MCP.directory

fda-consultant-specialist

by alirezarezvani
13
0
Source

FDA regulatory consultant for medical device companies. Provides 510(k)/PMA/De Novo pathway guidance, QSR (21 CFR 820) compliance, HIPAA assessments, and device cybersecurity. Use when user mentions FDA submission, 510(k), PMA, De Novo, QSR, premarket, predicate device, substantial equivalence, HIPAA medical device, or FDA cybersecurity.

Install

mkdir -p .claude/skills/fda-consultant-specialist && curl -L -o skill.zip "https://mcp.directory/api/skills/download/2083" && unzip -o skill.zip -d .claude/skills/fda-consultant-specialist && rm skill.zip

Installs to .claude/skills/fda-consultant-specialist

About this skill

FDA Consultant Specialist

FDA regulatory consulting for medical device manufacturers covering submission pathways, Quality System Regulation (QSR), HIPAA compliance, and device cybersecurity requirements.

Table of Contents

FDA Pathway Selection

Determine the appropriate FDA regulatory pathway based on device classification and predicate availability.

Decision Framework

Predicate device exists?
├── YES → Substantially equivalent?
│   ├── YES → 510(k) Pathway
│   │   ├── No design changes → Abbreviated 510(k)
│   │   ├── Manufacturing only → Special 510(k)
│   │   └── Design/performance → Traditional 510(k)
│   └── NO → PMA or De Novo
└── NO → Novel device?
    ├── Low-to-moderate risk → De Novo
    └── High risk (Class III) → PMA

Pathway Comparison

PathwayWhen to UseTimelineCost
510(k) TraditionalPredicate exists, design changes90 days$21,760
510(k) SpecialManufacturing changes only30 days$21,760
510(k) AbbreviatedGuidance/standard conformance30 days$21,760
De NovoNovel, low-moderate risk150 days$134,676
PMAClass III, no predicate180+ days$425,000+

Pre-Submission Strategy

  1. Identify product code and classification
  2. Search 510(k) database for predicates
  3. Assess substantial equivalence feasibility
  4. Prepare Q-Sub questions for FDA
  5. Schedule Pre-Sub meeting if needed

Reference: See fda_submission_guide.md for pathway decision matrices and submission requirements.

510(k) Submission Process

Workflow

Phase 1: Planning
├── Step 1: Identify predicate device(s)
├── Step 2: Compare intended use and technology
├── Step 3: Determine testing requirements
└── Checkpoint: SE argument feasible?

Phase 2: Preparation
├── Step 4: Complete performance testing
├── Step 5: Prepare device description
├── Step 6: Document SE comparison
├── Step 7: Finalize labeling
└── Checkpoint: All required sections complete?

Phase 3: Submission
├── Step 8: Assemble submission package
├── Step 9: Submit via eSTAR
├── Step 10: Track acknowledgment
└── Checkpoint: Submission accepted?

Phase 4: Review
├── Step 11: Monitor review status
├── Step 12: Respond to AI requests
├── Step 13: Receive decision
└── Verification: SE letter received?

Required Sections (21 CFR 807.87)

SectionContent
Cover LetterSubmission type, device ID, contact info
Form 3514CDRH premarket review cover sheet
Device DescriptionPhysical description, principles of operation
Indications for UseForm 3881, patient population, use environment
SE ComparisonSide-by-side comparison with predicate
Performance TestingBench, biocompatibility, electrical safety
Software DocumentationLevel of concern, hazard analysis (IEC 62304)
LabelingIFU, package labels, warnings
510(k) SummaryPublic summary of submission

Common RTA Issues

IssuePrevention
Missing user feeVerify payment before submission
Incomplete Form 3514Review all fields, ensure signature
No predicate identifiedConfirm K-number in FDA database
Inadequate SE comparisonAddress all technological characteristics

QSR Compliance

Quality System Regulation (21 CFR Part 820) requirements for medical device manufacturers.

Key Subsystems

SectionTitleFocus
820.20Management ResponsibilityQuality policy, org structure, management review
820.30Design ControlsInput, output, review, verification, validation
820.40Document ControlsApproval, distribution, change control
820.50Purchasing ControlsSupplier qualification, purchasing data
820.70Production ControlsProcess validation, environmental controls
820.100CAPARoot cause analysis, corrective actions
820.181Device Master RecordSpecifications, procedures, acceptance criteria

Design Controls Workflow (820.30)

Step 1: Design Input
└── Capture user needs, intended use, regulatory requirements
    Verification: Inputs reviewed and approved?

Step 2: Design Output
└── Create specifications, drawings, software architecture
    Verification: Outputs traceable to inputs?

Step 3: Design Review
└── Conduct reviews at each phase milestone
    Verification: Review records with signatures?

Step 4: Design Verification
└── Perform testing against specifications
    Verification: All tests pass acceptance criteria?

Step 5: Design Validation
└── Confirm device meets user needs in actual use conditions
    Verification: Validation report approved?

Step 6: Design Transfer
└── Release to production with DMR complete
    Verification: Transfer checklist complete?

CAPA Process (820.100)

  1. Identify: Document nonconformity or potential problem
  2. Investigate: Perform root cause analysis (5 Whys, Fishbone)
  3. Plan: Define corrective/preventive actions
  4. Implement: Execute actions, update documentation
  5. Verify: Confirm implementation complete
  6. Effectiveness: Monitor for recurrence (30-90 days)
  7. Close: Management approval and closure

Reference: See qsr_compliance_requirements.md for detailed QSR implementation guidance.

HIPAA for Medical Devices

HIPAA requirements for devices that create, store, transmit, or access Protected Health Information (PHI).

Applicability

Device TypeHIPAA Applies
Standalone diagnostic (no data transmission)No
Connected device transmitting patient dataYes
Device with EHR integrationYes
SaMD storing patient informationYes
Wellness app (no diagnosis)Only if stores PHI

Required Safeguards

Administrative (§164.308)
├── Security officer designation
├── Risk analysis and management
├── Workforce training
├── Incident response procedures
└── Business associate agreements

Physical (§164.310)
├── Facility access controls
├── Workstation security
└── Device disposal procedures

Technical (§164.312)
├── Access control (unique IDs, auto-logoff)
├── Audit controls (logging)
├── Integrity controls (checksums, hashes)
├── Authentication (MFA recommended)
└── Transmission security (TLS 1.2+)

Risk Assessment Steps

  1. Inventory all systems handling ePHI
  2. Document data flows (collection, storage, transmission)
  3. Identify threats and vulnerabilities
  4. Assess likelihood and impact
  5. Determine risk levels
  6. Implement controls
  7. Document residual risk

Reference: See hipaa_compliance_framework.md for implementation checklists and BAA templates.

Device Cybersecurity

FDA cybersecurity requirements for connected medical devices.

Premarket Requirements

ElementDescription
Threat ModelSTRIDE analysis, attack trees, trust boundaries
Security ControlsAuthentication, encryption, access control
SBOMSoftware Bill of Materials (CycloneDX or SPDX)
Security TestingPenetration testing, vulnerability scanning
Vulnerability PlanDisclosure process, patch management

Device Tier Classification

Tier 1 (Higher Risk):

  • Connects to network/internet
  • Cybersecurity incident could cause patient harm

Tier 2 (Standard Risk):

  • All other connected devices

Postmarket Obligations

  1. Monitor NVD and ICS-CERT for vulnerabilities
  2. Assess applicability to device components
  3. Develop and test patches
  4. Communicate with customers
  5. Report to FDA per guidance

Coordinated Vulnerability Disclosure

Researcher Report
    ↓
Acknowledgment (48 hours)
    ↓
Initial Assessment (5 days)
    ↓
Fix Development
    ↓
Coordinated Public Disclosure

Reference: See device_cybersecurity_guidance.md for SBOM format examples and threat modeling templates.

Resources

scripts/

ScriptPurpose
fda_submission_tracker.pyTrack 510(k)/PMA/De Novo submission milestones and timelines
qsr_compliance_checker.pyAssess 21 CFR 820 compliance against project documentation
hipaa_risk_assessment.pyEvaluate HIPAA safeguards in medical device software

references/

FileContent
fda_submission_guide.md510(k), De Novo, PMA submission requirements and checklists
qsr_compliance_requirements.md21 CFR 820 implementation guide with templates
hipaa_compliance_framework.mdHIPAA Security Rule safeguards and BAA requirements
device_cybersecurity_guidance.mdFDA cybersecurity requirements, SBOM, threat modeling
fda_capa_requirements.mdCAPA process, root cause analysis, effectiveness verification

Usage Examples

# Track FDA submission status
python scripts/fda_submission_tracker.py /path/to/project --type 510k

# Assess QSR compliance
python scripts/qsr_compliance_checker.py /path/to/project --section 820.30

# Run HIPAA risk assessment
python scripts/hipaa_risk_assessment.py /path/to/project --category technical

More by alirezarezvani

View all skills by alirezarezvani

senior-architect

alirezarezvani

Comprehensive software architecture skill for designing scalable, maintainable systems using ReactJS, NextJS, NodeJS, Express, React Native, Swift, Kotlin, Flutter, Postgres, GraphQL, Go, Python. Includes architecture diagram generation, system design patterns, tech stack decision frameworks, and dependency analysis. Use when designing system architecture, making technical decisions, creating architecture diagrams, evaluating trade-offs, or defining integration patterns.

170129

content-creator

alirezarezvani

Create SEO-optimized marketing content with consistent brand voice. Includes brand voice analyzer, SEO optimizer, content frameworks, and social media templates. Use when writing blog posts, creating social media content, analyzing brand voice, optimizing SEO, planning content calendars, or when user mentions content creation, brand voice, SEO optimization, social media marketing, or content strategy.

11619

ceo-advisor

alirezarezvani

Executive leadership guidance for strategic decision-making, organizational development, and stakeholder management. Includes strategy analyzer, financial scenario modeling, board governance frameworks, and investor relations playbooks. Use when planning strategy, preparing board presentations, managing investors, developing organizational culture, making executive decisions, or when user mentions CEO, strategic planning, board meetings, investor updates, organizational leadership, or executive strategy.

8413

content-trend-researcher

alirezarezvani

Advanced content and topic research skill that analyzes trends across Google Analytics, Google Trends, Substack, Medium, Reddit, LinkedIn, X, blogs, podcasts, and YouTube to generate data-driven article outlines based on user intent analysis

10913

cold-email

alirezarezvani

When the user wants to write, improve, or build a sequence of B2B cold outreach emails to prospects who haven't asked to hear from them. Use when the user mentions 'cold email,' 'cold outreach,' 'prospecting emails,' 'SDR emails,' 'sales emails,' 'first touch email,' 'follow-up sequence,' or 'email prospecting.' Also use when they share an email draft that sounds too sales-y and needs to be humanized. Distinct from email-sequence (lifecycle/nurture to opted-in subscribers) — this is unsolicited outreach to new prospects. NOT for lifecycle emails, newsletters, or drip campaigns (use email-sequence).

3713

content-humanizer

alirezarezvani

Makes AI-generated content sound genuinely human — not just cleaned up, but alive. Use when content feels robotic, uses too many AI clichés, lacks personality, or reads like it was written by committee. Triggers: 'this sounds like AI', 'make it more human', 'add personality', 'it feels generic', 'sounds robotic', 'fix AI writing', 'inject our voice'. NOT for initial content creation (use content-production). NOT for SEO optimization (use content-production Mode 3).

359

You might also like

flutter-development

aj-geddes

Build beautiful cross-platform mobile apps with Flutter and Dart. Covers widgets, state management with Provider/BLoC, navigation, API integration, and material design.

643969

drawio-diagrams-enhanced

jgtolentino

Create professional draw.io (diagrams.net) diagrams in XML format (.drawio files) with integrated PMP/PMBOK methodologies, extensive visual asset libraries, and industry-standard professional templates. Use this skill when users ask to create flowcharts, swimlane diagrams, cross-functional flowcharts, org charts, network diagrams, UML diagrams, BPMN, project management diagrams (WBS, Gantt, PERT, RACI), risk matrices, stakeholder maps, or any other visual diagram in draw.io format. This skill includes access to custom shape libraries for icons, clipart, and professional symbols.

591705

ui-ux-pro-max

nextlevelbuilder

"UI/UX design intelligence. 50 styles, 21 palettes, 50 font pairings, 20 charts, 8 stacks (React, Next.js, Vue, Svelte, SwiftUI, React Native, Flutter, Tailwind). Actions: plan, build, create, design, implement, review, fix, improve, optimize, enhance, refactor, check UI/UX code. Projects: website, landing page, dashboard, admin panel, e-commerce, SaaS, portfolio, blog, mobile app, .html, .tsx, .vue, .svelte. Elements: button, modal, navbar, sidebar, card, table, form, chart. Styles: glassmorphism, claymorphism, minimalism, brutalism, neumorphism, bento grid, dark mode, responsive, skeuomorphism, flat design. Topics: color palette, accessibility, animation, layout, typography, font pairing, spacing, hover, shadow, gradient."

318399

godot

bfollington

This skill should be used when working on Godot Engine projects. It provides specialized knowledge of Godot's file formats (.gd, .tscn, .tres), architecture patterns (component-based, signal-driven, resource-based), common pitfalls, validation tools, code templates, and CLI workflows. The `godot` command is available for running the game, validating scripts, importing resources, and exporting builds. Use this skill for tasks involving Godot game development, debugging scene/resource files, implementing game systems, or creating new Godot components.

340397

nano-banana-pro

garg-aayush

Generate and edit images using Google's Nano Banana Pro (Gemini 3 Pro Image) API. Use when the user asks to generate, create, edit, modify, change, alter, or update images. Also use when user references an existing image file and asks to modify it in any way (e.g., "modify this image", "change the background", "replace X with Y"). Supports both text-to-image generation and image-to-image editing with configurable resolution (1K default, 2K, or 4K for high resolution). DO NOT read the image file first - use this skill directly with the --input-image parameter.

452339

fastapi-templates

wshobson

Create production-ready FastAPI projects with async patterns, dependency injection, and comprehensive error handling. Use when building new FastAPI applications or setting up backend API projects.

304231

Related MCP Servers

Browse all servers
Theta HealthTheta Health

Theta Health MCP Server offers EHR interoperability solutions, enabling AI assistants to access and manage diverse healt

21 tools
BrowserBrowser

Supercharge browser tasks with Browser MCP—AI-driven, local browser automation for powerful, private testing. Inspired b

5,99112 tools
Mobile NextMobile Next

Mobile Next offers fast, seamless mobile automation for iOS and Android. Automate apps, extract data, and simplify mobil

3,75219 tools
iOS SimulatoriOS Simulator

Use iOS Simulator for testing with tools like UI interaction and device info retrieval. Perfect as an iPhone emulator fo

1,72113 tools
BioMCP (Biomedical Database Integration)BioMCP (Biomedical Database Integration)

BioMCP integrates ClinicalTrials.gov, PubMed, and MyVariant.info for unified biomedical database access with structured,

4560 tools
Android MCPAndroid MCP

Android MCP — lightweight bridge enabling AI agents for Android to perform Android automation and Android UI testing: ap

4390 tools

Stay ahead of the MCP ecosystem

Get weekly updates on new skills and servers.