Blogs

De Novo classification process: a beginner's guide

Bethaney Lentz

December 23, 2021

4 min read

This article is an excerpt from The beginner's guide to the FDA De Novo classification process ebook.

Introduction

Congratulations, you have successfully developed a new medical device! Now you need to take it to market. Normally in the United States this would mean completing a 510(k) submission. However, the 510(k) relies on “substantial equivalence”—a comparison to a similar device already on the market (also called a predicate device) to assess the risk profile of the new device. What if your device is totally new, and there isn’t a similar device to compare it to? Enter the FDA De Novo process. The De Novo process provides a pathway to market for novel devices with a low to medium risk profile.

What does De Novo mean?

According to the Merriman-Webster dictionary, de novo is a Latin word meaning “as if for the first time; or anew.” Perfectly fitting that the FDA uses this term “De Novo” to describe market approval requests for new medical devices or technology where there is no comparable predicate device on the market.

Chatper 1: What is an FDA De Novo request?

The Food and Drug Administration Modernization Act of 1996 provided the FDA with the authority to create the De Novo Classification Process. It's a process that uses a risk-based strategy for a new, novel kind of medical device, in vitro diagnostic, or medical software solution whose type has previously not been identified and/or classified. It’s a process by which a novel medical device can be classified as a Class I or Class II device, instead of being automatically classified as Class III, which may not be appropriate. Before the implementation of the De Novo process in 1997, all the “not substantially equivalent” (NSE) products were required to be initially classified as a Class III device. But for a lot of devices, this risk class didn’t really make sense. The De Novo process provides a pathway for more accurate classifications of novel, lower-risk devices.

October, 2021, the FDA released a final guidance document "De Novo Classification Process (Evaluation of Automatic Class III Designation)" to provide guidance to the requester (also known as the manufacturer) and the FDA on the process for the submission and review of a De Novo Classification Request under section 513(f)(2) of the Federal Food, Drug, and Cosmetic Act (the FD&C Act). This process provides a pathway to an initial Class I or Class II risk classification for medical devices for which general controls or general and special controls, provide a reasonable assurance of safety and effectiveness, but for which there is no legally marketed predicate device. This guidance document replaced the "New Section 513(f)(2) – Evaluation of Automatic Class III Designation, Guidance for Industry and CDRH Staff" document, dated February 19, 1998.

Consistent with the final rule, the FDA updated the guidance documents below to provide recommendations for submitting De Novo requests, as well as criteria and procedures for accepting, withdrawing, reviewing, and making decisions on De Novo requests, effective January 3, 2022.

The 510(k) and the De Novo processes are similar in that they are both pathways to market for medical devices with low to moderate risk, which is Class I and Class II. The biggest difference between the two is that the 510(k) heavily relies on the concept of "substantial equivalence" to an existing medical device. You must prove this to get the clearance of your 510(k) submission. In the De Novo process, there isn’t a product currently on the market that is “substantially equivalent” to yours, so it’s like starting with a clean slate. For more on the 510(k) process, see our Beginner’s Guide to the 510(k) ebook.

A result of the De Novo process to be aware of is that a successful submission will lead to a new predicate device type that someone else can reference to bring their product to market through the 510(k) process. You’ve done all the work, so now it’s available for anyone to use to provide "substantial equivalence".

De Novo history/timeline

1997	Congress enacted a De Novo classification process to help limit the unnecessary use of FDA and industry resources on devices for which general controls (or general and special controls) would provide a reasonable assurance of safety and effectiveness because a predicate device could not be identified.
1998	Initial De Novo Guidance Document was released.
2012	Congress simplified the De Novo Guidance Document into a 2-step process: 1. The requestor may submit a De Novo request directly. 2. The FDA would then decide whether to classify the device from Class III to Class II or Class I for the new classification and regulation.
2014	A draft was created of the De Novo Guidance Document to propose policy and procedures to implement the changes to the De Novo program from FDASIA (The Food and Drug Administration Safety and Innovation Act) of 2012..
2016	Congress further simplified the De Novo process by not requiring a 30-day submission turnaround after receiving an NSE (non-substantially equivalent) determination.
2017	The final Guidance (De Novo Program Guidance) Recommendations was issued.
2018	The FDA proposed a new rule to implement a De Novo Classification Process and define the scope of regulatory procedures when classifying and reclassifying medical devices.
2019	The final De Novo Program Guidance document was made public in September.
2021	The FDA issued a final ruling on the De Novo classification rule in October for implementing a classification process.

Preparing a De Novo request

1. Do your research! Be sure to complete all the necessary research prior to your submission. You want to be sure that your device is not substantially equivalent to an existing device. Resources to review include:

The Center for Devices and Radiological Health (CDRH)
U.S. FDA Device Classification Database
Device Classification Under Section 513(f)(2)(De Novo)

2. A De Novo request can be submitted with or without a preceding 510(k). There are two options for when you can submit a De Novo request:

Option A: After receiving a not substantially equivalent (NSE) determination (that is, no predicate, new intended use, or different technological characteristics that raise different questions of safety and effectiveness) in response to a 510(k) submission.

Option B: If you’ve determined, after extensive research, that there is no legally marketed device on which to base a determination of substantial equivalence.

3. Be sure all fees are paid to the FDA in advance of submitting a De Novo request. The FDA’s fiscal year begins in October and runs through the following September. Fees have increased each year since they were introduced, but the FDA’s percentage of reviews completed within the 150-day window has increased as well.

Fiscal year	De Novo requests received	% of requests completed in 150 days	User fee	Small business fee
2018	56	50%	$93,229	$23,307
2019	61	55%	$96,644	$24,161
2020	69	60%	$102,299	$25,575
2021	63	65%	$109,697	$27,424
2022		70%	$112,457	$28,114

A business that is qualified and certified as a “small business” is eligible for a substantial reduction in most of the FDA user fees, including De Novo. The CDRH is responsible for the Small Business Program that determines whether a business is qualified.

Medical Device User Fee Amendments (MDUFA) guidance documents can provide more detailed information about all FDA user fees.

4. The initial request process serves only to determine if the De Novo request is administratively acceptable based upon the Acceptance Checklist. The initial acceptance is followed by substantive review which will determine the final risk classification of your device.

5. A Pre-Submission (Pre-Sub) is a formal written request for feedback from the FDA that is provided in formal written form, and then followed by a meeting. Although a Pre-Sub is not required prior to a De Novo request, it can be extremely helpful to receive early feedback, especially for devices that have not previously been reviewed under a 510(k). If you think you would like to submit a pre-sub first, there are suggested guidelines for submission you should consider:

Describe your rationale for a Class I or Class II classification for your device.
Provide the search results of FDA public databases and other resources used to determine that no legally marketed device and no classification for the same device type exists.
Provide a list of regulations and/or product codes that may be relevant.
Provide a rationale for why the subject device does not fit within and/or is different from any identified classification regulations, based on available information.
Identify each health risk associated with the device and the reason for each risk.
Briefly describe any ongoing and/or planned protocols/studies that need to be completed in order to collect the necessary data to establish the device’s risk profile.
Provide information regarding the safety and effectiveness of the device. Cite the types of valid scientific evidence you anticipate providing in your De Novo request, including types of data/studies relating to the device’s safety and effectiveness.
Briefly describe any ongoing and/or planned protocols/studies that need to be completed to collect the necessary safety and effectiveness data.
Provide protocols for non-clinical and clinical studies (if applicable), including how they will address the risks you anticipate and targeted performance levels that will demonstrate that general controls or general and special controls are sufficient to provide reasonable assurance of safety and effectiveness.
Share any proposed mitigation measure(s)/control(s) for each risk, based on the best available information at the time of the submission. Highlight which mitigations are general controls and which are special controls and provide details on each.
Include any other risks that may be applicable, in addition to those identified in the Pre-Sub, given the indications for use for the device.
If applicable, provide any controls that should be considered to provide a reasonable assurance of safety and effectiveness for the device.
Provide any non-clinical study protocols that are sufficient to allow the collection of data from which conclusions about device safety and/or effectiveness can be drawn. These protocols should address whether the identified level of concern is the appropriate level of concern for the device software, and if any additional biocompatibility and/or sterility testing is required.
If clinical data is needed, provide information to show that the proposed study design and selected control groups are appropriate?

6. The FDA will attempt to review the De Novo request submission within 15 calendar days of receipt of the request to make a determination that the submission is declined or accepted for review. If they are unable to complete the review within the 15 days, your submission will automatically move to “accepted for review” status. https://www.fda.gov/regulatory-information/search-fda-guidance-documents/de-novo-classification-process-evaluation-automatic-class-iii-designation

7. There are times when the FDA will refund your application fee. They have created a guidance document “User Fees and Refunds for De Novo Classification Requests” for the purpose of identifying:

the types of De Novo requests subject to user fees
exceptions to user fees
the actions that may result in refunds of user fees that have been paid

When is a De Novo request subject to a user fee?

De Novo request submission type	De Novo fee required
Original De Novo request	Yes
Additional information for a De Novo request that has not yet been accepted	No
Additional information for a pending De Novo request	No
De Novo request intended solely for pediatric population	No
De Novo request for a device for which the previous De Novo request was declined	Yes

When will the FDA refund a De Novo user fee?

FDA determination or submitter action	FDA refund?
I qualify for a fee exception provided by section 738(a)(2)(B)(v) of the FD&C act.	Yes
FDA declines my De Novo request.	No
I withdraw my De Novo request after acceptance for review.	No
FDA considers my De Novo request to be withdrawn after acceptance for review.	No
I fail to submit a valid eCopy before my original De Novo request is accepted for review.	Yes, upon request
I fail to submit a valid eCopy for a De Novo amendment or supplement.	No
FDA determines my submission does not meet the acceptance criteria during review.	Yes, upon request

What fee must be paid for a new device submission following a De Novo “decline” determination?

Submission type	Is a fee required?
New De Novo request.	Yes. You must pay the applicable fee for a De Novo request.
510(k)	Yes. You must pay the applicable fee for a 510(k).
Reclassification petition	No
PMA	Yes. You must pay the applicable fee for a PMA.
HDE	No

Chatper 2: Contents of a De Novo request

To continue reading this eBook including a detailed walk-through of all the Traditional 510(k) components, submission requirements and timelines, and an overview of the other 510(k) forms including the Abbreviated 510(k) and the Special 510(k), please register to download the full version.

Share this post

Featured

Rimsys Announces Rimsys AI to Eliminate Repetitive Tasks and Enhance Decision-Making for MedTech Regulatory Teams

Rimsys, the leading Regulatory Information Management (RIM) platform for the MedTech industry, today announced the launch of Rimsys AI, a suite of embedded artificial intelligence (AI) agents.

Defining nonconformance

Very simply, a nonconformance occurs when a specification is not met. The FDA defines a specification in 21 CFR 820.3 as “any requirement with which a product, process, service, or other activity must conform,” and ISO 13485:2016 as a “need or expectation that is stated, generally implied, or obligatory.”

While managing nonconformance starts with fully defining specifications; it is the identification, tracking, and resolution of nonconformance that is a focus of medtech quality and regulatory teams and a requirement of both ISO 13485:2016 and the FDA’s 21 CFR Part 820 quality system regulation.

Identifying nonconformance occurrences

As part of a compliant quality system, medical device manufacturers should implement procedures to identify and address both major and minor non-conformances. Nonconformances may be identified through processes found in multiple subsystems that are part of an overall quality management system within the organization.

The systems and subsystems in which nonconformances are identified typically include:

ERP
Regulatory information management (RIM)
Product lifecycle management (PLM)
Document management
Customer service / customer management
Complaint handling
Device history records
Audit management
CAPA
Training/learning management
Calibration/preventative maintenance
Development change management

Evaluating nonconformance

Once a nonconformance is identified, it should be evaluated in a timely manner, and a determination made as to the disposition of any affected products. Requirements for additional investigation and reporting should also be identified. Based on the severity of the nonconformance and its effect on the safety and efficacy of devices being manufactured or already in the market, a CAPA (corrective/preventative action) record may need to be created. In the U.S., this is defined in the quality regulation 21 CFR Part 820.100.

To disposition a nonconformance, consider the following:

Will the existing system detect the nonconformance if it recurs in time for remediation?
How likely is it that this issue will recur?
What is the impact of the non-conformance (i.e., could it affect patient health)?

Issues that are more severe or are more likely to recur should trigger a more immediate and comprehensive response.

Nonconformances that are escalated and handled under CAPA are based on risk and can include those that have or could have an impact on a product or process that is:

Not easily corrected
Recurring
Severe

In addition, nonconformances that rise to the level of a CAPA require significant resources and typically result in a full project to identify root cause(s), containment, and corrective actions, and monitoring for effectiveness.

Nonconformances that don’t require a CAPA have simpler resolutions that include documenting actions taken to correct the issue (or justification for no action). If the issue is not recurring, there may be no other action required. For example, a nonconforming material received from a vendor may be a singular issue that was easily identified through existing inspection procedures and is not expected to recur. In this case, the material is returned to the vendor and no additional action is required.

Processes that are out of conformance are often resolved through improved documentation and/or additional user training. However, be sure that the true root cause of the nonconformance is identified as procedural nonconformances can signal additional issues.

Documenting nonconformances

An important part of nonconformance procedures is the nonconformance report (NCR) or other documentation procedures. Nonconformances are typically documented within the subsystem in which they were identified. Some organizations will have a nonconforming system in which issues originating from all subsystems are documented. Centralized nonconformance systems allow for trending and other analysis across all subsystems, the results of which may generate CAPAs.

The requirements for documenting a nonconformance may vary by subsystem. In general, however, nonconformance documentation records:

The requirement/specification that was not met.
The objective evidence supporting the determination.
The action that is being taken to address the nonconformity.

Nonconformances are a common point of focus during quality audits by regulatory bodies, including the FDA, and should follow a well-documented process. Auditors will often try to determine if the quality system is functioning effectively by looking at self-identified nonconformances and comparing them to externally reported nonconformances. This is to ensure that nonconforming products were not released, or that the appropriate actions were taken to resolve issues in the field.

The importance of nonconformance reports

Nonconformances related to distributed products of higher risk result in nonconformance reports issued to government authorities through vigilance reporting, medical device reporting, and field action/recall reports. For example, the FDA requires that a medical device report be submitted within 30 days of a serious adverse event (see 21 CFR Part 803 Subpart E). Strong reporting procedures for nonconformances of all types are important in identifying trends, addressing issues before they become critical, and as part of a complete quality management system.

A nonconformance reporting procedure is only part of a strong quality system. Read An overview of 21 CFR part 820 and ISO 13485 overview for more information on establishing quality systems for medtech companies.

‍

Why we developed Rimsys from the ground up

Wendy Levine

May 26, 2022

4 min read

Rimsys has had quite a year already! In early December, we closed on $16 million in Series A financing and since then we have been carefully growing the company to better serve our customers and the regulatory affairs community. We have almost doubled our employee count and redesigned the Rimsys system to deliver deeper functionality that is even easier to use. We had our first in-person employee meeting here in Pittsburgh at the end of April where we introduced our new mission statement, and we are all excited to be doing our part to improve global health!

All of these changes made us think back to the founding of Rimsys and how far we have come. So - I sat down with Rimsys Founder and CEO, James Gianoutsos, to talk about the genesis of the company and how he knew that a new type of system designed for medtech regulatory affairs professionals was needed, and needed to be built from the ground up.

Q: What was the biggest challenge you faced as a regulatory professional that led you to form Rimsys?

James: The biggest challenge I saw while working at Philips for many years was completely understanding the complexity and the nuances around everything regulatory from a product standpoint. This really came to light whenever we acquired products. Just seeing firsthand how inefficient and out of compliance these manufacturers really were, and how hard it was from an administrative standpoint just to get into compliance and then to stay compliant, was striking.

I was working with a smaller medical device company which had acquired products from Philips. Philips provided the company with a list (a color-coded Excel spreadsheet) of all of their products that the company had acquired along with the registration status of those products globally. After digging into the spreadsheet for several months, we found that about 50% of it was wrong, incomplete, or just completely missing. The company was trying to keep track of registration information, but the available tools were making it nearly impossible. I realized that this was the challenge, and that there really wasn’t a solution on the market that could solve that problem in an easy manner and in a medtech regulatory-focused way.

‍Q: There were solutions on the market that were geared more towards the pharmaceutical industry, correct?

‍James: Yes. So I did what every other regulatory professional did, which was to Google “regulatory software,” and I saw that there just really wasn’t anything on the market that fit our needs. The solutions on the market really were pharma-specific, even those that said they worked with medical devices. The workflows and regulatory requirements for medtech are very specific for each market, depending on the product type and risk class and so many other factors. To use a pharma system that was already on the market just wasn’t even an option because it was like comparing apples to oranges. It is completely different from the regulatory and workflow side of things.

‍Q: There are existing tools used by the regulatory community, such as quality management and document management systems. Did you envision the new RIM system integrating with existing tools, replacing them, or a little of both?

‍James: I never set out to replace those types of systems, no. In fact, I knew that existing system architecture and infrastructure couldn’t handle the specific medtech regulatory workflows but needed to connect to those systems. There have always been PLM (Product Lifecycle Management) systems that contain a company’s product master data, but those systems were never meant to be workflow-driven based on regulatory requirements. At the same time, they are critical for organizing and maintaining product-specific metadata. Then there are ERP systems, which are really about making sure companies have sales flags (i.e. regulatory blocks) in place, appropriate shipping codes, or selling status linked to product registration status. Regulatory professionals are concerned about answering two questions for ERP users; one, “does the product have a valid and current registration within the country or market,” and two, “if it is registered, are we selling and shipping into that market.” Lastly, quality/document management systems house critical documentation and records needed for registrations. The problem with these systems is that there are no regulatory workflows and no way to compile technical documentation, leaving the documents and records siloed from the regulatory filings.

To do the things that a regulatory affairs professional, in a critical regulatory department, does for their company, the system really had to be built from the ground up with all of these systems in mind. It had to be product-centric. It had to integrate with all these other sources of information, because there really wasn’t a common connection point between your products, your documentation, and the records that you needed to compile and how that relates to getting products on the market. We had no way to communicate to our other systems that a product is actually available for sale in that market or that it confidently can, or more importantly cannot, ship to that market.

‍Q: What was the most difficult piece of functionality to implement in Rimsys?

James: Well, at the time it kind of all seemed difficult! No, really the most difficult part was thinking thoughtfully and strategically about how data was going to be mapped and used in conjunction with other data elements, in order to make the system most helpful from a user perspective. We wanted to single-source information to enhance and streamline regulatory workflows, but then also make sure that it was as user friendly as possible. There are a lot of stakeholders that need information or have input into regulatory workflows. Quality assurance, marketing operations, R&D, engineering, sales - all of those specific stakeholders need to view information in a way that is understandable to them.

We worked hard to bring all that information, streamline complex regulatory workflows, and all of those internal and external data sources together in an understandable and user-friendly way.

Q: How important has the technology itself been in the creation of Rimsys?

James: Technology has been a huge advantage for us from day one. Our team had quality and regulatory backgrounds, so we knew what companies would expect from us. We knew we had to be 21 CFR Part 11 compliant. We knew we had to be ISO 27001 certified. We knew we had to have SOC2 Type 2 reports. We knew we had to integrate with a company’s existing IT infrastructure. We really had to build this thing from the ground up on a GxP compliant platform that we could build upon and expand, without having to go back and reinvent the wheel every time we added new functionality.

It’s continued to pay dividends for us because it was something that we thought about from the beginning and that gave us a lot of flexibility. We already had the system and infrastructure in place that we could then expand upon a lot more quickly than we would have been able to otherwise. It’s like the difference between building a house today and trying to remodel a house that was built in the year 1900. If you break down a wall in the older house, there might be so many hidden issues behind that wall - load bearing issues, knob and tube wiring, asbestos, etc. With new modern infrastructure, it is just night and day in terms of adapting quickly with changing regulations and a fast-paced market.

Q: Was there any specific technology you can talk about that became important to the development of Rimsys?

James: Our choice of technology was driven by our desire to build a system that was user friendly and built on a modern infrastructure that felt familiar to our users. So, we took a lot of the Google framework to build an application that didn’t look like enterprise software, but looked and felt more like a consumer product that is inviting, not overwhelming.

The other thing is that we built the system from day one to integrate because we knew we had to connect with a lot of different sources of information. We strategically built the system with API’s in mind.

Q: What is Rimsys doing differently than other software companies in the regulatory space?

James: We are creating a holistic solution, which is different from what is out there now. We know that registration management is just one key aspect of what regulatory affairs teams need. In order to create a proper regulatory system, we had to take into account all of the data and dependencies and build a system specifically for medtech regulatory teams and other key consumers of regulatory data. There has to be a single source of truth for this data, because otherwise it becomes a nightmare at the end of the day. Existing software solutions were siloed and purpose-built for other industry needs, such as eQMS, PLM and ERP. None of those systems can do what a holistic RIM platform can do. Because of the complex workflows, the regulatory needs are far too broad and interdependent, that data infrastructure is completely different, data sources are too numerous, and the systems offer limited support to bring everyone and everything together into a cohesive, streamlined, compliant and medtech-specific solution.

Another key component of what we are doing is to institutionalize regulatory knowledge and resources into Rimsys—this is at the heart of who we are and what we do. Having the only purpose-built, holistic RIM platform built by and for regulatory professionals specific for the medtech industry really couldn’t be done without internalizing that experience within our own team.

Q: What are you most proud of when it comes to Rimsys?

James: I think there are two things that immediately come to mind. Having our Rimsys 5 platform launch is really exciting. This is the fifth iteration of our platform, and we did it by listening to our customers and iterating over and over again to get it right. We had to go back to the drawing board a couple of times, not because what we had written wasn’t working, but because our customers that were using the system every day gave us better ways to do things. Rimsys 5 is a really proud moment because this is the platform that we are taking into the future, that will let us get to the next level where we are truly empowering regulatory professionals to make critical decisions and do the job that they are meant to do.

The ability for us to listen to our customers, take that feedback and move fast is the second thing I’d mention here. We know that this has to be a validated system, but we are able to make changes and add features in a way that is thoughtful and gets our customers what they need right away. Regulatory professionals are very particular. I know since I am one, and making sure they are comfortable using Rimsys from day 1 is critically important. Being a customer-centric company really makes our experience as a team extremely rewarding.

Q: Where is Rimsys going next? What are you most excited about?

I think I am most excited about Rimsys being an advocate for the medtech regulatory community and helping them wherever we can. Regulatory has a seat at the table now and it is a great feeling to see that we’re able to help these companies to streamline their workflows, accelerate time to delivery for life-saving products and maintain that compliance to keep those products on the market. Regulatory affairs is a mission critical department that the medtech industry cannot underestimate. It’s empowering because while we are helping our customers, they are helping us and every single one of our other customers through the journey of regulatory uncertainty that everyone is going through right now. It feels like a real partnership between us, our customers, and the industry as a whole and I am excited to see where that will take us.

I am also really excited about where we are going with regulatory intelligence. We are just scratching the surface of this now, but you will see regulatory intelligence data built into Rimsys and providing RA professionals with tools that can really provide a competitive advantage for their company. The release of Rimsys 5 platform (“Phase 1”) provides us that platform that will take us into “Phase 2” of Rimsys, with embedded intelligence that will further empower regulatory professionals to make decisive, correct and confident decisions for their products and their company.