Comprehensive FDA Consultant Specialist

A specialized skill for FDA regulatory consulting — covering medical device classification, 510(k) and PMA submission preparation, Quality System Regulation (QSR) compliance, HIPAA requirements, cybersecurity guidance, and post-market surveillance under FDA frameworks.

When to Use This Skill

Choose Comprehensive FDA Consultant Specialist when you need to:

• Determine the correct FDA submission pathway for a medical device
• Prepare 510(k) or PMA submission documentation
• Audit Quality System Regulation (21 CFR 820) compliance
• Assess cybersecurity requirements for connected medical devices
• Plan post-market surveillance and adverse event reporting

Consider alternatives when:

• You need pharmaceutical (drug) regulatory guidance (different FDA division)
• You need EU MDR/CE marking guidance (use a European regulatory skill)
• You need clinical trial design (use a clinical research skill)

Quick Start

Copy
# Determine device classification and submission pathway
claude "Classify a wearable ECG monitor that uses AI to detect arrhythmias. Determine the FDA submission pathway, product code, and key regulatory requirements."

Copy
# FDA Regulatory Assessment
## Device: AI-Enabled Wearable ECG Monitor

### Classification
- **Product Code**: DPS (Electrocardiograph, Software Analysis)
- **Regulation**: 21 CFR 870.2340
- **Class**: II (with Special Controls)
- **Submission Pathway**: 510(k) — De Novo if no predicate

### Predicate Device Search
| Predicate        | Company    | 510(k) #   | Similarity     |
|-----------------|------------|-------------|----------------|
| KardiaMobile    | AliveCor   | K143734     | High — single-lead ECG |
| Apple Watch ECG | Apple      | DEN180044   | Moderate — wrist-based |

### Key Regulatory Requirements
1. Software as Medical Device (SaMD) documentation
2. Clinical validation of arrhythmia detection algorithm
3. Cybersecurity pre-market submission per FDA guidance
4. Electromagnetic compatibility (EMC) testing
5. Biocompatibility testing (ISO 10993) for skin contact
6. Human factors/usability engineering (IEC 62366)

### Estimated Timeline
- Pre-submission meeting: 2-3 months
- 510(k) preparation: 4-6 months
- FDA review: 90-180 days (MDUFA goals)

Core Concepts

FDA Submission Pathways

Pathway	Device Class	Risk Level	Timeline	Cost
510(k)	II	Moderate	90-180 days	$13K-$21K
De Novo	I/II (novel)	Low-Mod	150-300 days	$107K
PMA	III	High	180-360 days	$400K+
HDE	III (rare)	High	75 days	Reduced
Exempt	I	Low	None	None

Quality System Regulation (21 CFR 820) Structure

Copy
## QSR Subsystem Requirements

### Design Controls (820.30)
- Design planning and input requirements
- Design output and verification
- Design validation with clinical users
- Design transfer to manufacturing
- Design history file (DHF)

### Production Controls (820.70-820.90)
- Process validation (IQ/OQ/PQ)
- Incoming material inspection
- In-process and final inspection
- Nonconforming product procedures
- Device history record (DHR)

### CAPA System (820.90)
- Corrective and preventive action procedures
- Root cause analysis methodology
- Effectiveness verification criteria
- Management review of CAPA trends

### Document Controls (820.40)
- Document approval and distribution
- Change control procedures
- Record retention requirements

Cybersecurity Requirements

Copy
## FDA Cybersecurity Documentation (Pre-Market)

### Threat Modeling
- Asset identification (data, functions, interfaces)
- Threat identification (STRIDE or equivalent)
- Risk assessment (likelihood × impact)
- Mitigation strategy for each threat

### Security Architecture
| Component          | Requirement                        |
|-------------------|------------------------------------|
| Authentication    | Multi-factor for clinical features |
| Data encryption   | AES-256 at rest, TLS 1.3 in transit|
| Software updates  | Authenticated and validated updates|
| Audit logging     | Tamper-evident activity logs       |
| Access control    | Role-based, least privilege        |

### SBOM (Software Bill of Materials)
- List all third-party components
- Track known vulnerabilities (CVE)
- Plan for ongoing monitoring and patching
- Document end-of-support timelines

Configuration

Parameter	Description	Example
device_type	Medical device category	"wearable ECG"
device_class	FDA device classification	"II"
submission_type	Regulatory submission pathway	"510k" / "pma"
has_software	Device includes software/AI	true
connectivity	Network connectivity type	"bluetooth" / "wifi"
output_format	Documentation output format	"markdown" / "docx"

Best Practices

1. Request a pre-submission (Q-Sub) meeting before filing — A pre-submission meeting with FDA costs nothing and provides written feedback on your classification, testing strategy, and submission content. Skipping this step is the number one cause of unnecessary review cycles and refusal-to-accept letters.

2. Build your Design History File concurrently, not retrospectively — The DHF should grow alongside development, not be assembled after the product is built. Reconstructing design inputs, verification records, and design reviews after the fact is expensive and frequently results in gaps that auditors catch.

3. Validate your AI/ML algorithm with a locked dataset — FDA expects SaMD validation on a pre-specified, locked test dataset that the algorithm has never seen during training. Document your dataset split methodology, inclusion/exclusion criteria, and ground truth labeling process. Post-hoc dataset selection raises immediate credibility concerns.

4. Document your cybersecurity threat model before writing code — FDA's cybersecurity guidance requires a systematic threat model. Starting security analysis after development is complete means retrofitting controls into an architecture that wasn't designed for them, which is always more expensive and less effective.

5. Maintain a regulatory intelligence tracking system — FDA guidance documents, recognized standards, and product codes change regularly. Assign someone to monitor Federal Register notices and FDA's guidance page monthly. Using outdated standards in a submission triggers review questions.

Common Issues

Choosing the wrong predicate device — A predicate must have the same intended use AND similar technological characteristics. Picking a predicate with a different indication or fundamentally different technology will result in a Not Substantially Equivalent determination and waste months of preparation time. Conduct a thorough predicate search using FDA's 510(k) database and accessdata.fda.gov.

Underestimating software documentation requirements — FDA treats software as a critical design output with its own documentation requirements (software requirements, architecture, testing, and risk analysis at each level). Teams that treat software as "just code" face extensive Additional Information requests. Follow IEC 62304 software lifecycle standard from the start.

Post-market surveillance gaps — Getting FDA clearance is only half the battle. You must maintain a complaint handling system, report adverse events within regulatory timeframes (MDR/MedWatch), and conduct post-market surveillance. Companies that treat clearance as the finish line face enforcement actions when post-market obligations go unfulfilled.