MDSAP: Cybersecurity and the single audit process program

For those who may not be entirely familiar with the Medical Device Single Audit Program (MDSAP), this initiative is intended to allow auditors from MDSAP-recognized Auditing Organizations (AOs) to conduct a single audit of a medical device manufacturer’s quality management system that will satisfy the requirements of the medical device regulatory authorities participating in the MDSAP program. The countries currently participating in the program include the United States, Canada, Japan, Australia, and Brazil. The objective is to jointly leverage regulatory resources to manage an efficient, effective, and sustainable single audit program focused on the oversight of medical device manufacturers.

Audits performed under the MDSAP program will be process-based, focusing on several defined processes, a defined method for linking those processes, but all audits will be based on the foundation of risk management.

As part of this effort to review risk management and software used both as part of the medical device and as part of the internal quality system, , the auditors will look to see if the firm has addressed the exchange of sensitive digital information between platforms, organizations, and nations. This is, in large part, in response to the fact that several of today’s medical devices are computers with internet connectivity and can be vulnerable to security breaches, potentially impacting the safety and effectiveness of the device. The increased use of wireless technology and software in medical devices also increases the risks of potential cybersecurity threats.

Read the rest of this entry »

Medical Device Single Audit Program: What you need to know, Pt. I

Both the medical device industry and international regulators have witnessed the growing need for a standardized, worldwide approach to auditing and monitoring medical device manufacturing. A single, comprehensive process would reduce costs and speed time to market.

With that goal in mind, the International Medical Device Regulators Forum (IMDRF) began work several years ago to create a program framework that would enable the conduct of a single regulatory audit of a medical device manufacturer’s quality management system that satisfies the requirements of multiple regulatory jurisdictions. The MDSAP was developed by representatives of regulatory authorities including the Australian Therapeutic Goods Administration (TGA), Brazil’s Agência Nacional de Vigilância Sanitária (ANVISA), Health Canada, MHLW/PMDA, and the U.S. Food and Drug Administration (FDA).

The MDSAP is a way that medical device manufacturers can be audited once for compliance with the standard and regulatory requirements of up to five different medical device markets: Australia, Brazil, Canada, Japan and the United States.  The program’s main mission is to “…jointly leverage regulatory resources to manage an efficient, effective, and sustainable single audit program focused on the oversight of medical device manufacturers.”

Read the rest of this entry »

The Impact of New Laws When Selling Medical Devices to Europe: Part II

MEDDEV 2.7.1 and what it means for clinical evaluations and reports

If you are a medical device manufacturer planning to sell your devices in Europe, you’re aware by now that there have been significant changes in EU regulations recently that affect how medical devices are brought to market. One key element of these regulatory reforms is MEDDEV 2.7.1 concerning clinical evaluations. Manufacturers must develop a clinical evaluation report:

  • Identify the regulatory requirements that must be supported by clinical data
  • Identify available clinical data that is relevant to the subject device and the state of the art concerning the intended use
  • Determine whether the available data is sufficient to establish the safety and performance of the device
  • Generate additional clinical data as necessary to address any outstanding safety or performance concerns
  • Determine the clinical safety, performance and benefit/risk ratio of the device based on an assessment of all the clinical data collected

There have been important changes that have occurred in the 4th revision

The importance of written procedures

Considering the new European requirements for clinical evaluation and the actions that manufacturers are expected to take to fulfill these requirements, it’s clear that written procedures are critical to facilitate this process and provide consistency in the actions taken. Section 10.2.1, Review of the Manufacturer’s Procedures, advises that the Notified Body should assess the establishment, maintenance and application of the documented procedures for the evaluation of clinical data as part of the review of the manufacturer’s quality system. Readers are advised to review the guidance document for a complete description of areas that the procedures should cover, including:

Read the rest of this entry »

The Impact of New Laws When Selling Medical Device to Europe: Part I

Here’s the dilemma that has faced US medical device manufacturers looking east to Europe for an easier path to increase sales: for years it has been easier to get medical devices to market in Europe.

The reason, of course, was that European regulations allowed devices to be sold as long as they performed “as intended” and were “likely to be safe.” That meant they could get to market faster. Submitting a technical file was easier and the overall review process was simpler and much faster. There was a cost; studies showed that medical devices first approved in the European Union had a higher rate of safety issues than devices first approved by the FDA.

In an effort to reduce safety issues and risk, European medical device regulations were fundamentally changed in 2010, affecting every medical device sold in Europe. An amendment to the Medical Devices Directive (MDD) 93/42/EEC essentially mandated that every medical device sold in Europe, regardless of its classification, must have a clinical evaluation (CE) report in its technical file. The issue was that the CE report was simply a literature review. The thought was if the body of literature showed that the device was safe and effective then the risk would be lowered. The report was to augment or substitute for any clinical data that is submitted to the notified body.

Unfortunately this did not reduce the number of large recalls and safety events including the high-profile events: metal on metal hip replacements recall and the ruptured breast implant crisis. A report by the European Commission’s Medical Device Experts Group (MDEG) concluded that most manufacturers didn’t have adequate clinical evidence for their medical devices and that most notified bodies didn’t thoroughly verify the clinical evidence that was provided to them by manufacturers. The findings applied to Class I and Class IIa devices, as well as Class IIb and Class III devices. This report prompted urgent regulatory reforms to the medical industry and the European Commission started looking at significantly changing the law in September 2012.

Read the rest of this entry »

3 Reasons for Medical Device Consulting

Few industries evolve as rapidly as healthcare and medical device manufacturing. Digital transformation, healthcare reform, technological advances, and regulatory compliance issues can all significantly affect medical device design, manufacturing, and sales. It’s no wonder medical device manufacturers are increasingly turning to consultants for help.

If you’re a medical device equipment manufacturer considering hiring outside assistance for your next product or to address a looming compliance issue, here are three major reasons why turning to MEDIcept:

  1. Streamline FDA regulatory approval

The medical device development process is a complex one with twists and turns that can cause unexpected and costly delays. Every reviewer is looking for something different. Submission deliverable requirements keep changing. Our experienced medical device consultants fully understands the FDA submission process for 510(k)s and premarket approvals (PMAs)and can help craft a regulatory strategy based on your needs. With the right help, you can optimize your submissions to save time, money, and effort.

Read the rest of this entry »

Mock FDA inspections can help ensure regulatory compliance

Few industries are as heavily regulated as medical device manufacturing. Developing and producing a medical product is an expensive and time-consuming process even when everything goes smoothly.

Things can quickly become even more expensive and challenging if your company and staff are not prepared to deal with complex FDA regulations and any inspections or audits associated with them. Regulatory compliance is the cornerstone of success for any medical device and its manufacturer. Any medical device manufacturer out of compliance is essentially out of business.

Like any complex undertaking – especially one that potentially threatens life and limb if not executed properly – medical device manufacturing is all about preparation and practice to avoid unexpected and expensive stumbling blocks put in your path by FDA regulations.  That’s why it’s so important to prepare for a possible regulatory inspection to ensure that your staff is familiar with the FDA’s Quality System Inspection Technique (QSIT) and can handle an inspection with relative ease and efficiency.

FDA regulatory compliance best practices include working with a regulatory compliance expert to conduct a mock inspection and audit designed to uncover any potential weak areas in your staff preparation, processes, and documentation before you begin marketing your product. It’s important to understand and evaluate your quality system’s overall status and how to anticipate the types of questions and requests you may receive from FDA inspectors.

Read the rest of this entry »

Think about package validation early in product development

Medical devices are often complicated and expensive machinery that must be treated with care. People’s lives may depend on these devices functioning properly, so why risk damaging the devices with shoddy packaging? Medical device testing is a rigorous and complex process that demands careful planning and attention to detail. Working with experienced professionals for your package validation is one way to ensure a streamlined process without all the stress.

Unfortunately, some medical device manufacturers don’t think about packaging early enough in the product development process. Perhaps that’s because they relegate packaging to second-class citizen status – almost an afterthought after all the sweat and effort expended designing and prototyping the product itself.

It’s important to keep in mind that the purpose of a package is to protect the contents from external interactions that could damage the item. During transit, packages may be bumped, dropped, shaken, stored upside down or sideways.  Even when taking every precaution, there’s simply no predicting what weather your packages will encounter along the way — from sunny and warm to freezing and rainy. Without package validation and thorough testing, you just might be sending your devices to their doom.

Another factor to take into account is how well the packaging is going to age — materials don’t last forever.

Read the rest of this entry »

Health Canada Single Use Medical Device Commercial Reprocessing Requirements

Single use medical devices (SUD) are devices that are intended to be used only once and then disposed of. However, due to costs savings associated with the reuse of these devices hospitals and other organizations are reprocessing them through cleaning, disinfecting and sterilization.

In 2000 FDA published the guidance document “Enforcement Priorities for Single-Use Devices Reprocessed by Third Parties and Hospitals” which describes FDA’s enforcement priorities to third parties and hospitals that reprocess SUDs. Other countries have similar regulatory reprocessing requirements including Canada which recently under the existing Food and Drugs Act and Medical Devices Regulations established requirements for organizations, other than hospitals, that engage in reprocessing of SUDs. Health Canada will continue to allow oversite provided at the provincial and territorial levels to hospitals.

Read the rest of this entry »

IVD Genetic Testing Direct to Consumer (DTC) FDA Approval: Case Study

The area of genetic testing has expanded significantly in recent years with more types of testing becoming available for both clinical and non-clinical applications. The AMA states there are more than two thousand genetic tests available to aid in the diagnosis and treatment of more than one thousand different diseases

Clinical genetic testing can consist of diagnostic and predictive medicine which identifies whether an individual has a certain genetic disease or an increased risk for a particular disease. Pharmacogenomics evaluates an individual’s genetic makeup to determine whether a drug is suitable for a particular patient and whole-genome and whole-exome sequencing examines the entire genome or exome to discover genetic alterations that may be the cause of disease. Genetic testing can include breast, ovarian, and prostate cancer; Crohn’s disease, deafness, Huntington’s disease, sickle cell anemia, and cystic fibrosis to name a few.  Non-clinical genetic testing is also performed to determine characteristics such as ancestry and paternity.

Most genetic testing is available only through a healthcare provider; however the emerging field of direct-to-consumer (DTC) testing provides the possibility of obtaining test results directly from a company without the involvement of a healthcare provider or genetic counselors.

Read the rest of this entry »

Postmarket Management of Cybersecurity in Medical Devices

Many medical devices currently in commercial distribution today incorporate some type of software. Some devices use software to control certain aspects of the device or perform data analysis while others use it to connect to the Internet and health care provider networks for monitoring and sharing data.

The U.S. Food and Drug Administration (FDA) is becoming increasingly concerned about the vulnerability of these devices to hacking, jeopardizing their safety and efficacy while putting patients at risk. In response to this increased threat, the FDA recently published a guidance document called the Content of Premarket Submissions for Management of Cybersecurity in Medical Devices and, as a part two to their cybersecurity efforts, has issued a draft guidance document entitled Postmarket Management of Cybersecurity in Medical Devices.

Suzanne Schwartz, M.D., M.B.A., the associate director for science and strategic partnerships and acting director of emergency preparedness/operations and medical countermeasures in the FDA’s Center for Devices and Radiological Health said, “All medical devices that use software and are connected to hospital and health care organizations’ networks have vulnerabilities — some we can proactively protect against, while others require vigilant monitoring and timely remediation. (The) draft guidance will build on the FDA’s existing efforts to safeguard patients from cyber threats by recommending medical device manufacturers continue to monitor and address cybersecurity issues while their product is on the market.”

Read the rest of this entry »