21 CFR 820 compliance

Complaints handling mistakes – Why?

2 Comments / Complaint Handling / By / , , , , , ,

Complaints handling mistakes, medical device reporting, and CAPA are the most common reasons for FDA 483 inspection observations, but why?complaints Complaints handling mistakes Why?

Reasons for FDA 483s related to the CAPA process

You should already be well aware that deficiencies in the CAPA process, complaints handling, and medical device reporting are the three most common reasons why the FDA issues 483 inspection observations and Warning Letters in 2023. The most common reason for an FDA 483 inspection observation is related to the CAPA process (i.e., 336 observations citing 21 CFR 820.100). For the CAPA process, all 336 observations cited problems with inadequate procedures or inadequate records.

Reasons for complaints handling mistakes

The complaints handling process is the second most common reason for FDA 483 inspection observations (i.e., 276 observations citing 21 CFR 820.198). The complaints handling process has nine different reasons for 483 inspection observations (listed from most common to least common):

  1. Procedures for receiving, reviewing, and evaluating complaints by a formally designated unit have not been [adequately] established.  Specifically,*** 
  2. Complaints involving the possible failure of [a device] [labeling] [packaging] to meet any of its specifications were not [reviewed] [evaluated] [investigated] where necessary. Specifically, *** 
  3. Records of complaint investigations do not include required information.  Specifically, *** 
  4. Complaint files are not [adequately] maintained.  Specifically, *** 
  5. Not all complaints have been [adequately] reviewed and evaluated to determine whether an investigation is necessary. Specifically, ***
  6. Records for complaints where no investigation was made do not include required information.  Specifically, *** 
  7. Complaints representing events that are MDR reportable were not [promptly reviewed, evaluated, and investigated by a designated individual] [maintained in a separate portion of the complaint files] [clearly identified]. Specifically, ***
  8. Investigation records of MDR reportable complaints do not include required information.  Specifically, *** 
  9. Records of complaint investigations do not include required information, including any unique device identifier (UDI) or universal product code (UPC).  Specifically, ***

Reasons for FDA 483s related to Medical Device Reporting

There were 106 observations related to medical device reporting (i.e., 21 CFR 803) in 2023 thus far. There are 25 different reasons identified by the FDA for 483 inspection observations related to the Medical Device Reporting regulation. The majority o of the inspection observations were related to an inadequate or missing MDR procedure. However, there were also a number of inspection observations that were related to missing information in the MDR records. Therefore, we updated our Medical Device Reporting Procedure to include all of the required elements of the FDA’s MedWatch Form. We posted a blog about “Where to Focus your Medical Device Complaint Handling Training.” In that blog we answered questions from device manufacturers and consultants regarding the process of complaints handling investigation. The following section is a summary of my responses to those questions.

Complaints handling investigations

What criteria do you think should be used to determine whether a complaint should be investigated or not?

There is only one acceptable rationale for not investigating a complaint. If you don’t investigate complaints when required, then you might receive an FDA Form 483 observation worded like this…

21 CFR 820.198(c) – Complaints involving the possible failure of labeling to meet any of its specifications were not investigated where necessary. Specifically, a missing IFU was reported in customer complaints, but no investigation was conducted. The rationale documented in the complaint record was “the missing IFU presented no patient risk.”

A missing IFU is a “failure of labeling to meet any of its specifications.” Therefore, 21 CFR 820.198(c) requires you to conduct an investigation “unless such investigation has already been performed for a similar complaint, and another investigation is not necessary.” This is the only rationale that is acceptable for skipping your investigation. To ensure that no one forgets to investigate a complaint, make sure you include a space in your complaint handling form that is specifically labeled as “Summary of Complaint Investigation.” This space should also include an option to cross-reference to a previous complaint record where a similar investigation is already documented.

A missing IFU is also considered a misbranded product that requires correction (e.g., sending the customer a replacement IFU) or removal (i.e., recall). The FDA expects a Health and Hazard Evaluation (HHE) form to be included in your recall records, and the HHE should indicate the potential risk of a “delay in treatment.” This is the FDA’s conclusion in their evaluation of risk, and therefore your HHE must identify a delay in treatment as a patient risk too. The FDA also expects a CAPA to be initiated to prevent the recurrence of this type of labeling error. You can make a “risk-based” determination that reporting a specific recall to the FDA is not required as per 21 CFR 806.20. However, you need to maintain records of your determination not to report a recall. If you already received a Warning Letter, you should err on the side of reporting anyway.

Note: References to “recall” in the above paragraph are meant to include field corrections.

Intended Use

If a complaint consists of a medical device being used for something other than its intended use, is an MDR required for this user error?

The answer is yes. If you don’t report adverse events involving “user error,” then you might receive an FDA Form 483 observation worded like this…

21 CFR 803.17(a)(1) – The written MDR procedure does not include an internal system which provides for the timely and effective evaluation of events that may be subject to medical device reporting requirements.  Specifically, several incidents where a death or serious injury occurred were “caused by a user error,” and the procedure did not identify this as an event requiring Medical Device Reporting.

In 21 CFR 803.3, the FDA defines “caused or contributed” to include events occurring as a result of:

  1. Failure
  2. Malfunction
  3. Improper or inadequate design
  4. Manufacture
  5. Labeling, or
  6. User error

It is important to understand that the definition of complaints and the requirement to report adverse events should not be “risk-based.” The need for remediation and the need to report corrections and removals can be “risk-based,” but whether something is a complaint, and whether it is reportable should be “black-and-white.” For example, “Did the death or serious injury occur due to auser error’-including use other than the intended use?” If the answer is yes, then it is a complaint and reportable.

Incidents and Adverse Event Reporting

Do incidents that occurred outside the United States need to be reported to FDA?

The answer is yes. If you don’t report adverse events that occur outside the United States, then you might receive an FDA Form 483 observation worded like this…

21 CFR 820.50(a)(1) – An MDR report was not submitted within 30 days of receiving or otherwise becoming aware of information that reasonably suggests that a marketed device may have caused, or contributed to, a death or severe injury. Specifically, several instances were identified where the device caused or contributed to a death or serious injury, and the event was not reported to the Agency. The rationale documented in the complaint record was that the “event occurred outside the United States.”

This type of mistake is most likely due to a lack of training on 21 CFR 803–Medical Device Reporting. Some manufacturers that distribute products internationally are more familiar with the European Vigilance requirements as defined in Articles 87-89 of Regulation (EU) 2017/745. You can find additional guidance on vigilance reporting in our Vigilance Procedure or the applicable MDCG guidance. The European Medical Device Directive (i.e., MDD) only required vigilance reporting of incidents that occurred outside the Member States of the European Economic Area (EEA), Switzerland, and Turkey if the incident required implementation of field safety corrective actions. The EU MDR now requires reporting of incidents that occur outside of the EU if the device is also made available in the EU.

The FDA Part 803 requirements are worded differently. Part 803 does not indicate that the event had to occur in the United States. The MedWatch form (i.e., FDA Form 3500A) must be filed for events that occur in the United States and events occurring outside the USA if the devices are “similar” to devices marketed in the USA. Unfortunately, most device manufacturers are not aware of this requirement. Therefore, the FDA released a final guidance on Medical Device Reporting requirements on November 8, 2016. If you would like to learn more about Medical Device Reporting requirements, you can purchase our MDR procedure and webinar bundle. We will also be expanding our consulting services in January 2024 to include Medical Device Reporting for our clients.

Additional Resources on Complaints Handling

Medical Device Academy sells a complaints handling procedure, and a webinar on complaints handling. We will be updating the procedure during the holidays and hosting a new live complaints handling webinar on January 4, 2024. If you purchase the webinar, or you purchased the webinar in the past, you will receive an invitation to participate in the live webinar in January. If you purchase the complaints handling procedure, or you purchased the procedure in the past, you will receive the updated procedure, updated complaints handling form, and updated complaints log. You will also receive an invitation to the live webinar because we will be bundling the webinar with an updated procedure. We will also provide a discount code during the live webinar for people to upgrade their purchase of the webinar to include the purchase of the procedure. Customers who purchased one of our turnkey quality systems will also receive access to the live webinar.

Complaints handling mistakes – Why? Read More »

How to Audit Your Labeling Process for 21 CFR 820 Compliance

Leave a Comment / ISO Auditing / By / , , , , ,

This article reviews how to audit your labeling process for 21 CFR 820 compliance with the six requirements of section 820.120.

audit labeling How to Audit Your Labeling Process for 21 CFR 820 ComplianceThe most common cause of recalls is labeling errors. Therefore, one of the best ways to avoid a recall is to perform a thorough audit of your labeling process. Unfortunately, most auditors receive no specific training related to labeling. The primary reason for the lack of labeling-specific training is because most auditor training focuses on ISO certification requirements.

ISO 13485 Requirements for the Labeling Process

ISO 13485 only requires the following labeling requirements: “The organization shall plan and carry out production and service provision under controlled conditions. Controlled conditions shall include, as applicable…g) the implementation of defined operations for labeling and packaging.” ISO 14969 is the guidance document for ISO 13485, and the guidance includes additional recommendations for control of the labeling process to prevent errors. Unfortunately, auditors are trained to audit for compliance with regulations, while guidance documents are neglected almost entirely. ISO labeling requirements are vague. Therefore, auditors need to focus on the six requirements of 21 CFR 820.120–the section of the FDA QSR specific to labeling. Labeling process flowchart1 How to Audit Your Labeling Process for 21 CFR 820 Compliance Most auditors are taught to develop a regulatory checklist to verify requirements. However, the process approach to auditing is a more effective approach to identify ways that the labeling process can break down. Below examples of how the two approaches differ are provided for each of the six requirements:

1. Labeling Procedure

Most auditors, and FDA inspectors, request a copy of a labeling procedure to verify compliance with the first requirement. In their notes, they record the document number and revision of the procedure. The auditor may also review the procedure to ensure that the procedure includes each of the other five regulatory requirements listed below. The process approach to auditing also verifies compliance with the requirement for a procedure. Still, auditors using the process approach ask the process owner to describe the process, and the process description provided is compared with the procedure.

I also teach auditors to ask the process owner to identify where in the procedure, each requirement can be found. This eliminates the need to spend valuable audit time reviewing a procedure and forces the process owner to demonstrate their familiarity with the procedure.

2. Label Integrity

A lack of labeling integrity is seldom raised as an observation by auditors, unless labels are falling off of the product, or if the label content is illegible. During hundreds of audits, I have never noticed a label falling off the product, but I have seen customer complaints about labels falling off. Another way to assess if there is a problem with labeling integrity is to ask how the labeling specifications were established, verified, and validated. The user environment is frequently the determining factor for labeling specifications. For example,

  • Does the label need to be waterproof?
  • Is the print likely to be exposed to abrasion that could rub off the ink?
  • Are the storage conditions likely to include high heat and humidity that could cause the adhesive to fail? 

This type of approach links the labeling of products to customer focus and design inputs.

3. Labeling Process Inspection

The inspection of labeling is more than a visual examination. A thorough inspection requires a systematic review of the label content to ensure that the label information matches the requirements for the specific production lot. The requirements specify verification of:

  • correct expiration date
  • control number
  • storage instructions
  • handling instructions

There is also a requirement to document the date of inspection and the person that performed the inspection. An auditor can verify that the labeling inspection is being performed by reviewing records of the inspection, but you will rarely find an inspection record where the label is nonconforming. If you follow the process, you might ask the process owner where nonconforming labeling is recorded. The nonconforming material records should be an output of every inspection process. Auditors should also ask for metrics regarding a process. The frequency of labeling mix-ups and labeling errors identified during an inspection is an important metric that can be used as an indicator of weaknesses in labeling operations.

4. Labeling Storage

Most auditors will verify that labels are stored in a location to prevent deterioration or damage, but the highest risk is the mix-up of labels. Therefore, it is crucial to control the location of labels so that the incorrect labels cannot be accidentally distributed to the wrong manufacturing line. 

In 21 CFR 820.150, there is also a requirement to establish “procedures that describe the methods for authorizing receipt from and dispatch to storage areas and stock rooms.” Therefore, as an auditor, you might consider asking the process owner what the input to the labeling distribution process is (e.g., a work order) and which distribution records are created during the process. A labeling requisition and/or “pick list” from production planning is often used as an input to the labeling process, while the distribution of labeling to manufacturing usually requires a log entry for distribution from a stockroom, or assignment of a lot number to the batch of labels that must be entered in a log.

5. Labeling Process

It is insufficient to review DHRs for the labeling process. When you interview the process owner, you should determine who is responsible for creating and inspecting labels. Then, I coach auditors to go and view labeling operations at the source. By interviewing operators and asking them to demonstrate entry of variable data for labels and printing of labels, you can answer each of the following questions without even asking:

  • Is validated software is being used?
  • Are label templates protected from inadvertent changes?
  • How do operators ensure that labels from different lots are not mixed up?

Interviewing inspectors can determine if calibrated tools are being used to verify labeling dimensions and the proper placement of labels. You should also observe how inspectors ensure that variable data is correct.

6. Control Number

Most auditors will sample DHR records to verify that lot control numbers are recorded for each batch of products. However, when an auditor is focusing on records, the auditor is unlikely to identify any aspects of label handling that could result in mix-ups. To ensure that processing and segregation of different lots are adequate, an auditor has to observe line clearance procedures and to verify that each lot of labels is identified with regard to the lot number, quantity, and the released status if the identification information about the label is separated from the physical labels, the potential for labeling mix-ups increases.

One final aspect of labeling and control numbers to consider is the impact of new UDI regulations. Labeling will need to indicate the date of manufacture and expiration of the product. This information needs to be incorporated into the variable content of labels. Therefore, if labels are pre-printed, it may be necessary to reprint labels when the date of manufacture changes. This additional requirement is likely to force companies into on-demand printing of labels and automated software control systems. Auditors can verify the successful implementation of labeling process changes by auditing for compliance with the revised procedures.

UDI states that production identifiers (PI) consist of Manufacturing Date, Expiration Date, Lot/Batch Number, Serial Number. The rule also states that if a labeler does not use any of the listed PI, they do not need to have it on their labels. This will most likely apply to Class I device labelers only as Class II, and III labelers usually have one or more of the PI on their labels. Due to the variable nature of the PI, many labelers are adding in-line label verifiers to make sure their labels are readable by scanners.

How to Audit Your Labeling Process for 21 CFR 820 Compliance Read More »

Scroll to Top