Blog

Author Archive

What’s the difference between PMS, PSUR, and PSR?

This blog is intended to help clear your justified confusion if you are wondering what the difference is between PMS, PSUR, and PSR.

 

The nine most terrifying words in the English language are, “I’m from the Government, and I’m here to help.” That quote is from a speech by President Reagan on August 12, 1986.  One of the goals of the European Parliament and Council was “to ensure effective coordination of [competent authority] market surveillance activities and to clarify the applicable procedures.” After studying the new European MDR, I can confidently say that the European Parliament and Council have done their job well. My boss is a regulatory consultant with 30 years of experience, and he asked me to explain the difference between PMS, PSUR, and PSR.

To answer that question as objectively as possible, and cite my sources, I have included a copy and paste directly from Regulation (EU) 2017/745. Red text is my commentary, while the italicized text is a quotation from the most relevant article within the new EU regulations.

Under the New MDR, the only Class IIa, Class IIb, and Class III products are definitively required to have a Periodic Safety Update Report (PSUR). The PSUR needs to be updated annually for Class III and Class IIb implants, and the PSUR needs to be updated at least every two years for Class IIb (non-implants) and Class IIa devices. The PSUR must be available to your notified body, and upon request, the competent authorities. In contrast with the PSUR, Post-Market Surveillance (PMS) reports are required for Class I devices. Finally, a manufacturer’s Periodic Summary Report (PSR), relates to specific cases of Serious Incidents and Field Safety Corrective Actions (FSCA’s) based upon an agreement between the manufacturer and the competent authority or authorities instead of submitting individual FSCA reports.  This is confusing because the PSUR also meets the requirements of a PMS Report as defined in Article 85, but we don’t call it a PMS Report.

“Article 83 – Post-market surveillance system of the manufacturer

1. For each device, manufacturers shall plan, establish, document, implement, maintain, and update a post-market surveillance system in a manner that is proportionate to the risk class and appropriate for the type of device. That system shall be an integral part of the manufacturer’s quality management system referred to in Article 10(9).”

In Matthew’s words, “Manufacturers are required to establish a PMS system for every device or device family.”

“Article 84 – Post-market surveillance plan

The post-market surveillance system referred to in Article 83 shall be based on a post-market surveillance plan, the requirements for which are set out in Section 1.1 of Annex III. For devices other than custom-made devices, the post-market surveillance plan shall be part of the technical documentation specified in Annex II.”

In Matthew’s words, “Article 84 requires you to have a PMS plan in your quality system.”

“Article 85 – Post-market surveillance report

Manufacturers of class I devices shall prepare a post-market surveillance report summarizing the results and conclusions of the analyses of the post-market surveillance data gathered as a result of the post-market surveillance plan referred to in Article 84 together with a rationale and description of any preventive and corrective actions taken. The report shall be updated when necessary and made available to the competent authority upon request.”

In Matthew’s words, “A Class I device requires a PMS report, while the other product classifications require a PSUR.”

“Article 86 – Periodic safety update report

1.1 – Manufacturers of class IIa, class IIb, and class III devices shall prepare a periodic safety update report (‘PSUR’) for each device and were relevant for each category or group of devices summarizing the results and conclusions of the analyses of the post-market surveillance data gathered as a result of the post-market surveillance plan referred to in Article 84 together with a rationale and description of any preventive and corrective actions taken. Throughout the lifetime of the device concerned, that PSUR shall set out:

(a)

the conclusions of the benefit-risk determination;

(b)

the main findings of the PMCF; and

(c)

the volume of sales of the device and an estimated evaluation of the size and other characteristics of the population using the device and, where practicable, the usage frequency of the device.

Manufacturers of class IIb and class III devices shall update the PSUR at least annually. That PSUR shall, except in the case of custom-made devices, be part of the technical documentation as specified in Annexes II and III.

Manufacturers of class IIa devices shall update the PSUR when necessary and at least every two years. That PSUR shall, except in the case of custom-made devices, be part of the technical documentation as specified in Annexes II and III.

For custom-made devices, the PSUR shall be part of the documentation referred to in Section 2 of Annex XIII.

  1. For class III devices or implantable devices, manufacturers shall submit PSURs by means of the electronic system referred to in Article 92 to the notified body involved in the conformity assessment in accordance with Article 52. The notified body shall review the report and add its evaluation to that electronic system with details of any action taken. Such PSURs and the evaluation by the notified body shall be made available to competent authorities through that electronic system.
  2. For devices other than those referred to in paragraph 2, manufacturers shall make PSURs available to the notified body involved in the conformity assessment and, upon request, to competent authorities.”

In Matthew’s words, “Barring specified exemptions, manufacturers of a Class IIa device would need to submit a PSUR and update it at least every two years.”

“Article 87 – Reporting of serious incidents and field safety corrective actions

9. For similar serious incidents that occur with the same device or device type and for which the root cause has been identified or a field safety corrective action implemented or where the incidents are common and well documented, the manufacturer may provide periodic summary reports instead of individual serious incident reports, on condition that the coordinating competent authority referred to in Article 89(9), in consultation with the competent authorities referred to in point (a) of Article 92(8), has agreed with the manufacturer on the format, content, and frequency of the periodic summary reporting. Where a single competent authority is referred to in points (a) and (b) of Article 92(8), the manufacturer may provide periodic summary reports following an agreement with that competent authority.”

In Matthew’s words, “Periodic summary reports (PSRs) refer to significant incidents (SIs) and field safety corrective actions (FSCAs). PSRs require an agreement between the manufacturer and the competent authority(s) for cases where there is a group of common, well-known, and documented SIs or FSCA’s with a known root-cause. PSRs are an alternative to submitting individual SI and FSCA reports.”

Additional Quality System Resources

My boss also asked me to update the procedures for post-market surveillance (SYS-019) and vigilance (SYS-036). The PMS procedure includes requirements for Articles 83-86. The vigilance procedure includes the requirements for Articles 87-92.

About the author

20190531 005146 150x150 Whats the difference between PMS, PSUR, and PSR?

Matthew is a talented writer that missed his calling as a political satirist. Medical Device Academy is lucky to have him as a quality system expert and gap analysis guru. Matthew was asked to answer this question for a client in response to an email. He wrote the entire blog in less than one hour, but he didn’t think it was worthy of publishing. The boss disagreed. Please show Matthew some love with your comments below or by ordering the book from Amazon ($5 pre-order discount until August 28, 2020).

Posted in: Post-Market Surveillance

Leave a Comment (0) →

Implant Card Requirement – A New Requirement of EU 2017/745

This article breaks down and reviews the new implant card requirement as well as Article 18 of EU 2017/745.

We also have available for sale, SYS-037 Implant Card Procedure written to be Article 18 compliant of Regulation (EU) 2017/745, and includes;

  • SYS-037 A, Implant Card Procedure
  • FRM-044 Checklist for Information to be supplied to the patient with an implant
  • FRM-045 Implant Card Checklist for Article 18 Reg 2017-745
  • Native Slide Deck for Implant Card Webinar
  • Recording of the Implant Card Webinar

Implant Card Procedure Implant Card Requirement   A New Requirement of EU 2017/745

Implant Card Requirement, a new requirement from Regulation (EU) 2017/745.

One of the new changes to the regulation is an introduction of a new requirement for implantable devices. These devices must now come with an “implant card” that contains information about the implanted medical device for the patient. The responsibility of the implementation of the new implant card rules lies with the manufacturer of the implantable device and the health institution as required by the EU member states.

What is an implantable device?

Before discussing the specifics of the implant card, we must first define what an implantable device is to determine if the implant card requirements apply to your device or devices. Article 2 Definitions, number 5 of Regulation (EU) 2017/745 defines and outlines what is considered an implantable device.

(5) ‘implantable device’ means any device, including those that are partially or wholly absorbed, which is intended:

– to be introduced in the human body, or

– to replace an epithelial surface or the surface of the eye,

By clinical intervention and which is intended to remain in place after the procedure.

Any device intended to be partially introduced into the human body by clinical intervention and intended to remain in place after the procedure for at least 30 days shall also be deemed to be an implantable device;

(Taken from http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32017R0745 English version)

Is my device considered implantable?

Working with the above definition of an implantable device, you can now compare those requirements against your own devices to determine if they are considered to be an implantable device or not. This can be done by performing a gap analysis of the definition against your device.

Consider what your device is and ask yourself the following questions:

Is my device intended to be partially or wholly absorbed?

If the answer is no, then your device may not be an implantable one. If it is, then you must keep asking yourself questions until you can sufficiently determine your device’s status as implantable or not.

Is my device intended to be introduced in the human body?

No. Ok, that is fine, but is it intended to replace an epithelial surface or the surface of the eye?

To make an awful analogy of the process, it is almost like playing a game of Guess Who with your device. Instead of asking your device if they have red hair or a mustache, you have to ask your device questions like, “Are you intended to remain in place after the procedure?”.

The gap analysis is fine, but you also have to consider some other factors within the wording of the definition. Be careful navigating the specifics because the devil is in the details. In the definition, which is only eighty-nine words long, by the way, uses the word “intended” three different times.

That is important because the definition applies not only to some of the characteristics and uses of the device but also to the intent behind the device. Just because the device can be wholly introduced into the body does not mean that the device is ‘intended’ to be. A better example would be, by clinical intervention, can your device remain in place after the procedure? Could it, perhaps, but is it intended to be? Also, is it the intent of the device to be done so by clinical intervention?

Where to find the implant card requirement?

Regulation (EU) 2017/745 of the European Parliament and of the Council of 5 April 2017 on medical devices is where the introduction of implant cards can be found. The definition of an implantable device is found in Article 2 Definitions, definition number 5.

Article 18- ‘Implant card and information to be supplied to the patient with an implanted device’ is where the implant card requirements can be found. This article contains three sections and four subsections pertaining to implant cards.

Article 18 Implant card requirement and information to be supplied to the patient with an implanted device

Below is article 18 in its entirety so that we can discuss it further in detail.

“1. The manufacturer of an implantable device shall provide together with the device the following:

(a) information allowing the identification of the device, including the device name, serial number, lot number, the UDI, the device model, as well as the name, address and the website of the manufacturer;

 

(b) any warnings, precautions or measures to be taken by the patient or a healthcare professional with regard to reciprocal interference with reasonably foreseeable external influences, medical examinations or environmental conditions;

 

(c) any information about the expected lifetime of the device and any necessary follow-up;

 

(d) any other information to ensure the safe use of the device by the patient, including the information in point (u) of Section 23.4 of Annex I.

The information referred to in the first subparagraph shall be provided, to make it available to the particular patient who has been implanted with the device, by any means that allow rapid access to that information and shall be stated in the language(s) determined by the concerned Member State. The information shall be written in a way that is readily understood by a layperson and shall be updated where appropriate. Updates of the information shall be made available to the patient via the website mentioned in point (a) of the first subparagraph.

Also, the manufacturer shall provide the information referred to in point (a) of the first subparagraph on an implant card delivered with the device.

  1. The Member States shall require health institutions to make the information referred to in paragraph 1 available, by any means that allow rapid access to that information, to any patients who have been implanted with the device, together with the implant card, which shall bear their identity.
  2. The following implants shall be exempted from the obligations laid down in this Article: sutures, staples, dental fillings, dental braces, tooth crowns, screws, wedges, plates, wires, pins, clips, and connectors. The Commission is empowered to adopt delegated acts in accordance with Article 115 to amend this list by adding other types of implants to it or by removing implants therefrom.”

(taken from http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32017R0745)

Who does the implant card requirement apply to?

Section 1. of Article 18 states explicitly that it is the manufacturer who shall supply the information. Fortunately, it is also outlined what information needs to be included and some guidance on how to provide the information.

Take note, though, that the article states it “shall” be provided, “together with the device.” This means that merely having the information available or accessible such as a downloaded PDF on your website, is not sufficient to comply with section 1. Because that is not being supplied together with the device as outlined.

Section 2. of Article 18 applies to member states’ requirements of health care institutions.

Section 1 of Article 18

Section 1 is by far the most extended section of the article and outlines precisely what information must be provided with the implantable device. Not only is this information that must be provided, it specifically must be provided by the manufacturer. The subsections are broken down by topic and can be summarized as the information, warning, maintenance, and misc. Sections.

Section 1. Sub-Section A

This sub-section outlines the specific identifying information that must be provided. It is even specifically “information allowing the identification of the device.” For devices that are produced and manufactured compliant with other standards such as ISO 13485 or the QSR portion of the United States Code of Federal Regulations, a lot of this information is the same information that is required for traceability.

Besides the generic “information allowing the identification of the device,” the other specific information that ‘shall’ be provided is:

  • The name of the device,
  • The device serial number,
  • The lot number of the device,
  • The UDI,
  • The model of the device,
  • The name of the manufacturer,
  • The manufacturers address,
  • The manufacturers’ website.

They don’t just want your device’s driver’s license; they want the driver’s license, library card, passport, blood type, and favorite color. This is done for a purpose but also carries some implications on the maintenance actions of the manufacturer.

First such strict ID requirements mean that the device is traceable and identifiable. There should be absolutely no doubt about who made the device. In the event of an incident, that device should be traceable back to when and where the individual components were created and assembled into the final device. For traceability of an incident, tracking for corrective or preventive action, or just general inventory tracking this is the type of strict diligence that is expected when the end-user or patient is receiving medical care with an implantable device. There is no demonizing of this requirement. Yes, it is strict, but it is also just part of good housekeeping for a manufacturer in general. Only now it must be provided to the patient receiving care with the device as well.

What is implied is that the information provided along with the device is somewhat of a living document, and the information could vary a bit from patient to patient. Because things like lot numbers or any number of trackable metrics used with the UDI are included, the implant card information cannot be generically the same for each device but that it will have sections that are specific to individual devices. Sure this may initially create some logistical headaches for keeping track that the implant cards don’t get mixed up in situations where the devices are being manufactured, but this creates a level of accountability that is designed for the ultimate safety of the end patient.

Section 1. Sub-section B

Sub-section B contains the warning information of the device. The first part is pretty self-explanatory as meaning literally what is stated “any warnings” and “precautions”. It is the next part that I do not interpret literally. Where it says “measures to be taken by the patient or a healthcare professional with regard to reciprocal interference with reasonably foreseeable external influences, medical examinations or environmental conditions”.

If I were the manufacture of an implantable medical device, I would most definitely include measures to be taken by the patient as well as measures to be taken by a healthcare professional. There are a couple of spots that use the word ‘or’, and if it were me, I would read it ‘as well as’.

I say that for a few reasons. One is that without explicit clarification of a governing body as exactly what a silly little word like that is intended to me, this creates an area that is open for debate. Does that ‘or’ mean that at least one of those needs to be included and the rest can be excluded?

As one who likes to err on the side of caution, if you have the information available, why would you not provide it? By going above and beyond not only demonstrates your goodwill but also avoids hang-ups where an auditor might not agree with how you viewed the requirement, and you end up with a nonconformity, or in the same situation with an incident investigator. Ink is cheap; liabilities are expensive.

Section 1. Sub-section C, and Sub-section D.

These two subsections are relatively short and straight forward.

“(c)         any information about the expected lifetime of the device and any necessary follow-up;

How long can the user expect your device to last once it has been implanted?  I there any maintenance they should be performed? Perhaps once a year, a physician needs to double-check the device placement?

(d)         any other information to ensure the safe use of the device by the patient, including the information in point (u) of Section 23.4 of Annex I.”

The rest of Section 1. Of Article 18.

“The information referred to in the first subparagraph shall be provided, to make it available to the particular patient who has been implanted with the device, by any means that allow rapid access to that information and shall be stated in the language(s) determined by the concerned Member State. The information shall be written in a way that is readily understood by a layperson and shall be updated where appropriate. Updates of the information shall be made available to the patient via the website mentioned in point (a) of the first subparagraph.

Also, the manufacturer shall provide the information referred to in point (a) of the first subparagraph on an implant card delivered with the device.”

(Taken from http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32017R0745 English version)

At the end of this section, it provides a little bit more information about the purpose of the article but also lays out some guidelines for how to make the required information available.

I specifically mentioned earlier that having the information slapped on a website is not enough by itself. The text states, “any means that allow rapid access to that information”. Certainly, available on the internet is a means that allows rapid access, and it is if you have internet. Using a web-based approach like that is assuming that all the possible patients all have the technology and budget to reach the information. This means that every single possible patient needs a means to access the internet, and the money to pay for internet access. Also, being able to simply access the information rapidly isn’t necessarily providing the information “together with the device” as required.

You also need to have a conversation with your notified body and determine what languages are required by the member state in which your device is sold. It does not do the patient much good if they do not understand the language in which the information is being presented. It also needs to be presented in easy to understand terms, not in technical jargon.

Updates, unlike the initial presentation of information, needs to be included on your website. Specifically, the website that was included in the implant card given to the patient.

Section 2. of Article 18

Unlike what we saw in Section 1. Section 2. Outlines requirements for the health institutions and not the manufacturer. More specifically, Section 2. Requires member states to require health institutions to perform actions.

This section makes health institutions provide the same information that manufacturers had to provide to patients who have been implanted with a device, with the same stipulations as to how the information is provided. However, it also includes the health institution to include their identity on the implant card as well.

  1. Member States shall require health institutions to make the information referred to in paragraph 1 available, by any means that allow rapid access to that information, to any patients who have been implanted with the device, together with the implant card, which shall bear their identity.

(Taken from http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32017R0745 English version)

Exemptions allowed in Article 18.

Section 3 of Article 18 is the list of exempted implants, exempted devices are:

  • Sutures
  • Staples
  • Dental Fillings
  • Dental Braces
  • Tooth Crowns
  • Screws
  • Wedges
  • Plates
  • Wires
  • Pins
  • Clips

This is not an exhaustive list and can change with time at the discretion of the Commission. What it has done is taken implanted devices and exempted some of the most common and widely used ones. Thankfully so too, imagine if every staple needed an implant card to be presented to the receiving patient with individual batch and identifying numbers. Then coordinate the effort with a health institution so that the card also bears their identification as well. This would quickly become exhaustive.

  1. The following implants shall be exempted from the obligations laid down in this Article: sutures, staples, dental fillings, dental braces, tooth crowns, screws, wedges, plates, wires, pins, clips, and connectors. The Commission is empowered to adopt delegated acts in accordance with Article 115 to amend this list by adding other types of implants to it or by removing implants therefrom.”

(Taken from http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32017R0745 English version)

Posted in: CE Marking

Leave a Comment (0) →

What is a pFMEA? (i.e., process Failure Mode and Effect Analysis)

This article explains what a pFMEA is (i.e. Process Failure Modes and Effects Analysis) and how to use them as part of your risk management process.

RPN Scoring Table What is a pFMEA? (i.e., process Failure Mode and Effect Analysis)

I recently had someone ask for help understanding the Process Failure Mode and Effect Analysis (pFMEA) a little better. I can’t blame them, because I was lost the first time I tried to fill out a form for one. It can be confusing and overwhelming if you have never created one before.

First things first, what is a pFMEA

FMEA= Failure Modes and Effects Analysis

A lower-case letter will come before the FMEA, and that denotes the ‘what’, of what the failure is that is being analyzed. A pFMEA will often be examining process failures where a dFMEA might evaluate design failures. (dFMEA’s can be confusing as well, Robert Packard created training on how to document risk management activities without using one in his Death of the dFMEA Webinar)

Some systems capitalize all the letters. Some capitalize none. That is not what is important as long as it is consistent throughout your system. Everyone should be able to easily understand that whatever variation of pfmea is used; it means “process failure modes and effects analysis.” 

What does a pFMEA do?

A pFMEA will break down your manufacturing process into its individual steps and methodically examine them for potential risks or failures. For companies that utilize our Turn-Key Quality Management System, FRM-025 process Failure Modes, and Effects Analysis can be used as a template.

For this example, we will look at receiving inspection of injection-molded casing parts for a medical device. This receiving inspection includes a manual inspection of 10 randomly selected parts out of each delivery of 100 using an optical overlay.

Process Step

This area, as the section title suggests, is the process step. When looking at the process as a whole, the pFMEA will break it down into each and every step included in that process. This area is simply that individual step that is going to be examined.

The Process Step or item function depending on what your form uses for this scenario, is going to be part of the random sampling for manual inspection of the received parts using an optical overlay. Our example is going to be the backlighting element of the optical overlay display. The backlighting element will illuminate the inspected part against the template to verify that the part is within specific dimension criteria.

Potential Failure Modes

A failure mode is a way in which that process step might fail. Since it is failure modeS, it needs to be considered that there may be more than one way for the process step to fail. Do not be fooled that because this box on the form has been filled in that the pFMEA will be complete. A thorough examination of all of the possible failures should be investigated.

Our example in this process requires the backlighting element to illuminate a visual template over the parts. The light not illuminating properly is a potential failure mode of this process.

Potential Effects of Failure

the potential effects of the failure is a look into what the ramifications would be if that failure for that process step actually happened.

In our scenario, one of the potential effects of the lighting not functioning properly is that parts outside of the designated sizing acceptance criteria may be accepted rather than rejected as non-conforming parts.

S (Severity)

The next area is the first area that requires an estimated grading of the failure. That is ‘Severity’ which is abbreviated as S. There is a scale provided in the rating section of FRM-025 that outlines the numbering system that Medical Device Academy uses.

Below is a snippet of the rating scale used, this is included with the purchase of the SYS-010 Risk Management Procedure.

Severity (S)
Severity of the effect Scale Definition
Business Risk 0 No potential harm to patient or user
Superficial 2 Little potential for harm to patient or user

In this case, our example is using molded plastic pieces of the outside casing of a medical device. Pieces that are too large or too small will not fit when making the final assembly of the device. These plastic pieces do not happen to be patient contacting, and do not affect the function of the device.

The evaluation of this failure is determined to have no potential effect on patient safety or increase any potential for risk of harm, therefore the severity is assigned as a ‘business risk’ meaning that it bears no risk for the user or the patient. This makes the Severity Score 0.

Causes of Failure

This column is exactly that. What might cause this identified failure to happen? In our example might be the light bulbs in the overlay machine may slowly burn out over time with use. This burnout causes potential failure.

If the bulb is expected to only have a lifetime of 100 hours, then the more hours the bulb is used, the dimmer the light may become. A slowly dimming light decreases the sharpness of the overlay template and our parts that are supposed to have a + or – size criteria of 10% now have a fuzzy template that in reality changes the overlay to show closer to + or – 13%. Now parts that are too small or too large may be accepted.

O (Occurrence/Probability)

This grading criterion is also found in the Rating section of FRM-025. This is how often the failure is expected to occur. How often will the lighting element of our optical overlay fail to function in the appropriate manner for this cause?

Hopefully not very often. In fact, regularly scheduled maintenance and calibration of the overlay machine could prevent this from ever happening in the best-case scenario. Our evaluations determine that the probability of this happening is low. However, since we cannot be certain it will never happen the potential for this risk exists and makes the Occurrence score a 4.

Current Process Controls

What is currently being done to control this risk? Our example uses regularly scheduled maintenance and calibration to prevent bulb burnout affecting the overlay.

D (Detectability)

Our current process is based on routine maintenance and visual inspection. This means that the bulb burnout is something that is visually inspected for and visual inspections for detectability on the rating scale are graded as 8. This chart is found in the Rating Section of FRM-025.

RPN (Risk Priority Number)

This is a number that is found by multiplying the Severity, by the Probability, by the Detectability. In our example, the numbers RPN is  0X4X8=32 for an RPN of 32 which is considered LOW.

pFMEA math

Below is a short video explaining the math behind calculating the Risk Priority Number

https://www.youtube.com/watch?v=OWfyHyx-zhI&feature=youtu.be

Recommended Actions

What if anything can be done to improve this process? In our example, a recommended action may be to transfer from visual only inspections to verification of light output by the meter. This makes the Detectability of the failure measurable by meter or gage which is a detectability score of 4.

This changes the RPN now to 0X4X4=16

The pFMEA shouldn’t be a solo thing

If it can be avoided this type of analysis should be done by a multidisciplinary team. Sometimes in smaller companies, people end up having to wear more than one hat. There are many entrepreneurs that have to function as the CEO/CFO/Design Engineer/RA/QA manager.

Ideally, a team approach should be used if feasible. Have the management level staff who have ownership of the processes participating in this analysis. They should know the process more intimately than anyone else in the company and should have more insight into the possible failure modes of the processes as they have likely seen them first hand. They are also the type of employee who would know the types of recommended actions to control the risk of those failures as well.

The pFMEA should also be a living document

As new failure modes are discovered they should be added to your pFMEA. A new failure mode might be discovered through a CAPA because the process had an actual failure that was not originally analyzed. Take an instance like that as an opportunity for improvement and to update your pFMEA as part of a living breathing risk management system. Also, use this as a time to re-brainstorm potentially similar failure modes that may not have been considered previously so that they can be controlled before they happen.

If you took the time to watch the video above it is also mentioned that in some instances the very first FMEA must be based on estimates because there is no data. Managers and engineers may be forced to estimate the probability of occurrence. If that is the case the FMEA should be updated in the future to adjust the (O) score to reflect what is occurring in actuality based on real data and not the theoretical data that was used for the initial estimate.

Posted in: ISO 14971:2019 (Risk Management)

Leave a Comment (0) →

What is a Gap Analysis?

This article describes what a gap analysis is in the context of managing your quality system when standards and regulations are updated.

Compliance Assessment Gap Analysis Picture 1024x683 What is a Gap Analysis?
Compliance Assessment/Gap Analysis

What is a Gap Analysis? An introductory look.

Well, that depends on the context. The dictionary definition is “A technique that businesses use to determine what steps need to be taken in order to move from its current state to its desired, future state. Also called need-gap analysis, needs analysis, and needs assessment.” (http://www.businessdictionary.com/definition/gap-analysis.html). 

For the most part, this is correct, but we need to tweak it just a little bit to fit better into our regulatory affairs niche, specifically medical device manufacturers. A Gap Analysis for financial investment or an advertising firm will be very different than one for a medical device distributor. It might even be better served to be called a Compliance Assessment/Gap Analysis, but I am sure someone else has thought of that long before me.

For our purposes, the Gap Analysis is a formal comparative review of an internal process or procedure against a standard, good practice, law, regulation, etc. This blog article will be an introductory look into that process.

What are the two BIG goals of a Gap Analysis?

It sounds like a simple exercise, but the Gap Analysis or GA for short can have two very different but complementary functions. Rather than simply hunting for areas of non-compliance, the first goal is to find and demonstrate areas of compliance. 

The second more obvious goal is to find the gaps between the process and the regulatory requirements they are being compared against. 

Why is demonstrating compliance important?

Because this is a formal documented review, a Gap Analysis provides documentation in a traceable manner of meeting the requirements that have been laid out. That traceability is important because it allows anyone to read the report, see the requirement, and locate the area of the procedure that demonstrates conformity with that requirement. 

The report itself is an objective tool, not something that is meant to be a witch hunt. The Gap Analysis will compare document contents. If you want to verify that the entire process is fully compliant, you will need to dig deeper and observe if the activities laid out within the procedure are being performed per the procedure instructions. It is possible to draft procedures that are compliant with text requirements but non-compliant in the manner that the actions are being performed and documented.

What about gaps?

The gaps, or areas of non-compliance highlight opportunities for improvement, if there are any. A Gap Assessment may not find any gaps and present a report that clearly and neatly outlines and explains how each regulatory requirement is being met. 

If there are any gaps identified, that does not mean that there is cause for concern. This should be viewed instead as an opportunity for improvement. Standards and procedures change over time, and, naturally, procedures and processes will have to change with them.

The very act of the Gap Analysis shows that there is a documented effort towards continual improvement as long as the gaps are addressed. 

Addressing the Gaps

The report is ideally the first and last step, and you have a wonderful piece of paper to show that someone checked, and all of the required areas are being met. However, this is not always the case. When there are gaps, they must be filled.

Addressing a gap should happen in a traceable manner, one that shows it was identified, acknowledged, and then how it was fixed. Something that might be addressed through a CAPA process, but that is a topic for a different time. 

In Closing

The Compliance Assessment/Gap Analysis is a singular tool used in the overall maintenance of a quality system. Its actions and performance are similar to a simplified type of audit, but the Gap Analysis itself is not going to replace your regularly scheduled audit activities. However, it will help you monitor and keep your fingers on the overall pulse of your quality system. This is also especially helpful in situations where standards and regulations are updated, and your quality system needs to be evaluated and updated accordingly.

For more in-depth education in specialized areas of the assessment, look into our training on Technical File Auditing for MDR compliance against Regulation (EU) 2017/745 at the link below.

Technical File Auditing for MDR Compliance

Posted in: Quality Management System

Leave a Comment (0) →

Third party review of 510(k) submissions – When it makes sense and which third party to choose?

third party review Third party review of 510(k) submissions – When it makes sense and which third party to choose?

What is a Third Party Review?

A third-party review is the review of a 510(k) that has been submitted directly to a third party rather than the FDA themselves. Back in 1997, as part of the FDA Modernization Act or FDAMA, the ‘Accredited Persons Program’ was created. This allowed the FDA to accredit persons, or ‘third parties’ to conduct the primary review of certain 510(k) submissions. One of the goals of this program was to be able to make the submission and review process faster and more efficient.

The third-party review is not a full alternative to submitting a 510(k) to the FDA. Third parties are authorized by the FDA to conduct the primary review of specific types of devices only. Only certain devices are eligible for third party review. The FDA keeps a database of those devices here in one of their medical devices databases (http://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfThirdParty/current.cfm).

The use of a third party review also does not bypass the FDA. The third party is only conducting the primary review of the 510(k) and then forwarding the submission, the review of the submission, and the post review recommendation to the FDA. The FDA then has a 30-day timeline to issue a final determination of the submission.

How many 510(k) submissions use a third-party review?

In 2016, I did an analysis of 510(k) submissions reviewed by the general and plastic surgery panel. I reviewed submissions that received clearance between January 1, 2015, and August 10, 2016. Of the 690 510(k) clearances that were issued by the panel, only nine (9) were submitted for third party review. Although third party reviewers were responsible for only 1.3% of the submissions I reviewed, there are other device classifications with higher percentages of reviews being conducted by third-party reviewers. There were a total of 114 submissions that were issued 510(k) clearance through a third-party review process during that period.

For this article, I reviewed the 3,023 510(k) clearances that were issued in the past 12 months (i.e., May 23, 2016, through May 23, 2017). Only 75 of the 510(k) submissions issued (2.5%) were submitted for third party review. Of these 75 submissions, the average review time by the FDA (after the third party review is completed) was 46 days. Since the average review time for the FDA of a traditional 510(k) is 183 days (based upon my data analysis from 2016), third party review can potentially reduce your 510(k) clearance timeline by months.

Why do only 2.5% of 510(k) submitters utilize a third-party review?

Originally, my theory was that only a limited number of product classification codes are eligible for third party review. The FDA is trying to expand the third-party review program, but 44% of third party reviews are for the radiology panel. Another 13% were for the general hospital panel, and 13% more of the reviews were for the cardiovascular panel. Finally, less than 7% were reviewed for the dental panel. The remaining 17 submissions were reviewed for other panels. A closer look at the product classification codes shows that there are only a few product codes within these panels that are being reviewed by third parties.

I also had a second theory for why so few submitters are using third parties. As I reviewed the actual 510(k) summaries for these 75 submissions, I noticed there were only four (4) companies listed as third party reviewers in the last 12 months:

  1. Regulatory Technology Services, LLC (http://www.markjob.com/) = 56 submissions
  2. Third Party Review Group, LLC (http://www.fdathirdpartyreview.com/) = 15 submissions
  3. TUV SUD America, Inc. (http://www.tuv-sud-america.com) = 3 submissions
  4. Center for Measurement Standards of Industrial in Taiwan = 1 submission

2018 Updated- FDA’s reporting of the first three quarters of 2018

Compared with the above information, the first three-quarter reportings for 2018 list a total of more third party reviewers. Currently, in the quarterly reports from the FDA, there are the following 3rd party reviewers:

  1. AABB = 5 or less
  2. Center for Measurement Standards of Industrial (CMSI) = five or less
  3. New York State Department of Health (NYSDOH) = five or less
  4. Nordic Institute of Dental Materials (NIOM) = five or less
  5. Regulatory Technology Services, LLC. (RTS) = 36
  6. Third Party Review Group, LLC. (TPRG) = 13
  7. TUV SUD America, INC. (TUV) = 5 or less

The FDA keeps an up to list of approved third-party reviewers under the Medical Devices Databases. Titled Current List of Accredited Persons for 510(k) Review under the FDA Modernization Act of 1997- (http://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfthirdparty/Accredit.CFM?party_key=8).

As of Quarter Three, there have been a total of 53  Third Party 510(k) Submissions Accepted. A majority of these completed by Regulatory Technology Services, LLC, and Third Party Review Group, LLC (TPRG). 36, and 13, respectively. All of the others have five or less, but these numbers may increase once the fourth-quarter report is released.

When should you choose a third-party review instead of submitting directly to the FDA?

Always check the 510(k) database to see if third party reviewers were used for your product’s classification code. Ideally, a third-party reviewer has been involved in a device that is in the same product classification, and possibly that device would be a suitable predicate for you to select for your 510(k) submission. If your search yields no results, your device may not be eligible for a third party review. However, you can always contact one of the four third party reviewers listed above.

In general, the third-party review process is an excellent way to shorten your 510(k) clearance timeline by months. The cost is significantly more than the FDA user fee. However, a faster time to market is almost always worth the increased fee. Therefore, if a third party review is available, I recommend taking advantage of this option.

Do you need help?

Medical Device Academy offers a regulatory pathway analysis service for $1,500. For those of you that are only interested in the US market, rather than including the EU and Canada, the cost for this service is only $750. Do you need help identifying the product classification for your device, determining the required performance testing, and selecting a predicate device? We can do this for you in one week or less. Do you need an expedited review? We can also determine if your product is eligible for third party review and obtain a quote for you.

Posted in: 510(k)

Leave a Comment (1) →