The U.S. Food and Drug Administration (FDA) released two documents for public comment June 17 providing proposed clarifications for identifying when servicing a medical device is remanufacturing and also discussing cybersecurity considerations for servicing medical devices. The agency’s approach to these issues may influence the availability and cost of hardware and software changes performed by entities other than the original equipment manufacturer (OEM).
“Remanufacturing” means significantly changing a finished medical device’s performance or safety specifications or intended use. The new draft guidance, , provides a decision tree for non-OEMs that clarifies when work performed on the hardware components of medical devices is remanufacturing. The remanufacturing designation has substantially different regulatory implications and responsibilities for non-OEM entities compared to “servicing.” For example, non-OEM entities engaged in remanufacturing activities are subject to the quality system regulation, among other FDA requirements for manufacturers.
The draft guidance also proposes clarifications on when software changes are remanufacturing. The FDA explained that without OEM authorization, many types of software updates, patches or upgrades would likely be considered remanufacturing. An example provided in the draft guidance is an unauthorized operating system (OS) update from a legacy OS to a different OS. The FDA also asks non-OEMs to consider the cumulative effect of multiple software changes on the performance and safety specifications of medical devices.
The discussion paper, , seeks stakeholders’ input about cybersecurity considerations for non-OEM servicers of medical devices.
The FDA plans to convene a public webinar July 27 to address both documents. Interested stakeholders may comment on the draft guidance until Aug. 23, and on the discussion paper until Aug. 17.
For more information, email Michael Peters, 黑料网 Government Affairs Director.