Leveraging Your NSF Certification: Now that you've received NSF Certification ... why not leverage the Mark to your advantage.
This article by James Pink, Partner at NSF-DBA, and John Worroll, NSF-DBA Medical Devices Consultant, summarizes a piece published in The Journal of NSF-DBA (page 16).
The ongoing controversies involving poly implant prothèse (PIP) silicone breast implants and metal-on-metal (MoM) orthopaedic implants have severely damaged public confidence in the regulatory systems for medical devices and in the ability of the EU competent authorities to handle problems in this area.
PIP and MoM issues are impacting the redraft of the medical device directives currently underway with the competent authorities and the European Commission. The regulation of high-risk medical devices, including implants, may move closer to the pharmaceutical regime. Whatever the changes, it is clear that in the medium term, manufacturers will have to come to terms with an increase in regulation. There is also a short-term effect as competent authorities and notified bodies change the emphasis of enforcement and audit activities to take into account the issues raised by PIP and MoM.
Obviously, any actions should be risk-based. Manufacturers of high-risk implants are the most at risk themselves, particularly if they lack robust justifications for their products or demonstrably good follow-up and post-market surveillance.
We recommend several actions for companies wishing to strengthen their audit readiness. Firstly, they should re-examine their technical documentation and take any necessary action to ensure that it fully justifies the risk/benefit of the medical device product on the market. Secondly, they should ensure that the post-market surveillance systems and processes fully meet current competent authority and notified body expectations and provide the manufacturer with early warning of any problems.
Companies should ensure their technical documentation demonstrates that there was a robust risk analysis and management system during the design and development of the product, including its accessories. For each product, the documentation should demonstrate that the benefits of the product justify the risks which could not be further reduced during the design phase, following the principles of the EN ISO 14971 medical device risk management standard. A common mistake is to omit or fudge this final conclusion, or to identify a risk and then fail either to demonstrate a linkage to the action taken or to justify the decision that no action is needed.
Companies need to check that the technical documentation demonstrates that all the essential requirements (ER) of the Medical Devices Directive (MDD) (93/42/EC as amended by Directive 2007/47) are properly addressed, not just the most obvious aspects. For example, under ER7 Chemical, physical and biological properties, ER 7.1 states that:
The devices must be designed and manufactured in such a way as to guarantee… performances… particular attention must be paid to:
Referring to EN ISO 10993-1:2003 (Biological evaluation of medical devices) is not enough; the ER refers to all performances, not just those affected by biocompatibility.
The most recent revision of the MDD emphasizes clinical evaluation prior to placing a product on the market. This does not necessarily mean running a clinical investigation or trial for each new product. Ensure you document a robust justification for not undertaking an investigation. Not doing so, in terms of the equivalence and relevance of the data used in the evaluation as derived from similar products (see EU guidance on clinical evaluation, MEDDEV 2.7.1), diminishes confidence in the manufacturer’s clinical benefit-risk conclusions and opens them to regulatory and scientific challenge.
Following the MDD and ISO 13485 medical device quality system requirements should demonstrate sufficient verification and validation to ensure manufactured products consistently meet the original design, and that the product actually works in practice. Often, manufacturers do not distinguish between verification and validation. Verification confirms that the device meets the design specifications, while validation confirms that the device performs as intended. The U.S. FDA places great emphasis on product and process validation and provides good guidance on these topics.
As PIP and MoM have demonstrated, it is only when the manufacturer places the product on the market that the assumptions and calculations made during the design phase meet reality, in the shape of patients and users in all their variations. There must be a good system to ensure the experience from use of the product on patients is fed back into a validation and risk management process.
The 2007/47 revision of the EU device directives places greater emphasis on post-market surveillance via Annex X: "The clinical evaluation and its documentation must be actively updated with data obtained from the post-market surveillance." A fundamental directive requirement is to have a defined post-market surveillance plan, which should have a proactive element. The manufacturer should actively seek information and not just wait for it to appear. In the PIP example, there were significant issues with the flow of information back from the clinics to which the implants had been sold, as well as with the products that had been own-branded by other companies.
High-risk products, including implants of all types, need a post-market clinical follow-up (PMCF) as per the EU PMCF guidance, MEDDEV 2.12/2.
For lower-risk products, especially those sold over the counter, manufacturers need to consider how they will obtain performance data and ensure that feedback is representative of all users in all markets (UK and elsewhere). Feedback should not come only from a few conscientious customers. NBMED 2.12. Rec 1 provides guidance on how to achieve this.
Data received from post-market surveillance should be critically analyzed. For example, it’s tempting to ascribe a cluster of incidents from one particular market to a user error, a market peculiarity or even a batch issue. But high incident reports from a particular market and relative quiet from elsewhere could also be due more to non-reporting than to good product performance.
Manufacturers should have criteria, based on the risk evaluation conducted during product design, for when to report serious incidents to the competent authorities under the vigilance system (see MEDDEV 2.12/1). In the event of a recall or advisory notice, the manufacturer needs robust processes that can be defended to the authorities.
Finally, the manufacturer’s internal processes must allow feeding information received post-market back into the design process, the technical file and, most importantly, the risk management report.
There are many things medical device manufacturers can do to avoid becoming the next PIP or MoM, regardless of any changes in regulation. It is certain that the regulations will continue to emphasize the responsibility of the manufacturer to place safe and effective devices on the market. Therefore, the use of robust scientific, engineering, process and reliability tools should be in place now, and be reflected in the technical documentation and post-market surveillance plans of all existing products.
For more information on NSF-DBA services in medical device regulation, please contact us, mail@nsf-dba.com.