DiscordSign up
SKILLS.SH

fda-consultant-specialist

FDA regulatory consultant for medical device companies. Provides 510(k)/PMA/De Novo pathway guidance, QSR (21 CFR 820) compliance, HIPAA assessments, and…

INSTALLATION
npx skills add https://github.com/alirezarezvani/claude-skills --skill fda-consultant-specialist
Run in your project or agent environment. Adjust flags if your CLI version differs.

SKILL.md

$27

Decision Framework

Predicate device exists?

├── YES → Substantially equivalent?

│   ├── YES → 510(k) Pathway

│   │   ├── No design changes → Abbreviated 510(k)

│   │   ├── Manufacturing only → Special 510(k)

│   │   └── Design/performance → Traditional 510(k)

│   └── NO → PMA or De Novo

└── NO → Novel device?

    ├── Low-to-moderate risk → De Novo

    └── High risk (Class III) → PMA

Pathway Comparison

Pathway

When to Use

Timeline

Cost

510(k) Traditional

Predicate exists, design changes

90 days

$21,760

510(k) Special

Manufacturing changes only

30 days

$21,760

510(k) Abbreviated

Guidance/standard conformance

30 days

$21,760

De Novo

Novel, low-moderate risk

150 days

$134,676

PMA

Class III, no predicate

180+ days

$425,000+

Pre-Submission Strategy

  • Identify product code and classification
  • Search 510(k) database for predicates
  • Assess substantial equivalence feasibility
  • Prepare Q-Sub questions for FDA
  • Schedule Pre-Sub meeting if needed

Reference: See fda_submission_guide.md for pathway decision matrices and submission requirements.

510(k) Submission Process

Workflow

Phase 1: Planning

├── Step 1: Identify predicate device(s)

├── Step 2: Compare intended use and technology

├── Step 3: Determine testing requirements

└── Checkpoint: SE argument feasible?

Phase 2: Preparation

├── Step 4: Complete performance testing

├── Step 5: Prepare device description

├── Step 6: Document SE comparison

├── Step 7: Finalize labeling

└── Checkpoint: All required sections complete?

Phase 3: Submission

├── Step 8: Assemble submission package

├── Step 9: Submit via eSTAR

├── Step 10: Track acknowledgment

└── Checkpoint: Submission accepted?

Phase 4: Review

├── Step 11: Monitor review status

├── Step 12: Respond to AI requests

├── Step 13: Receive decision

└── Verification: SE letter received?

Required Sections (21 CFR 807.87)

Section

Content

Cover Letter

Submission type, device ID, contact info

Form 3514

CDRH premarket review cover sheet

Device Description

Physical description, principles of operation

Indications for Use

Form 3881, patient population, use environment

SE Comparison

Side-by-side comparison with predicate

Performance Testing

Bench, biocompatibility, electrical safety

Software Documentation

Level of concern, hazard analysis (IEC 62304)

Labeling

IFU, package labels, warnings

510(k) Summary

Public summary of submission

Common RTA Issues

Issue

Prevention

Missing user fee

Verify payment before submission

Incomplete Form 3514

Review all fields, ensure signature

No predicate identified

Confirm K-number in FDA database

Inadequate SE comparison

Address all technological characteristics

QSR Compliance

Quality System Regulation (21 CFR Part 820) requirements for medical device manufacturers.

Key Subsystems

Section

Title

Focus

820.20

Management Responsibility

Quality policy, org structure, management review

820.30

Design Controls

Input, output, review, verification, validation

820.40

Document Controls

Approval, distribution, change control

820.50

Purchasing Controls

Supplier qualification, purchasing data

820.70

Production Controls

Process validation, environmental controls

820.100

CAPA

Root cause analysis, corrective actions

820.181

Device Master Record

Specifications, procedures, acceptance criteria

Design Controls Workflow (820.30)

Step 1: Design Input

└── Capture user needs, intended use, regulatory requirements

    Verification: Inputs reviewed and approved?

Step 2: Design Output

└── Create specifications, drawings, software architecture

    Verification: Outputs traceable to inputs?

Step 3: Design Review

└── Conduct reviews at each phase milestone

    Verification: Review records with signatures?

Step 4: Design Verification

└── Perform testing against specifications

    Verification: All tests pass acceptance criteria?

Step 5: Design Validation

└── Confirm device meets user needs in actual use conditions

    Verification: Validation report approved?

Step 6: Design Transfer

└── Release to production with DMR complete

    Verification: Transfer checklist complete?

CAPA Process (820.100)

  • Identify: Document nonconformity or potential problem
  • Investigate: Perform root cause analysis (5 Whys, Fishbone)
  • Plan: Define corrective/preventive actions
  • Implement: Execute actions, update documentation
  • Verify: Confirm implementation complete
  • Effectiveness: Monitor for recurrence (30-90 days)
  • Close: Management approval and closure

Reference: See qsr_compliance_requirements.md for detailed QSR implementation guidance.

HIPAA for Medical Devices

HIPAA requirements for devices that create, store, transmit, or access Protected Health Information (PHI).

Applicability

Device Type

HIPAA Applies

Standalone diagnostic (no data transmission)

No

Connected device transmitting patient data

Yes

Device with EHR integration

Yes

SaMD storing patient information

Yes

Wellness app (no diagnosis)

Only if stores PHI

Required Safeguards

Administrative (§164.308)

├── Security officer designation

├── Risk analysis and management

├── Workforce training

├── Incident response procedures

└── Business associate agreements

Physical (§164.310)

├── Facility access controls

├── Workstation security

└── Device disposal procedures

Technical (§164.312)

├── Access control (unique IDs, auto-logoff)

├── Audit controls (logging)

├── Integrity controls (checksums, hashes)

├── Authentication (MFA recommended)

└── Transmission security (TLS 1.2+)

Risk Assessment Steps

  • Inventory all systems handling ePHI
  • Document data flows (collection, storage, transmission)
  • Identify threats and vulnerabilities
  • Assess likelihood and impact
  • Determine risk levels
  • Implement controls
  • Document residual risk

Reference: See hipaa_compliance_framework.md for implementation checklists and BAA templates.

Device Cybersecurity

FDA cybersecurity requirements for connected medical devices.

Premarket Requirements

Element

Description

Threat Model

STRIDE analysis, attack trees, trust boundaries

Security Controls

Authentication, encryption, access control

SBOM

Software Bill of Materials (CycloneDX or SPDX)

Security Testing

Penetration testing, vulnerability scanning

Vulnerability Plan

Disclosure process, patch management

Device Tier Classification

Tier 1 (Higher Risk):

  • Connects to network/internet
  • Cybersecurity incident could cause patient harm

Tier 2 (Standard Risk):

  • All other connected devices

Postmarket Obligations

  • Monitor NVD and ICS-CERT for vulnerabilities
  • Assess applicability to device components
  • Develop and test patches
  • Communicate with customers
  • Report to FDA per guidance

Coordinated Vulnerability Disclosure

Researcher Report

    ↓

Acknowledgment (48 hours)

    ↓

Initial Assessment (5 days)

    ↓

Fix Development

    ↓

Coordinated Public Disclosure

Reference: See device_cybersecurity_guidance.md for SBOM format examples and threat modeling templates.

Resources

scripts/

Script

Purpose

fda_submission_tracker.py

Track 510(k)/PMA/De Novo submission milestones and timelines

qsr_compliance_checker.py

Assess 21 CFR 820 compliance against project documentation

hipaa_risk_assessment.py

Evaluate HIPAA safeguards in medical device software

references/

File

Content

fda_submission_guide.md

510(k), De Novo, PMA submission requirements and checklists

qsr_compliance_requirements.md

21 CFR 820 implementation guide with templates

hipaa_compliance_framework.md

HIPAA Security Rule safeguards and BAA requirements

device_cybersecurity_guidance.md

FDA cybersecurity requirements, SBOM, threat modeling

fda_capa_requirements.md

CAPA process, root cause analysis, effectiveness verification

Usage Examples

# Track FDA submission status

python scripts/fda_submission_tracker.py /path/to/project --type 510k

# Assess QSR compliance

python scripts/qsr_compliance_checker.py /path/to/project --section 820.30

# Run HIPAA risk assessment

python scripts/hipaa_risk_assessment.py /path/to/project --category technical
BrowserAct

Let your agent run on any real-world website

Bypass CAPTCHA & anti-bot for free. Start local, scale to cloud.

Explore BrowserAct Skills →

Related skills

azure-compliance
3/3

Azure compliance scanning, Key Vault expiration auditing, and resource configuration validation. Runs azqr (Azure Quick Review) for comprehensive compliance assessment against best practices across subscriptions and resource groups Monitors Key Vault keys, secrets, and certificates for expiration dates and identifies items without expiration policies Detects orphaned, misconfigured, and non-compliant resources using Resource Graph queries Classifies findings by priority (Critical, High, Medium, Low) with remediation guidance for each issue

Verified authormicrosoft
SKILLS.SH
293K1.1K
2026-05-22
openclaw-secure-linux-cloud
1/3

Use when self-hosting OpenClaw on a cloud server, hardening a remote OpenClaw gateway, choosing between SSH tunneling, Tailscale, or reverse-proxy exposure, or…

xixu-me
SKILLS.SH
150K53
2026-05-22
entra-agent-id
3/3

Provision Microsoft Entra Agent Identity Blueprints, BlueprintPrincipals, and per-instance Agent Identities via Microsoft Graph, and configure OAuth 2.0 token…

Verified authormicrosoft
SKILLS.SH
59.1K1.1K
2026-05-21
firebase-security-rules-auditor
3/3

A skill to evaluate how secure Firestore security rules are. Use this when Firestore security rules are updated to ensure that the generated rules are…

firebase
SKILLS.SH
23.5K292
2026-05-21

Stop writing automation&scrapers

Install the CLI. Run your first Skill in 30 seconds. Scale when you're ready.

Start free
free · no credit card