Erik has the distinct honor of being my first “Reblog”. In this blog posting he has done an exceptional job of capturing the political issues behind the proposed EU Medical Device Regulation. Erik is as close to the source as someone outside the Commission can be, and his knowledge is evident throughout his frequent postings–which I read and re-read each week.
His firm is offering a free on-line seminar related to the new regulations on November 14th. Make sure that you register with Marjon ahead of time.
“S is for scrutiny, which we’re not sure about”, that would be more or less the take home message of the MedTech Forum in Brussels that I attended last week from Wednesday to Friday. This conference is an ideal moment to take stock of the EU medtech industry. No wonder that everyone was there to discuss the newly proposed medical devices and in vitro diagnostics regulations. If you want a summary report of the plenary sessions, a good picture emerges from the tweets on the hashtag #mtf2012 by @meddevlegal (that’s me), @clinicamedtech, @emdt_editor and @maxwellmedtech between 10 and 12 October 2012. The picture that emerges is that the industry welcomes the new rules in general, thinks some details must be clarified and is worried about what the proposed scrutiny procedure will look like after it has gone through the legislative procedure and the Parliament has had its way with the…
For those of you that are not familiar with the “Scrutiny Process”, I am referring specifically to Article 44 of the proposed EU regulations for medical devices. This process is first alluded to at the end of section 3.5 in the “Explanatory Memorandum” (i.e. – the 13 pages preceding the proposal for the regulation of medical devices).
I was looking for a video that matched up with my title and when I saw this TECHNO music video.
The US already has a pre-market approval process that we fondly refer to as the PMA process. In response to the PIP scandal, the European Parliament’s ENVI Committee (Committee on the Environment, Public Health and Food Safety) proposed a pre-market approval process as part of a press release issued on April 25, 2012. In response to this political pressure, the Commission has proposed a “Scrutiny Process” that involves preparation of a Notified Body “Summary Evaluation Report” and verification that the conformity assessment was adequate by the Coordinating Competent Authority. A similar process is outlined in MEDEV 2.11/1 rev. 2, a guidance document regarding animal tissues, and the Commission Regulation (EU) No 722/2012 of 8 August 2012. The proposed scrutiny process allows competent authorities to take a “second look” and review the findings of the Notified Body that would be issuing a CE Certificate for these high risk devices. The review process is supposed to be concluded within 60 days, but the review time limit is suspended if the Competent Authorities request additional information or product samples within the first 30 days.
In section 3.5 of the Explanatory Memorandum, the Commission states that this scrutiny process “should be the exception rather than the rule and should follow clear and transparent criteria.” The criteria for invoking the scrutiny process are defined in five points 5a) through 5e) of Article 44. The five points leave room for interpretation by Competent Authorities, and the medical device industry is concerned that the review process for Class IIb and Class III devices will be delayed by at least 60 days on a regular basis. The process could easily be delayed by as much as six months when there are requests for additional information and samples.
The “Legislative Financial Statement” (i.e. – the 19 pages immediately following the proposal for the regulation of medical devices) defines a monitoring process for the scrutiny process in the “Indicator of results and impact” (Section 1.4.4). The risk of delaying access to market for innovative devices is also identified in the “Risk(s) identified” (Section 2.2.1). Therefore, the need for a control mechanism is identified in “Control method(s) envisaged” (Section 2.2.2). This will be the responsibility of the Commission to draft a guidance document to define the control method(s). Until industry has an opportunity to review such a guidance document, executives will continue to voice their concerns and apply their own political pressure to the European Parliament.
For those of you that want some background music while they read tonight, I offer you a doppio caffè macchiato this evening. The first shot is an amazing interpretation of the famous song “Somewhere Over the Rainbow”. As someone that has sung this song hundreds of times, I never expected to hear a version that I would like more than Judy Garland’s. Now I have. My favorite part of the song was when Stephan Braun is playing a cello like a guitar and Melody Gardot stops singing and starts to brush the snare drum—and I love her voice.
Last week I mentioned the draft EU regulations that were released, and I am still reading them. I am sure some of you have already finished at least one of the two regulations, but I am a slow reader. Sure I have skimmed the regulations, but I really need to read every word of the regulations several times before I have absorbed the bulk of the content. While I was reading during my lunch today, I was wondering how other regulatory experts learn new material. After all, there is nobody to take a course from yet and a one hour webinar is not enough.
Some people like to listen to books on tape during their morning ride, but I think the market might be a little small for medical device regulations. We could use technology to convert the PDF format into an eBook format that can be read electronically to us on our commute to work, but I learn Standards visually rather than verbally.
In that post, I presented a model for learning that I find helpful for explaining my philosophy for training people. The first step in my Learning Pyramid is to “Read and Understand.” I call this the “newbie” stage. That is the stage most of us are at right now for the draft EU regulations. The next stage of the Learning Pyramid is “Show and Tell”. A course or seminar related to the draft regulations would involve a training telling us about the draft regulations and showing us some PowerPoint slides to help us visualize the changes. I think the technical term for this type of torture is “Death by a Million PowerPoint Bullets.” If your instructor is thorough in their efforts to torture you, then you will conclude this training with a quiz to demonstrate training “effectiveness.”
If you are lucky, you will start using some of that new-found knowledge immediately after the course. If you just had your 400th birthday, as I did last week, then you might have a little trouble remembering all the details you “learned” in that training course in a matter of weeks. Now what can you do?
Look it up! Isn’t that what your teachers told you when you were growing up?
If you need to know what the proposed requirements are for Authorized Representative Agreements, you can use the search function in Adobe Reader to search for the word “agreement”. After just six clicks of the mouse you will find where this is mentioned in Article 10 of the draft. As you read Article 10, you will rejoice! Instead of the 17-page voluminous guidance document identified as MEDDEV 2.5/10 (released in January of 2012), we now have 144 words with just four simple minimum requirements. This is streamlined.
Over the next year or two I expect that most the regulatory experts will gradually work their way up the Learning Pyramid to the top of the third level. This is the point where we can now claim competency.
So how do you become an expert? In order to achieve the mighty title of “Guru” you must teach others. My blog from 2011 on learning explains how the action of teaching actually teaches the instructor as much as it teaches the student.
So what’s my point?
Don’t be normal:
skim the draft regulations now
take a course on the regulations in 2013
start revising procedures and technical documentation in 2014
start developing an in-house training course on the new regulations in 2015
finish training all the employees in 2016
Definitely don’t be lazy:
wait for the final approval of the regulations in 2014
take a webinar on the new regulations in 2015
get a nonconformity for noncompliance in 2016
hire a consultant to fix your procedures in 2017
start looking for a course on the regulations in 2018
Instead, be a leader and accelerate your training strategically:
read and re-read the draft regulations now
read blogs and discussion threads related to the draft regulations for the next couple of months
take a webinar on the draft regulations this November 28th (mark your calendar)
draft a plan for revising procedures in 2013 and updating technical documentation in 2014
get management approval for a training course in 2013 and resources to update procedures as per your plan
take a course on the draft regulations in the first quarter of 2013; you should have quite a few questions now that you have a plan and resources
make adjustments to your plan and execute it on-schedule
create a training program for the company just prior to final approval in late 2013
make revisions to the procedures based upon feedback from trainees in your in-house course
develop a detailed team plan for updating the technical documentation
retraining everyone and review the updating plan
make updates to technical documentation 2014 as a team
be one of the first companies to get a certificate to the new regulations in 2015
As I was writing my response to a request for additional information today, I was listening to one of my Pandora stations and one of my newest favorite singers was singing “Worrisome Heart.” Her soothing voice echoed in my head all the way home. I drive through 75 miles of beautiful countryside like my picture below, and now the autumn foliage is at its peak.
Typical Scenery on My Daily Commute
When I sat down to write my blog tonight, I decided to hunt for one of her recordings on YouTube for my background entertainment. Instead I decided to pick a double shot. For the second shot, I have selected one of the more popular videos by Melody Gardot: “Baby I’m a Fool.” This was the first time I have seen her play the guitar, because I have only listened to her on Pandora. The song has more of a country/blues sound to it than most of her other music, but I encourage you to listen to more of her music. Follow my rule…”A double shot is never enough.”
The link for the new revision is already posted on my helpful links section of my website (RA Review). The helpful links was recently re-organized by country. The link is #1 in the European section.
I will be posting commentary on the RA Review site over the next week related to the proposed revisions.
Sorry I’m a day late folks, but it’s not recommended to work on your blog while you’re on vacation. It’s especially dangerous to do so on your wife’s birthday. So everyone, please wish my beautiful wife a Happy Birthday! (September 26th). My 4 year-old daughter Gracie picked the song this week.
Right now the precise content of the new draft EU regulation is defined but unclear. We know what is going to change, but the final language of the draft is still a “work in progress.”
Therefore, I am using the theory that the “crowd mind” collectively may be more accurate than any one source–at least until the release. I started gathering information from several different regulatory experts throughout Europe and the US.
Essentially what we know is:
1. this will be a regulation instead of a directive
2. the regulation will have a similar structure of articles and annexes, but we can expect the document to grow
3. the device classification section will be a risk-based classification similar to the GHTF guidance (IVD’s are expected to be A, B, C, D)
4. the requirements for Notified Bodies will be stricter, but we expect rotation of lead auditors–not actual Notified Bodies
5. the unannounced audits will probably resemble factory inspections as performed by other GHTF countries
6. the vigilance requirements and post-market-surveillance are expected to become more consistent between Competent Authorities and between Notified Bodies–including the addition of PMCF Protocols and Reports becoming part of the Technical Documentation required for Design Dossiers (the CMC should help achieve this)
7. there will be new requirements for economic-operators (i.e. – importers and distributors)
8. the Authorized representative agreements will become mandatory for the Technical Documentation as well (see the new MEDDEV from earlier this year…I wrote a blog about it on my 13485cert.com website, but Erik Vollebregt wrote a much more thorough blog on this topic)
9. tougher regulation of reprocessed / re-manufactured devices
10. minimum requirements for CE Certificates–including the addition of the GMDN codes to the certificate
11. implementation is expected in 2015/2016
As I gather more information, I am thinking about just editing this posting–instead of posting a new blog.
Please email me or comment on what information you have learned or what you want to know.
If you know of a website with information posted, please share it and I will add it to this posting.
The EUDirective will become Regulations…but when? September 26 the proposed regulations are scheduled to be released in draft form. Plans for implementation of the Interim Measures have already begun, but the regulations will not be finalized for 18-24 months while the politics takes over. My magic 8-ball tells me that there is a precedent on this side of the pond that can help us predict the future.
A few weeks ago I published a posting with a cheeky Brit–Lily Allen. Here’s one of Lily’s own favorites by a another talented British singer, song writer named Kate Nash.
Throughout the history of healthcare regulations worldwide there have been three rules that are never broken:
Regulations always get tougher.
Regulations are only partially effective.
Regulations cost everyone more money.
The PIP scandal lit a fire under the European Parliament, the Council and Notified Bodies. Now all three stakeholders are fighting to show the public that they are doing everything they can to ensure safety. Unfortunately, no matter what changes are made it is extremely difficult to prevent unethical behaviors.
Before I make predictions, we all need to remember that there is a larger news story–the European Economy.
The status of the European Economy will have the greatest impact on new regulations. My best evidence is the US FDA.
The FDA has been trying to improve the turnaround on submission reviews for my entire career. For a period of about 8 years, matching closely with the Presidential terms of George W. Bush, it seemed to get easier to get products through the FDA logjam. Then the global economy tanked and political winds changed in 2009.
Over the past three years, Republican’s have gained power and Congress is now pushing the FDA to actually improve the metrics for product approval. The FDA will now have 200 additional reviewers, and every plan for improving turnaround that has been tried is back on the table. The FDA was given the funds to grow its army of inspectors first, and now the FDA is granted additional funds to hire additional reviewers and train them.
The European Union includes countries that are struggling to provide basic services, while other countries don’t want to bail their European neighbors out of debt. How is the European Parliament and the Council going to increase regulation of medical devices when everyone knows that regulations will cost more money?
The short answer is…they can’t.
One of two things must happen before true change can occur:
another healthcare scandal could trigger this change, or
the economy could improve.
Based upon the sluggish recovery of the US economy, I don’t see how #2 will happen in Europe during the next 18-24 months. I can’t predict #1, but historically scandals are years apart.
MAGIC 8-BALL TIME
I predict that the draft regulations will get watered down during the co-decision period. The most popular legislative tool is the “transition period”. For example, UDI legislation was passed in 2007 in the US but the proposed rule was not published by the FDA until 2012. The proposed rule includes a 7-year transition period for implementation of the new rule.
If the new EU regulation is finalized in 18-24 months, we can expect a long transition period during which various pieces of the regulations will be implemented. This transition period is essential for Notified Bodies to gradually increase their staff and for training new auditors. This will also give companies several years to organize their own plans for addressing the new regulations.
The one change I predict to happen quickly is consolidation. 60+ Notified Bodies are more expensive for the EU to support than a few large Notified Bodies. The FDA is a single, centralized regulatory body. The EU will not achieve the same degree of centralization, but I predict “a great consolidation”.
My final prediction is related to the vigilance process. In the US the MDR process has become highly automated and electronic submissions with a public database are the norm. This has allowed the FDA to rely on data analysis to identify problems and redirected the burden of data entry from the FDA to industry. We can expect Europe to follow this trend, by centralizing all vigilance reporting. The only remaining question about vigilance is how long will the transition period need to be for revision 8 (of MEDDEV 2.12/1).
I’m sure that there are some that disagree with my determination that the latest revision of EN 14971, revision 2012, is unnecessary (the European Commission certainly does).
And here’s another cheeky attitude from the UK…(sorry, this is not a family channel).
Therefore, I would like to clarify why I feel this way by reviewing how risk is addressed in the MDD (93/42/EEC as modified by 2007/47/EC).
The term risk is mentioned only 4 times in the Articles in the MDD
The term risk is mentioned once in Annex II and III, twice in Annex VII, and three times in Annex VIII and X—for a total of 10 times.
The other 41 times risk is mentioned are in the Essential Requirements (i.e. – Annex I).
When companies submit a Design Dossier for review by a Notified Body, an Essential Requirements Checklist is included. This references, in table format, how all the requirements of Annex I are being met—including those related to risks. Throughout Annex I, a similar phrase is repeated many times. For example, in the first Essential Requirement (ER1) it states: “…any risks which may be associated with [a device’s] intended use [shall] constitute acceptable risks when weighed against the benefits to the patient and are compatible with a high level of protection of health and safety.” In ER2 it states: “the manufacturer must…eliminate or reduce risks as far as possible…”. There is no room in the MDD for consideration of cost or economic impact when the manufacturer is designing a device with regard to risks and benefits.
If a company’s Risk Management Procedure has been found to be acceptable by a Notified Body, and the company has addressed all the Essential Requirements (ERs) with regard to risk, then there should be no impact from these 7 deviations identified in EN 14971:2012. However, if your company has not addressed each of these ERs, then you might want to consider each of these areas:
Treatment of negligible risks
Discretionary power of the manufacturer as to the acceptability of risks
Risk reduction “as low as possible” (ALAP) verses “as low as reasonably possible” (ALARP)
Information of the users influencing the residual risk
My final advice is to review Annex I and Annex X from the perspective of risk management. You may realize that you have some gaps that nobody noticed. After all, audits are just a sample.
PS – I think it’s ironic that the origins of the ALARP principle are UK case law (see link above).
Software medical devices are used to assist medical professionals. For example, radiologists use software with identifying areas of interest for medical imaging. Do you know how to audit a software company?
When I was trying to find a good song selection for a music video to pair with this blog topic, I thought that the “Digital Man” would be perfect. However, I wasn’t impressed with the selection of videos available. Therefore, I selected this perennial fan favorite:
As a 3rd party auditor, I have had the pleasure of auditing software companies for CE Marking. When you audit a software company for the first time, this forces you to re-learn the entire ISO 13485 Standard. For example, if a company only produces software there is very little to sample for incoming inspection and purchasing records. This is because the product is not physical—it’s software. Clauses of ISO 13485 related to sterility, implants, and servicing are also not applicable to software products. If the software is web-based, the shipping and distribution clauses (i.e. – 7.5.5) might present a challenge to an auditor as well.
The aspects of the ISO 13485 Standard that I found to be the most important to auditing software products were design controls and customer communication. Many auditors are trained on auditing the design and development of software, but very few auditors have experience auditing technical support call centers. When auditing a call center, most of the calls represent potential complaints related to the software “bugs”, system incompatibilities with the operating system or hardware, and use errors resulting from the design of the user interface.
In most technical support call centers, the support person tries to find a work-around for problems that are identified. The problem with a “work-around” is that it is the opposite approach to the CAPA process. In order to meet the requirements of ISO 13485, software companies must show evidence of monitoring and measuring these “bugs”. There must also be evidence of management identifying negative trends and implementing corrective actions when appropriate.
As an auditor, you should focus on how the company prioritizes “bugs” for corrective actions. Most software companies focus on the severity to software operation and the probability of occurrence. This is the wrong approach. Failure to operate is not the most severe result of medical device software failure. Medical device software can result in injury or death to patients. Therefore, it is critical to use a risk-based approach to prioritization of CAPAs. This risk-based approach should focus upon severity of effects upon patients—not users. This focus on safety and efficacy is an essential requirement of the Medical Device Directive (93/42/EEC as modified by 2007/47/EC) and it is a requirement of ISO 14971:2007.
Last November Eucomed published a position paper titled, “A new EU regulatory framework for medical devices: Six steps guaranteeing rapid access to safe medical technology while safeguarding innovation.” While I have serious doubts that any government will ever be able to “guarantee” anything other than its own continued existence, I have an idea of how industry can help.
The position paper identified six steps. Each of these steps has a comparable action that could be taken in every medical device company. My list of six steps is:
Only the best leaders
Only one approach to design controls
Stronger internal procedures
Cross-pollination by independent reviewers
Clear communication of project status to management
Better project management skills
The most critical element to success is developing stronger design team leaders. Design teams are cross-functional teams that must comply with complex international regulations, while simultaneously the team must be creative and develop new products. This type of team is the most challenging type to manage. In order to be successful, design team leaders must be “Über-Leaders.”
The most critical skills are not technical skills, but team leadership skills. The role of a design team leader is to make sure that everyone is contributing without tromping on smaller personalities in the group. Unfortunately, there are more men in this role than women.
Why is this unfortunate? Because men suck at listening (takes one to know one).
We need a leader that will be strong but we also need someone that is in touch with the feelings of others and will use that skill to bring out the best of everyone on the team. This superwoman also needs to earn the respect of the male egos around the table. She needs to be an expert in ISO 14971, ISO 13485, Design Controls, Project Management, and managing meetings. Our beautiful heroine must also be a teacher, because some of our team members will not know everything—even if they pretend to.
The Über-Leader will always remind the team that Safety & Efficacy are paramount. As team leaders we must take the “high road” and do what’s right—even when it delays a project or fails to meet our boss’ unrealistic timetable. Superwoman must demand proof in the form of verification and validation data. It is never acceptable to go with an opinion.
She will remind us that compromise is the enemy, and we must be more creative to solve problems without taking shortcuts that jeopardize safety and efficacy. She will work harder on the project than anyone else on the team. She will keep us on schedule. She will whisper to get our attention, but she won’t be afraid to yell and kick our ass.
As Jim Croce says, “You don’t tug on Superman’s cape.” Superwoman is the only exception to this rule.
I have been directly involved in dozens of design projects throughout my career, and during the past three years I have audited 50+ Design Dossiers for CE Marking of Medical Devices. Throughout most of these design projects, I have noticed one common thread—a misunderstanding of design inputs.
ISO 13485 identifies the requirements for Design Inputs. These requirements are:
The most common error seems to be the failure to include the outputs of risk management. For those of you that have used design FMEA’s—that’s what the right-hand columns are for. When you identify suggested actions to mitigate risks with the current design, these actions should be translated into inputs for the “new and improved” model.
The second most common error seems to be failure to consider regulatory requirements. There are actually two ways this mistake is frequently made: 1) Canadian MDR’s were not considered as design inputs for a device intended for Canadian medical device licensing, and 2) an applicable ISO Standard was not considered (i.e. – “State of the Art” is Essential Requirement 2 of the Medical Device Directive or MDD).
The third most common error, and the one that drives me crazy, is confusion of design outputs and design inputs. For example: an outer diameter of 2.3 +/- 0.05 mm is not a design input for a 7 French arterial catheter. This is a design output. The user need might be that the catheter must be small enough to fit inside the femoral artery and allow interventional radiologists to navigate to a specific location to administer therapy. Validation that the new design can do this is relatively straight forward to evaluate in a pre-clinical animal model or a clinical study. The question is, “What is the design input?”
Design inputs are supposed to be objective criteria for verification that the design outputs are adequate. One example of a design input is that the catheter outer diameter must be no larger than a previous design that is an 8 French catheter. Another possible design input is that the catheter outer diameter must be less than a competitor product. In both examples, a simple measurement of the OD is all that is required to complete the verification. This also gives a design team much more freedom to develop novel products than a narrow specification of 23 +/- 0.05 mm allows for.
If you are developing a Class II medical device for a 510(k) submission to the FDA, special controls guidance documents will include design inputs. If you are developing a Class IIa, Class IIb or Class III medical device for CE marking, there is probably an ISO Standard that lists functional, performance and safety requirements for the device. Regulatory guidance documents and ISO Standards usually reference test methods and indicate acceptance criteria. When you have a test method and acceptance criteria defined, it is easier to write a verification protocol. Therefore, design teams should always strive to document design inputs that reference a test method and acceptance criteria. If this is not done, verification protocols are much more difficult to write.
In my earlier example, the outer diameter of 2.3 +/- 0.05 mm is a specification. Unfortunately, many companies would document this as an input and use the final drawing as the output. By making this mistake, “verification” is simply to measure the outer diameter to verify that it matches the drawing. This adds no value and if the specifications are incorrect the design team will not know about it.
A true verification would include a protocol that identifies the “worst-case scenario” and verifies that this still meets the design input requirements. Therefore, if the drawing indicates a dimensional tolerance of 2.3 +/- 0.05, “worst-case” is 2.35 mm. The verification process is to measure either a previous version of the product or a competitor’s catheter. The smallest previous version or competitor catheter tested must be larger than the upper limit of the design output for outer diameter of the new catheter.
I just wanted to thank everyone for reading my blog. It's hard to make the dry and boring worth reading about. I have also created a formal Thank You page on my personal website: http://13485cert.com/qc-is-dead/.
Blog Stats
113,239 Views All Time!
Countdown to 2-Day Course!
Best Practices in Audit Program ManagementMarch 9, 2013
“S is for scrutiny, which we’re not sure about”, that would be more or less the take home message of the MedTech Forum in Brussels that I attended last week from Wednesday to Friday. This conference is an ideal moment to take stock of the EU medtech industry. No wonder that everyone was there to discuss the newly proposed medical devices and in vitro diagnostics regulations. If you want a summary report of the plenary sessions, a good picture emerges from the tweets on the hashtag #mtf2012 by @meddevlegal (that’s me), @clinicamedtech, @emdt_editor and @maxwellmedtech between 10 and 12 October 2012. The picture that emerges is that the industry welcomes the new rules in general, thinks some details must be clarified and is worried about what the proposed scrutiny procedure will look like after it has gone through the legislative procedure and the Parliament has had its way with the…
13485cert
QC is Dead 