The upcoming EU Medical Device Regulation (MDR) was a popular topic at MD&M West, as the industry is working to understand specific requirements as well as any emerging implications. A few specific requirements were examined in the Feb. 11 panel discussion, â€œStrategies for Implementing the New EU MDR Requirements.â€ Read on for insights that may surprise you.
Periodic Safety Update Report (PSUR) and Summary of Safety and Clinical Performance (SSCP)
â€œWe just became comfortable dealing with post-market surveillance and post-market clinical follow up . . .Â and now we find ourselves having to understand PSUR and SSCP,â€ said Jim Talbot, vice president, RA/QA, Zap Surgical, who spoke in the panel discussion. â€œWhere it gets challenging with PSUR is the requirement for a risk-benefit analysis. Most people struggle with that, and thereâ€™s different approaches you can take.â€ He addedÂ that there is a way to upload PSURs via an e-submission gateway, but he said the template is lacking. â€œThe content is described, but there is no set template,â€ he said.
Also, â€œthe challenge is how you get that information. Most people are familiar with the benefits of their products,â€ he said. â€œIt is easy to quantify benefits, but the risks are more difficult to quantify. . . . You are expected to quantify a risk and weigh it against the benefits.â€
â€œIt is a ratcheting up of risk management expectations,â€ said Kim Trautman, executive vice president, medical device international services at NSF International. â€œLong gone are the days you can pull out and dust off a little FMEA and call that risk management. Thereâ€™s a lot of legacy files out there and design files through acquisitions that really arenâ€™t up to snuff.â€
â€œDo you know that as of May 26, 2020, your post-market surveillance requirements kick in regardless of your marketing plan and regardless of your current certs?â€ she asked the audience.
In response to an attendeeâ€™s question about the expectations for PMS (whether it would be retroactive before Date of Application), Anthony Rizzo, assistant vice president healthcare development at BSI Medical Devices, said that â€œwe are not looking retroactively, we are looking forward.â€
â€œHow many of you think you are going to have an MDD recertification this year?â€ Trautman ofÂ NSF International asked the audience. â€œThe commission and the competent authorities have told notified bodies, â€˜You need to start applying the MDR requirements now.â€™ So donâ€™t be shocked when you start seeing these requirements that arenâ€™t in the MDD being applied because the notified bodies have been given these instructions. . . . One of the things Iâ€™ve seen [are] tech files that have been [assessed as acceptable] for the past 20 years with the same notified body now have 9, 12 major [nonconformances] written up against them because there is a different bar. And you need to be prepared for that bar sooner than later.â€
Trautman said sheâ€™s seen companies struggling with the lack of coordination between different teams. â€œThere is so much interconnectivity with the requirements,â€ she said. â€œIt is so essential that [there] is a coordinated team. I think the larger companies do have a more difficult job because they have different owners of different data. That data has not traditionally been normalized. Whoâ€™s pulling that together and coordinating that for some of the new reporting requirements?
â€œIt is really prudent for you to be well prepared whether it is a recertification/renewal or going for a new [MDR certificate],â€ she added. â€œThe queue is so long and if you have major nonconformances that require a notified body to come back in, youâ€™re at the end of the queue.Â This is not something that is going to be resolved easily and quickly over a couple months like it may have before. Itâ€™s simply a supply and demand problem.â€
â€œDonâ€™t wait around for the commission to give guidance,â€ said Trautman. â€œThereâ€™s tea leaves out there. Yes, EUDAMED is going to be delayed. But if you want to see some of the components of EUDAMED from a vigilance reporting perspective, go look at the regulatory nonconforming exchange group on IMDRF.org. Look at the adverse event reporting coding that IMDRF has published.” And she later explainedÂ MD+DI: “Start aligning patient codes, problem codes, and everything else now, because FDA also is going to align to these codes and the codes and data fields are going to be whatâ€™s in EUDAMED.â€
EUDAMED will be delayed for two years. However, â€œyou cannot breathe a sigh of relief,â€ said Rizzo of BSI speaking of EUDAMED. â€œIt is just a database. And the key thing is that the reporting requirementâ€”just because that database isnâ€™t thereâ€”itâ€™s not going awayâ€”you are going to have to upload all that later.â€
Trautman agreed, adding that â€œthose requirements donâ€™t go away even though there is no database to upload. So you have to have hard copies of the required elements and you have to be talking with your notified bodies. . . And there are a variety of answers of how they want that data initially before EUDAMED is ready to go, so you really need to communicate with your notified body.â€
Notified bodies â€œhave been given strict orders that they cannot consult,â€Â Trautman told the audience. â€œYou should be seeing a different tenor from notified bodies. . . . So you need to be the ones to put things in place within your quality system that make the best sense for your organization and from the public health perspective that your product brings. It is your QMS and you need to defend how that thinking meets the requirements.â€
â€œEverything started with RoHS,â€ explained Vinay Goyal, a principal consultant/project manager. â€œBut if you look at the MDR or most new regulations and you search by substance, you will always find something. Thereâ€™s always something banned or restricted or requiring disclosure.â€
He also spoke of substances that are carcinogenic, mutagenic, or toxic to reproduction (CMRs) listed as part of REACH. â€œThere are 1600 substances on the CMR 1A/1B,â€ he added, â€œand they will keep adding substances.
â€œAnd when it comes to substances, you canâ€™t say you are 99.9% compliant,â€ he added. â€œYouâ€™re either compliant or youâ€™re not.â€ Companies need to â€œgo through every patient-contacting part and full declaration of 100%. . . . if you arenâ€™t sure what is in the product, send it to a test lab.â€
Kerri Casino, senior manager, regulatory affairs at Edwards LifeSciences,Â explained to the audienceÂ that the new regulationâ€™s â€œcontact requirementsâ€ state that if the medical device material is invasive and in contact with the body or if it delivers or re-administers blood or fluids or gases or fluids to the human body, it is in scope.Â
â€œThere are labs that do full material disclosure testing . . . or there are labs that do exclusionary testing,â€ she furthered. With exclusionary testing, thereâ€™s a risk, she said, because â€œyou are good for that moment in time but as soon as the regulation changes and they add a new chemical to the list, you have to send it back to the lab.â€
Trautman said that when you do identify a substance, â€œincorporate it into your risk management,â€ and â€œadd it to labeling and IFUs as required. It really needs to be pulled through your risk-management system.â€
To wrap up the panel discussion, moderator Marcelo Trevino, global vice president, regulatory affairs & quality assurance at Agendia, asked Rizzo of BSI to share a few pitfalls with the audience. Rizzo offered a few parting thoughts:
- “Even though [there are]Â those of you who are not applying for MDR right away because you have MDD renewals, those vigilance requirements are effective in May of this yearâ€”right away,â€ said Rizzo. â€œSo audits for the MDD are going into those areas (MDR PMS/vigilance) as well.â€
- â€œWe expect that your QMS according to the MDR is documented, released, and in use, and the documents are in practice as much as practical. Where they are not, we expect to see those procedures are set up and in use,â€ he said.
- For legacy devices, â€œyou canâ€™t just submit old technical files,â€ Rizzo said. â€œThese are completely new technical documentation reviews.â€
- For companies marketing legacy devices with lots of versions, it must be very clear as to which versionsâ€™ testing and clinicals apply, he said. In addition, â€œfor companies with both MDD and MDR devices on the market at the same time, full traceability is going to be expected under both separately.â€
- â€œClass 2AÂ and 2BÂ devices will be reviewed in same depth as Class 3 devices were looked at in the past,â€ he said.
- For General Safety and Performance Requirements (GSPRs), â€œwe are finding more nonconformities than we used toâ€”the trick is full justification and the depth of how youâ€™re justifying what you are doing,â€ Rizzo said.