3x3 Institute

ChatGPT as a medical regulatory tool

December 4, 2023

I have done a fair amount of medical device development including quality and regulatory work. So I was wondering what sort of answers ChatGPT would give to questions about medical device regulations. I asked it a few questions and got some interesting answers. I have included the questions and answers below. I have also included some comments on the answers.

I think the results are pretty good given that I used ChatGPT4 without a particularly prompting strategy, without any fine tuning, without access to regulatory documents, and operating them as a single shot. I think that with a little prompting strategy, fine tuning, and multiple shots, the results could be quite good.

User: You are a medical device regulatory expert. How can I prove that my device is equivalent with a predicate device?

ChatGPT: To prove that your medical device is equivalent to a predicate device, you typically need to follow these steps:

  1. Identify a Predicate Device: Select a legally marketed device that is similar to yours. This device serves as a benchmark for comparison.

  2. Perform a Comparative Analysis: Compare your device with the predicate in terms of intended use, design, materials, performance, safety, and effectiveness.

  3. Conduct Bench Testing: Perform laboratory tests to compare the two devices’ performance and safety characteristics.

  4. Clinical Data (if necessary): If there are significant differences in design or indications for use, you might need clinical data to demonstrate equivalence.

  5. Standards Compliance: Show compliance with relevant standards for both devices.

  6. Documentation: Prepare a detailed report documenting all aspects of the comparison.

  7. Regulatory Submission: Submit your findings to the appropriate regulatory body, such as the FDA in the United States, along with your application for approval.

It’s crucial to follow the specific guidelines provided by the regulatory body in your region. Each agency might have slightly different requirements for demonstrating equivalence.

A better prompt will give a better response, but this seems like a reasonable introductory answer.

User" Do I need to have access to the predicate device?

ChatGPT: In most cases, direct access to the predicate device is not strictly necessary to demonstrate equivalence in a regulatory submission. However, having access can be beneficial. Here’s how you can proceed with or without direct access to the predicate device:

Without Direct Access:

  1. Use Publicly Available Information: Gather information about the predicate device from sources like the manufacturer’s website, marketing materials, publicly available regulatory submissions, and scientific literature.
  2. Technical Specifications: Focus on publicly available technical specifications and compare them to those of your device.
  3. Bench Testing and Analysis: Conduct bench testing and other analyses using the specifications and data you have gathered.

With Direct Access:

  1. Direct Comparison: If you have access to the predicate device, you can perform direct side-by-side testing and analysis. This can provide a more robust comparison.
  2. Detailed Analysis: Access to the device allows for detailed analysis of design, materials, and functionality.

Whether you have direct access or not, the key is to thoroughly document how your device is substantially equivalent to the predicate in terms of safety and effectiveness. You should gather as much information as possible about the predicate device to make a comprehensive and convincing argument to the regulatory body.

User: How can I determine what standards a predicate device meets?

This is a good question as it is not always obvious what specific standards a device from a competitor was designed meet. The answer requires understanding the process and the data sources that can be used.

ChatGPT: Determining the standards met by a predicate device involves several approaches:

  1. Regulatory Filings: Review the predicate device’s regulatory filings if available. In the United States, for example, the FDA’s 510(k) database often includes summaries of premarket notifications, which might list the standards the device complies with.

  2. Device Labeling and Documentation: Check the device’s labeling, user manual, or other documentation provided by the manufacturer, which often states compliance with specific standards.

  3. Manufacturer’s Website: Manufacturers frequently list compliance with standards on their product pages or in technical datasheets available on their websites.

  4. Scientific Literature and Technical Reports: Research papers or technical reports about the device might mention the standards it adheres to.

  5. Direct Inquiry: Contacting the manufacturer directly can be an effective way to learn about the standards their device meets.

  6. Industry Knowledge: If you’re familiar with the category of devices, you may have an understanding of the common standards applied to such devices.

  7. Consult with Experts: Regulatory consultants or experts in the field might provide insights into the likely standards a device adheres to based on its class and type.

Remember, even if you identify the standards, you still need to demonstrate that your device meets or exceeds these standards in your regulatory submission.

User The device is implemented with an FPGA. What documentation of that is required

This is another good question. Again the answer is not obvious and requires some knowledge of the regulatory process.

ChatGPT For a medical device implemented with an FPGA (Field-Programmable Gate Array), specific documentation is typically required to satisfy regulatory requirements. This documentation should cover various aspects of the FPGA’s design, development, testing, and potential impact on the safety and effectiveness of the medical device. Key elements often include:

Design Documentation:

  1. Hardware Description: Detailed description of the FPGA, including its configuration, architecture, and any relevant hardware interfaces. Functional Specifications: Explanation of the intended functions and operations of the FPGA within the device.

  2. Software/Firmware Documentation (if applicable):

    • Source Code: Documentation of the source code, if the FPGA uses a soft processor or is configured using high-level synthesis from a software language.
    • Design and Development Process: Describe the process used for designing, programming, and testing the FPGA’s firmware or software.
    • Version Control and Change Management: Details of version control systems and processes for managing changes to the FPGA’s software or firmware.
  3. Verification and Validation Testing:

    • Test Plans and Results: Document the tests conducted to verify that the FPGA meets its specifications and validation tests to ensure it functions correctly within the medical device.
    • Risk Analysis: Analysis of potential risks associated with the FPGA and how these risks are mitigated.
  4. Quality Assurance:

    • Quality Control Procedures: Describe the quality control measures in place for the FPGA’s development and manufacturing process.
    • Component Traceability: Information on the traceability of the FPGA component, ensuring that any changes or issues can be accurately tracked.
  5. Regulatory Compliance:

    • Standards Compliance: Documentation showing compliance with relevant industry and regulatory standards for medical devices and electronic components.
  6. Failure Modes and Effects Analysis (FMEA):

    • Risk Management: Detailed FMEA or similar analysis to identify potential failure modes of the FPGA and their impact on the safety and effectiveness of the medical device.
  7. User Documentation:

    • Instructions for Use: If the FPGA’s operation or configuration can be modified by the user, provide clear instructions and warnings.
  8. Post-Market Surveillance Plan:

This documentation should be comprehensive, well-organized, and prepared according to the regulatory guidelines of the specific region where the device will be marketed (e.g., FDA in the United States, EMA in Europe). It’s also advisable to stay informed about the latest regulatory expectations for medical devices with electronic components, as these can evolve over time.

This is an ok answer, but sufficiently incomplete that I wouldn’t rely on without further research. I would expect an answer like this from a regulatory person who is not familiar with FPGAs.

User What medical device regulations might apply to the use of an FPGA?

This is the kind of question regulatory people get asked all the time. I thought it was a good example of a question that might be asked of a regulatory GPT.

ChatGPT For a medical device utilizing an FPGA (Field-Programmable Gate Array), several regulations and standards may apply, particularly focusing on the safety, effectiveness, and reliability of electronic components within medical devices. The specific regulations depend on the region in which the device is being marketed. Here are some common regulations and standards:

  1. FDA Regulations (United States):

    21 CFR Part 20 is the universal first answer to every US regulatory question.

    • 21 CFR Part 820: Quality System Regulation, covering the methods used in, and the facilities and controls used for, the design, manufacture, packaging, labeling, storage, installation, and servicing of all finished devices.
    • 21 CFR Part 11: Electronic Records; Electronic Signatures, for devices that have electronic records or utilize electronic signatures.
    • General Principles of Software Validation (FDA Guidance): If the FPGA is used in conjunction with software or firmware.
  2. European Regulations:

    And the first answer to every European regulatory question.

    • Medical Device Regulation (MDR) EU 2017/745: Sets out general safety and performance requirements for medical devices.

    • IEC 62304: Medical device software - Software life cycle processes, applicable if the FPGA is programmed using software tools.

  3. International Standards:

    Motherhood and apple pie to the regulatory world.

    • ISO 13485: Medical devices - Quality management systems - Requirements for regulatory purposes, applicable to the design and manufacture of the device, including electronic components.
    • IEC 60601: Medical electrical equipment - General requirements for basic safety and essential performance. This standard has several parts and may apply to specific aspects of medical device electronics.
    • IEC 62366: Application of usability engineering to medical devices, if the FPGA affects user interfaces or user interactions.
    • ISO 14971: Application of risk management to medical devices, particularly relevant for assessing and managing risks associated with the FPGA.
  4. Software and Cybersecurity Standards:

    Given that and FPGA is a Field programmable gate array, it is programmable and interfaces with software.

    • If the FPGA involves programmable logic or interfaces with software, standards related to software development and cybersecurity may apply, such as AAMI TIR57: Principles for medical device security - Risk management or ISO/IEC 27001: Information security management.
  5. Specific Product Standards:

    • Depending on the type of medical device, there may be specific product standards that apply which include requirements for electronic components.

It’s important to note that the applicable regulations and standards can vary based on the specific use case of the FPGA within the medical device, the type of medical device, and the regions where the device is intended to be marketed. Staying informed about the latest regulatory requirements and engaging with regulatory experts or consultants can be crucial in navigating this complex landscape.

I would give this a weak score. But it does identify identify the places to start, but is somewhat incomplete.

User Create a quality system document describing the process of software development

I decided ask an impossible to answer question to see what would happen. I was surprised that it gave a reasonable answer.

ChatGPT Certainly! Below is an outline for a Quality System Document (QSD) that describes the process of software development for medical devices. This document can be tailored to fit the specific needs and procedures of your organization.

Quality System Document (QSD)

Document Title: Software Development Process for Medical Devices

Document Number: QSD-XX-XXX

Effective Date: [Insert Date]

Revision: [Insert Revision Number]

Prepared by: [Insert Author’s Name]

Reviewed by: [Insert Reviewer’s Name]

Approved by: [Insert Approver’s Name]

  1. Purpose

This document defines the standard process for software development within [Your Company’s Name], ensuring compliance with applicable regulatory standards and guidelines for medical device software.

  1. Scope

This QSD applies to all software development activities for medical devices undertaken by [Your Company’s Name], including design, development, testing, maintenance, and post-market activities.

  1. References
  1. Definitions
  1. Software Development Life Cycle (SDLC)

5.1 Planning Phase: Define software requirements, scope, resources, and timelines. Include risk management planning.

5.2 Design Phase: Architectural design, detailed software design, and interface specifications.

5.3 Implementation Phase: Coding, unit testing, and code reviews.

5.4 Verification and Validation Phase: System testing, integration testing, and validation testing according to predefined test plans and protocols.

5.5 Deployment Phase: Software release, deployment, and installation procedures.

5.6 Maintenance and Post-market Phase: Ongoing maintenance, updates, post-market surveillance, and handling of reported issues.

  1. Documentation

6.1 Software Requirements Specification (SRS)

6.2 Software Design Document (SDD)

6.3 Test Plans and Reports

6.4 Risk Management File

6.5 Change Control Documentation

6.6 Post-market Surveillance Reports

  1. Quality Assurance

7.1 Code Reviews: Regular code reviews and audits.

7.2 Testing Procedures: Verification and validation testing according to regulatory standards.

7.3 Traceability: Maintaining traceability between requirements, design elements, and tests.

  1. Risk Management

8.1 Risk Analysis: Conduct risk analysis during the planning and design phases.

8.2 Risk Mitigation: Implement risk control measures and monitor effectiveness.

8.3 Risk Review: Regular review of risk management activities and effectiveness.

  1. Training

9.1 Training Requirements: Identification of training needs for all personnel involved in software development.

9.2 Training Records: Documentation of completed training sessions.

  1. Change Control

10.1 Change Request Process: Procedure for initiating, reviewing, approving, and implementing changes.

10.2 Impact Analysis: Assessing the impact of changes on the software and overall device.

  1. Record Keeping

11.1 Record Retention: Defined periods for retaining different types of records.

11.2 Record Accessibility: Ensuring records are accessible for review and audits.

  1. Revision History

Document revision history including revision number, date, description, and author. This document should be regularly reviewed and updated to ensure it continues to reflect current practices and regulatory requirements.

User: Describe the outline of a SRS

An SRS is a software requirements specification. It is a document that describes the requirements for a software system. It is a critical document in the development of medical devices.


An SRS (Software Requirements Specification) is a critical document in software development, particularly for medical devices, where accuracy and clarity are paramount. The outline of an SRS typically includes the following sections:

  1. Introduction

1.1 Purpose: Clearly state the purpose of the SRS and its intended audience.

1.2 Scope: Describe the software application’s scope, including its intended uses and functionalities.

1.3 Definitions, Acronyms, and Abbreviations: Provide definitions for specific terms, acronyms, and abbreviations used in the document.

1.4 References: List any relevant documents, standards, or materials referenced in the SRS.

1.5 Overview: Give a brief overview of the rest of the SRS contents.

  1. Overall Description

2.1 Product Perspective: Explain the context and origin of the product. Relate it to existing systems/products, if applicable.

2.2 Product Functions: Summarize the major functions the software will perform.

2.3 User Classes and Characteristics: Describe the different types of users who will interact with the software and their characteristics.

2.4 Operating Environment: Specify the hardware, software, and network environments where the software will operate.

2.5 Design and Implementation Constraints: Outline constraints such as system requirements, regulatory compliance, or interface dependencies.

2.6 User Documentation: Mention the scope of user documentation to be provided.

2.7 Assumptions and Dependencies: List any assumed factors (not yet proven) and dependencies on external factors or systems.

  1. System Features

3.1 System Feature 1 (and so on): For each system feature, provide a detailed description, including its functional requirements.

This section is often the most extensive part of the SRS.

  1. External Interface Requirements

4.1 User Interfaces: Describe the layout and style of the user interface.

4.2 Hardware Interfaces: Specify the logical characteristics of each interface between the software and the hardware.

4.3 Software Interfaces: Describe how the software interacts with other software systems.

4.4 Communications Interfaces: Explain the requirements for any communications functions, such as networking capabilities.

  1. Other Nonfunctional Requirements

5.1 Performance Requirements: Specify the performance constraints on the software system.

5.2 Safety Requirements: Outline requirements that directly affect the safety of the system.

5.3 Security Requirements: Specify security or privacy requirements detailing data protection, authentication, and authorization.

5.4 Software Quality Attributes: Address aspects like reliability, maintainability, and portability.

  1. Appendices

6.1 Appendix A (and so on): Include any additional information that is relevant to the SRS. This might include sample data, detailed calculations, or detailed procedural steps.

  1. Index

An SRS must be clear, unambiguous, and comprehensive. It should be written with the understanding that it will serve as a reference throughout the entire software development process, including design, development, testing, and maintenance stages.

User: Generate the outline of a document describing a medical devices correspondence with it’s predicate device


Creating a document that describes a medical device’s correspondence with its predicate device is crucial for regulatory purposes, especially for submissions like the FDA’s 510(k) process. The document typically outlines how the new device (subject device) is substantially equivalent to an existing, legally marketed device (predicate device). Here’s an outline for such a document:

Title: Comparison of [Subject Device Name] with Predicate Device

Document Number: [Unique Identifier]

Effective Date: [Date]

Revision Number: [Number]

Prepared by: [Your Name/Team]

Reviewed by: [Reviewer’s Name/Team]

Approved by: [Approver’s Name/Authority]

  1. Introduction

1.1 Purpose of the Document: Describe the intent to demonstrate substantial equivalence between the subject device and the predicate device.

1.2 Scope: Outline the extent of the comparison and the specific aspects covered.

  1. Overview of the Subject Device

2.1 Description: Provide a detailed description of the subject device, including its intended use, indications, and technological characteristics.

2.2 Regulatory History: If applicable, include any previous regulatory submissions or decisions related to the subject device.

  1. Overview of the Predicate Device

3.1 Description: Detail the predicate device, including its intended use, indications, and key technological features.

3.2 Regulatory Status: State the predicate device’s regulatory clearance/approval status and any relevant history.

  1. Comparative Analysis

4.1 Intended Use: Compare the intended uses of both devices.

4.2 Technological Characteristics: Contrast the technological features, including design, materials, components, and principle of operation.

4.3 Performance Specifications: Compare the performance specifications and output measures.

  1. Safety and Effectiveness Comparison

5.1 Safety Comparison: Analyze and compare the safety profiles of both devices.

5.2 Effectiveness Comparison: Discuss the effectiveness of the subject device in relation to the predicate.

  1. Non-Clinical Testing

6.1 Bench Testing: Summarize bench testing conducted and compare results.

6.2 Biocompatibility Testing: If applicable, include a comparison of biocompatibility testing.

  1. Clinical Data (if applicable)

7.1 Clinical Trials/Study Data: Provide data from clinical trials or studies, comparing results with the predicate device.

  1. Standards Compliance

8.1 Overview of Compliance: List and compare the standards each device complies with.

8.2 Impact of Non-Compliance: Discuss the implications of any differences in standard compliance.

  1. Risk Analysis

9.1 Risk Management Process: Outline the risk management processes used for the subject device.

9.2 Comparative Risk Assessment: Compare the risk profiles of both devices.

  1. Conclusion

10.1 Summary of Substantial Equivalence: Conclude with a summary of how the subject device is substantially equivalent to the predicate.

10.2 Recommendations and Next Steps: If applicable, outline recommendations and next steps for regulatory submissions.

  1. Appendices

11.1 Technical Data Sheets

11.2 Test Reports

11.3 Clinical Study Reports

11.4 Other Supporting Documentation

  1. Revision History

Document revision history, including dates, descriptions, and authors.

This document serves as a comprehensive comparison to support regulatory submissions, primarily focusing on demonstrating that the new device is as safe and effective as its predicate and does not raise any new questions of safety or effectiveness.

User: Provide an example of what section 4.1 should look like

ChatGPT: Sure, I’ll provide an example for section 4.1 (Intended Use Comparison) of a document comparing a medical device with its predicate device. This section should clearly articulate how the intended use of the new (subject) device aligns with that of the existing (predicate) device.

  1. Comparative Analysis

4.1 Intended Use Comparison

In this section, we compare the intended use of the [Subject Device Name] with the [Predicate Device Name].

Subject Device: [Subject Device Name]

Predicate Device: [Predicate Device Name]

Comparison Analysis:

I would have expected a table with the similarities and differences. But this is a reasonable answer.


Despite the difference in underlying technology for glucose measurement, both the [Subject Device Name] and the [Predicate Device Name] share the same fundamental intended use – non-invasive blood glucose monitoring. The user profile and indications for use are also closely aligned, establishing the basis for claiming substantial equivalence in terms of intended use.

This example demonstrates how to methodically compare the intended uses of the subject and predicate devices, focusing on similarities and key differences. The objective is to justify that the new device fulfills the same fundamental purpose as the predicate, even if there are technological differences.