fda-consultant-specialist
98
总安装量
97
周安装量
#2347
全站排名
安装命令
npx skills add https://github.com/alirezarezvani/claude-skills --skill fda-consultant-specialist
Agent 安装分布
claude-code
86
opencode
67
gemini-cli
65
antigravity
58
codex
58
Skill 文档
FDA Consultant Specialist
FDA regulatory consulting for medical device manufacturers covering submission pathways, Quality System Regulation (QSR), HIPAA compliance, and device cybersecurity requirements.
Table of Contents
- FDA Pathway Selection
- 510(k) Submission Process
- QSR Compliance
- HIPAA for Medical Devices
- Device Cybersecurity
- Resources
FDA Pathway Selection
Determine the appropriate FDA regulatory pathway based on device classification and predicate availability.
Decision Framework
Predicate device exists?
âââ YES â Substantially equivalent?
â âââ YES â 510(k) Pathway
â â âââ No design changes â Abbreviated 510(k)
â â âââ Manufacturing only â Special 510(k)
â â âââ Design/performance â Traditional 510(k)
â âââ NO â PMA or De Novo
âââ NO â Novel device?
âââ Low-to-moderate risk â De Novo
âââ High risk (Class III) â PMA
Pathway Comparison
| Pathway | When to Use | Timeline | Cost |
|---|---|---|---|
| 510(k) Traditional | Predicate exists, design changes | 90 days | $21,760 |
| 510(k) Special | Manufacturing changes only | 30 days | $21,760 |
| 510(k) Abbreviated | Guidance/standard conformance | 30 days | $21,760 |
| De Novo | Novel, low-moderate risk | 150 days | $134,676 |
| PMA | Class III, no predicate | 180+ days | $425,000+ |
Pre-Submission Strategy
- Identify product code and classification
- Search 510(k) database for predicates
- Assess substantial equivalence feasibility
- Prepare Q-Sub questions for FDA
- Schedule Pre-Sub meeting if needed
Reference: See fda_submission_guide.md for pathway decision matrices and submission requirements.
510(k) Submission Process
Workflow
Phase 1: Planning
âââ Step 1: Identify predicate device(s)
âââ Step 2: Compare intended use and technology
âââ Step 3: Determine testing requirements
âââ Checkpoint: SE argument feasible?
Phase 2: Preparation
âââ Step 4: Complete performance testing
âââ Step 5: Prepare device description
âââ Step 6: Document SE comparison
âââ Step 7: Finalize labeling
âââ Checkpoint: All required sections complete?
Phase 3: Submission
âââ Step 8: Assemble submission package
âââ Step 9: Submit via eSTAR
âââ Step 10: Track acknowledgment
âââ Checkpoint: Submission accepted?
Phase 4: Review
âââ Step 11: Monitor review status
âââ Step 12: Respond to AI requests
âââ Step 13: Receive decision
âââ Verification: SE letter received?
Required Sections (21 CFR 807.87)
| Section | Content |
|---|---|
| Cover Letter | Submission type, device ID, contact info |
| Form 3514 | CDRH premarket review cover sheet |
| Device Description | Physical description, principles of operation |
| Indications for Use | Form 3881, patient population, use environment |
| SE Comparison | Side-by-side comparison with predicate |
| Performance Testing | Bench, biocompatibility, electrical safety |
| Software Documentation | Level of concern, hazard analysis (IEC 62304) |
| Labeling | IFU, package labels, warnings |
| 510(k) Summary | Public summary of submission |
Common RTA Issues
| Issue | Prevention |
|---|---|
| Missing user fee | Verify payment before submission |
| Incomplete Form 3514 | Review all fields, ensure signature |
| No predicate identified | Confirm K-number in FDA database |
| Inadequate SE comparison | Address all technological characteristics |
QSR Compliance
Quality System Regulation (21 CFR Part 820) requirements for medical device manufacturers.
Key Subsystems
| Section | Title | Focus |
|---|---|---|
| 820.20 | Management Responsibility | Quality policy, org structure, management review |
| 820.30 | Design Controls | Input, output, review, verification, validation |
| 820.40 | Document Controls | Approval, distribution, change control |
| 820.50 | Purchasing Controls | Supplier qualification, purchasing data |
| 820.70 | Production Controls | Process validation, environmental controls |
| 820.100 | CAPA | Root cause analysis, corrective actions |
| 820.181 | Device Master Record | Specifications, procedures, acceptance criteria |
Design Controls Workflow (820.30)
Step 1: Design Input
âââ Capture user needs, intended use, regulatory requirements
Verification: Inputs reviewed and approved?
Step 2: Design Output
âââ Create specifications, drawings, software architecture
Verification: Outputs traceable to inputs?
Step 3: Design Review
âââ Conduct reviews at each phase milestone
Verification: Review records with signatures?
Step 4: Design Verification
âââ Perform testing against specifications
Verification: All tests pass acceptance criteria?
Step 5: Design Validation
âââ Confirm device meets user needs in actual use conditions
Verification: Validation report approved?
Step 6: Design Transfer
âââ Release to production with DMR complete
Verification: Transfer checklist complete?
CAPA Process (820.100)
- Identify: Document nonconformity or potential problem
- Investigate: Perform root cause analysis (5 Whys, Fishbone)
- Plan: Define corrective/preventive actions
- Implement: Execute actions, update documentation
- Verify: Confirm implementation complete
- Effectiveness: Monitor for recurrence (30-90 days)
- Close: Management approval and closure
Reference: See qsr_compliance_requirements.md for detailed QSR implementation guidance.
HIPAA for Medical Devices
HIPAA requirements for devices that create, store, transmit, or access Protected Health Information (PHI).
Applicability
| Device Type | HIPAA Applies |
|---|---|
| Standalone diagnostic (no data transmission) | No |
| Connected device transmitting patient data | Yes |
| Device with EHR integration | Yes |
| SaMD storing patient information | Yes |
| Wellness app (no diagnosis) | Only if stores PHI |
Required Safeguards
Administrative (§164.308)
âââ Security officer designation
âââ Risk analysis and management
âââ Workforce training
âââ Incident response procedures
âââ Business associate agreements
Physical (§164.310)
âââ Facility access controls
âââ Workstation security
âââ Device disposal procedures
Technical (§164.312)
âââ Access control (unique IDs, auto-logoff)
âââ Audit controls (logging)
âââ Integrity controls (checksums, hashes)
âââ Authentication (MFA recommended)
âââ Transmission security (TLS 1.2+)
Risk Assessment Steps
- Inventory all systems handling ePHI
- Document data flows (collection, storage, transmission)
- Identify threats and vulnerabilities
- Assess likelihood and impact
- Determine risk levels
- Implement controls
- Document residual risk
Reference: See hipaa_compliance_framework.md for implementation checklists and BAA templates.
Device Cybersecurity
FDA cybersecurity requirements for connected medical devices.
Premarket Requirements
| Element | Description |
|---|---|
| Threat Model | STRIDE analysis, attack trees, trust boundaries |
| Security Controls | Authentication, encryption, access control |
| SBOM | Software Bill of Materials (CycloneDX or SPDX) |
| Security Testing | Penetration testing, vulnerability scanning |
| Vulnerability Plan | Disclosure process, patch management |
Device Tier Classification
Tier 1 (Higher Risk):
- Connects to network/internet
- Cybersecurity incident could cause patient harm
Tier 2 (Standard Risk):
- All other connected devices
Postmarket Obligations
- Monitor NVD and ICS-CERT for vulnerabilities
- Assess applicability to device components
- Develop and test patches
- Communicate with customers
- Report to FDA per guidance
Coordinated Vulnerability Disclosure
Researcher Report
â
Acknowledgment (48 hours)
â
Initial Assessment (5 days)
â
Fix Development
â
Coordinated Public Disclosure
Reference: See device_cybersecurity_guidance.md for SBOM format examples and threat modeling templates.
Resources
scripts/
| Script | Purpose |
|---|---|
fda_submission_tracker.py |
Track 510(k)/PMA/De Novo submission milestones and timelines |
qsr_compliance_checker.py |
Assess 21 CFR 820 compliance against project documentation |
hipaa_risk_assessment.py |
Evaluate HIPAA safeguards in medical device software |
references/
| File | Content |
|---|---|
fda_submission_guide.md |
510(k), De Novo, PMA submission requirements and checklists |
qsr_compliance_requirements.md |
21 CFR 820 implementation guide with templates |
hipaa_compliance_framework.md |
HIPAA Security Rule safeguards and BAA requirements |
device_cybersecurity_guidance.md |
FDA cybersecurity requirements, SBOM, threat modeling |
fda_capa_requirements.md |
CAPA process, root cause analysis, effectiveness verification |
Usage Examples
# Track FDA submission status
python scripts/fda_submission_tracker.py /path/to/project --type 510k
# Assess QSR compliance
python scripts/qsr_compliance_checker.py /path/to/project --section 820.30
# Run HIPAA risk assessment
python scripts/hipaa_risk_assessment.py /path/to/project --category technical