• FDA Vs. Congress: The Software Showdown

    September 2022 will be remembered as a seminal turning point in digital health in the U.S. With the FDA’s final guidance on Clinical Decision Support (CDS) software, the FDA disregards a Congressional directive when it enacted the 21st Century Cures Act in 2016. 

  • cGMPs For SaMDs

    Unlike traditional medical devices, software as a medical device (SaMD) can blur the lines between the design and development stages and the production aspect of commercialization. So, what are the activities necessary for medtech manufacturers to be compliant with the traditional cGMP framework?

  • FDA Releases Guidance On Cybersecurity In Medical Devices

    The digital revolution that resulted in the IoT, IoMT, SaMD, and connected devices comes with the possibility of cyberattacks. The FDA's latest efforts to enhance medical device cybersecurity include a new draft guidance (covered in this article) and bipartisan congressional support of the PATCH Act of 2022 (which will be covered in a future article).

  • FDA Releases Guidance On Digital Health Data Acquisition In Clinical Investigations

    Increasingly, digital health technologies are becoming part of the conduct of clinical trials. They cover a broad range of applications, including ingestible and implantable sensors, wearables, electronic signatures on consent forms, and more. This article summarizes the key takeaways of the FDA's new draft guidance, Digital Health Technologies for Remote Data Acquisition in Clinical Investigations. The public comment period ends March 22, 2022.

  • The Clinical Trial Sponsor’s Roadmap To Avoid EMA (Cyber) Perdition

    Clinical trials are one of the sectors most vulnerable to cyberattacks. In the European Medicines Agency (EMA)'s Guideline on computerized systems and electronic data in clinical trials set to come into effect in 2022, the EMA goes beyond the traditional software validation and data integrity expectations. It sets requirements and expectations pertaining to user management and ongoing security measures.

  • Digital Health Apps & SaMD: Incorporating Privacy In Design & Development

    Some digital health apps are regulated by the FDA and other regulatory bodies, and some are not. But all software as a medical device (SaMD) and digital health apps have a common expectation: privacy. This article delves into the related regulations and how to go about developing your app or SaMD using the 7 principles of privacy by design.

  • CMS Takes Aim At Medical Device Cybersecurity – How To Ensure Continuous Medicare/Medicaid Coverage

    In its June 2021 report, the U.S. Office of Inspector General declared that Medicare lacks consistent oversight of cybersecurity for networked medical devices in hospitals. The Centers for Medicare & Medicaid Services (CMS) is now considering additional ways to highlight the importance of medical device cybersecurity, in conjunction with the FDA and the Office for Civil Rights.

  • Are You Ready For The FDA’s “Data Effect” Tsunami? 8 Steps To Prepare

    The FDA is moving forward with its Data Modernization Action Plan, the next leg of the Technology Modernization Action Plan. As such, you'll need to prepare yourself for the influx of questions, audits, observations, warning letters, and more. Here's what you can do to position yourself for success.

  • AI/ML-Enabled Medical Devices — 4 Keys To Obtain Global Regulatory Approval

    Application of artificial intelligence (AI) and machine learning (ML) in medical devices is making possible AI/ML-driven diagnostics and personalized treatments. By digesting the different jurisdictional AI/ML regulatory frameworks that have been released (draft or enforceable), along with personal experience with the agencies, John Giantsidis, president of CyberActa, Inc., identifies the common denominators crucial to success.

  • Germany’s Digital Medical Device Regulations: A Framework For The World To Follow, Part III

    Germany's BfArM, or the Federal Institute for Drugs and Medical Devices, released a new guide in August 2020 detailing the requirements for digital health application manufacturers in order to make your DiGAs available to the more than 73 million participants in the German statutory health insurance. In this concluding article in the series, John Giantsidis of CyberActa, Inc. delves into the interoperability, robustness, consumer protection, and patient safety requirements. Other countries will likely soon follow Germany's example.


John Giantsidis

John Giantsidis is the president of CyberActa, Inc, a boutique consultancy empowering medical device, digital health, and pharmaceutical companies in their cybersecurity, privacy, data integrity, risk, SaMD regulatory compliance, and commercialization endeavors. He is also a member of the Florida Bar’s Committee on Technology and a Cyber Aux with the U.S. Marine Corps. He holds a Bachelor of Science degree from Clark University, a Juris Doctor from the University of New Hampshire, and a Master of Engineering in Cybersecurity Policy and Compliance from The George Washington University. He can be reached at