2024-2025 Global AI Trends Guide
On June 18, 2021, the U.S. Food and Drug Administration (FDA) issued the draft guidance “Remanufacturing of Medical Devices,” which aims to help clarify the point when manipulation or repair of a medical device becomes “remanufacturing” as opposed to “servicing,” with this designation carrying significant regulatory impact. Simultaneously, FDA issued a discussion paper on cybersecurity and servicing of medical devices. FDA will accept comments on both publications until August 17, and we have addressed these new documents below. Together these documents provide some additional clarity around an area that has been murky for years – the roles and obligations of third parties who handle, service, reprocess, refurbish, remanufacturer, and perform other functions on medical devices.
Remanufacturing is “the processing, conditioning, renovating, repackaging, restoring, or any other act done to a finished device that significantly changes the finished device’s performance or safety specifications, or intended use.” 21 CFR 820.3(w). In contrast, the draft guidance defines servicing as “ the repair and/or preventive or routine maintenance of one or more parts in a finished device, after distribution, for purposes of returning it to the safety and performance specifications established by the OEM [original equipment manufacturer] and to meet its original intended use.” The draft guidance points out that this distinction does not turn on an entity’s self-identified designation as a “servicer” or “remanufacturer,” but instead focuses on the specific activities an entity performs on a particular device and the impact of that activity on the device.
In the draft guidance, FDA recommends following six guiding principles when determining whether activities are “remanufacturing”:
Assess whether there is a change to the intended use;
Determine whether the activities, individually and cumulatively, “significantly change” the safety or performance specifications of a finished device;
Evaluate whether any changes to a device require a new marketing submission;
Assess component/part/material dimensional and performance specifications;
Employ a risk-based approach; and
Adequately document decision-making.
FDA says it will deem a product to be remanufactured when there is a “significant change,” and the draft guidance emphasizes that FDA considers a “significant change” to device performance or safety specifications to be one that, based on verification and validation testing and/or a risk-based assessment, results in a finished device that is outside the OEM’s performance or safety specifications or introduces new risks or significantly modifies existing risks, such as changes to the device’s sterilization methods, reprocessing instructions, control mechanism, operating principle, or energy type.
The draft guidance offers the following flowchart to help determine whether activities performed are likely to be considered remanufacturing:
As noted in Figure 1, the flow chart is only intended to be used after a determination is made that there is no significant change to the device’s intended use or to its sterilization methods, reprocessing instructions, controls mechanism, operating principle, or energy type; any of which would indicate the occurrence of a remanufacturing activity. If that determination is made, the flowchart may then be helpful in determining if the activity is still likely to be considered “remanufacturing.”.
FDA does not recommend evaluation with Figure 1 when an activity is performed on behalf of or otherwise explicitly authorized by the OEM and the activity returns the legally marketed device to its original performance and safety specifications and intended use. FDA believes such activities would likely not be remanufacturing, and such determination should be adequately documented.
The draft guidance also focuses on the importance of medical device companies preparing documentation in a way that an FDA investigator or other third party can understand what changes were made to a product, as well as the rationale underlying the company’s conclusion on whether those changes should be deemed “remanufacturing.” FDA recommends that the documentation include, at a minimum, the following:
The guidance also contains an appendix that provides examples of proper documentation.
The guidance indicates that Figure 1 and its accompanying text should not be applied to changes involving software and goes on to state that many software changes are likely remanufacturing because of their impact on a product’s software architecture, software requirements specifications, unresolved anomalies, and other key characteristics. Because the probability of a software failure cannot be determined using traditional statistical methods, the guidance recommends applying an alternative software specific analysis when evaluating whether an activity constitutes remanufacturing. FDA has identified certain activities performed on software that are likely not remanufacturing because “they generally do not significantly change the performance or safety specifications of the device”:
Yet, the draft guidance notes that “[m]any software changes are likely remanufacturing because of their impact on a product’s software architecture, software requirements specifications, unresolved anomalies and other key characteristics” (emphasis added). The guidance also states that software changes that significantly modify a device’s intended use would be considered “remanufacturing.”
FDA warns in the draft guidance that unintentional remanufacturing can occur when entities do not have the instructions necessary to return a device to its original performance and safety specifications. In addition, the “lack of adequate servicing instructions can also create challenges in the availability of quality, safe, and effective devices,” the agency writes.
Accordingly, the draft guidance encourages OEMs to provide servicing instructions that facilitate routine maintenance and repair of their reusable devices, recommending that the labeling of reusable devices include the following information, as applicable:
Where an entity is deemed to be “remanufacturing,” that activity triggers consideration of all of the obligations of a medical device manufacturer, including, for example:
Whether a new marketing submission is required;
MDR reporting (for both the remanufacturer, and the OEM if they become aware of a reportable event);
Registration and listing;
QSR compliance;
Removals or corrections obligations and reporting; and
General adulteration and misbranding prohibitions
Simultaneously with the draft guidance, FDA published a related discussion paper that covers four cybersecurity issues unique to servicing of medical devices by entities who are not the OEMs: (1) privileged access; (2) identification of cybersecurity vulnerabilities and incidents; (3) prevention and mitigation of cybersecurity vulnerabilities; and (4) product lifecycle challenges and opportunities. FDA is seeking input on each of these topics, and on the following questions:
What are the cybersecurity challenges and opportunities associated with the servicing of medical devices?
Are the four areas identified in this white paper the correct cybersecurity priority issues to address in the servicing of medical devices? If not, which areas should be the focus?
How can entities that service medical devices contribute to strengthening the cybersecurity of medical devices?
On July 27, the FDA will also host a webinar for stakeholders interested in learning more about the guidance and discussion paper. FDA will accept comments on both until August 17, 2021.
If you may wish to submit a comment, or have any questions on remanufacturing of medical devices, please contact any of the authors of this alert or the Hogan Lovells attorney with whom you regularly work.
Authored by Ted Wilson, Jodi K. Scott, Wil Henderson, and Mike Heyl