- The Food and Drug Administration released draft guidance on Monday clarifying when software developers must get regulatory clearance before modifying market products.
- The draft describes four common types of software changes that could require the filing of a 510(k) notification: Infrastructure, architecture, core algorithm, and reengineering or refactoring.
- Changes intended to clarify software requirements and cosmetic changes that don’t affect the device’s clinical use will not require FDA clearance.
Generally speaking, changes that could significantly alter a device’s clinical functionality or performance specifications would require the FDA’s greenlight, according to the new guidance. Changes that pose a “hazardous situation” for patients would need approval too.
Architecture changes are ones that affect the overall structure of the device, such as changes to support new hardware, and middleware, the guidance explains. With reengineering and refactoring — common software maintenance techniques — manufacturers should consider the complexity of the change to determine if a new 510(k) is needed.
The 32-page software guidance also offers examples of changes that would not require FDA clearance, such as enhancing cybersecurity in certain situations. “Medical device technology evolves quickly, and not all changes made to marketed devices alter their safety profile or require our review,” Jeffrey Shuren, director of the Center for Devices and Radiological Health, said in a release.
Examples of flowchart questions are included to help companies decide when to file a 510(k).Updated recommendations on when to seek regulatory clearance for a change to an existing medical device were also issued.
The FDA published final guidance last week indicating a hands-off approach on low-risk products, such as mobile health and fitness apps.