These are the standards, guidance documents, and so forth that are used for developing typical medical devices. I’ll try to keep this up to date. I’ve generally referred to the editions/versions that I’ve used most recently, which may be different from the latest version in effect.
When I can, I have a link to a source for the document, either a free copy (e.g., FDA documents) or the purchase page at evs.ee where most of them can be purchased for a seriously deep discount.
Standards, guidance documents and so forth should be generally thought of as product requirements. It’s quite important to identify, at the start of a project, the ones that apply to what we’re doing.
To check on which standards are recognized by the FDA you can use the searchable FDA database of recognized standards. These can be used, when appropriate, to demonstrate device safety and efficacy. Most are specific to a type of device. The database is searchable by keywords such as electrocardiogram, cybersecurity, and so forth.
The Basic Standards
These apply to pretty much all medical devices with embedded or desktop computers.
| Standard | Title | Comments |
| ISO 13485 | Medical devices — Quality management systems — Requirements for regulatory purposes | Basic quality management system standard, referenced by many other standards. Also requires the amendment, which is free. |
| IEC 62304 | Medical device software – Software life-cycle processes | Basic software lifecycle standard |
| ISO 14971 | Medical devices – Application of risk management to medical devices | Basic risk management, referenced by many other standards. Price is for the redlined version from prior version (includes non-redlined version) |
| ISO 60601-1 | Medical electrical equipment – Part 1: General requirements for basic safety and essential performance (IEC 60601-1:2006) | Basic safety standard – the top level for other 60601 safety standards. |
| 60601-1:2006/A12:2014 | Amendment to 60601-1 | |
| 61025 | Fault tree analysis (FTA) | Called out by 14971 as a way to perform risk analysis, and I prefer it to FMEA. Don’t necessarily need to follow this, but it provides useful information. |
| 60601-1-2 | Medical electrical equipment – Part 1-2: General requirements for basic safety and essential performance – Collateral standard: Electromagnetic disturbances – Requirements and tests | Required. Automatically achieves FDA regulations for unintentional RF radiators. |
| 60601-1-6 | Medical electrical equipment — Part 1-6: General requirements for basic safety and essential performance – Collateral Standard: Usability | Required |
| IEC60601-1-8:2006 | Medical electrical equipment — Part 1-8: General requirements for basic safety and essential performance — Collateral standard: General requirements, tests and guidance for alarm systems in medical electrical equipment and medical electrical systems | Optional last time I checked |
| ISO 62366 | Medical devices — Part 1: Application of usability engineering to medical devices | Mandatory now I think |
| ISO 10993 | Biological evaluation of medical devices — Part 1: Evaluation and testing within a risk management process | Biocompatibility. We probably don’t need to deal with this standard other than knowing that part which come in contact with patient need to be made from materials which meet this standard. |
| ANSI/AAMI HE 75:2009 | Human factors engineering — Design of medical devices (Design Principles Standard) | Some good advice. Not mandatory. |
| FCC Part 15 | Regulations on radiated RF | Meeting 60601-1-2 is sufficient to meet Part 15 for unintentional emissions. Intentional emissions, e.g., WiFi, is another matter – either use a module and antenna that are pre-certified, or need to get certified by a test house (expensive). |
| ANSI/AAMI SW91 | Classification Of Defects In Health Software | Referenced in new (11/2021) FDA draft guidance on content of 510k software submission. Not familiar with it yet. Not available at evs.ee |
FDA
Cybersecurity page that includes links to guidance documents.
Radio Frequency Wireless Technology in Medical Devices – Guidance for Industry and FDA Staff
Policy for Device Software Functions and Mobile Medical Applications
How to Prepare a Traditional 510(k) | FDA
Guidance for the Content of Premarket Submissions for Software Contained in Medical Devices | FDA
Acceptance Checklists for 510(k)s | FDA
Other Regulatory
FDA Guidance Documents
Cybersecurity information | FDA including links to guidance documents.
Policy for Device Software Functions and Mobile Medical Applications | FDA
Clinical Decision Support Software | FDA
General Wellness: Policy for Low Risk Devices | FDA
eSTAR PDF Template for Medical Device Submissions | FDA
How to Prepare a Traditional 510(k) | FDA
Guidance for the Content of Premarket Submissions for Software Contained in Medical Devices | FDA
Acceptance Checklists for 510(k)s | FDA
Guidance on Deciding When to Submit a 510(k) for a Change to an Existing Device | FDA
Deciding When to Submit a 510(k) for a Software Change to an Existing Device | FDA
HIPAA
A good overview of HIPAA. Note that device makers are not responsible for HIPAA, but our customers (healthcare providers) are. Our job is to support the enabling features that they’re looking for.
EU environmental regulations
The EU requires manufacturers to be environmentally responsible. Here are the major regulations. (My book contains in-a-nutshell overviews of these.)
| RoHS | Restriction of Hazardous Substances. | Mandated in EU, typically accommodated elsewhere. Mainly a matter of specifying components that meet RoHS which is easy to do. |
| REACH | Registration, Evaluation, Authorization and Restriction of Chemicals. | Mandated in EU. Compliments RoHS. Requires reporting the amounts used of certain chemicals, bans some other chemicals. |
| WEEE | Waste from Electrical and Electronic Equipment | Mandated in EU. Covers the treatment, recovery and recycling of electric and electronic equipment. |