- January 8, 2023
- US Government
The Consolidated Appropriations Act, 2023 Brings Changes to Medical Device Requirements
Division FF "HEALTH AND HUMAN SERVICES" of the Consolidated Appropriations Act - signed into law by President Biden at the end of 2022 - contains a subtitle on medical devices which main sections are summarised hereafter:
SEC. 3301. DUAL SUBMISSION FOR CERTAIN DEVICES
The Federal Food, Drug, and Cosmetic Act is amended to allow the sponsor of a device that has been authorized for emergency use by the US Food and Drug Administration (FDA) to submit a single submission containing the information needed for a request for classification under section 513(f)(2) of the Act, as well as sufficient information for the FDA to determine whether a laboratory examination or procedure associated with the device satisfies the criteria to be categorized under section 353(d)(3) of the Public Health Service Act. This provision applies to devices for which the FDA has deemed the laboratory examination or procedure to be in the category of examinations and procedures described in section 353(d)(3) of the Public Health Service Act.
SEC. 3302. MEDICAL DEVICES ADVISORY COMMITTEE MEETINGS.
The US Secretary of Health and Human Services shall convene one or more panels of the Medical Devices Advisory Committee at least once per year to provide advice on topics related to medical devices used in pandemic preparedness and response, including in vitro diagnostics. The panels must include at least one population health-specific representative. This provision will expire on October 1, 2027.
SEC. 3305. ENSURING CYBERSECURITY OF MEDICAL DEVICES
This section outlines requirements for ensuring the cybersecurity of devices that are submitted for approval or clearance by the FDA under certain sections of the Federal Food, Drug, and Cosmetic Act. These requirements apply to devices that meet the definition of a "cyber device," which is a device that includes software, has internet connectivity, and contains technological characteristics that could be vulnerable to cybersecurity threats. The sponsor of an application or submission for such a device must submit to the FDA a plan for monitoring and addressing postmarket cybersecurity vulnerabilities and exploits, design and maintain processes for ensuring the device and related systems are cybersecure, provide a software bill of materials to the FDA, and comply with other requirements as necessary to demonstrate reasonable assurance that the device and related systems are cybersecure. The FDA may exempt certain devices or categories of devices from these requirements. The amendments made by this regulatory text will take effect 90 days after the date of enactment and will not apply to applications or submissions submitted before that date. The FDA, in consultation with the Cybersecurity and Infrastructure Security Agency, is also required to review and issue guidance on device cybersecurity for industry and FDA staff within two years of the date of enactment and periodically thereafter as appropriate.
SEC. 3306. BANS OF DEVICES FOR ONE OR MORE INTENDED USES