The U.S. FDA has published a draft guidance, titled Remanufacturing of Medical Devices, to help clarify whether activities performed on devices are likely remanufacturing. This draft guidance also includes recommendations for information that should be included in labeling to help assure the continued quality, safety, and effectiveness of devices that are intended to be serviced over their useful life.

“Many medical devices are reusable and need preventative maintenance and repair during their useful life; therefore, proper servicing is critical to their continued safe and effective use,” says William Maisel, MD, director of the Office of Product Evaluation and Quality in FDA’s Center for Devices and Radiological Health. “With this in mind, the FDA is issuing today’s draft guidance to help clarify whether activities performed on medical devices are likely remanufacturing as well as a discussion paper on cybersecurity servicing of devices.

“It is important for industry personnel, such as original equipment manufacturers, servicers, and remanufacturers, to have a clear understanding of activities that are considered remanufacturing so that they can apply appropriate statutory and regulatory requirements which exist to keep the American public safe.”

The FDA is now accepting comments from the public on the draft guidance, and will be holding a webinar in the weeks following issuance of the draft guidance to allow industry to learn more about the draft guidance and ask questions of FDA subject matter experts on this topic.

The FDA is also issuing a discussion paper outlining cybersecurity challenges and opportunities associated with the servicing of medical devices. Stakeholders are invited to submit comments on the issues raised in the document to help address the challenges related to medical device servicing in order to maximize the benefits and minimize the risks for patients. 

The discussion paper highlights the need for stakeholders to collaborate to develop strategies and other approaches that may enable servicers to play a key role in preventing and mitigating device vulnerabilities while maintaining device safety and effectiveness. 

The paper specifically discusses known challenges such as ensuring that only authorized parties have access to devices and related systems, as well as legacy devices containing operating systems and third-party software components that may no longer be supported and are vulnerable to cybersecurity threats. The paper then discusses potential opportunities where these product life cycle challenges may be mitigated, for example, by implementing and deploying validated software in a timely manner in response to emerging cybersecurity vulnerabilities to keep a product within acceptable performance specifications.