Typically I have more to say, but I thought I would send something a little shorter “into the void” today. I thought I would share a few links with you:
In 1999 the FDA conducted a meeting to discuss reprocessing of single-use devices (SUDs). In August 2000, a guidance document was published to communicate the FDA’s enforcement policy for 3rd parties and hospitals that reprocess SUDs. Many reports have been published on this topic in the USA, Europe and Canada since that time.
I couldn’t think of an ideal song title to match up with reprocessing, but I was listening to my Amy Winehouse station on Pandora at 2am…it just seemed to fit.
The problem is that even with electronic medical records, not all the necessary information regarding traceability is included in those records. This situation is about to change dramatically in the next few years as new global regulatory requirements force companies to implement Unique Device Identification (UDI) and as Europe implements the proposed regulations (Article 15).
How do you anticipate these changes will impact the prevalence of reprocessed SUDs globally?
Will these changes result in changes to your company’s product labeling of risks associated with re-use of SUDs?
If you would like to see the comments others have, please join the following LinkedIn Group: Medical Device: QA/RA. If you are not already a member of the parent group (Medical Device Group), you should join.
For the past two days, I was fortunate enough to attend a training seminar hosted by the FDA in Washington, DC. This was a “free” seminar (i.e. – travel expenses only). The session was split into two rooms. One room focused on the drug-side regulations and the other side focused on the device-side regulations. My strength is device-side. Therefore, I spent most of my time listening to the speakers on the drug-side. Throughout the training there was one common theme that was repeated by the speakers: Come Early, Be Loud, and Stay Late.
It’s much too late for me to still be awake, but I’m still recovering from motion sickness on my train ride back from DC. I feel compelled to write a blog posting, but I just don’t have the motivation for something technical tonight. Therefore, I beg you to forgive my attempt to impart philosophy rather than knowledge. Hopefully, you will find it useful. If not, at least you can enjoy the beautiful singing of Madeleine Peyroux.
“Come Early”
The speakers recommend that companies plan their submissions well in advance and talk to the appropriate FDA project manager about their plans before they start clinical studies.
“Be Loud”
The speakers recommend that companies communicate with as many people as they can at the FDA to make sure they have identified all the critical issues to address in the study design.
“Stay Late”
The speakers recommend that companies think ahead so that if (or when) things don’t go as planned, the clinical study results can be salvaged.
In simple, and more practical terms, every speaker emphasized the importance and value of consulting with the FDA instead of guessing what type of data will be needed for a submission. One of the other participants brought this up at lunch on the first day. He mentioned an example where the FDA agreed with a company on specific data that would be required for acceptance of an NDA. Then, the company did exactly what the FDA said and the FDA required more data. He then described another case where the FDA specified data and the company refused to comply—but the FDA granted approval.
This other participant and I both agreed that most companies are afraid to ask the FDA for agreement on what data is required, because the company may not like the FDA’s answer. My personal belief is that the FDA is better at identifying what data will be required than most companies, because the FDA has a broader perspective than companies do. There will always be exceptions, but my recommendation is to ask the FDA’s opinion whenever you have a question—just make sure you do your homework before you ask an inane question that is already in their guidance documents.
I believe this advice also applies to every regulatory agency in the world.
The EUDirective will become Regulations…but when? September 26 the proposed regulations are scheduled to be released in draft form. Plans for implementation of the Interim Measures have already begun, but the regulations will not be finalized for 18-24 months while the politics takes over. My magic 8-ball tells me that there is a precedent on this side of the pond that can help us predict the future.
A few weeks ago I published a posting with a cheeky Brit–Lily Allen. Here’s one of Lily’s own favorites by a another talented British singer, song writer named Kate Nash.
Throughout the history of healthcare regulations worldwide there have been three rules that are never broken:
Regulations always get tougher.
Regulations are only partially effective.
Regulations cost everyone more money.
The PIP scandal lit a fire under the European Parliament, the Council and Notified Bodies. Now all three stakeholders are fighting to show the public that they are doing everything they can to ensure safety. Unfortunately, no matter what changes are made it is extremely difficult to prevent unethical behaviors.
Before I make predictions, we all need to remember that there is a larger news story–the European Economy.
The status of the European Economy will have the greatest impact on new regulations. My best evidence is the US FDA.
The FDA has been trying to improve the turnaround on submission reviews for my entire career. For a period of about 8 years, matching closely with the Presidential terms of George W. Bush, it seemed to get easier to get products through the FDA logjam. Then the global economy tanked and political winds changed in 2009.
Over the past three years, Republican’s have gained power and Congress is now pushing the FDA to actually improve the metrics for product approval. The FDA will now have 200 additional reviewers, and every plan for improving turnaround that has been tried is back on the table. The FDA was given the funds to grow its army of inspectors first, and now the FDA is granted additional funds to hire additional reviewers and train them.
The European Union includes countries that are struggling to provide basic services, while other countries don’t want to bail their European neighbors out of debt. How is the European Parliament and the Council going to increase regulation of medical devices when everyone knows that regulations will cost more money?
The short answer is…they can’t.
One of two things must happen before true change can occur:
another healthcare scandal could trigger this change, or
the economy could improve.
Based upon the sluggish recovery of the US economy, I don’t see how #2 will happen in Europe during the next 18-24 months. I can’t predict #1, but historically scandals are years apart.
MAGIC 8-BALL TIME
I predict that the draft regulations will get watered down during the co-decision period. The most popular legislative tool is the “transition period”. For example, UDI legislation was passed in 2007 in the US but the proposed rule was not published by the FDA until 2012. The proposed rule includes a 7-year transition period for implementation of the new rule.
If the new EU regulation is finalized in 18-24 months, we can expect a long transition period during which various pieces of the regulations will be implemented. This transition period is essential for Notified Bodies to gradually increase their staff and for training new auditors. This will also give companies several years to organize their own plans for addressing the new regulations.
The one change I predict to happen quickly is consolidation. 60+ Notified Bodies are more expensive for the EU to support than a few large Notified Bodies. The FDA is a single, centralized regulatory body. The EU will not achieve the same degree of centralization, but I predict “a great consolidation”.
My final prediction is related to the vigilance process. In the US the MDR process has become highly automated and electronic submissions with a public database are the norm. This has allowed the FDA to rely on data analysis to identify problems and redirected the burden of data entry from the FDA to industry. We can expect Europe to follow this trend, by centralizing all vigilance reporting. The only remaining question about vigilance is how long will the transition period need to be for revision 8 (of MEDDEV 2.12/1).
I thought I would expand my usual musical range to include some of the music I grew up with. I hope you enjoy this fantastic performance.
I hear this question, or a question with similar wording, quite frequently when I am auditing. Typically the question is in response to a better way to do something that seems simple and efficient. Most people seem to approach regulatory requirements with the approach of…let’s bury the regulator. While it’s true that we expect a certain amount of paperwork with each regulatory requirement, we frequently are accepting of a much broader range in stack heights. For example, a design controls procedure could be a one page flow-chart that references forms and work instructions. A design controls procedure could also be twelve separate documents with a minimum length of ten pages and a maximum of forty pages per document. As long as the procedure has sufficient detail for the people performing these tasks and all the required elements are included, ISO clauses 7.3.1-7.3.7, then we have no choice but to identify the procedure as conforming.
The above example is the perspective of an auditor looking for CONFORMITY!
However, some people are inspectors that are looking for NONCONFORMITY!
In the case of inspectors, it is critical to present your information in such a way that it is easy for the inspector to see how you meet the requirements of the regulations. One of the best ways to do that is to reference the requirements directly in your procedures.
For those that prefer finesse…try to organize information in accordance with the regulations. For example, if I am writing a procedure for an ISO registration audit, I write the procedure to specifically address the ISO sub-clauses. I might even use a document control number like: SOP-73 for my “Design and Development” procedure. Alternatively, if I’m writing a procedure for a JPAL audit, I might change my document control number to SOP-3036 for my “Design and Development” procedure. This matches up with JPAL Ministerial Ordinance #169, Articles 30 through 36. In this case, the document control number suggests compliance with the Japanese regulations. A little subconscious suggestion couldn’t hurt.
In my previous blog posting, I suggested a slight change to the scheduling of internal audits. In order to make sure this meets FDA requirements, the key is to READ THE REGULATIONS AGAIN. With regard to internal auditing, the applicable FDA regulation is: 21 CFR 820.22:
“Each manufacturer shall establish procedures for quality audits and conduct such audits to assure that the quality system is in compliance with the established quality system requirements and to determine the effectiveness of the quality system. Quality audits shall be conducted by individuals who do not have direct responsibility for the matters being audited. Corrective action (s), including a reaudit of deficient matters, shall be taken when necessary. A report of the results of each quality audit, and reaudit(s) where taken, shall be made and such reports shall be reviewed by management having responsibility for the matters audited. The dates and results of quality audits and reaudits shall be documented.”
The above requirement is quite vague with regard to how many auditors and how many days must be spent auditing. These are the variables I suggested changing in my previous posting. The FDA regulations are specific, however, with regard to documenting the “reaudit” of any deficiencies found during an audit. This prescriptive requirement can be met by reviewing previous audit findings of all audits with the audit program manager during the audit preparation process. The audit program manager can facilitate the assignment of which auditor will reaudit each finding. This may require a few more minutes of audit preparation, but this should not measurably impact the overall time allocated to an audit.
Somehow the above prescriptive requirement slipped my mind. I do this out of habit when I am performing internal audits on behalf of clients, but if I am auditing the internal audit process of a client—now I’ll remember to point out this additional requirement that is specific to the FDA and not included in the ISO Standard. This is why we should always READ THE REGULATIONS AGAIN.
I just wanted to thank everyone for reading my blog. It's hard to make the dry and boring worth reading about. I have also created a formal Thank You page on my personal website: http://13485cert.com/qc-is-dead/.
Blog Stats
113,239 Views All Time!
Countdown to 2-Day Course!
Best Practices in Audit Program ManagementMarch 9, 2013
13485cert
QC is Dead 