The U.S. Food and Drug Administration (FDA) published a draft guidance entitled Remanufacturing of Medical Devices to help clarify whether activities performed on devices are likely remanufacturing. This draft guidance also includes recommendations for information that should be included in labeling to help assure the continued quality, safety and effectiveness of devices that are intended to be serviced over their useful life.
The FDA considered objective evidence and information learned from the agency’s activities discussed in this draft guidance, including a 2016 public workshop and docket for public comment and a 2018 FDA-authored white paper, public docket and public workshop on the topic.
The FDA will begin accepting comments from the public on the draft guidance on June 18, 2021 and will be holding a webinar in the weeks following issuance of the draft guidance to allow industry to learn more about the draft guidance and ask questions of FDA subject matter experts on this topic.
The FDA is also issuing a discussion paper outlining cybersecurity challenges and opportunities associated with the servicing of medical devices. Stakeholders are invited to submit comments on the issues raised in the document to help address the challenges related to medical device servicing in order to maximize the benefits and minimize the risks for patients.
The discussion paper highlights the need for stakeholders to collaborate to develop strategies and other approaches that may enable servicers to play a key role in preventing and mitigating device vulnerabilities while maintaining device safety and effectiveness.
The paper specifically discusses known challenges such as ensuring that only authorized parties have access to devices and related systems, as well as legacy devices containing operating systems and third-party software components that may no longer be supported and are vulnerable to cybersecurity threats. The paper then discusses potential opportunities where these product life cycle challenges may be mitigated, for example, by implementing and deploying validated software in a timely manner in response to emerging cybersecurity vulnerabilities to keep a product within acceptable performance specifications.
