MedDeviceGuideMedDeviceGuide
Back

Medical Device Right to Repair: What FDA, FTC, and the Docket Record Actually Say

An evidence-based regulatory analysis of the medical device right-to-repair debate, detailing key agency findings, Regulations.gov dockets, and compliance boundaries.

Ran Chen
Ran Chen
Global MedTech Expert | 10× MedTech Global Access
Published 2026-07-12Last reviewed 2026-07-1217 min read

The Polarization of the Medical Device Servicing Debate

The debate over the "Right to Repair" in the medical device industry has become a major legislative and regulatory flashpoint. At its core, the conflict pits Original Equipment Manufacturers (OEMs) against Independent Service Organizations (ISOs), third-party repair firms, and hospital Healthcare Technology Management (HTM) departments. The debate is highly polarized, with both sides employing distinct narratives:

  • The OEM Advocacy Position: Promoted by trade groups such as AdvaMed (Advanced Medical Technology Association) and MITA (Medical Imaging & Technology Alliance), this side argues that unregulated third-party repair compromises patient safety. They contend that only OEM-trained technicians using OEM-authorized parts and software can guarantee that a device remains safe and effective. They characterize unauthorized repair as "wrong for patients."
  • The ISO/HTM Advocacy Position: Represented by the Alliance for Quality Medical Device Servicing (which includes large firms like Sodexo, Crothall, TRIMEDX, Agiliti, ABM, and InterMed) and consumer interest groups, this side argues that OEMs use safety claims as a pretext to maintain lucrative servicing monopolies. They contend that third-party servicing is safe, faster, and significantly cheaper, and that OEM repair restrictions (such as locking software diagnostics or withholding parts) increase hospital costs and delay patient care.

In the midst of this lobbying, hospital executives, HTM directors, and regulatory affairs professionals require a neutral, evidence-anchored analysis. What does the actual regulatory and administrative record—rather than the lobbying—say about medical device servicing?

By analyzing the official reports from the Food and Drug Administration (FDA) and the Federal Trade Commission (FTC), alongside the public dockets on Regulations.gov, we can establish the compliance boundaries that govern independent servicing today.


What the FDA 2018 Servicing Report Actually Concluded

The foundation of the modern regulatory record on medical device servicing is the FDA's May 2018 report, titled "Report on the Quality, Safety, and Effectiveness of Servicing of Medical Devices." This report was mandated by Section 710 of the FDA Reauthorization Act of 2017 (FDARA), which directed the FDA to investigate the safety of third-party servicing compared to OEM servicing.

Key Conclusions of the 2018 Report

To compile the report, the FDA analyzed post-market surveillance data from the MAUDE database, reviewed literature, held public workshops, and opened a public comment docket. The FDA's final conclusions were:

  1. High-Quality Servicing Across Both Groups: The FDA concluded that "objective evidence" demonstrates that many OEMs and third-party service organizations provide high-quality, safe, and effective servicing of medical devices.
  2. No Significant Safety Issues: The FDA stated that the available post-market safety data did not show a widespread or systemic safety issue associated with independent third-party servicing.
  3. Additional Regulation Not Warranted: The FDA concluded that imposing new, active regulatory requirements (such as registration and listing) on third-party service organizations was not warranted at that time. The agency determined that the potential burden of new regulations would outweigh any safety benefit, given the lack of evidence of safety issues.

The Scope of What the FDA Did Not Say

While the 2018 report was a major victory for the third-party servicing industry, it is equally important to understand its limitations.

  • No Mandated Parts or Software Sharing: The FDA did not mandate that OEMs must share proprietary diagnostic software, service manuals, password keys, or spare parts with independent third parties. The FDA maintained that intellectual property and commercial contracts remain outside its safety mandate.
  • No Immunity from Quality Failures: The FDA did not declare that all third-party servicing is flawless. The report acknowledged that while systemic safety issues were absent, individual instances of poor servicing occurred in both OEM and third-party groups, emphasizing the need for voluntary adherence to quality systems.

What the FTC "Nixing the Fix" Report Found

Three years after the FDA report, the Federal Trade Commission (FTC) released its own landmark report to Congress in May 2021, titled "Nixing the Fix: An FTC Report to Congress on Repair Restrictions." While the FDA evaluated servicing through a patient safety lens, the FTC analyzed it through a competition and antitrust lens.

Key Findings of the 2021 Report

The FTC's report evaluated repair restrictions across multiple industries (including consumer electronics, automobiles, and agricultural equipment), but it dedicated a significant portion to medical devices. Key findings included:

  1. Scant Evidence for OEM Restrictions: The FTC concluded there was scant empirical evidence to support manufacturers' justifications for repair restrictions. The FTC specifically analyzed OEM claims that restrictions were necessary to protect patient safety, prevent cybersecurity breaches, and guard against product liability. The commission found that OEMs failed to present data showing that independent repair increased safety risks or liability claims.
  2. Significant Cost Savings: The FTC highlighted the economic burden of OEM service monopolies. The report cited submissions from the International Association of Medical Equipment Remarketers and Servicers (IAMERS), which noted that independent diagnostic-imaging servicing typically costs $150 to $250 per hour, compared to OEM service rates of $500 to $600 per hour (often carrying a four-hour minimum charge).
  3. Delays in Patient Care: The FTC noted that repair restrictions often lead to delays. During the COVID-19 pandemic, hospital HTM teams reported being locked out of ventilator software diagnostics, preventing them from performing rapid repairs when OEM field service technicians were delayed.

The Jurisdictional Limit of the FTC

The FTC's report represented a strong endorsement of the Right to Repair. However, the commission noted a major jurisdictional limit: any medical-device-specific repair mandates or actions would need to involve the FDA.

Because the FDA regulates medical device safety and labeling under the Federal Food, Drug, and Cosmetic Act, the FTC cannot unilaterally force OEMs to release service software or parts if the OEM argues that doing so would compromise FDA-regulated device specifications or cybersecurity controls.


Recommended Reading
Medical Device Open Payments by the Numbers: $1.20B CMS Teardown (2026)
Regulatory Quality Systems2026-07-12 · 17 min read

What the FDA Regulations.gov Docket Record Shows

A critical, yet often overlooked, component of the regulatory record is the public docket history on Regulations.gov. The public dockets contain the raw data, stakeholder arguments, and evidence submissions that shaped the FDA's final policies.

Quantifying the Docket Record: FDA-2018-N-3741

The primary docket governing medical device servicing and remanufacturing is FDA-2018-N-3741 (Remanufacturing of Medical Devices). An analysis of the Regulations.gov docket record (with data current as of June 10, 2026) reveals:

  • Document Volume: The docket contains 12 official FDA documents (including draft guidance, public workshop notices, and the final guidance) and 87 public comments submitted by external stakeholders.
  • Key Stakeholder Filers: The commenters represent the core interest groups in the debate:
    • OEM Trade Groups: MITA (Medical Imaging & Technology Alliance) and AdvaMed, who repeatedly lobbied the FDA to expand the definition of remanufacturing to cover third-party repairs.
    • ISO Representatives: The Association for Medical Device Service Organizations (AMDSO) and the Alliance for Quality Medical Device Servicing, who argued for a narrow remanufacturing scope to protect servicing access.
    • In Vitro Diagnostics (IVD) Manufacturers: Roche Diagnostics, which submitted comments focusing on the unique calibration requirements of laboratory analyzers.
  • Comment Timeline: The public comments span from February 4, 2019, to June 25, 2024, documenting the five-year administrative process that led from the initial draft guidance to the final May 2024 guidance.

[!NOTE] Understanding the Broader Docket Catalog: Across the three dockets that touch on medical device policy in this period, there are a total of 513 documents and 1,087 comments. However, HTM teams should note that the largest docket, FDA-2023-N-2177 (containing over 1,000 comments), is the Laboratory Developed Test (LDT) and Medical Device Reporting electronic-submission docket, which is unrelated to the right-to-repair servicing debate. Restricting analysis to FDA-2018-N-3741 is essential to avoid overcounting irrelevant policy comments.

For a detailed analysis of international servicing data and European regulatory comparisons, HTM teams can refer to Rongtao Medical's independent servicing and right-to-repair report, which synthesizes FDA docket filings with EU-TED tender data.

Deep Dive: Stakeholder Positions in Docket FDA-2018-N-3741

The comments in the remanufacturing docket illustrate the core arguments of both sides.

  1. The OEM Position (AdvaMed / MITA): In their written comments, the OEM coalitions argued that the FDA's proposed definition of remanufacturing was too narrow. They requested that any change to a device's software, structural components, or material composition should automatically be classified as remanufacturing, requiring a new 510(k). They expressed particular concern about third-party replacement of diagnostic imaging components (such as CT tubes and ultrasound probes), claiming that non-OEM parts could introduce unexpected failure modes or alter electromagnetic compatibility (EMC) shielding.
  2. The ISO Position (AMDSO / Alliance for Quality Medical Device Servicing): Third-party coalitions argued that the draft guidance was overly broad and could allow OEMs to classify routine maintenance as remanufacturing. They presented data showing that third-party service providers frequently use identical parts from the same sub-tier suppliers that supply the OEMs. They argued that classifying component-level repairs (such as rebuilding an ultrasound probe or replacing a power supply) as remanufacturing would reduce access to service, increase healthcare costs, and extend equipment downtime.
  3. The FDA's Response in the Final Guidance: In the final May 2024 guidance, the FDA rejected the OEM request to automatically classify all non-OEM component replacements as remanufacturing. Instead, the agency adopted a risk-based approach, stating that if a replacement part matches the specifications, materials, and dimensional parameters of the OEM part, the activity remains servicing. This represented a significant administrative compromise, preserving the third-party servicing industry while establishing clear documentation requirements.

Cybersecurity and the Servicing Boundary

One of the most complex battlegrounds in the right-to-repair debate is medical device cybersecurity. As medical equipment has become increasingly networked, software-driven, and reliant on remote connections, OEMs have frequently cited cybersecurity risks as a justification for restricting servicing access.

The OEM Cybersecurity Argument

OEMs argue that allowing third-party technicians access to software diagnostics, service ports, and root-level operating systems exposes devices to significant vulnerabilities. They contend that unauthorized access can:

  • Bypass security configurations and firewalls.
  • Introduce malware or ransomware during servicing.
  • Compromise patient Protected Health Information (PHI) stored on the device.
  • Compromise the integrity of software updates, leading to unregulated modifications of clinical algorithms.

Under this rationale, OEMs lock diagnostic software behind encrypted keys, limit USB service port access, and require secure, OEM-validated VPN connections for remote troubleshooting.

The ISO Counterargument

Independent servicing advocates counter that these cybersecurity restrictions are commercial lock-out strategies rather than technical safety measures. They point out that:

  • Hospital-employed biomedical engineers and ISO technicians work within the hospital's secure network and have a shared interest in preventing malware ingress.
  • Locking out service technicians from basic software updates or diagnostic logs prevents them from patching known security vulnerabilities in a timely manner.
  • By refusing to share software keys, OEMs force hospitals to wait for OEM field representatives, extending device downtime and delaying patient care.

The FDA's Cybersecurity Stance

The FDA has addressed cybersecurity through a separate regulatory framework. Under Section 524B of the Food, Drug, and Cosmetic Act (enacted as part of the Consolidated Appropriations Act of 2023), medical device manufacturers must submit a plan to monitor, identify, and address post-market cybersecurity vulnerabilities for any new device.

  • The Cybersecurity/Servicing Interface: The FDA's May 2024 remanufacturing guidance clarifies that software updates intended to patch security vulnerabilities or return a device to its cleared software version constitute servicing, not remanufacturing.
  • The Line: If a third party modifies software in a way that introduces new clinical functions, changes the algorithm, or disables built-in security features, that activity crosses into remanufacturing. However, routine security patching and diagnostic access are classified as servicing, provided they do not alter the device's original cleared specifications.

International Policy Context: US vs. European Union (EU)

The right-to-repair debate is not unique to the United States. Evaluating how the European Union manages medical device servicing highlights different regulatory approaches to the same clinical technology challenges.

The US Approach: Safety-vs-Reimbursement Split

In the US, as established, the regulatory structure is divided between the FDA (evaluating safety and performance) and the FTC (evaluating competitive access). Because the FDA has declined to actively regulate third-party servicing, and state laws have largely excluded medical devices, access to parts and diagnostic software is governed by private contracts and commercial market forces.

The European Union Approach: Under the EU MDR (2017/745)

In the European Union, the regulatory landscape is governed by the Medical Device Regulation (MDR 2017/745), which took full effect in May 2021. The EU MDR integrates servicing and remanufacturing into a unified regulatory framework:

  • Article 17 (Single-Use Devices): The MDR establishes strict rules for the reprocessing of single-use devices, classifying the reprocessor as the legal manufacturer.
  • Article 2(31) ("Fully Refurbishing") and Article 2(30) ("Manufacturer"): The MDR defines "fully refurbishing" (Article 2(31)) as the complete rebuilding — and resetting of the lifetime — of a device already placed on the market, or the making of a new device from used devices, to bring it back into conformity with the Regulation. Because the "manufacturer" definition (Article 2(30)) expressly covers anyone who "fully refurbishes" a device, a fully refurbished device must undergo a complete conformity assessment and receive a new CE mark before it can be placed on the market.
  • The Eco-Design Directive and the Green Deal: In parallel with safety regulations, the European Parliament has advanced Right to Repair directives under the European Green Deal. These directives aim to reduce electronic waste by forcing manufacturers of consumer goods to ensure repairability. However, similar to the US, medical devices are currently exempt from the ecodesign parts-sharing mandates due to the strict safety requirements of the EU MDR, ensuring that clinical safety continues to override environmental circular-economy goals in European health policy.

Recommended Reading
Medical Device Clinical Trials on ClinicalTrials.gov by the Numbers (2026)
Regulatory Clinical Evidence2026-07-12 · 16 min read

Drawing the Compliance Line: May 2024 Remanufacturing Final Guidance

To resolve the years of debate documented in the public dockets, the FDA issued its final guidance on May 10, 2024, titled "Remanufacturing of Medical Devices." This guidance draws the definitive compliance line between servicing and remanufacturing, establishing the rules that ISOs and HTM teams must follow to remain outside active FDA regulation.

The Servicing vs. Remanufacturing Boundary

The FDA's guidance establishes that the classification of an activity depends entirely on the specific tasks performed on the device, not on the entity's self-designated name.

  • Servicing (Unregulated for Third Parties): Defined as repair, preventive maintenance, or routine maintenance performed for the purpose of returning a device to the safety and performance specifications established by the OEM. If an ISO or HTM team replaces a part with an identical part (same specifications, materials, and design) to return the device to its original state, they are performing servicing. The FDA does not require service providers to register, comply with the Quality Management System Regulation (QMSR), or submit 510(k)s.
  • Remanufacturing (Fully Regulated): Defined as any act that significantly changes the finished device's performance specifications, safety specifications, or intended use. If an activity crosses into remanufacturing, the entity becomes a "remanufacturer" as defined in 21 CFR 820.3 and must comply with the full scope of FDA regulations, including registration and listing, the QMSR (effective February 2, 2026), premarket clearance (510(k)), and adverse event reporting (21 CFR Part 803).

To help HTM teams apply this classification in the field, the FDA provides a 6-step decision tree, which is analyzed in detail in our sibling post: the FDA servicing vs remanufacturing decision tree.


Current Policy & Legislative Status (2025–2026)

Because the FDA's 2024 guidance focused only on the safety-vs-remanufacturing classification boundary, the fight over commercial access to parts and software has shifted to state legislatures and federal lobbying.

State Right-to-Repair Legislation

  • Vermont H.160 (2025): Vermont introduced H.160, a bill seeking to expand the state's existing agricultural right-to-repair law to cover medical devices. The bill, strongly supported by the Alliance for Quality Medical Device Servicing, would require OEMs to provide diagnostic tools and parts to independent repair firms.
  • The Trend of Medical Device Exclusions: Despite active state bills, medical devices are frequently sidelined. In states that have passed broad right-to-repair laws (such as New York, California, and Colorado), OEM lobbying has successfully secured explicit exemptions for medical devices, citing FDA safety regulations and cybersecurity risks.

Federal Lobbying

  • NDAA Section 828 Battle (FY2025): During the drafting of the FY2025 National Defense Authorization Act (NDAA), independent servicing advocates introduced a provision (Section 828 of S.4638) that would have required the Department of Defense to utilize independent service organizations for military medical equipment and mandated that OEMs share repair documentation.
  • The Lobbying Outcome: According to trade publications (such as 24x7 Mag) and AdvaMed's annual reports, AdvaMed and MITA successfully lobbied Congress to block Section 828 from the final NDAA bill, arguing that the provision bypassed FDA safety oversight.

Compliance Checklist for ISOs and HTM Teams

To navigate this complex environment, HTM departments and ISOs must implement strict QMS controls. By documenting their activities and establishing clear boundaries, they can defend their independent servicing status during audits.

1. Maintain a Documented QMS

Ensure that all servicing activities are tracked within a CMMS that aligns with the principles of ISO 13485 or the FDA QMSR. For guidance on setting up these controls, refer to our guide on depot repair QMS under ISO 13485/QMSR.

2. Standardize Parts Sourcing

Document that all replacement parts meet or exceed OEM specifications. Using alternative parts requires a documented engineering evaluation to prove that the replacement does not alter the device's risk profile. Establish clear spare parts obsolescence control protocols to handle discontinued OEM components safely.

3. Implement Cybersecurity Controls

When independent technicians perform service, they must not bypass the device's cybersecurity controls. Any modification to software, firmware, or network configurations must be documented. Ensure that your team is aware of medical device cybersecurity incident reporting rules and manages third-party vendor cybersecurity risk when sharing diagnostic logs.

4. Apply the Remanufacturing Decision Tree

For every non-routine repair or modification (such as structural alterations or software changes), technicians must run the FDA decision tree and document the result. This documentation serves as the primary defense against FDA auditor claims that the activity constituted remanufacturing.


Recommended Reading
Medical Device Cybersecurity Compared: FDA §524B vs EU MDR/MDCG/CRA
Regulatory EU MDR / IVDR2026-06-27 · 18 min read

Frequently Asked Questions

Yes. The FDA's 2018 servicing report concluded that independent third-party servicing is safe, effective, and high-quality.

Under the FDA's May 2024 guidance, independent servicing remains legal and is not subject to FDA registration, listing, or QMSR requirements, provided the servicing activities do not cross the line into remanufacturing.

What is the difference between servicing and remanufacturing under FDA's 2024 guidance?

  • Servicing involves repair and maintenance to return a device to its OEM-established safety and performance specifications without changing its intended use.
  • Remanufacturing involves modifications that significantly change the device's performance specifications, safety parameters, or clinical intended use, which triggers full FDA manufacturer obligations.

Where do things stand on state medical-device right-to-repair laws?

While state-level right-to-repair laws are expanding across the United States, medical devices remain largely excluded.

OEM lobby groups have successfully secured exemptions for medical devices in most passed state bills (such as California and New York), though active battles continue in states like Vermont (H.160) and at the federal level.


Sources

  1. U.S. Food and Drug Administration (FDA): FDA Report on the Quality, Safety, and Effectiveness of Servicing of Medical Devices, May 2018. FDA Servicing Report May 2018.
  2. Federal Trade Commission (FTC): Nixing the Fix: An FTC Report to Congress on Repair Restrictions, May 2021. FTC Nixing the Fix Report PDF.
  3. FDA Final Guidance: Remanufacturing of Medical Devices: Guidance for Industry and Food and Drug Administration Staff, Issued May 10, 2024. FDA Remanufacturing Guidance May 2024.
  4. Regulations.gov Docket: Remanufacturing of Medical Devices, Docket No. FDA-2018-N-3741.
  5. Industry Analysis: Rongtao Medical, Safe, Cheaper, Essential: What the Data Really Says About Independent Medical-Device Servicing, Rongtao right-to-repair report.