Medical Device Acronyms & Glossary: 100+ Essential Terms Every Professional Must Know
The definitive medical device glossary with 100+ acronyms and terms — FDA pathways (510k, PMA, De Novo), EU MDR concepts, quality systems (ISO 13485, CAPA, DHF), clinical evidence, standards, and international regulatory abbreviations explained.
Why a Medical Device Glossary Matters
The medical device industry runs on acronyms. Walk into any regulatory strategy meeting and you will hear sentences like: "The NB rejected our CER because the SOTA section did not adequately support the GSPRs, and PMCF data from the PFS was insufficient." If that sentence reads like a foreign language, you are not alone.
Whether you are a regulatory affairs specialist preparing a 510(k) submission, a quality engineer managing CAPA records, a clinical affairs manager writing a Clinical Evaluation Report under EU MDR, or a startup founder trying to understand what your regulatory consultant is telling you, you need a working command of this vocabulary. Misunderstanding a single term can delay a submission by months, cause a design transfer failure, or result in a nonconformity during a Notified Body audit.
This guide defines over 120 essential terms organized into 13 categories spanning the entire medical device lifecycle: from regulatory submissions and clinical evidence through manufacturing, labeling, cybersecurity, and market access. It is designed to be both a learning resource for newcomers and a quick-reference companion for experienced professionals.
How to Use This Guide
Each section groups related terms together so you can see how they interconnect. For every term you will find the acronym, its full expansion, and a concise explanation grounded in how the concept is actually used in practice. Bookmark this page and return to it whenever you encounter an unfamiliar abbreviation in a regulatory document, audit finding, or submission template.
FDA Regulatory Pathways & Submissions
The US Food and Drug Administration's Center for Devices and Radiological Health (CDRH) and Center for Biologics Evaluation and Research (CBER) oversee medical device marketing authorization. Understanding these pathways is the foundation of any US regulatory strategy.
| Acronym | Full Term | Definition |
|---|---|---|
| 510(k) | Premarket Notification (Section 510(k) of the FD&C Act) | A premarket submission demonstrating that a device is substantially equivalent to a legally marketed predicate device. Most Class II devices enter the US market through this pathway. |
| PMA | Premarket Approval Application | The most stringent FDA device marketing application, required for Class III devices such as implants and life-sustaining devices. Requires clinical evidence of safety and effectiveness. |
| De Novo | De Novo Classification Request | A pathway for novel low- to moderate-risk devices that lack a predicate but for which general and special controls are sufficient. Creates a new classification regulation and establishes a new predicate. |
| HDE | Humanitarian Device Exemption | A marketing application for devices intended to treat or diagnose a disease or condition affecting fewer than 8,000 individuals per year in the US. Exempt from the effectiveness standard required for PMA. |
| EUA | Emergency Use Authorization | An authorization mechanism allowing unapproved medical devices to be used during a declared emergency, such as a pandemic. Was heavily used during COVID-19 for ventilators, diagnostic tests, and PPE. |
| IDE | Investigational Device Exemption | An FDA approval that allows an investigational device to be shipped lawfully for the purpose of conducting a clinical study. Required for significant-risk device studies in the US. |
| eSTAR | Electronic Submission Template and Resource | An interactive PDF template the FDA provides to guide 510(k) and De Novo submitters through a complete, organized submission. Its use became mandatory for 510(k) submissions in October 2023. |
| Q-Submission | Pre-Submission (Q-Sub) | A voluntary formal feedback mechanism through which manufacturers can obtain FDA input on planned submissions, study designs, or regulatory approaches before committing resources. |
| PCCP | Predetermined Change Control Plan | A plan included in a premarket submission (particularly for AI/ML devices) that describes anticipated modifications and how they will be implemented without requiring a new premarket review. |
| BDD | Breakthrough Device Designation | An FDA designation for devices that provide more effective treatment or diagnosis of life-threatening or irreversibly debilitating diseases. Grants priority review and interactive communication with FDA. |
| RTA | Refuse to Accept | An FDA policy under which submissions that do not meet minimum acceptance criteria are returned to the sponsor without substantive review. Applied to both 510(k) and PMA submissions. |
| NSE | Not Substantially Equivalent | An FDA 510(k) determination meaning the device is not substantially equivalent to the predicate. The device cannot be marketed and the sponsor must pursue an alternative pathway (e.g., De Novo or PMA). |
| SE | Substantially Equivalent | An FDA 510(k) determination meaning the device has the same intended use and technological characteristics as the predicate, or any differences do not raise new safety/effectiveness questions. |
| CGMP | Current Good Manufacturing Practice | The minimum FDA requirements for methods, facilities, and controls used in manufacturing, packaging, and storage of medical devices. Codified in 21 CFR Part 820, now transitioning to the Quality Management System Regulation (QMSR). |
| MDR (FDA) | Medical Device Reporting | The FDA mandatory adverse event reporting system requiring manufacturers, importers, and device user facilities to report deaths, serious injuries, and certain malfunctions. Distinct from EU MDR. |
EU MDR / IVDR Terms
The European Union Medical Device Regulation (EU MDR 2017/745) and In Vitro Diagnostic Regulation (EU IVDR 2017/746) represent the most significant overhaul of European device regulation in decades. The following terms appear routinely in technical documentation, Notified Body correspondence, and compliance planning.
| Acronym | Full Term | Definition |
|---|---|---|
| CE Marking | Conformite Europeenne Marking | A conformity mark indicating that a product meets the applicable EU health, safety, and environmental protection requirements. Mandatory for medical devices placed on the EU market. |
| NB | Notified Body | An independent organization designated by an EU Member State to assess whether medical devices meet the requirements of the applicable EU regulation before affixing the CE mark. |
| DoC | Declaration of Conformity | A formal document in which the manufacturer declares that the device complies with all applicable EU regulatory requirements. Must be drawn up before the CE mark is affixed. |
| GSPR | General Safety and Performance Requirements | The set of requirements in Annex I of EU MDR/IVDR that every device must meet, covering safety, performance, chemical/physical/biological properties, infection/microbial control, and labeling. |
| SSCP | Summary of Safety and Clinical Performance | A publicly available document for Class III and implantable devices that summarizes safety and clinical performance data. Uploaded to EUDAMED and accessible to patients and healthcare professionals. |
| PRRC | Person Responsible for Regulatory Compliance | A role required under EU MDR/IVDR for every manufacturer and authorized representative. The PRRC must have the requisite expertise in regulatory affairs and quality management. |
| PSUR | Periodic Safety Update Report | A periodic report summarizing post-market surveillance data, trend analyses, and benefit-risk conclusions. Required for Class IIa, IIb, and III devices under EU MDR. |
| PMCF | Post-Market Clinical Follow-Up | A systematic process to collect and evaluate clinical data from the use of a CE-marked device, used to update the clinical evaluation and verify ongoing safety and performance. |
| CER | Clinical Evaluation Report | A core technical document under EU MDR that assesses all available clinical data (literature, clinical investigations, PMCF data) to demonstrate conformity with relevant GSPRs. |
| EUDAMED | European Database on Medical Devices | The secure, centralized EU IT system for registering devices, certificates, clinical investigations, vigilance reports, and economic operators. |
| UDI | Unique Device Identification | A system for identifying devices throughout distribution and use. Consists of a device identifier (UDI-DI) and a production identifier (UDI-PI), both stored in EUDAMED. |
| SRN | Single Registration Number | A unique identifier assigned to economic operators (manufacturers, authorized representatives, importers) in EUDAMED. Required before registering devices. |
| EC Rep | European Authorized Representative | A person or entity established within the EU who acts on behalf of a non-EU manufacturer for regulatory compliance, correspondence with authorities, and vigilance obligations. |
| IVDR | In Vitro Diagnostic Regulation (EU 2017/746) | The EU regulation governing in vitro diagnostic medical devices, replacing the IVD Directive (98/79/EC). Features a risk-based classification system (Classes A through D) and stricter clinical evidence requirements. |
| PMS | Post-Market Surveillance | The systematic process of collecting and analyzing data on devices after they have been placed on the market, to verify ongoing safety, performance, and benefit-risk profile. |
| MDCG | Medical Device Coordination Group | The EU body composed of representatives from all Member States responsible for implementing and harmonizing the application of the MDR and IVDR across Europe. Issues guidance documents that clarify regulatory requirements. |
Recommended Reading
Switzerland Swissmedic Medical Device Registration Guide (2026)
Regulatory EU MDR / IVDR2026-04-18 · 13 min read
Quality Systems & Standards
A robust quality management system is the backbone of medical device development and manufacturing. These terms appear daily in quality meetings, audit reports, and corrective action records.
| Acronym | Full Term | Definition |
|---|---|---|
| QMS | Quality Management System | An organized system of processes, procedures, and documentation that defines how an organization achieves quality objectives. For medical devices, typically based on ISO 13485 or 21 CFR Part 820/QMSR. |
| QSR | Quality System Regulation (21 CFR Part 820) | The FDA's current good manufacturing practice requirements for medical devices, covering design controls, production controls, CAPA, and documentation. Being transitioned to QMSR. |
| QMSR | Quality Management System Regulation | The FDA's updated quality system regulation, effective February 2, 2026, that aligns US requirements more closely with ISO 13485 by incorporating it by reference. Replaces the current QSR. |
| ISO 13485 | ISO 13485 Medical Devices -- Quality Management Systems | The international standard for medical device quality management systems. Specifies requirements for a QMS where an organization needs to demonstrate its ability to provide consistent, safe, and effective devices. |
| ISO 14971 | ISO 14971 Medical Devices -- Application of Risk Management | The international standard for risk management applied to medical devices throughout the product lifecycle. Defines the process for identifying, evaluating, mitigating, and monitoring risk. |
| CAPA | Corrective and Preventive Action | A systematic process for investigating the root cause of nonconformities, implementing corrective actions, and establishing preventive actions to avoid recurrence. One of the most frequently cited quality system requirements. |
| DHF | Design History File | A compilation of records that describes the design history of a device, including design inputs, outputs, verification, validation, reviews, and changes. Required under FDA QSR/QMSR and expected by ISO 13485. |
| DMR | Device Master Record | A compilation of records containing the procedures and specifications for a finished device, including drawings, formulations, specifications, labeling, and production processes. |
| DHR | Device History Record | A compilation of records for each production unit, batch, or lot that documents compliance with the DMR. Includes production dates, quantities, acceptance records, and primary identification labels. |
| IQ / OQ / PQ | Installation / Operational / Performance Qualification | The three phases of equipment and process validation. IQ verifies correct installation, OQ confirms operation within specified limits, and PQ demonstrates consistent performance under actual production conditions. |
| FMEA | Failure Mode and Effects Analysis | A systematic risk analysis technique that identifies potential failure modes in a design or process, evaluates their severity, occurrence, and detectability, and prioritizes actions to reduce risk. |
| ECO | Engineering Change Order | A formal document that initiates and tracks changes to device design, labeling, materials, processes, or specifications. Ensures changes are evaluated for regulatory impact before implementation. |
| NCR | Nonconformance Report | A document that records a deviation from specified requirements, initiates an investigation into the root cause, and tracks the disposition and corrective action for the nonconforming product or process. |
| NC | Nonconformity | A failure to meet a specified requirement, whether in product, process, or the quality system itself. Nonconformities identified during audits must be addressed through corrective action plans. |
| DCO | Document Change Order | A formal request to modify a controlled document, such as a standard operating procedure, specification, or work instruction. Ensures document changes follow the quality system's change control process. |
| SOP | Standard Operating Procedure | A written document that describes the specific steps required to perform a routine or repetitive activity consistently. SOPs are foundational elements of a medical device quality system. |
Clinical Evidence & Trials
Clinical data is the currency of regulatory submissions worldwide. These terms cover the language used in clinical investigations, evidence generation, and the regulatory framework for device studies.
| Acronym | Full Term | Definition |
|---|---|---|
| CER | Clinical Evaluation Report | A comprehensive assessment of all available clinical data supporting the safety and performance of a medical device. Required for CE marking under EU MDR and accepted by many regulatory authorities globally. |
| RWE | Real-World Evidence | Clinical evidence derived from the analysis of real-world data (data collected outside of traditional clinical trials, such as registries, electronic health records, and claims databases). |
| RWD | Real-World Data | Data relating to patient health status and/or the delivery of healthcare routinely collected from sources such as electronic health records, claims and billing data, patient registries, and wearable devices. |
| GCP | Good Clinical Practice | An international ethical and scientific quality standard for designing, conducting, recording, and reporting clinical trials that involve human subjects. Codified as ICH E6. |
| IRB | Institutional Review Board | A committee established to review and approve research involving human subjects in the US. Ensures that the rights, welfare, and safety of trial participants are protected. |
| IEC | Independent Ethics Committee | The European/international equivalent of an IRB. Reviews and approves clinical investigation plans and monitors ongoing studies to protect participant rights and safety. |
| PRO | Patient-Reported Outcome | A measurement of any aspect of a patient's health status that comes directly from the patient, without interpretation by a clinician or anyone else. Increasingly important in device clinical trials. |
| SOTA | State of the Art | The current stage of technical development for a given device type or treatment modality, determined through a systematic review of available technologies and clinical practices. Required context for EU MDR clinical evaluations. |
| CIP | Clinical Investigation Plan | A document that describes the rationale, objectives, design, methodology, statistical considerations, and organization of a clinical investigation involving human subjects. |
| IB | Investigator's Brochure | A compilation of clinical and nonclinical data relevant to the study of an investigational device in human subjects, provided to investigators to support their conduct of the clinical trial. |
| SAE | Serious Adverse Event | Any adverse event that results in death, a life-threatening condition, inpatient hospitalization, persistent or significant disability, or a congenital anomaly. Requires expedited reporting to regulators. |
| AE | Adverse Event | Any untoward medical occurrence in a patient or clinical investigation subject, whether or not it is considered related to the device. All AEs must be documented and monitored during clinical trials. |
Software & Digital Health
Software is now a component of the majority of medical devices, and an increasing number of products are software-only. The regulatory landscape for digital health has matured rapidly, introducing specialized terminology.
| Acronym | Full Term | Definition |
|---|---|---|
| SaMD | Software as a Medical Device | Software intended to be used for one or more medical purposes that performs those purposes without being part of a hardware medical device. Regulated as a medical device in its own right. |
| SiMD | Software in a Medical Device | Software that is embedded in or integral to a physical medical device and contributes to the device's intended medical purpose. |
| IEC 62304 | IEC 62304 Medical Device Software -- Software Lifecycle Processes | The international standard defining the software development lifecycle requirements for medical device software. Establishes software safety classification and activities by risk level. |
| SOUP | Software of Unknown Provenance | Software items that are already developed and available, and for which adequate records of the development process are not available. Requires specific evaluation under IEC 62304. |
| SBOM | Software Bill of Materials | A comprehensive, machine-readable inventory of all software components, libraries, and dependencies in a medical device. Required by FDA under Section 524B for cyber devices. |
| SPDF | Secure Product Development Framework | A set of integrated processes that embed cybersecurity throughout the total product lifecycle of a medical device, from design through decommissioning. Required by FDA cybersecurity guidance for connected devices and aligned with ISO 13485 quality system processes under the QMSR. |
| AI/ML | Artificial Intelligence / Machine Learning | Computational techniques that enable devices to learn from data and improve performance over time. AI/ML-enabled medical devices require special regulatory consideration for adaptive algorithms. |
| IoMT | Internet of Medical Things | The network of connected medical devices, health monitoring equipment, and clinical systems that communicate via the internet to collect, transmit, and analyze healthcare data. |
| DTM | Digital Therapeutics | Evidence-based therapeutic interventions driven by software programs to prevent, manage, or treat medical conditions. Some DTM products are regulated as medical devices. |
| NLP | Natural Language Processing | A branch of AI that enables software to understand, interpret, and generate human language. Used in clinical documentation tools and diagnostic support systems. |
Recommended Reading
IEC 62133 Battery Safety for Medical Devices: Testing, Compliance & Regulatory Requirements
Standards & Testing Quality Systems2026-04-20 · 14 min read
International Regulatory Bodies
Medical devices are regulated country by country, and every major market has its own regulatory authority and terminology. Knowing these abbreviations is essential for global market access planning.
| Acronym | Full Term | Definition |
|---|---|---|
| FDA | US Food and Drug Administration | The US federal agency responsible for regulating medical devices, drugs, biologics, food, and cosmetics. Device oversight is primarily through CDRH and CBER. |
| PMDA | Pharmaceuticals and Medical Devices Agency (Japan) | Japan's regulatory agency responsible for reviewing and approving medical devices and pharmaceuticals. Works alongside the Ministry of Health, Labour and Welfare (MHLW). |
| NMPA | National Medical Products Administration (China) | China's regulatory authority for medical devices, drugs, and cosmetics. Requires foreign manufacturers to appoint a China-based legal agent and, for Class II/III devices, conduct local clinical trials or accept overseas data. |
| MFDS | Ministry of Food and Drug Safety (South Korea) | South Korea's regulatory agency for medical devices. Requires Korea Good Manufacturing Practice (KGMP) certification for foreign manufacturers and product registration for Class II-IV devices. |
| ANVISA | Agencia Nacional de Vigilancia Sanitaria (Brazil) | Brazil's health regulatory authority. Requires Inmetro certification for certain devices, GMP inspection of manufacturing sites, and registration for Class III and IV risk devices. |
| TGA | Therapeutic Goods Administration (Australia) | Australia's regulatory body for medical devices, medicines, and biologicals. Operates a risk-based classification system aligned with the Global Harmonization Task Force framework. |
| Health Canada | Health Canada - Medical Devices Directorate | Canada's federal department responsible for medical device regulation. Issues Medical Device Licenses (MDL) for Class II, III, and IV devices and requires MDSAP certification. |
| SFDA | Saudi Food and Drug Authority | Saudi Arabia's regulatory authority for medical devices. Requires establishment registration, device listing, and compliance with technical requirements based on device risk classification. |
| EDE | Emirates Drug Establishment (UAE) | The UAE's regulatory body for medical devices, pharmaceuticals, and health products. Manages device registration and market surveillance in the United Arab Emirates. |
| CDSCO | Central Drugs Standard Control Organisation (India) | India's national regulatory authority for medical devices. Requires registration of medical devices through the online SUGAM portal and compliance with Indian standards. |
| HSA | Health Sciences Authority (Singapore) | Singapore's regulatory agency for medical devices, pharmaceuticals, and health products. Operates a risk-based classification system and accepts certain overseas approvals through abridged evaluation routes. |
| MDA | Medical Device Authority (Malaysia) | Malaysia's regulatory body for medical devices under the Ministry of Health. Requires establishment licensing and device registration through the MeDC@St system. |
| MHRA | Medicines and Healthcare products Regulatory Agency (UK) | The UK regulatory agency responsible for medical devices after Brexit. Oversees the UKCA marking regime, which replaced CE marking for devices placed on the Great Britain market. |
| MDSAP | Medical Device Single Audit Program | A program allowing a single regulatory audit of a medical device manufacturer's quality management system to satisfy the requirements of multiple regulatory jurisdictions (US, Canada, Brazil, Japan, Australia). |
| COFEPRIS | Comision Federal para la Proteccion contra Riesgos Sanitarios (Mexico) | Mexico's health regulatory authority. Issues sanitary registration for medical devices and accepts certain FDA approvals and CE markings through equivalence agreements. |
| ANMAT | Administracion Nacional de Medicamentos, Alimentos y Tecnologia Medica (Argentina) | Argentina's regulatory agency for medical devices and pharmaceuticals. Requires device registration for Class II and III risk devices. |
Sterilization & Testing
Sterilization validation and biocompatibility testing are critical for any device that contacts patients. These terms appear in validation protocols, test reports, and regulatory submissions.
| Acronym | Full Term | Definition |
|---|---|---|
| EO | Ethylene Oxide | A chemical sterilization agent widely used for medical devices that cannot withstand high-temperature steam or radiation sterilization. About 50% of sterile medical devices in the US are sterilized with EO. |
| ISO 11137 | ISO 11137 Sterilization of Health Care Products -- Radiation | The international standard covering the development, validation, and routine control of the sterilization of medical devices using radiation (gamma, electron beam, or X-ray). |
| ISO 17665 | ISO 17665 Sterilization of Health Care Products -- Moist Heat | The international standard specifying requirements for the development, validation, and routine control of sterilization processes using moist heat (steam sterilization/autoclaving). |
| ISO 10993 | ISO 10993 Biological Evaluation of Medical Devices | A multipart international standard framework for evaluating the biocompatibility of medical devices. Part 1 provides the overall framework for testing based on body contact type and duration. |
| LAL | Limulus Amebocyte Lysate | A test method derived from horseshoe crab blood used to detect and quantify bacterial endotoxins on or in medical devices. Required for devices contacting the cardiovascular system or cerebrospinal fluid. |
| EU (Endotoxin) | Endotoxin Unit | The standard unit of measurement for bacterial endotoxin levels. Device extract limits are typically expressed in EU/mL or EU/device. Not to be confused with "EU" for European Union. |
| Bioburden | Bioburden | The total number of viable microorganisms on or in a medical device or package before sterilization. Measured as part of sterilization validation and routine process monitoring. |
| SAL | Sterility Assurance Level | The probability that a single unit in a sterilized batch is non-sterile. For most medical devices, a SAL of 10^-6 (one in a million) is required. |
| B&F | Burst and Seal Strength Testing | Mechanical tests performed on sterile packaging systems to verify that seals and materials can withstand the stresses of distribution, handling, and sterilization without compromising sterility. |
| ISO 11607 | ISO 11607 Packaging for Terminally Sterilized Medical Devices | The international standard specifying requirements for sterile barrier systems and packaging for terminally sterilized medical devices, covering materials, design, validation, and process control. |
Labeling & UDI
Labeling requirements have become increasingly harmonized globally, with the UDI system being one of the most significant developments in device identification. These terms are essential for regulatory labeling submissions and supply chain compliance.
| Acronym | Full Term | Definition |
|---|---|---|
| UDI-DI | Unique Device Identifier -- Device Identifier | A fixed portion of the UDI that identifies the specific device version or model. Assigned by the issuing agency and stored in EUDAMED or the FDA GUDID database. |
| UDI-PI | Unique Device Identifier -- Production Identifier | The variable portion of the UDI that identifies the unit of production, including lot number, serial number, expiration date, or manufacturing date. |
| GTIN | Global Trade Item Number | A globally unique identification number for products, issued by GS1. The most commonly used UDI-DI issuing agency standard worldwide. |
| HIBC | Health Industry Bar Code | A barcode standard developed by the Health Industry Business Communications Council (HIBCC) for product identification in healthcare. An alternative UDI issuing agency system to GS1. |
| IFU | Instructions for Use | A document provided with a medical device that contains information necessary for the safe and effective use of the device, including indications, contraindications, warnings, and operating instructions. |
| eIFU | Electronic Instructions for Use | Digital versions of instructions for use, supplied electronically (via website, QR code, or software interface) instead of or in addition to paper. Permitted under EU MDR for certain device categories. |
| ISO 15223-1 | ISO 15223-1 Medical Devices -- Symbols to be Used with Information Labels | The international standard defining symbols used on medical device labels and labeling to convey information without relying on a specific language. Includes symbols for manufacturer, expiry date, batch code, and sterile markings. |
| GUDID | Global Unique Device Identification Database | The FDA database that stores identifying information for medical devices with a UDI. Manufacturers must submit device information to GUDID before marketing their devices. |
| DI | Device Identifier | See UDI-DI. The static portion of the UDI that uniquely identifies a specific device version or model from a specific manufacturer. |
| PI | Production Identifier | See UDI-PI. The dynamic portion of the UDI that varies based on the production characteristics of the individual device. |
Recommended Reading
EU MDR PRRC (Person Responsible for Regulatory Compliance): Complete Guide to Article 15 Requirements with 2026 Qualification Changes
EU MDR / IVDR Regulatory2026-04-17 · 18 min read
Market Access & Reimbursement
Regulatory clearance is only half the battle. Getting a device paid for by insurers and health systems requires navigating a separate set of market access and reimbursement concepts.
| Acronym | Full Term | Definition |
|---|---|---|
| HTA | Health Technology Assessment | A systematic evaluation of the properties, effects, and impacts of a health technology or intervention. Used by payers and health systems to inform coverage and reimbursement decisions. |
| NCD | National Coverage Determination | A decision by the US Centers for Medicare and Medicaid Services (CMS) about whether to cover a particular item or service nationwide, including the conditions under which coverage is provided. |
| LCD | Local Coverage Determination | A decision by a Medicare Administrative Contractor (MAC) to cover a particular item or service in its specific jurisdiction, in the absence of a national coverage determination. |
| NTAP | New Technology Add-On Payment | A Medicare payment mechanism that provides additional payment for devices and services that represent a substantial clinical improvement over existing technologies, beyond the standard DRG payment. |
| CPT | Current Procedural Terminology | A medical code set maintained by the American Medical Association that describes medical, surgical, and diagnostic services. Device companies often seek a new CPT code to enable billing for procedures using their device. |
| HCPCS | Healthcare Common Procedure Coding System | A standardized coding system used by CMS for identifying items and services for claims processing. Level II HCPCS codes are commonly used for durable medical equipment and supplies. |
| DRG | Diagnosis-Related Group | A patient classification system used by hospitals and payers that groups patients by diagnosis and treatment for the purpose of prospective payment. Device costs must fit within the DRG payment rate. |
| PAS | Prior Authorization System | A requirement by a payer that a provider obtain approval before delivering a specific service or device to qualify for payment. Common for expensive implantable devices and novel technologies. |
Manufacturing & Supply Chain
These terms bridge quality systems and operational execution. They appear in supplier agreements, manufacturing documentation, and operational quality records.
| Acronym | Full Term | Definition |
|---|---|---|
| GMP | Good Manufacturing Practice | The minimum standards for manufacturing, testing, and quality assurance that a manufacturer must meet to ensure products are consistently produced and controlled to quality specifications. |
| cGMP | Current Good Manufacturing Practice | GMP as currently applied and enforced by the relevant regulatory authority, reflecting the latest standards and expectations. In the US, codified in 21 CFR Parts 210, 211, and 820. |
| API | Active Pharmaceutical Ingredient | The biologically active component of a drug product. Relevant to medical devices when a device incorporates a drug substance (combination products), such as drug-eluting stents. |
| BOM | Bill of Materials | A comprehensive list of raw materials, components, sub-assemblies, and quantities needed to manufacture a finished device. A controlled document within the quality system. |
| CMO | Contract Manufacturing Organization | An external company that provides manufacturing services for a medical device company. CMOs must operate under the same quality system requirements as the device manufacturer. |
| OEM | Original Equipment Manufacturer | The company that originally designed and manufactures a device or component. In the medical device context, the legal manufacturer whose name appears on the device label. |
| KOL | Key Opinion Leader | A respected expert in a particular therapeutic area who influences the opinions and practices of other healthcare professionals. Engaged by device companies for clinical input, advisory boards, and market development. |
| OUS | Outside the United States | A term used in regulatory and clinical contexts to refer to activities, data, or markets outside the US. OUS clinical data may be used to support US submissions if certain conditions are met. |
Cybersecurity & Data
As medical devices become increasingly connected, cybersecurity and data protection requirements have moved from guidance to law. These terms are now standard in premarket submissions and post-market management.
| Acronym | Full Term | Definition |
|---|---|---|
| SBOM | Software Bill of Materials | See also the Software & Digital Health section. An inventory of all software components in a device, including libraries, versions, and dependencies. Mandatory under FDA Section 524B. |
| VEX | Vulnerability Exploitability Exchange | A companion document to an SBOM that communicates the exploitability status of vulnerabilities in a software product, helping users prioritize remediation actions. |
| CVE | Common Vulnerabilities and Exposures | A publicly accessible catalog of known cybersecurity vulnerabilities, each assigned a unique identifier. Device manufacturers must monitor CVEs that affect their device software components. |
| CVSS | Common Vulnerability Scoring System | An open framework for communicating the severity of software vulnerabilities. Produces a numerical score (0-10) reflecting the urgency of remediation. |
| NIST | National Institute of Standards and Technology | A US federal agency that develops cybersecurity frameworks and standards widely referenced in medical device regulation, including the NIST Cybersecurity Framework (CSF) and SP 800-30 risk assessment guidance. |
| HIPAA | Health Insurance Portability and Accountability Act | US federal law establishing standards for protecting sensitive patient health information from disclosure without consent. Applies to medical devices that create, receive, maintain, or transmit electronic protected health information. |
| GDPR | General Data Protection Regulation | The EU regulation governing data protection and privacy for individuals within the EU. Medical device manufacturers that collect or process personal data of EU residents must comply. |
| IEC 81001-5-1 | Health Software -- Security Activities in the Product Lifecycle | The international standard specifying lifecycle requirements for secure development of health software, including medical device software. Referenced by FDA and EU regulators. |
Recommended Reading
Cloud-Based Medical Devices & SaaS: Regulatory Compliance Guide (FDA, EU MDR 2026)
Digital Health & AI Cybersecurity2026-04-19 · 15 min read
Key Standards Reference
Medical device development and compliance rely on a core set of international standards. This table provides a quick reference to the most frequently cited ISO and IEC standards.
| Standard Number | Title | Scope |
|---|---|---|
| ISO 13485 | Medical Devices -- Quality Management Systems | Requirements for a QMS where an organization needs to demonstrate its ability to provide medical devices and related services that consistently meet customer and regulatory requirements. |
| ISO 14971 | Medical Devices -- Application of Risk Management to Medical Devices | The primary risk management standard for medical devices, defining the process for identifying hazards, estimating and evaluating risks, controlling risks, and monitoring effectiveness of controls. |
| ISO 10993 (all parts) | Biological Evaluation of Medical Devices | A multipart standard framework for evaluating biocompatibility based on the nature and duration of body contact. Part 1 provides the evaluation planning framework; subsequent parts address specific test methods. |
| ISO 62366 / IEC 62366-1 | Medical Devices -- Application of Usability Engineering | Specifies a process for a manufacturer to analyze, specify, develop, and evaluate the usability of a medical device as it relates to safety, including human factors engineering activities. |
| IEC 62304 | Medical Device Software -- Software Lifecycle Processes | Defines the software development lifecycle activities and tasks for medical device software, structured around three software safety classification levels (A, B, C). |
| ISO 11135 | Sterilization of Health Care Products -- Ethylene Oxide | Specifies requirements for the development, validation, and routine control of EO sterilization processes for medical devices. |
| ISO 11137 (all parts) | Sterilization of Health Care Products -- Radiation | Covers requirements for the development, validation, and routine control of sterilization using gamma, electron beam, and X-ray radiation. |
| ISO 11607 (all parts) | Packaging for Terminally Sterilized Medical Devices | Specifies requirements for materials, sterile barrier systems, and packaging systems for terminally sterilized medical devices. |
| ISO 15223-1 | Medical Devices -- Symbols to be Used with Information Labels | Defines internationally recognized symbols for use on medical device labels, including symbols for manufacturer, date of manufacture, use-by date, batch code, and sterility method. |
| IEC 60601 (all parts) | Medical Electrical Equipment -- Safety and Essential Performance | A series of standards specifying safety and essential performance requirements for medical electrical equipment. Part 1 covers general requirements; collateral and particular standards address specific device types. |
| IEC 62133 | Safety Requirements for Portable Sealed Secondary Batteries | Specifies safety requirements for lithium-ion and other rechargeable batteries used in portable medical devices. Increasingly important for battery-powered medical devices. |
| ISO 14155 | Clinical Investigation of Medical Devices for Human Subjects | Specifies requirements for the conduct of clinical investigations of medical devices in human subjects, including planning, conduct, data collection, and reporting. |
| ISO 20417 | Medical Devices -- Information to be Supplied by the Manufacturer | Specifies requirements for the identification and labeling of medical devices and for information to be supplied by the manufacturer, building on and replacing parts of ISO 15223. |
| IEC 81001-5-1 | Health Software -- Security Activities in the Product Lifecycle | Specifies lifecycle requirements for secure development of health software, including threat modeling, secure coding, vulnerability management, and security update processes. |
Putting It All Together
The terms in this glossary are not isolated definitions. They form an interconnected language that describes how medical devices move from concept to patient. A design control process (DHF) produces risk analyses (FMEA, ISO 14971) that feed into a clinical evaluation (CER, SOTA) supporting a regulatory submission (510(k), PMA, or CE Marking under EU MDR). Post-market data (PMS, PMCF, PSUR) cycles back to update the risk file and clinical evidence, creating a continuous loop of safety assurance.
For professionals entering the industry, start with the terms in the FDA Regulatory Pathways and Quality Systems sections, as these form the backbone of daily regulatory and quality work. For those working on EU market access, prioritize the EU MDR/IVDR and Clinical Evidence sections. Software and digital health professionals should focus on the Software & Digital Health and Cybersecurity sections, which are increasingly central to both FDA and EU regulatory requirements.
This glossary will be updated as new terms emerge from evolving regulations, standards revisions, and the continued integration of digital technologies into medical devices. If a term you need is not covered here, or if you would like to suggest an addition, reach out through the site.