Sources and References

Primary texts — Fries, Reliable Design of Medical Devices, 3rd ed. (CRC Press). Yock et al., Biodesign: The Process of Innovating Medical Technologies, 2nd ed. (Cambridge).

Supplementary texts — Ogrodnik, Medical Device Design: Innovation from Concept to Market, 2nd ed. (Academic Press). Kucklick, The Medical Device R&D Handbook, 2nd ed. (CRC Press). Wiklund, Kendler, and Strochlic, Usability Testing of Medical Devices, 2nd ed. (CRC).

Online resources — FDA guidance documents: Design Control Guidance for Medical Device Manufacturers, Applying Human Factors and Usability Engineering to Medical Devices, General Principles of Software Validation. Health Canada Guidance Document: How to Complete a New Medical Device License Application. ISO 13485 QMS, ISO 14971 risk management, IEC 62304 software, IEC 62366 usability, ISO 10993 biocompatibility.

Chapter 1: The Regulated Product Landscape

1.1 What “Medical Device” Means

Health Canada’s Medical Devices Regulations define a device by its intended use for medical purposes — diagnosis, treatment, mitigation, or prevention of disease — without achieving its primary effect through pharmacological, immunological, or metabolic means. The intended-use statement, written by the manufacturer, determines classification, regulatory pathway, and required evidence.

1.2 Classification

Health Canada uses four classes by ascending risk (I to IV); the FDA uses three (I, II, III); the EU under MDR uses four (I, IIa, IIb, III). Classification depends on invasiveness, duration of contact, active vs non-active status, energy delivery, and criticality of function. A Class I surgical tool, a Class II diagnostic ultrasound, and a Class IV implantable defibrillator trace distinct regulatory paths.

Chapter 2: Regulatory Pathways

2.1 Canada

Class I devices require only a Medical Device Establishment Licence for the manufacturer/importer. Class II, III, and IV require a Medical Device Licence and ISO 13485 certification under MDSAP. Licence applications scale from a declaration (Class II) to full safety-and-effectiveness evidence (Class III and IV).

2.2 United States

510(k) premarket notification requires a predicate device and substantial-equivalence demonstration; De Novo applies when no predicate exists but risk is low-to-moderate; PMA (premarket approval) applies to Class III devices and demands clinical evidence of safety and effectiveness.

2.3 European Union

The MDR (2017/745) replaces the MDD with stricter requirements: more detailed technical documentation, Unique Device Identification, EUDAMED registration, post-market clinical follow-up, and Notified Body oversight for all classes above I.

2.4 Software as a Medical Device

IMDRF framework classifies SaMD by severity (critical, serious, non-serious) and significance (treat/diagnose, drive, inform). Classification drives the required software lifecycle rigour under IEC 62304 (safety classes A, B, C).

Chapter 3: Design Controls

3.1 The Design Control Framework

21 CFR 820.30 and ISO 13485 §7.3 require a documented design-control system with planned phases, design inputs, design outputs, design reviews, verification, validation, transfer, and changes. The Design History File assembles the evidence.

3.2 Inputs and Outputs

Design inputs derive from user needs, intended use, and regulatory requirements. They must be complete, unambiguous, verifiable, and not in conflict. Design outputs — drawings, specs, code, labels — must satisfy inputs and include acceptance criteria for acquired components. Traceability matrices link inputs to outputs, verification, and validation.

3.3 Verification and Validation

Verification asks “did we build the device right?”; validation asks “did we build the right device?”. Verification is laboratory and bench testing against specifications; validation is evaluation in actual or simulated use by intended users to confirm user needs are met. Both must be planned, executed per protocol, and documented.

Chapter 4: Risk Management

4.1 ISO 14971 Process

Risk management is continuous through the product lifecycle: plan, identify hazards, analyze risks, evaluate, control, evaluate residual, and review. Hazard-identification techniques include preliminary hazard analysis, fault-tree analysis, and FMEA at component, subsystem, and use levels.

4.2 Risk Quantification

Risk combines severity and probability. Scales range from qualitative (low/medium/high) to numeric 1–5 ladders. Risk-acceptance criteria are set by the organization, subject to regulatory review. The principle is risk reduction as far as possible without introducing unacceptable tradeoffs, followed by risk-benefit analysis for any residual risk.

4.3 Risk Control Hierarchy

Controls are prioritized: inherent safety by design, protective measures in the device itself, and information for safety (labels, warnings, training). Warnings are the weakest control and appropriate only when design and protective measures have been applied.

Chapter 5: Non-Clinical and Clinical Testing

5.1 Biocompatibility

ISO 10993 defines biological evaluation: categorize by contact type (surface, external-communicating, implant) and duration (limited, prolonged, permanent), then select endpoints (cytotoxicity, sensitization, irritation, systemic toxicity, genotoxicity, implantation, hemocompatibility). Results feed the biological evaluation report, reviewed as part of the submission.

5.2 Electrical Safety and EMC

IEC 60601-1 covers basic safety and essential performance of medical electrical equipment; its particular standards (60601-2-xx) cover specific device types. IEC 60601-1-2 covers electromagnetic compatibility. Tests include dielectric strength, leakage current (patient, earth, enclosure), mechanical robustness, and EMC immunity/emission.

5.3 Clinical Evaluation

For Class III/IV (Canada), PMA (U.S.), and Class III or implantable (EU), clinical evidence is required. Investigational study design — randomized controlled, single-arm with performance goal, real-world evidence — is chosen with regulators under ISO 14155 and FDA IDE. Ethical oversight through IRB/REB and informed consent is non-negotiable.

Chapter 6: Commercialization and Post-Market

6.1 Design Transfer and Manufacturing

Design transfer translates design outputs into production specifications. ISO 13485 mandates a quality management system covering purchasing controls, process validation (especially where output cannot be fully verified — sterilization, welding, molding), identification and traceability, and product release.

6.2 Labelling and IFU

Labels communicate identity, intended use, warnings, and handling. Instructions for Use, written for the intended user, must support safe and effective use without additional training where reasonable. Symbols per ISO 15223-1 carry regulatory meaning globally.

6.3 Post-Market Surveillance

Once marketed, the manufacturer has ongoing obligations: complaint handling, mandatory problem reporting, Field Safety Corrective Actions, periodic safety update reports, and post-market clinical follow-up. Data feed back into risk management, driving design changes, recalls, or label updates.

6.4 Economic and Business Considerations

Regulatory strategy is inseparable from business strategy. Choosing a 510(k) predicate vs a De Novo, pursuing Class IIb MDR vs FDA PMA first, or aligning with MDSAP for simultaneous multi-country access all have cost, timeline, and market-access implications. The competent biomedical product manager quantifies these tradeoffs early and revisits them as evidence accumulates.