The path to medical device commercialization requires FDA approval, which most often means filing a pre-marketing notification, also known as a 510(k). The FDA has specific criteria for accepting a 510(k), and they just released their new acceptance policy. This new standard, which will be effective October 1, 2015, replaces the old FDA Refuse to Accept Policy for 510(k) Guidance of 2012 and emphasizes software as a device factor.
The purpose of this Guidance is to explain the FDA’s procedures and criteria in assessing whether a 510(k) submission meets a minimum threshold of acceptability and should be accepted for further review. Using the premarket notification, or 510(k) process, the FDA evaluates whether or not the submission demonstrates substantial equivalence to a predicate device and that the device is as safe and effective as its predicate.
Interestingly, the old 2012 Guidance mentions “software” only 18 times. The new 2015 Guidance uses the word “software” 33 times. Additionally, the new Guidance is more specific about the acceptance criteria around the software. There is now an entire section (section H) dedicated specifically to device software.
This section covers:
- Whether the device includes software or firmware
- Whether the device requires software or firmware
- The level of concern created by the software
- Software documentation based on the level of concern as described in Guidance for the Content of Premarket Submissions for Software Contained in Medical Devices
In only 3 years’ time, the new Guidance has dramatically increased its focus on software, indicating the FDA’s growing concerns around medical device software. As the FDA gets a handle on software-dependent medical devices, manufacturers will be faced with a quality framework that addresses the FDA’s concerns. We’re already seeing this with 21 CFR Part 11, IEC 60601-1, PEMs and IEC 62304. I foresee additional regulations emerging as the FDA further seeks to meet the challenges of software as a medical device, increased communications between hospital networks and devices, devices that increasingly rely on software for Basic Safety and Essential Performance, and the constantly growing challenges to cybersecurity.