Author: Brandon Miller

Compliance & Product Launch

Posted on by Brandon Miller

Why has product launch become more complex after the pandemic & how have the “roots of compliance” changed the EU regulatory environment?

 

 

In this sound bite from RCA Radio, host Brandon Miller is joined by Kinga Demetriou, an Expert Certifier at BSI, as they discuss how the pandemic changed the “roots of compliance” in the EU regulatory environment.

 

  • Since the pandemic, quick routes to market such as EUAs have been stopped leading to market servaliance company’s putting more scrutiny on products (e.g. PPE masks)
  • Manufactures have found out that offering a products in different markets take a lot of recourses to understand the roots of compliance depending on the location
  • Different market access requirement have been introduced depending on geography
  • New rules and certifications are in place making it more complex to launching products in multiple markets

 

Listen to the full Podcast on Global Regulatory Trends –> Click Here

 

To begin the Regulatory Compliance Associates scoping process today, please enter your information in the blue form below and click the submit button at the bottom of the webpage. You may also email us at [email protected].

Addressing Troublesome Design Protocols

Posted on by Brandon Miller

What should you do if you are having trouble executing your design protocols? 

Listen to this highlight from RCA Radio where Walter Mason explains what needs to be done if you have troubles executing your design protocols even after training.

 

 

Listen to the entire episode where we take an in-depth look at protocols for biologics and their importance. RCA Radio Episode 13.

 

What can you do?

  • Go to the developer and let them know that it is not working for you
  • Talk through the design protocols in general
  • Procede step-by-step through the design protocols process
  • Look back at the FDA guidance documents
  • Get feedback on your design protocols
  • Implement changes in your training or to the protocol itself

 

To begin the Regulatory Compliance Associates scoping process today, please enter your information in the blue form below and click the submit button at the bottom of the webpage. You may also email us at [email protected].

Medical Device Cybersecurity

Posted on by Brandon Miller

For medical device manufacturers, technology can be a double-edged sword. The innovative technologies that elevate the quality of life for patients can also be used to potentially undermine the organization using the device. The consequences can affect the device itself if we do not implement good IoT cybersecurity and FDA cybersecurity protocols. At Regulatory Compliance Associates®, we offer a wide variety of services for medical device security to help ensure that your product is protected from cyber-attacks.

 

With a well-planned design, along with full visibility of product development and the supply chain, RCA can help strengthen your device’s cybersecurity posture throughout. We partner with medical device companies for the entire life cycle, including from the development of your product to the regulatory submission to your notified body.

 

Cybersecurity Medical Device Services

 

  • Supporting cybersecurity aspects of design control using secure design principles for the entire Product Lifecycle.
  • Performing Gap analyses on your device’s current cyber resilience.
  • Utilizing threat risk modeling to identify potential vulnerabilities or the absence of appropriate safeguards for future threats. 
  • Generation of regulatory submission documentation per the FDA’s cybersecurity guidance, as well as the EUMDR MDCG 2019-16 cybersecurity guidance.
  • Perform a cyber risk analysis to manage confidentiality, integrity, and availability and reduce attack surface area.
  • Create a software bill of material for purchased components of the product to better manage vulnerabilities.
  • Independent 3rd party validation of cybersecurity requirements.
  • Analysis and evaluation of current ISO 14971 risk management procedures.

 

Trustworthy Medical Device Cybersecurity

 

  • Contains hardware, software, and/or programmable logic that is based on FDA cybersecurity guidance and regulatory standards.
  • Provides a reasonable level of availability, reliability, and correct operation.
  • Is reasonably suited to performing its intended functions.
  • Adheres to generally accepted security procedures.

 

Cybersecurity Medical Device Best Practices

 

  • Identify assets, threats, and vulnerabilities.
  • Assess the impact of threats and vulnerabilities on the device’s safety and performance.
  • Assess the likelihood of a threat as well as the likelihood of a vulnerability being exploited.
  • Determine security risk levels and suitable mitigation strategies.
  • Evaluate residual security risk and risk acceptance criteria.

 

To begin the Regulatory Compliance Associates scoping process today, please enter your information in the blue form below and click the submit button at the bottom of the webpage. You may also email us at [email protected].

How Brexit is Impacting Medical Device Companies

Posted on by Brandon Miller

Medical Device Regulations Changes coming with Brexit.

Listen to this highlight from RCA Radio where Seyed Khorashahi breaks down the UK’s Medical Device Regulations resulting from Brexit and choosing not to join the EU MDR.

 

 

Listen to the entire episode where we go over Brexit and all of the important things happening in the Medical Device industry here.

Looking for help adhering to the New Brexit Regulations? Contact Us Now →

Changes with Brexit

The UK will not be transitioning to the EU MDR or IVDR and will be staying with MDD, AIMD, and IVDD. They plan on making changes in the future as necessary for the UK market.

 

CE Marking

The MHRA will recognize the CE Mark for devices until June 30th, 2023. This applies to products CE marked under the

  • MDD, IVDD, AIMDD, and as well as MDR and IVDR.
  • Class I and General IVD manufacturers can continue to self declare.

 

Conformity Assessment Marking (UK CA)

  • UK Notified Bodies will become UK approved bodies starting January 1st, 2021
  • Device Manufactures can use UK approved bodies for UK CA marking starting on January 1st, 2021
  • UK CA marking will be mandatory on July 1st, 2023

 

MHRA Registration Requirement Dates

 

  • May 1st, 2021
    • Class III medical devices & IVD list A devices
    • Class II b implantable devices
  • September 1st, 2021
    • Class II b non-implantable and II a & IVD list b products
  • September 1st, 2022
    • Class I medical devices and general IVDs

 

UK Responsible Person

Manufactures without a presence in the UK will need a UK responsible person which can be an individual or company similar to EU authorized representative.

 

 

To begin the Regulatory Compliance Associates scoping process today, please enter your information in the blue form below and click the submit button at the bottom of the webpage. You may also email us at [email protected].

 

In-Vitro Diagnostic Devices Regulation (IVDR)

Posted on by Brandon Miller

The application date of May 26, 2022, for the EU In-Vitro Diagnostic Medical Devices Regulation (2017/746) (IVDR) has created a huge challenge for IVD medical device firms planning to introduce or continue to market their IVD products to any of the European Union Member States. 

 

One of the biggest changes from IVDD to IVDR is the move from list-based IVD device classifications to a rule-based IVD medical device classification resulting in 4 new device classes: class A (lowest risk) to class D (highest risk), where class B, C, and D would require Notified Body involvement.

 

Need help with your transition to the EU IVDR? Contact Us Now →

 

“The combination of major changes to the IVDR device classification resulting in 3-fold increase in IVD medical devices requiring notified body involvement and lack of adequate IVDR designated notified bodies has created a huge bottle neck to getting ready for the EU IVDR by the application date of the EU IVDR.” says Seyed Khorashahi, Executive Vice President of Medical Device and CTO of Regulatory Compliance Associates Inc.® (“RCA”).

 

This change alone would result in a huge number of medical devices requiring Notified Body involvement. It is estimated this quantity of medical device products will increase from 20% under MDD to approximately 80% under IVDR.  As of this writing, there are only 4 IVDR designated Notified Bodies, which visibly increases the number of goods our clients must submit. 

 

 “Right now, we’re partnering with global clients that have both a small and sizable product portfolio of In-Vitro Diagnostic Devices, and they are at different stages in their IVDR implementation efforts,” says Lisa Michels, General Counsel for Regulatory Compliance Associates® Inc. (RCA). “Proactive strategic planning and effective resource allocation are critical for the timely execution and implementation of a comprehensive IVDR Implementation Plan. IVDR manufacturers must consider and prepare for potential delays such as scheduling bottlenecks for Notified Body Conformity Assessment activities, which may directly or indirectly impact their planned commercialization efforts for existing and/or new IVDR products. IVDR manufacturers must establish contingency plans to mitigate some of these potential challenges in this new regulatory environment under the EU IVDR since all IVDR manufacturers are facing the same task.”

 

Additional nuances from IVDD to IVDR are based on a medical device lifecycle approach and include:

 

  • Requirements for medical device manufacturers to establish and demonstrate effective quality management systems (QMS)
  • More stringent requirements for clinical evidence demonstrating conformity.
  • New requirements for post-market performance monitoring and reporting
  • Greater supply chain oversight and device traceability, including giving the notified bodies discretionary authority to supplier audits and subcontractor compliance.

 

The transition from IVDD to IVDR can be a time-consuming process, and many companies are still in the process of regulatory transition. 

 

“It’s time-sensitive because our clients are learning how to deal with their current notified body, and if they are still the correct partner to work with” continued Khorashahi. “We initially start with a strategic approach to plan their regulatory strategy of current IVD medical devices in the field and their IVDD certificate expiration date to prioritize the products that need immediate attention. “Each of the IVD medical devices has to be reclassified according to the new IVDR device classification rules.”

 

If you are a small to medium size company and have not already started your transition, now may be the opportune time to engage with a strategic partner like RCA to prepare for the IVDR deadline.

 

“Timely compliance to the IVDR requires a dedicated team of subject matter experts to properly implement and execute the compliance deliverables as laid out in your IVDR Implementation Plan” continued Michels. “These deliverables may require extensive updates to a manufacturer’s existing Quality Management System (QMS), technical documentation, and/or establishing or enhancing a manufacturer’s body of objective evidence of clinical performance validation with a defined blueprint to address the product lifecycle.”

 

Your organization has a better chance of a successful transition by engaging subject matter experts like RCA who have an intimate familiarity with the planning and implementation of IVDR.

 

“Our experts can help you identify the intended purpose and the inherent risks associate with your devices, determine the device classification, and help create technical documentation in compliance with IVD regulation 2017/746.:es” Khorashahi divulges.

 

More robust procedures for post-market surveillance and post-market performance follow up must be put in place to successfully transition.

 

“RCA has the subject matter expertise, experience, and dedicated resources available to assist our clients with the seemingly daunting task of ensuring timely IVDR compliance prior to the fast-approaching deadline. Our proven capability is what clients find to be of most value in the selection and utilization of a regulatory compliance consulting firm like RCA.” replied Michels.

 

To begin the Regulatory Compliance Associates scoping process today, please enter your information in the blue form below and click the submit button at the bottom of the webpage. You may also email us at [email protected].

FDA Medical Device Guidance

Posted on by Brandon Miller

The FDA Center for Devices and Radiological Health (CDRH) recently published new guidance for medical device priorities in 2023. The FDA CDRH guidance looks to evolve away from the COVID-19 pandemic and transition toward digital health, medical device software and regulated software as a medical device (SaMD).

 

Cybersecurity for Medical Devices

 

Among topics the FDA guidance considers “A-List” priorities is cybersecurity for medical devices. Two initial priorities of the FDA guidance will include a deeper study of quality system (QMS) considerations and premarket submission (PMA) content.

 

Additional FDA software guidance was published earlier this year (September 2022) that described how software functions meet the definition of a medical device and risks to the public. The change industry should keep an eye on is FDA product specific guidance that applies to regulating software development that impacts risk to patient safety.

 

Quality Management System

 

Quality management system regulation currently falls under 21 CFR 820, so it will be interesting to see how new updates are developed based on discussion with industry. Every medical device manufacturer is required to have a compliant QMS system that includes the necessary QMS documentation for regulatory approval.

 

As digital healthcare integrates the physician-patient relationship, FDA continues to scrutinize device software functions and healthcare mobile apps. Lastly, these insights may provide additfeedback on software functions not subject to FDA regulatory requirements relevant to a QMS audit.

 

Remanufacturing Medical Devices

 

FDA is taking a deeper look at reusable medical devices and how preventive maintenance increases the life of a medical device. Currently, there are separate regulations for both industry manufacturers and 3rd party service companies. FDA will look to clarify the differences between “servicing” and “remanufacturing”, and the impact on medical device safety for either. This will likely impact the regulatory responsibilities of companies who perform these activities for health care providers.

 

Premarket Authorization (PMA)

 

Software as a medical device continues to grow across the health care industry. Updated premarket authorization guidance will focus on software devices with consideration to how the software is delivered to the end user. This can include factory-installed healthcare software or platforms installed by a third-party vendor.

 

Equally important, new information is anticipated for different types of firmware and software-based control of medical devices. Industry employees should also anticipate greater clarity for stand-alone software applications and general purpose computers. Leadership at FDA has included subtle hints that accessories to medical devices that include software may also be included in future FDA guidance for industry.

 

COVID-19 Emergency Use Authorization (EUA)

 

There has been discussion around the 180-day timeline proposed for notice of ending a medical device EUA due to COVID-19. Final guidance should be available in 2023 that provides more detail about on the appropriate transition period. FDA is considering industry recommendations that avoid disruptions to product shortage and supply chain.

 

Further, consideration is also being given to medical device manufacturer and healthcare providers to adjust from policies adopted during the public health emergency (PHE). For example, an EUA issued under section 564 of the FD&C Act will remain in effect. Primary changes will be based on if FDA chooses to revoke the EUA because the criteria for issuance is no longer met. 

 

Voluntary Improvement Program

 

FDA and the Medical Device Innovation Consortium (MDIC) continue to advance their pilot program launched in 2018. Select medical device manufacturing sites were chosen to review key business processes using a series of integrated best practices. The Capability Maturity Model Integration (CMMI) Institute certified select team to conduct and review quality system maturity of these sites.

 

Additionally, 2023 will likely bring even more data surrounding the MDIC program. This could include public info for industry about continuous improvement through quarterly check-in progress with participating medical device companies. The program is designed to report industry baseline metrics after the check-in and monitor operational excellence.

 

Breakthrough Devices Program

 

New information from FDA will arrive in 2023 for updates to the Breakthrough Devices Program. Early updates suggest the guidance will clarify how the program may be more applicable to certain devices than others. FDA breakthrough designation often benefits populations that are more likely to be impacted by health care disparities. New clarity may include breakthrough therapy designations and how medical device companies can educatee sponsors to submit for proposed indications of use. 

 

Finally, an important facet of the breakthrough devices program is the type of evidence needed for FDA approval. Clarity should help to determine whether a device is reasonably expected to increase the treatment or diagnosis efficacy. Moreover, early indications suggest that the intended use of the device, technology and features, and the available standard of care alternatives will all play a role.

 

To begin the Regulatory Compliance Associates scoping process today, please enter your information in the blue form below and click the submit button at the bottom of the webpage. You may also email us at [email protected].