environment and place your backend systems, such as databases or application servers with no Internet access. You can limit...