Sorry, you need to enable JavaScript to visit this website.
Skip to main content

The Role of the FDA in Ensuring Device Safety

View more articles from the same authors.


The Food and Drug Administration (FDA) plays a critical role in ensuring the safety of patients and the healthcare system as a whole. Under its federal mandate, the FDA is “responsible for protecting the public health by ensuring the safety, efficacy, and security of … drugs, biological products, and medical devices.” For this perspective, we will discuss the FDA’s ability to ensure the safety of medical devices.

Medical devices encompass an incredibly broad range of products, from routine examination equipment to implantable, life-saving devices.[1] Ineffective or unsafe medical devices can have detrimental consequences on care and patient outcomes, such as insulin pumps that administer an incorrect dose. Given the diverse range of medical device types and substantial variation in their potential to cause harm, the FDA established a classification system to categorize devices based on their potential risk. The Class designation dictates the FDA requirements that must be met by that device and its manufacturer before the product can be lawfully marketed.[2],[3]

  • Class I: Devices of minimal potential risk to the user. Fifty percent of medical devices are Class I and ninety-three percent of these are exempt from pre-market review.
  • Class II: Devices of moderate risk to the user. Forty-three percent of medical devices are Class II and require FDA review through pre-market notification. Devices in this class submit non-clinical, and sometimes clinical, evidence to demonstrate equivalence to an already marketed device.   
  • Class III: Devices that “sustain or support life, are implanted, or present potential high risk of illness or injury.” These devices require FDA review through pre-market approval. Devices in this class submit clinical and nonclinical data to demonstrate a reasonable assurance of safety and effectiveness of the device.

In addition to this classification schema, the FDA offers expedited review for Breakthrough Devices that provide more effective diagnoses or treatment for life-threatening or irreversibly debilitating conditions than products already on the market.[4]

Challenges in Ensuring the Safety of Medical Devices

Rapidly Evolving Technology

The rapid evolution of technology is one of the greatest challenges to the FDA. Not only does the agency have to ensure they are applying efficient and effective methods for evaluating new science and technologies, they have to consider how patients are interacting with devices and the complexity of the interface.

As technology has advanced, a specific growing challenge for the FDA is the role of software. Software that is intended for a medical purpose but is not merely an integral part of the device hardware is in itself considered a medical device (Software as a Medical Device [SaMD]). The definition of SaMDs encompasses a broad range of software, from programs that allow medical imaging to be viewed on handheld smart devices, to diagnostic software supporting clinical decision-making.[5] The recent increase in SaMDs incorporating artificial intelligence and machine learning poses a particular challenge to the FDA, as the greatest benefit from this technology is its ability to learn and adapt based on new data generated and analyzed through the course of everyday care. For the FDA, these modifications raise the question of how to ensure the long-term safety and effectiveness of the software when changes are expected to the SaMD following initial review and approval.[6]  

Networking and Interoperability

Enhanced connectivity of electronic medical devices and software allows information to be shared more effectively in the healthcare setting, which can improve patient care, reduce errors and adverse events, and support innovation care practices. However, it is important that the transfer of information between systems occur safely and securely. While not specifically a patient safety issue, the FDA is concerned with the cybersecurity challenges that stem from inter-operability and connections made through the internet. While the agency does not have the authority to dictate how institutions may connect their electronic devices, they have issued recommendations and guidance for securing medical devices and systems from cybersecurity risks.[7]  

Device Maintenance and Repairs

As with any technical device, medical devices require ongoing servicing for maintenance and repairs. Incorrectly performed repairs could cause the device to malfunction, placing the user and/or patient at an unnecessary risk. While the FDA does monitor all service activities performed by the original equipment manufacturer (OEM), the same level of FDA safety oversight does not apply to servicing performed by non-OEMs. As a result, the FDA has incomplete information regarding the quality of device servicing, raising concern about underreporting of device malfunctions.[8]

Post-market Safety Surveillance Capabilities

The FDA currently monitors medical device safety through adverse event reporting from the medical community. This includes events reported directly by clinical sites and those from device manufacturers. Since 1990, all clinical sites have been required to report all adverse events involving devices under the Safe Medical Devices Act (SMDA). To enhance this reporting, in 2002 the FDA launched the Medical Product Safety Network (MedSun) to facilitate mandatory reporting, but also to encourage voluntarily reporting of “close-calls” with devices that had the potential for harm.[9] The FDA provides educational webinar materials and resources to help providers understand the importance of reporting device issues. However, this passive approach to identifying device error relies on several assumptions: 1) that all events are correctly identified by people, typically healthcare professionals, 2) that these events are determined to be associated with the device, and 3) that they are all reported.

Another challenge after a device has been approved is that some FDA questions regarding the safety of a device require post-approval studies to ensure safety in a diverse patient population, which are challenging to perform or enroll patients if the data is not routinely collected as a part of usual care. This is because patients often lack an incentive to enroll in studies if they do not need to get access to the device.[3]

Future Directions

In response to these and other challenges, in 2018 the FDA outlined its Action Plan for ensuring medical device safety. The Action Plan highlights the enhancements the FDA has made- or is making- to their oversight of device safety through new regulations, partnerships, and programs. These enhancements include: establishing a unique device identification system, systematically leveraging real-world evidence, establishing the Signal Management Program, establishing a more patient-centric framework for evaluating device risk that also considers patient harms from not accessing the device, incentivizing device quality and safety, and addressing cybersecurity in the context of patient safety.  

One critical enhancement highlighted in the Action Plan is FDA’s efforts to improve post-market safety surveillance via the National Evaluation System for health Technology (NEST). Established in September 2016, NEST is a multi-stakeholder partnership between health providers, patients, payers, industry, government, and data owners, such as healthcare systems that collect real-world data from electronic health records, claims, pharmacies, and other sources. Using this data, the agency hopes to complement existing passive surveillance with an active post-market surveillance system that analyzes raw data to identify device safety signals in a more timely and accurate way. Additionally, the FDA hopes that the availability of data will allow the agency to conduct analyses of device safety in diverse populations in a way that was only previously possible through post-approval clinical studies.[10] NEST has the potential to provide the FDA with critical early warnings of safety concerns as they occur, and to act on those concerns, rather than waiting for after-the-fact reporting. 


Eleanor Fitall, MPH
Research Associate, IMPAQ Health

IMPAQ International

Washington, DC

Kendall K. Hall, MD, MS
Managing Director, IMPAQ Health

IMPAQ International

Columbia, MD

Bryan Gale, MA
Senior Research Analyst, IMPAQ Health

IMPAQ International

Columbia, MD


[1] Medical Device Safety: Safety and Effectiveness of Medical Devices. Premier. Accessed March 11, 2020.

[2] Consumers (Medical Devices): How are Medical Devices Classified. Food and Drug Administration. Accessed March 11, 2020.

[3] Medical Device Safety Action Plan: Protecting Patients, Promoting Public Health. Food and Drug Administration. Accessed March 11, 2020.

[4] Breakthrough Devices Program. Food and Drug Administration. Accessed March 11, 2020.

[5] What are examples of Software as a Medical Device? Food and Drug Administration. Accessed March 11, 2020.

[6] Artificial Intelligence and Machine Learning in Software as a Medical Device. Food and Drug Administration. Accessed March 11, 2020.

[7] Medical Device Interoperabilty. Food and Drug Administration. Accessed March 11, 2020.

[8] Hope, P. In Light of New FDA Report, Congressional Action Still Needed to Protect Patient Safety. Morning Consult. Published May 25, 2018. Accessed March 11, 2020.

[9] MedSun: Medical Product Safety Network. Food and Drug Administration. Accessed March 11, 2020.

[10] Fleurence RL. Advances in the use of real-world evidence for medical devices: An update from the National Evaluation System for Health Technology. Clin Pharmacol Ther. 2019;106(1):30-33. doi: 10.1002/cpt.1380. [PubMed

This project was funded under contract number 75Q80119C00004 from the Agency for Healthcare Research and Quality (AHRQ), U.S. Department of Health and Human Services. The authors are solely responsible for this report’s contents, findings, and conclusions, which do not necessarily represent the views of AHRQ. Readers should not interpret any statement in this report as an official position of AHRQ or of the U.S. Department of Health and Human Services. None of the authors has any affiliation or financial involvement that conflicts with the material presented in this report. View AHRQ Disclaimers
Related Resources From the Same Author(s)
Related Resources