Adding a bluetooth control on the iPhone

M

mikezv

Registered
Hi,

We have a cleared device and intend to add a Bluetooth function to it to allow the user to change the intensity (same as the buttons on the device) on the iPhone.

We have conflicting opinions on whether this will require a Special 510K or a Letter to the File.

The persons requiring the Special 510K, claim it is because the Bluetooth function adds significant risk.

The persons pushing the Letter to the File, claim that the Bluetooth and mobile app are very standard and do not add any risk (as whatever risk that could be added is mitigated).

Does anyone have an opinion or has gone through this discussion?

Thanks,

Mike
 
GAGEpack - Gage & Calibration Management
Elsmar Forum Sponsor
my advice:
If the device was previously cleared with cybersecurity controls and the bluetooth function doesn't come with a significant risk - letter to file.
If the previous submission was a while back or did not include cybersecurity chapter - it would be good to do a "catch-up" submission.
And personally, I'm not a big fan of the Special 510(k) concept; don't think it's worth it.

Shimon
 
Everyone involved needs to review the guidance "Deciding When to Submit a 510k for a Change to an Existing Device". It sounds like the person pushing for the LTF is not familiar with risk management or appropriate rationales for not doing a 510k.

Adding a bluetooth control on the iPhone


Frankly this one seems like an obvious 510k to me because you are changing the control mechanism and adding wireless communication capability, but you should review the guidance yourself.
 
We have reviewed the guidance. Please remember that you need to take into account that the guidance was published in 2017. In the past 8 years wireless technology has moved forwards tremendously, and, in this specific case, poses a minimal risk to the patient (as the patient can change the intensity on the device or remove it from contact). Significant risk is considered when it can affect safety but if the risk is mitigated, then it should not be considered a significant risk.

Where you say it is obvious that it is a 510K, to those that do not see the Bluetooth as a significant risk, see it obvious as a LTF.
 
It is true that the guidance was published in 2017, but this is still how FDA expects you to assess a change. The previous version of that guidance was published in 1997 and it was certainly active until the new revision was released. FDA just doesn't update guidances very much because the regulation doesn't change. The "risk based assessment" methodology that they recommend is pretty timeless and could be applied to any technology.

I don't know all the details of your device but based on what you've already stated, the specific aspects that make me concerned about your scenario are:
1) introducing an app 2) change in the control mechanism as well as usability/user interface 3) adding compatibility with a different component/device 4) introducing new hazards (notably cybersecurity). These issues aren't related to Bluetooth as a technology, they are just fundamentally outside of the appropriate changes that you can document in a Letter to File.

1) Use of an App is my biggest issue with this whole thing. If the app is being used to control a medical device, it is also then a medical device. This device will then have its own hazards/risk profile and its own unique regulatory concerns. You can absolutely introduce new devices via a letter to file, but in this situation I don't think there's a reasonable way to justify that adding a new software app is within the boundaries of your cleared device.

mikezv said:
Significant risk is considered when it can affect safety but if the risk is mitigated, then it should not be considered a significant risk.
Click to expand...
If the change adds a new hazard/hazardous situation/risk that didn't exist previously, risk mitigation does not change whether you have to submit a 510k or not.
Adding a bluetooth control on the iPhone


You cannot justify that there is a new, significant risk but you've mitigated it appropriately and therefore no 510k. The only way to rationalize a change in risk profile is if the pre-mitigation risk level is negligible. Keep in mind that you need to assess the risk using ISO 14971 risk management processes, not a general assessment of the technology.
I use Bluetooth every day and I agree that, in general, it's a safe and normal technology and by itself it's low risk. But me and you agreeing on this doesn't actually mean that it's low risk in context of use in a device.

You can do whatever you want with your own device, but keep in mind that if you are MDSAP certified this will almost certainly come up in your next audit because they'll ask for a list of your changes/product launches and will go through your change assessment process and they will definitely be looking closely at how you determined if the change required a 510k or not.
 
mikezv said:
We have reviewed the guidance. Please remember that you need to take into account that the guidance was published in 2017. In the past 8 years wireless technology has moved forwards tremendously, and, in this specific case, poses a minimal risk to the patient (as the patient can change the intensity on the device or remove it from contact). Significant risk is considered when it can affect safety but if the risk is mitigated, then it should not be considered a significant risk.

Where you say it is obvious that it is a 510K, to those that do not see the Bluetooth as a significant risk, see it obvious as a LTF.
Click to expand...
So your position is that BLE is so ubiquitous and widespread that there can be no significant cybersecurity risk introduced to your system/product by adding a feature that allows the device to be controlled wirelessly.

I'd question if you have any cybersecurity experts on the payroll or if you have any understanding of the velocity of change in the cybersecurity environment.
 
You must log in or register to reply here.

Similar threads

M
510(k) Vs LTF for a vital signs monitor direclty interfacing with EHR
Replies
1
Views
195
mihzago
mihzago
Forum Administrator
  • Locked
  • Sticky
Terms & Conditions of Use
Replies
0
Views
20K
Forum Administrator
Forum Administrator
P
Is a new 510k needed if modifying to add bluetooth for data transmission?
2
Replies
13
Views
4K
sagai
sagai
A
Lean and ERP software
Replies
0
Views
1K
Andy Pratico
A
Marc
Guide To Inspections Of Medical Device Manufacturers - 1997 (06/08/2010)
Replies
3
Views
5K
Marc
Marc
Back
Top Bottom