FDA法规咨询专家：医疗器械510(k)提交、QSR质量体系与网络安全合规指南

fda-consultant-specialist by alirezarezvani/claude-skills

158 周安装量

6,700 GitHub Stars

GitHub

安装命令

npx skills add https://github.com/alirezarezvani/claude-skills --skill fda-consultant-specialist

质量管理医疗科技法律合规

🇨🇳中文介绍

FDA 顾问专家

为医疗器械制造商提供 FDA 法规咨询，涵盖提交途径、质量体系法规、HIPAA 合规性和设备网络安全要求。

FDA 途径选择

根据设备分类和可参考的已上市器械，确定合适的 FDA 监管途径。

决策框架

Predicate device exists?
├── YES → Substantially equivalent?
│   ├── YES → 510(k) Pathway
│   │   ├── No design changes → Abbreviated 510(k)
│   │   ├── Manufacturing only → Special 510(k)
│   │   └── Design/performance → Traditional 510(k)
│   └── NO → PMA or De Novo
└── NO → Novel device?
    ├── Low-to-moderate risk → De Novo
    └── High risk (Class III) → PMA

途径对比

途径	适用情况	时间线	成本
510(k) Traditional	存在已上市器械，设计变更	90 天	$21,760

广告位招租

在这里展示您的产品或服务

触达数万 AI 开发者，精准高效

联系我们

必需章节 (21 CFR 807.87)

章节	内容
Cover Letter	提交类型、设备标识、联系信息
Form 3514	CDRH 上市前审查封面页
Device Description	物理描述、工作原理
Indications for Use	Form 3881、患者群体、使用环境
SE Comparison	与已上市器械的并列对比
Performance Testing	台架测试、生物相容性、电气安全
Software Documentation	关注等级、危害分析 (IEC 62304)
Labeling	使用说明书、包装标签、警告
510(k) Summary	提交的公开摘要

问题	预防措施
Missing user fee	提交前核实付款
Incomplete Form 3514	检查所有字段，确保签名
No predicate identified	在 FDA 数据库中确认 K 编号
Inadequate SE comparison	涵盖所有技术特性

医疗器械制造商的质量体系法规要求 (21 CFR Part 820)。

章节	标题	重点
820.20	Management Responsibility	质量方针、组织结构、管理评审
820.30	Design Controls	输入、输出、评审、验证、确认
820.40	Document Controls	批准、分发、变更控制
820.50	Purchasing Controls	供应商资质、采购数据
820.70	Production Controls	过程验证、环境控制
820.100	CAPA	根本原因分析、纠正措施
820.181	Device Master Record	规格、程序、验收标准

设计控制工作流程 (820.30)

Step 1: Design Input
└── Capture user needs, intended use, regulatory requirements
    Verification: Inputs reviewed and approved?

Step 2: Design Output
└── Create specifications, drawings, software architecture
    Verification: Outputs traceable to inputs?

Step 3: Design Review
└── Conduct reviews at each phase milestone
    Verification: Review records with signatures?

Step 4: Design Verification
└── Perform testing against specifications
    Verification: All tests pass acceptance criteria?

Step 5: Design Validation
└── Confirm device meets user needs in actual use conditions
    Verification: Validation report approved?

Step 6: Design Transfer
└── Release to production with DMR complete
    Verification: Transfer checklist complete?

CAPA 流程 (820.100)

识别：记录不符合项或潜在问题
调查：执行根本原因分析 (5 Whys、鱼骨图)
计划：定义纠正/预防措施
实施：执行措施，更新文档
验证：确认实施完成
有效性：监控复发情况 (30-90 天)
关闭：管理层批准并关闭

参考： 有关详细的 QSR 实施指南，请参阅 qsr_compliance_requirements.md。

医疗器械 HIPAA 要求

适用于创建、存储、传输或访问受保护健康信息的设备的 HIPAA 要求。

设备类型	HIPAA 适用性
Standalone diagnostic (no data transmission)	No
Connected device transmitting patient data	Yes
Device with EHR integration	Yes
SaMD storing patient information	Yes
Wellness app (no diagnosis)	Only if stores PHI

必需的安全防护措施

Administrative (§164.308)
├── Security officer designation
├── Risk analysis and management
├── Workforce training
├── Incident response procedures
└── Business associate agreements

Physical (§164.310)
├── Facility access controls
├── Workstation security
└── Device disposal procedures

Technical (§164.312)
├── Access control (unique IDs, auto-logoff)
├── Audit controls (logging)
├── Integrity controls (checksums, hashes)
├── Authentication (MFA recommended)
└── Transmission security (TLS 1.2+)

清点所有处理 ePHI 的系统
记录数据流 (收集、存储、传输)
识别威胁和漏洞
评估可能性和影响
确定风险等级
实施控制措施
记录剩余风险

参考： 有关实施检查清单和 BAA 模板，请参阅 hipaa_compliance_framework.md。

联网医疗器械的 FDA 网络安全要求。

要素	描述
Threat Model	STRIDE 分析、攻击树、信任边界
Security Controls	身份验证、加密、访问控制
SBOM	软件物料清单 (CycloneDX 或 SPDX)
Security Testing	渗透测试、漏洞扫描
Vulnerability Plan	披露流程、补丁管理

第 1 层 (较高风险):

连接到网络/互联网
网络安全事件可能导致患者伤害

第 2 层 (标准风险):

所有其他联网设备

监控 NVD 和 ICS-CERT 的漏洞信息
评估漏洞对设备组件的适用性
开发和测试补丁
与客户沟通
根据指南向 FDA 报告

Researcher Report
    ↓
Acknowledgment (48 hours)
    ↓
Initial Assessment (5 days)
    ↓
Fix Development
    ↓
Coordinated Public Disclosure

参考： 有关 SBOM 格式示例和威胁建模模板，请参阅 device_cybersecurity_guidance.md。

脚本	用途
`fda_submission_tracker.py`	跟踪 510(k)/PMA/De Novo 提交里程碑和时间线
`qsr_compliance_checker.py`	根据项目文档评估 21 CFR 820 合规性
`hipaa_risk_assessment.py`	评估医疗器械软件中的 HIPAA 安全防护措施

文件	内容
`fda_submission_guide.md`	510(k)、De Novo、PMA 提交要求和检查清单
`qsr_compliance_requirements.md`	21 CFR 820 实施指南及模板
`hipaa_compliance_framework.md`	HIPAA 安全规则防护措施和 BAA 要求
`device_cybersecurity_guidance.md`	FDA 网络安全要求、SBOM、威胁建模
`fda_capa_requirements.md`	CAPA 流程、根本原因分析、有效性验证

# Track FDA submission status
python scripts/fda_submission_tracker.py /path/to/project --type 510k

# Assess QSR compliance
python scripts/qsr_compliance_checker.py /path/to/project --section 820.30

# Run HIPAA risk assessment
python scripts/hipaa_risk_assessment.py /path/to/project --category technical

🇺🇸English

FDA Consultant Specialist

FDA regulatory consulting for medical device manufacturers covering submission pathways, Quality System Regulation (QSR), HIPAA compliance, and device cybersecurity requirements.

FDA Pathway Selection
510(k) Submission Process
QSR Compliance
HIPAA for Medical Devices
Device Cybersecurity
Resources

FDA Pathway Selection

Determine the appropriate FDA regulatory pathway based on device classification and predicate availability.

Decision Framework

Predicate device exists?
├── YES → Substantially equivalent?
│   ├── YES → 510(k) Pathway
│   │   ├── No design changes → Abbreviated 510(k)
│   │   ├── Manufacturing only → Special 510(k)
│   │   └── Design/performance → Traditional 510(k)
│   └── NO → PMA or De Novo
└── NO → Novel device?
    ├── Low-to-moderate risk → De Novo
    └── High risk (Class III) → PMA

Pathway Comparison

Pathway	When to Use	Timeline	Cost
510(k) Traditional	Predicate exists, design changes	90 days	$21,760
510(k) Special	Manufacturing changes only	30 days	$21,760
510(k) Abbreviated	Guidance/standard conformance	30 days	$21,760
De Novo	Novel, low-moderate risk	150 days	$134,676
PMA	Class III, no predicate	180+ days	$425,000+

Pre-Submission Strategy

Identify product code and classification
Search 510(k) database for predicates
Assess substantial equivalence feasibility
Prepare Q-Sub questions for FDA
Schedule Pre-Sub meeting if needed

Reference: See fda_submission_guide.md for pathway decision matrices and submission requirements.

510(k) Submission Process

Workflow

Phase 1: Planning
├── Step 1: Identify predicate device(s)
├── Step 2: Compare intended use and technology
├── Step 3: Determine testing requirements
└── Checkpoint: SE argument feasible?

Phase 2: Preparation
├── Step 4: Complete performance testing
├── Step 5: Prepare device description
├── Step 6: Document SE comparison
├── Step 7: Finalize labeling
└── Checkpoint: All required sections complete?

Phase 3: Submission
├── Step 8: Assemble submission package
├── Step 9: Submit via eSTAR
├── Step 10: Track acknowledgment
└── Checkpoint: Submission accepted?

Phase 4: Review
├── Step 11: Monitor review status
├── Step 12: Respond to AI requests
├── Step 13: Receive decision
└── Verification: SE letter received?

Required Sections (21 CFR 807.87)

Section	Content
Cover Letter	Submission type, device ID, contact info
Form 3514	CDRH premarket review cover sheet
Device Description	Physical description, principles of operation
Indications for Use	Form 3881, patient population, use environment
SE Comparison	Side-by-side comparison with predicate
Performance Testing	Bench, biocompatibility, electrical safety
Software Documentation	Level of concern, hazard analysis (IEC 62304)
Labeling	IFU, package labels, warnings
510(k) Summary	Public summary of submission

Common RTA Issues

Issue	Prevention
Missing user fee	Verify payment before submission
Incomplete Form 3514	Review all fields, ensure signature
No predicate identified	Confirm K-number in FDA database
Inadequate SE comparison	Address all technological characteristics

QSR Compliance

Quality System Regulation (21 CFR Part 820) requirements for medical device manufacturers.

Key Subsystems

Section	Title	Focus
820.20	Management Responsibility	Quality policy, org structure, management review
820.30	Design Controls	Input, output, review, verification, validation
820.40	Document Controls	Approval, distribution, change control
820.50	Purchasing Controls	Supplier qualification, purchasing data
820.70	Production Controls	Process validation, environmental controls
820.100	CAPA	Root cause analysis, corrective actions
820.181	Device Master Record	Specifications, procedures, acceptance criteria

Design Controls Workflow (820.30)

Step 1: Design Input
└── Capture user needs, intended use, regulatory requirements
    Verification: Inputs reviewed and approved?

Step 2: Design Output
└── Create specifications, drawings, software architecture
    Verification: Outputs traceable to inputs?

Step 3: Design Review
└── Conduct reviews at each phase milestone
    Verification: Review records with signatures?

Step 4: Design Verification
└── Perform testing against specifications
    Verification: All tests pass acceptance criteria?

Step 5: Design Validation
└── Confirm device meets user needs in actual use conditions
    Verification: Validation report approved?

Step 6: Design Transfer
└── Release to production with DMR complete
    Verification: Transfer checklist complete?

CAPA Process (820.100)

Identify : Document nonconformity or potential problem
Investigate : Perform root cause analysis (5 Whys, Fishbone)
Plan : Define corrective/preventive actions
Implement : Execute actions, update documentation
Verify : Confirm implementation complete
Effectiveness : Monitor for recurrence (30-90 days)
Close : Management approval and closure

Reference: See qsr_compliance_requirements.md for detailed QSR implementation guidance.

HIPAA for Medical Devices

HIPAA requirements for devices that create, store, transmit, or access Protected Health Information (PHI).

Applicability

Device Type	HIPAA Applies
Standalone diagnostic (no data transmission)	No
Connected device transmitting patient data	Yes
Device with EHR integration	Yes
SaMD storing patient information	Yes
Wellness app (no diagnosis)	Only if stores PHI

Required Safeguards

Administrative (§164.308)
├── Security officer designation
├── Risk analysis and management
├── Workforce training
├── Incident response procedures
└── Business associate agreements

Physical (§164.310)
├── Facility access controls
├── Workstation security
└── Device disposal procedures

Technical (§164.312)
├── Access control (unique IDs, auto-logoff)
├── Audit controls (logging)
├── Integrity controls (checksums, hashes)
├── Authentication (MFA recommended)
└── Transmission security (TLS 1.2+)

Risk Assessment Steps

Inventory all systems handling ePHI
Document data flows (collection, storage, transmission)
Identify threats and vulnerabilities
Assess likelihood and impact
Determine risk levels
Implement controls
Document residual risk

Reference: See hipaa_compliance_framework.md for implementation checklists and BAA templates.

Device Cybersecurity

FDA cybersecurity requirements for connected medical devices.

Premarket Requirements

Element	Description
Threat Model	STRIDE analysis, attack trees, trust boundaries
Security Controls	Authentication, encryption, access control
SBOM	Software Bill of Materials (CycloneDX or SPDX)
Security Testing	Penetration testing, vulnerability scanning
Vulnerability Plan	Disclosure process, patch management

Device Tier Classification

Tier 1 (Higher Risk):

Connects to network/internet
Cybersecurity incident could cause patient harm

Tier 2 (Standard Risk):

All other connected devices

Postmarket Obligations

Monitor NVD and ICS-CERT for vulnerabilities
Assess applicability to device components
Develop and test patches
Communicate with customers
Report to FDA per guidance

Coordinated Vulnerability Disclosure

Researcher Report
    ↓
Acknowledgment (48 hours)
    ↓
Initial Assessment (5 days)
    ↓
Fix Development
    ↓
Coordinated Public Disclosure

Reference: See device_cybersecurity_guidance.md for SBOM format examples and threat modeling templates.

Resources

scripts/

Script	Purpose
`fda_submission_tracker.py`	Track 510(k)/PMA/De Novo submission milestones and timelines
`qsr_compliance_checker.py`	Assess 21 CFR 820 compliance against project documentation
`hipaa_risk_assessment.py`	Evaluate HIPAA safeguards in medical device software

references/

File	Content
`fda_submission_guide.md`	510(k), De Novo, PMA submission requirements and checklists
`qsr_compliance_requirements.md`	21 CFR 820 implementation guide with templates
`hipaa_compliance_framework.md`	HIPAA Security Rule safeguards and BAA requirements
`device_cybersecurity_guidance.md`	FDA cybersecurity requirements, SBOM, threat modeling
`fda_capa_requirements.md`	CAPA process, root cause analysis, effectiveness verification

Usage Examples

# Track FDA submission status
python scripts/fda_submission_tracker.py /path/to/project --type 510k

# Assess QSR compliance
python scripts/qsr_compliance_checker.py /path/to/project --section 820.30

# Run HIPAA risk assessment
python scripts/hipaa_risk_assessment.py /path/to/project --category technical

Weekly Installs

157

Repository

alirezarezvani/…e-skills

GitHub Stars

4.1K

First Seen

Jan 20, 2026

Security Audits

Gen Agent Trust HubPass SocketPass SnykPass

Installed on

claude-code135

opencode117

gemini-cli115

codex107

cursor104

github-copilot94

技术债务管理工具 - 系统识别、分类、优先级排序与修复计划 | 开发效率提升

587 周安装

FDA法规咨询专家：医疗器械510(k)提交、QSR质量体系与网络安全合规指南

🇨🇳中文介绍

FDA 顾问专家

目录

FDA 途径选择

决策框架

途径对比

相关 Skills

预提交策略

510(k) 提交流程

工作流程

必需章节 (21 CFR 807.87)

常见 RTA 问题

QSR 合规性

关键子系统

设计控制工作流程 (820.30)

CAPA 流程 (820.100)

医疗器械 HIPAA 要求

适用性

必需的安全防护措施

风险评估步骤

设备网络安全

上市前要求

设备层级分类

上市后义务

协调漏洞披露

资源

scripts/

references/

使用示例

🇺🇸English

FDA Consultant Specialist

Table of Contents

FDA Pathway Selection

Decision Framework

Pathway Comparison

Pre-Submission Strategy

510(k) Submission Process

Workflow

Required Sections (21 CFR 807.87)

Common RTA Issues

QSR Compliance

Key Subsystems

Design Controls Workflow (820.30)

CAPA Process (820.100)

HIPAA for Medical Devices

Applicability

Required Safeguards

Risk Assessment Steps

Device Cybersecurity

Premarket Requirements

Device Tier Classification

Postmarket Obligations

Coordinated Vulnerability Disclosure

Resources

scripts/

references/

Usage Examples

最新 Skills