FDA ConneKTion

Timely updates and insights on the latest issues affecting FDA-regulated companies from Kilpatrick Townsend

Category: Medical Devices

Posted on Thursday, June 8 2017 at 8:25 pm by
FDA Extends the UDI Compliance Date for Certain Class I and Unclassified Devices

By: Carolina M. Wirth

UpdateWith the deadline for compliance with the unique device identification system[i] (UDI system) requirements for certain Cass I and unclassified devices other than implantable, life-supporting, or life-sustaining devices (i.e., lower risk devices) over 3 years away (September 24, 2020), the Food and Drug Administration (FDA or agency) issued a letter on June 2, 2017, expressing its intend to extend the compliance date for these types of medical devices until September 24, 2022. In the letter, the FDA acknowledged that there have been some challenges associated with the implementation of the UDI requirements.

Specifically, the agency noted that

after fully considering the time needed to meet UDI requirements, many labelers asked FDA for extensions to comply. In addition, [the agency] identified complex policy and technical issues that need resolution such as how UDI applies to products such as medical procedure trays that contain implantable devices and instruments.  Providing accurate and timely support to labelers has also been challenging due to the sheer number and wide diversity of devices.

In addition to these concerns, FDA noted that in order to “fully reap the public health benefits and a return on investment of a UDI system, high quality UDI data must be available in standardized ways so that the health care community can and will use it with confidence.”

FDA plans to issue a guidance document outlining an enforcement discretion[ii] policy for labeling Global Unique Device Identification Database (GUDID) data submission, standard date formatting, and direct marking requirements for class I and unclassified devices as indicated in the table below.  The agency did not provide a date for when this guidance document will be available to the public and regulated community.

Type of Device Label (21 CFR 801.20), GUDID Submission (21 CFR Part 830, subpart E), and Standard Date Format (21 CFR 801.18) Requirements Direct Mark (21 CFR 801.45) Requirements


Class I devices[iii] September 24, 2020 September 24, 2022
Unclassified devices September 24, 2020 September 24, 2022

[i] The FDA published a Final Rule establishing a UDI system designed to allow adequate identification of devices throughout distribution and use on September 24, 2013.

[ii] Enforcement discretion will not apply to class I or unclassified implantable, life supporting or life-sustaining devices because labelers of these types of devices must already be in compliance with the UDI requirements.

[iii] Class I CGMP-exempt devices are excepted from the UDI requirements per 21 CFR 801.30(a)(2).

Posted on Friday, October 21 2016 at 6:56 pm by
Forty Years in the Making — FDA Issues Propose Rule Requiring Electronic Submission of Labeling and Package Inserts for Class II and Class III Home-Use Medical Devices

By: Carolina M. Wirth

This past summer, the Food and Drug Administration (FDA or Agency) celebrated the 40th anniversary of the enactment of the Medical Device Amendments of 1976, which in part amended Section 510(j) of the Federal Food, Drug, and Cosmetic Act (FD&C Act) to add requirements for the registration of device manufacturers and the listing of medical devices.  As enacted, the statute also required that the listings be accompanied by copies of the device label.[1]   However, because the registration and listing information was required to be provided in paper form for many years, FDA did not enforce the requirement that medical device establishments submit labeling information because “there was no practical way for FDA to compile, update, or access the information submitted on these forms, much less provide routine public access to the information.”[2]  Therefore, FDA decided to require by regulation that medical device manufacturers maintain a historical file of labels, labeling, and advertisements for restricted devices, and “make all or part of that file available to FDA upon request.”[3]  This practice has remained in place since a final rule was issued in 1978.

In 2002, Congress began to recognize the impact of the internet when it passed the Medical Device User Fee and Modernization Act, providing FDA with the authority to collect registrations and listings “at such time as FDA determined it was feasible . . . . through electronic means.”[4]  Amendments to the Medical Device User Fee Modernization Act in 2007 finally made the submission of registration and listing information by electronic means mandatory in all instances, unless a waiver is granted by the Agency.

Now, almost 10 years after the requirements for electronic submission of registration and listing information, FDA is issuing a Proposed Rule amending its regulations to require the electronic submission of the label and package insert for certain “home-use” medical devices when the devices are listed with FDA.[5]  The Proposed Rule defines a “home-use” medical device as “a medical device that is labeled for use in any environment outside a professional health care facility.”[6]  The types of “home-use” devices that would be subject to the Proposed Rule, if finalized, are those that are regulated by FDA as Class II or Class III devices, which are considered moderate-to-high risk medical devices.[7]

Read the rest of this entry »

Posted on Friday, February 5 2016 at 9:56 pm by
FDA Continues to Grapple with Strategies for Tackling Medical Device Cybersecurity Vulnerabilities

By: Carolina M. Wirth

It is only February, but the Food and Drug Administration (FDA or Agency) has already been actively focusing on issues relating to medical device cybersecurity. Following a public workshop held on January 20-21, 2016, entitled “Moving Forward: Collaborative Approaches to Medical Device Security,”1 the FDA published a new draft guidance for the industry entitled “Postmarket Management of Cybersecurity in Medical Devices 2(Draft Guidance).”3 The Draft Guidance is another step in FDA’s evolving attempt to address growing concerns over cybersecurity threats in medical devices.4 The new Draft Guidance outlines steps that medical device manufacturers should take to continually address cybersecurity risks. The Agency notes that “it is essential that manufacturers also consider improvements during maintenance of devices, as the evolving nature of cyber threats means risks may arise throughout a device’s entire lifecycle,”5 from medical device conception to obsolescence. Read the rest of this entry »

Posted on Thursday, October 16 2014 at 6:06 pm by
FDA Issues Final Cybersecurity Guidelines

On October 2, 2014, the United States Department of Health and Human Services, Food and Drug Administration (“FDA”) released the final version of a guidance document entitled “Content of Premarket Submissions for Management Cybersecurity in Medical Devices” (the “Final Guidance”). The Final Guidance reiterates several of the key points that FDA made in the draft guidance and is meant to supplement FDA’s “Guidance for the Content of Premarket Submissions for Software Contained in Medical Devices” and “Guidance to Industry: Cybersecurity for Networked Medical Devices Containing Off-the-Shelf (OTS) Software.” Read the rest of this entry »