The United States Food and Drug Administration (“FDA”) has issued a  draft guidance titled Remanufacturing of Medical Devices (“Draft Guidance”) to clarify the activities that likely constitute remanufacturing of a medical device which also includes recommendations regarding labeling to help assure the continued quality, safety and effectiveness and a discussion paper on cybersecurity and MedTech servicing to help distinguish between remanufacturing and servicing of medical devices (“Discussion Paper”) on July 17, 2021.

The FDA explained that because many medical devices are reusable and require preventative maintenance and repair throughout their useful lives, regular servicing is essential to ensure their continuing safe and effective usage. Correspondingly, the ability to maintain and repair medical devices in a timely, cost-effective, and high-quality manner is crucial to the proper operation of a healthcare system as well as the continuous quality, safety, and effectiveness of marketed medical devices. Additionally, it is critical for industry workers, such as original equipment manufacturers, servicers, and remanufacturers, to have a clear grasp of what constitutes remanufacturing to apply the right statutory and regulatory requirements to ensure and maintain public safety.

The FDA emphasized that it is crucial to differentiate between "remanufacturing" and "servicing". In this context, processing, conditioning, renovating, repackaging, repairing, or any other act done to a finished device that materially modifies its performance or safety criteria, or intended usage is referred to as remanufacturing whereas repair and/or preventative or routine maintenance of one or more parts of a finished device after distribution to return it to the original equipment manufacturers (“OEM”) safety and performance criteria and to meet its original intended usage is referred as servicing. It is stated that the FDA looks at the precise actions an entity performs on a device, regardless of whether it self-identifies as a "servicer" or "remanufacturer".

Accordingly, when determining if activities are deemed remanufacturing, the below should be considered as well as if such activity caused a significant change to device performance or safety specifications:

· Whether a component, part, or material that directly or indirectly contacts body tissue is added, removed, or changed,

·  Whether a component, part, or material is added or removed, or their dimensional performance specifications are altered,

·  Whether there is a new or modified risk or a change in performance or safety specifications,

For the purposes of the Draft Guidance, the activities that significantly change the device’s performance, safety specifications, or intended use of a medical device are explained to be based on verification and validation testing and/or a risk-based assessment, which results in a finished device that is outside the OEM’s performance or safety specifications or introduces new risks or significantly modifies existing risks.

Furthermore, the application and enforcement of regulatory requirements under the Federal Food, Drug, and Cosmetic Act (“FD&C Act”) and its implementing rules are affected by the determination of whether an entity's actions are remanufacturing. It has also been highlighted that registration and listing, adverse event reporting, Quality System (QS) regulation and marketing presentations are a few of the requirements mandated by the FDA under the FD&C Act and its remanufacturing code.

Additionally, it was explained that the Draft Guidance is not intended to adopt significant policy changes, but to clarify FDA’s current thinking on applicable definitions, and clarify, not change, the regulatory requirements applicable to remanufacturers.

With the Discussion Paper, FDA explained that the aim is to address cybersecurity issues that are particular to the servicing of medical devices  and to guide stakeholder’s discussions about potential difficulties and opportunities in cybersecurity and servicing. The Discussion Paper specifically addresses known difficulties such as ensuring that only authorized parties have access to devices and connected systems, as well as older equipment that may no longer be supported and are exposed to cybersecurity risks. Additionally, ways to alleviate product life cycle difficulties, such as building and deploying validated software in a timely manner in response to new cybersecurity risks to maintain a device within acceptable performance parameters are discussed.

With this respect, The FDA announced that it seeks input on above-mentioned issues and also the cybersecurity challenges and opportunities associated with the servicing of medical devices, cybersecurity priority issues to address in the servicing of medical devices, and ways to contribute to strengthening the cybersecurity of medical devices.

Simge Kılıç, Esra Temur