Author name: Robert Packard

Biocompatibility for 510k Submissions vs CE Marking

1 Comment / 510(k), CE Marking / By
asr 1 Biocompatibility for 510k Submissions vs CE Marking
Titanium is not biocompatible?!

This article compares the different documentation requirements of biocompatibility for 510k submissions with a technical file submission for CE Marking.

A couple of my clients recently received requests for additional information as part of their technical file submission for CE Marking. Both clients had titanium implants, and they submitted the same justification of biocompatibility for 510k submissions as they were now submitting for their technical file. They were providing a one-paragraph description of materials used and referencing the ASTM specification for implant-grade titanium. Both clients already had CE Marking for similar devices, and the wording of the justification for not conducting biocompatibility testing on the full device was identical to the previous submissions.

“Justifications are no longer permitted”

One of my clients questioned whether there was a new EN standard for implant-grade titanium that they might need to comply with. Their auditor told the other client that the Notified Body would no longer accept justifications for not conducting biocompatibility testing.

On behalf of my clients, I scheduled a meeting with their Notified Body to obtain clarification and to make sure that the policies for documentation of biocompatibility had not changed. The Notified Body had three important points to make:

  1. Justifications are PERMITTED as it states in EN ISO 10993-1:2009
  2. Competent Authorities noticed that some of the justifications accepted in the past were not sufficient
  3. What the FDA accepts for biocompatibility for 510k submissions is not sufficient for a technical file

FDA requirements of biocompatibility for 510k submissions

In 1995, the FDA published a biocompatibility guidance document. That guidance document includes a decision tree that asks a series of questions related to biocompatibility for 510k submissions that is intended to help manufacturers determine which biocompatiblity testing may be required for 510k submission of their new or modified device. The following questions are the critical items covered in that decision tree: 

  • Is the material the same as a marketed device?
  • Same manufacturing process?
  • Same chemical composition?
  • Same body contact?
  • Same sterilization method?
  • Is the material metal, metal alloy, or ceramic?
  • Does it contain any toxic substances (e.g., Pb, Ni, Cd, Zr)?
  • Does the master file have acceptable toxicology data?

In the past, I recommended that clients with titanium implants prepare section 15 of their 510k submissions by answering each of the questions above. 99% of the time, the predicate device is substantially equivalent to the 510k submission device with regard to the first five questions. Except in the case of coated implants, there was seldom a Device Master File to reference, and the metal was compliant with the ASTM standard for titanium implants–including the concentrations of heavy metals.

For other medical devices that were not made of just titanium or some other implant-grade metal, the manufacturer was forced into conducting biocompatiblity testing. In these cases, I directed the clients to follow the biocompatibility testing matrix published by the FDA.

New Draft Biocompatibility Guidance from the FDA

In 2013, the FDA published an FDA 2013 draft guidance document for biocompatibility with additional requirements for biocompatibility documentation and testing. The newer draft guidance appears to be the current expectation of the agency for 510k submissions, but the draft guidance has not been finalized yet.

The new 2013 draft guidance document from the FDA indicates that biocompatiblity testing reports must be provided with 510k submissions instead of merely summarizing the testing performed. The FDA clarifies in the draft that materials will not be evaluated alone, and the full device must be evaluated for biocompatibility instead. The FDA also specifies that the device evaluation must be for a sterilized device if the device is intended to be delivered in a sterile state to users/patients. This draft incorporates new ideas regarding toxic chemicals, such as colorants. The FDA also suggests that manufacturers discuss their testing plans with the FDA before starting the biocompatibility testing.

Despite the changes proposed in the 2013 draft guidance, there are no changes to the requirements of biocompatibility for 510k submissions if the device is a metallic implant that is substantially equivalent to a predicate device.

Technical File Differences for Biocompatibility

In theory, there should be very few differences between biocompatibility for 510k submissions and technical file requirements for CE Marking, because the FDA recognizes ISO 10993-1:2009, and the content of the standard is nearly identical to the European national version of the standard. For European CE Marking, the expectation is for the technical file to include documentation of conformity with the current state of the art for biocompatibility (i.e., EN ISO 10993-1:2009). Summary Technical Documentation (STED) is preferred by Notified Bodies to reduce the time and costs associated with the review of the technical documentation.

A STED that explains how your biocompatibility evaluation conforms to a harmonized European Standard is quite different from a justification based upon substantial equivalence. Notified Bodies expect you to review each of the elements of the harmonized standard and explain how you address it in the STED. In Clause 7 of EN ISO 10993-1:2009, there are seven elements recommended for a biological safety assessment:

  1. the strategy and program content for the biological evaluation of the medical device;
  2. the criteria for determining the acceptability of the material for the intended purpose, in line with the risk management plan;
  3. the adequacy of the material characterization;
  4. the rationale for selection and/or waiving of tests;
  5. the interpretation of existing data and results of testing;
  6. the need for any additional data to complete the biological evaluation; and
  7. overall biological safety conclusions for the medical device.

The fourth element of the biological safety assessment will undoubtedly include a reference to the implant-grade titanium that you are using. However, you also must address additional questions that are posed in Figure 1 of the standard. Issues that should be addressed in your biological safety assessment include:

  1. Are there any additives, contaminants, and residues remaining on the device?
  2. Are there any substances leachable from the device? 
  3. Are there any degradation components of the device?
  4. Are there other components, and how might they interact with the final product?
  5. What are the properties and characteristics of the final product?

 If you conducted a cleaning validation, you need to reference that process validation report. If you did the testing of EO residuals, you need to reference the ISO 10993-7 test report.

The message the Notified Bodies are sending you is that they agree that implant-grade titanium is biocompatible. Still, you need to systematically write a justification for not conducting the testing in accordance with the EN standard, and you have to cross-reference to your objective evidence throughout the STED. 

Biocompatibility for 510k Submissions vs CE Marking Read More »

Risk Management File Compliance for 510k and CE Marking

4 Comments / ISO 14971:2019 (Risk Management) / By

This article compares risk management file FDA requirements for CE Marking and 510k submission requirements.

Risk Management File Risk Management File Compliance for 510k and CE Marking

The FDA only requires documentation of risk management in a 510k submission if the product contains software, and the risk is at least a “moderate concern.” Even then, the 510k only requires the submission of a design risk analysis rather than your complete risk management file. Knee implants do not require submission of risk analysis, even though manufacturers are required to perform risk analysis in accordance with ISO 14971, because knee implants do not contain software. Therefore, it is not uncommon for a product that is already 510k cleared to receive audit nonconformities related to the risk management documentation during a technical file review by a Notified Body.

The FDA recognizes ISO 14971:2007 as the standard for risk management of medical devices. CE Marking also requires compliance with ISO 14971, but specifically the European national version of the standard (i.e., EN ISO 14971:2012). The most common technical file deficiencies related to risk management during a CE Marking application include the following:

  1. compliance with ISO 14971:2007 instead of EN ISO 14971:2012
  2. reduction of risks as low as reasonably practicable (ALARP) instead of reducing risks as far as possible (AFAP)
  3. reducing risks by notifying users and patients of residual risks in the IFU
  4. only addressing unacceptable risks with risk controls instead of all risks–including negligible risks

Each of these deficiencies is also explained in Annex ZA, ZB, and ZC of EN ISO 14971:2012.

7 Deviations you must address in your risk management file

Notified Body auditors are supposed to be reviewing your risk management process and sampling your risk management file(s) to verify that you conform with the requirements for a risk management file as defined in EN ISO 14971:2012 and the applicable European directive. Most manufacturers with CE Certificates have updated their procedures for compliance with the European National version, but the updates are not always complete or done correctly. Therefore, auditors need to be systematic in their review for compliance. I recommend creating a three-column table in your audit notes for each of the seven deviations. The first column would state the requirement from the applicable annex of EN ISO 14971:2012. The second column is used to document wherein the risk management procedure, and each of the seven requirements is addressed. Suppose you can’t find it quickly during your review–as the person you are auditing to find it for you. The third column is used to document which risk management file you sampled, and wherein the risk management file, the auditor was able to find compliance with one of the deviations. Risk management training of the cross-functional risk management team should also be sampled by the auditor. If the auditor can’t find an example of compliance in the procedure or the risk management file, then there is a minor nonconformity that needs to be corrected and recurrence needs to be prevented.

Note: Remember that auditing is about verifying compliance–not scouring 100% of the records for nonconformity.

Procedure review

The first step in responding to correcting deficiencies in your risk management process is to update your procedure. The following basic elements need to be included in the procedure:

  • risk management plan
  • hazard identification
  • risk analysis
  • risk control option analysis
  • verification of risk control effectiveness
  • risk/benefit analysis
  • risk management report

Many of the procedures I review focus on the risk analysis process, and the most common tool for risk analysis is a failure mode and effects analysis. This is an excellent tool for process risk analysis, but it is only one of many possible tools, and it is not ideally suited for design risk analysis. In addition, your procedure is not adequate as a risk management plan. You need risk management plans that are product-specific or specific to a product family. Your risk management plan must also change and adapt as products progress from the design and development process to post-market surveillance. Finally, many of the procedures only require a benefit/risk analysis to be performed when risks are not acceptable, while the European MDD requires that all CE Marked products include a benefit/risk analysis for each risk identified in the risk analysis and the overall risk of the product or product family.

Risk management plans

Risk management is required throughout product realization, but the activities are quite different during the pre-market and post-market phases. Therefore, I recommend including a risk management plan as part of the design and development plan to address pre-market needs for risk management. Once a product development project reaches the design transfer phase, then a post-market risk management plan needs to be written. I incorporate this plan into the post-market surveillance plan for the product or product family. This approach ensures that the risk analysis will be linked directly with post-market surveillance after the product is released.

Hazard identification

Many companies do create a specific document that identifies all the hazards associated with a product. This is an important step that should occur early in the design and development process before design inputs are finalized. During the development process, these hazards may need to be updated as materials and production processes are developed. Some companies may choose to identify hazards at a different time or in a different way. Still, the proposed European Medical Device Regulations (EMDR) require that the dangers are recognized as one of the essential requirements. The ISO 14971:2007 standard suggests that design teams should identify as many hazards as possible, estimate the risks, and then implement risk controls for any unacceptable risks. The EN ISO 14971:2012 standard requires that risk controls be implemented for hazards–regardless of acceptability. For this reason, I recommend companies restrict their identification of hazards to the most likely product malfunctions and hazards of high severity. This list should include any hazards already identified in the FDA’s MAUDE database.

Benefit/risk analysis & risk traceability matrix

To perform a benefit/risk analysis, you have to know the likelihood of potential hazards resulting in harm and the clinical benefits of a product. Unfortunately, reduced costs cannot be used to justify the acceptability of a device. Benefit/risk analysis must be performed for each risk and the overall residual risks. Therefore, it is important to identify the clinical benefits that outweigh each of the risks. I recommend using a risk traceability matrix in order to document each benefit/risk analysis. This can be a separate risk management document, or it can be incorporated into a design requirements matrix. It is also important to identify any warnings, precautions, or contraindications that should be documented in the information provided to patients and users when risks cannot be eliminated. This may be the last column of your risk traceability matrix.

Risk management report

The risk management report should be a summary technical document (i.e., STED). The STED should reference the procedure that was used and indicate all the risk management activities that were performed specifically to the product or product family defined in the scope of the risk management report. The dates of activities, changes made, and cross-references to any controlled documents should be included in the risk management report. I recommend maintaining the risk management report as a controlled document and revising the document to reference additional risk management activities when they occur. The bulk of details should be contained in the referenced risk management documents within the report.

Procedures and templates for your risk management file

We also have a procedure (SOP) for risk management (SYS-010).

Risk Management File Compliance for 510k and CE Marking Read More »

What is a Master Validation Plan and Do You Need One?

Leave a Comment / Process Validation / By

This article explains what a master validation plan is, when is it appropriate to have a master validation plan, and when you need one.

Process Validation Protocol What is a Master Validation Plan and Do You Need One?

Master Validation Plan

In the United States, there are two applicable regulations for medical device manufacturing process validation: 1) 21 CFR 820.75, and 2) ISO 13485, Clause 7.5.2. Neither the QSR regulation nor the ISO 13485, include any mention of a master validation plan. There is a requirement for product realization planning, and a master validation plan could be an essential part of that planning. However, master validation plans are not mentioned anywhere.

MDD – Master Validation Plan?

For companies that manufacture CE Marked products, the term validation appears in the MDD (93/42/EEC as modified by 2007/47/EC) a total of two times. Only one of those references is specific to process validation, but there is no mention of a master validation plan. The single mention of validation appears in Annex VII, and the reference is specific to the requirement for including a copy of the sterilization validation report in a technical product file.

CMDR – Master Validation Plan?

For companies that hold one or more Canadian Medical Device Licenses, “validation” appears in the Canadian Medical Devices Regulations (CMDR) a total of eight times (four times as part of the French translation). The first four references are part of the definition of validation, where the CMDR is referring to design validation. The remaining four references specifically mention the requirement for the inclusion of process validation and software validation in a medical device license application for Class IV devices. None of those references say of a master validation plan.

IQ/OQ/PQ Requirements?

Not only is there no mention of a requirement for master validation plans in any of the medical device regulations, but there is also no mention of installation qualification (IQ), operational qualification (OQ), or performance qualification (PQ). The only mention of validation protocol or report appears in 21 CFR 820.70 as it refers to using validation protocols for validation of software controlling automated equipment.

21 CFR 210 or 21 CFR 211 requirements?

The requirements for medical devices historically are derived from pharmaceutical regulations–which included the requirement for process validation. However, neither 21 CFR 210 nor 21 CFR 211 mention master validation plans (need to verify). They also don’t mention IQ/OQ/PQ requirements.

Where did the idea for Master Validation Plans Come From?

GHTF/SG3/N99-10:2004 is the guidance document that was created by the Global Harmonization Task Force’s Study Group 3 for guidance on process validation. The guidance even includes templates for a master validation plan, IQ, OQ, and PQ. The guidance indicates that the purpose of a master validation plan is to plan validation and revalidation activities. There are other planning documents that could be used instead. For example, design plans include process validation as part of the design transfer activities when a new product is being developed. Quality plans are used for facility expansions and construction of new facilities. Some companies even include validation and revalidation plans in their process validation procedure and/or sterilization validation procedure.

For companies that have equipment that requires validation, I like to use an equipment register that identifies calibration, preventive maintenance, validation, and revalidation requirements as part of the equipment register. This allows me to use one single document to manage all the planning of calibration, preventive maintenance, and validation. If there are no validation requirements, then the appropriate column of the equipment register will indicate “n/a.”

What is a Master Validation Plan?

A master validation plan (MVP) is simply a plan for your equipment and process validation activities. All the equipment, processes, and software requiring validation should be included in the MVP. The plan should reference the applicable protocol and report for each item in the plan. If there are revalidation requirements, the plan should indicate when the last validation was performed and what the frequency of revalidation should be. Ideally, similar equipment will use the same validation protocols that are controlled documents and pre-approved. Over time the number of reports referenced will increase, but the plan should only reference the most recent approved protocol(s).

Some companies include the rationale or triggers for revalidation in the plan–just as you would for a record retention table. However, other companies will include this detail in the validation protocol and/or in the process validation procedure. The rationale for revalidation only needs to be in one of three places, and duplication of the information just encourages errors and audit non-conformities.

Procedures & Templates

We also have a process validation procedure.

What is a Master Validation Plan and Do You Need One? Read More »

Strategic planning of a mock FDA inspection

1 Comment / FDA / By

This article shows you how to think strategically when you plan a mock FDA inspection to ensure that you successfully prevent an unpleasant FDA inspection.

strategic planning Strategic planning of a mock FDA inspection

For the past couple of years, several clients have asked me to conduct mock FDA inspections to prepare them for a potential FDA inspection. I am writing from Shanghai, China, where I am conducting a mock FDA inspection for a medical device client with another auditor from the company’s business unit in the USA.

The mock FDA inspections I conduct are internal audits and technically not an inspection because inspectors are looking for nonconformities, and I am looking for conformity with the FDA regulations (i.e., 21 CFR 820, 21 CFR 803 and 21 CFR 806). Inspections are conducted by FDA investigators that are conducting an inspection in accordance with the FDA QSIT manual (http://www.fda.gov/ICECI/Inspections/InspectionGuides/ucm074883.htm). I use the process approach to conduct audits of the four major quality systems that FDA inspectors focus on during an FDA inspection. Still, as an auditor, I have several advantages that an inspector doesn’t.

  1. I can evaluate auditees and coach them on how to respond to an FDA inspector more effectively.
  2. I can teach my client’s internal auditors and management team how to use internal audits and Notified Body audits as practice for their next FDA inspection.
  3. I can avoid any area that my client wants me to and focus on areas of concern.
  4. I can help my client identify the most likely product or product family to be targeted by the FDA.
  5. I can give my client advice and help them implement corrective actions.
  6. I can teach my client how to respond to potential FDA Form 483s to avoid a Warning Letter.

Opening meeting for a mock FDA inspection

FDA inspections are not planned, but it is important to make sure that the right people are available and present during a mock FDA inspection, or your “inspector(s)” may not be able to review the records or interview the most important people. Therefore, I provide an agenda ahead of time, indicating which processes I will be auditing on which days. My agenda for a mock FDA inspection begins with an opening meeting, but the purpose of this opening meeting is primarily training. I take advantage of having all the senior managers in one room as an opportunity to explain how they can benefit most from the audit, and to remind them of what to expect during a real FDA inspection.

CAPA Sources

After the opening meeting, I take a brief tour—unless I already know the facility well. Before I leave for the tour, I ask my client to be prepared for me to begin auditing nonconformities, complaint handling, MDRs, and recalls when I return to the conference room. I select these areas because the FDA always starts with the CAPA process, but they look closely at the sources of CAPAs at the same time. I believe that inspectors rarely take “random samples.” Instead, most inspectors use the sources of CAPAs to help them bias there sampling of CAPAs.

Production and Process Controls

The next major process in my agenda after CAPAs and sources of CAPAs is production and process controls. The sequence of my process for auditing this area is always the same: 1) request the Device Master Record (DMR) for the target product or product family, 2) request two or more recent Device Master Records (DHRs) that were associated with a complaint record or MDR (remember samples are never random), and 3) I then go to the production areas identified in the DHR, and I try to interview the people that produced the lot identified in the DHR—rather than the people the department manager feels are the most experienced. This process of working backward from complaint records and MDRs to the activities on the production floor often allows me to help companies identify a root cause that they missed when the complaint or MDR was initially investigated.

Design Controls

Auditing a Design History File (DHF) is about as exciting as watching paint dry for most auditors. Still, I am always fascinated with how things work, so I am more engaging with the design team members I interview during a mock FDA inspection. I also like to focus on aspects of the design that have proven to be less than perfect—by reviewing nonconformities, complaints, MDRs, recalls, and CAPAs first. For example, if I see several complaints related to primary packaging failures, I am going to spend more time reviewing the shipping validation and shelf-life testing, than I might normally allocate.

Management Processes

The FDA is somewhat limited in this area because, in accordance with 21 CFR 820.180(e), the records of internal audits, supplier evaluations, and management reviews are exempt from FDA inspections. During a mock FDA inspection, I do not have this constraint. Therefore, I will often look more closely at these three areas than an FDA inspector to make sure my client has effective management processes. While procedures and schedules are the focus of an FDA inspector, I will make sure that the problems I observed in nonconformities, complaints, MDRs, and recalls are being addressed by management. As a quality manager, this is not always easy to do. Still, as an independent consultant, I have the luxury of being blunt when a senior manager needs to hear from someone other than the typical “yes men.” I also can use this part of mock FDA inspections to benchmark best practices I have learned from the hundreds of companies against what my client is currently doing to manage their quality system.

When to schedule a mock FDA inspection

Scheduling a mock FDA inspection immediately after an FDA inspection is pointless, but there is an optimal time for scheduling your mock FDA inspection. The FDA target is to conduct inspections once every two years for Class II device manufacturers. However, some district offices do better or worse than this target. Therefore, it’s important to keep track of the typical frequency in your district and the date of your last inspection. If the FDA is on a two-year cycle, you want to conduct your mock FDA inspection approximately 6-9 months before the next FDA inspection to ensure that you have time to implement corrective actions before the FDA inspector arrives.

Additional Resources

If you are interested in learning more about this topic, I highly recommend watching and listening to my free webinar on how to prepare for an FDA inspection:

http://robertpackard.wpengine.com/how-to-prepare-for-an-fda-medical-device-inspection/

In addition to preparing for an actual inspection, every company must know how to respond effectively to an FDA 483 inspection observation:

http://robertpackard.wpengine.com/7-steps-respond-fda-483-inspection-observation/

In addition to my blog, I also have recorded a webinar on this topic:

http://robertpackard.wpengine.com/7-steps-respond-fda-483-inspection-observation-webinar/

Finally, every manager needs to be reminded that FDA 483s are just another opportunity to write a CAPA and improve their quality system. Therefore, do yourself a favor and watch my new webinar on creating a risk-based CAPA process:

http://robertpackard.wpengine.com/create-a-risk-based-capa-process/.

Strategic planning of a mock FDA inspection Read More »

21 CFR 820.180 – Exceptions to the US FDA’s Record Requirements

2 Comments / FDA / By

21 CFR 820.180 Exceptions to the US FDA’s Record Requirements 21 CFR 820.180 Exceptions to the US FDA’s Record RequirementsThis article provides practical advice for how to deal with records the FDA is not allowed to request during an inspection and FDA inspector tactics specific to 21 CFR 820.180 – exceptions. When I meet with a new consulting client, the phrase I dread hearing is “the FDA can’t see that.” Indeed, the FDA is not supposed to review the content of internal audit reports, supplier audit reports, and management reviews to encourage companies to use these tools to address quality problems without having to worry about the FDA beating them with their reports. This policy is officially stated in subsection C of 21 CFR 820.180–exceptions:

21 CFR 820.180 – Exceptions

“[21 CFR 820.180 – exceptions] does not apply to the reports required by 820.20(c) Management review, 820.22 Quality audits, and supplier audit reports used to meet the requirements of 820.50(a) Evaluation of suppliers, contractors, and consultants, but does apply to procedures established under these provisions. Upon request of a designated employee of FDA, an employee in management with executive responsibility shall certify in writing that the management reviews and quality audits required under this part, and supplier audits where applicable, have been performed and documented, the dates on which they were performed and that any required corrective action has been undertaken.”

The Problem with Hiding Records

The problem with the mentality of hiding things from the FDA is that it fails every time. The FDA can get to issues in your management reviews and your internal audits by asking, “Can I please see all the CAPAs resulting from audits and management reviews.” One client I spoke with said that they purposely don’t open any CAPAs from audits or management reviews for that reason. I was in complete shock, but I managed to keep my poker face and asked the client, “So what do you think the FDA will do when you say that you don’t have any CAPAs resulting from audits or management reviews?” Management responsibility is a frequent FDA inspection target. Most companies are subjected to a Level 2, QSIT inspection on a biannual basis. During these comprehensive inspections, the inspector reviews the four major subsystems: 1) management controls, 2) design controls, 3) CAPA, and 4) production and process controls. The FDA will ask open-ended questions to determine the effectiveness of the QMS. If the inspector is not going to look at the actual meeting minutes from the management review, you can expect them to look at the following apparent targets:

  1. “May I see your procedure for Management Reviews?”
  2. “May I please have a copy of your organization chart?”
  3. “Could I see the agenda and attendees list from your last management review?”

The inspector could also ask for copies of inputs that are identified in the Management Review procedure, such as: “Could I have a copy of the most recent scrap trend analysis for production?” or “What is your threshold for taking corrective actions for rejects found in receiving inspection?” One Quality Manager told me a fascinating story about his local inspector. During a previous inspection, the inspector requested a copy of the management review. The Quality Manager showed him the cover page that indicated the agenda and the attendees. The Quality Manager refused to let the inspector see the rest of the meeting minutes. The inspector then proceeded to conduct a brutal 3-day inspection where a myriad of 483’s was written. Twelve months later, the inspector returned to perform a “Compliance Follow-up.” This time when the inspector asked to see the management review, the Quality Manager agreed to let the inspector see the entire meeting minutes. From that point onward, each time the inspector got close to identifying a new 483’s, the inspector would stop following the audit trail at the last moment before the nonconformity was identified. The Quality Manager said it was almost like the inspector was showing him that he could find all kinds of problems to write-up if he wanted to. Still, he was taking it easy on the company because the Quality Manager was cooperative. My philosophy is to create a QMS that is open for review by any customer, auditor, and even the FDA. No matter what they find, it’s just another opportunity to improve. This has worked well for me, but you need to follow a few basic rules when writing audit reports and management review meeting minutes.

Rules for Writing Audit Reports & Management Reviews

  1. DO NOT write anything inflammatory or opinionated in your documents. My motto is, “Stick to the facts, Jack (or Jill).”
  2. I ask other people in the management team to read and review the meeting minutes before they are finalized. The variety of perspectives in top management helps to make sure that the final document is well written and clear—especially to FDA inspectors.
  3. I structure the documents as per a standard template that is a controlled document. This ensures that each report or management review was conducted as per the procedure. I typically reference the applicable clauses and sub-clauses throughout the document. For example, I will reference ISO 13485:2003, Section 5.6.2h) for the slide titled “New and Revised Regulatory Requirements.” I put the reference next to the slide title just to make it clear what requirement this slide is addressing.
  4. If there is an area that I covered, but there was nothing to discuss, I write, “There was no further discussion on this topic.”
  5. If there is an area that I did not cover, I make sure I do the following:
  6. write a justification for not covering the area,
  7. indicate the last time the area was covered (and the result at that time), and
  8. document when the area will be covered in the future.

You can continue to listen to the advice of consultants that think of creative ways to hide things from the FDA, or you can follow the above advice. If you follow my advice, then you can spend the rest of your time working on the CAPAs for each area where you identified a weakness—instead of spending your time trying to hide your problems. If you need help preparing for an FDA inspection or responding to FDA 483 inspection observations or warning letters, please email Rob Packard. We have two people on our team that used to work for the agency.

21 CFR 820.180 – Exceptions to the US FDA’s Record Requirements Read More »

Selecting and Changing the European Authorized Representative

1 Comment / CE Marking / By

This article explains the roles and responsibilities of a European Authorized Representative for CE Marking of medical devices. The article also provides advice on selecting and changing the European Authorized Representative.

How to Select or Change Your European Authorized Representative Selecting and Changing the European Authorized Representative

European Authorized Representatives are the legal representative of non-European manufacturers for medical devices sold in Europe. If a company already has offices located in Europe, an Authorized Representative is not needed. However, if you don’t have offices in Europe, you must have a legal agreement with an Authorized Representative that is physically located in Europe to be your primary contact for receipt of customer complaints. The Authorized Representative can also act as your liaison between the Competent Authority in Europe and your company.

Why your distributor is not the right choice

Many manufacturers located outside of Europe choose their distributor as an Authorized Representative. Distributors often want to do this, because then their name is required to appear by law on the labeling and the IFU. Unfortunately, your distributor has a conflict of interest. The distributor does not want adverse event reporting, recalls, or even complaints. Therefore, can you be sure that the distributor will notify you immediately of all potential complaints?

In January 2012, the European Commission released a guidance document explaining the roles and responsibilities of European Authorized Representatives: MEDDEV 2.5/10. Distributors rarely have the regulatory expertise to act as an Authorized Representative.

Competent Authorities occasionally audit Authorized Representatives to ensure that the legal requirements are being met. When this happens, clients often ask me to recommend a European Authorized Representative to switch to.

Primary Responsibilities

The EU Authorized Representative has two primary responsibilities:

  1. Complaint handling
  2. Registration of CE Marked devices

The complaint handling function is the reason why the name and address of the European Authorized Representative must appear on the product labeling and IFU. Your distributor may still become aware of potential complaints, and therefore, distributors should still be trained on the importance of forwarding any potential complaints to your company immediately. The registration function is critical for Class I devices that are non-sterile and do not have a measuring function, because those devices do not have a Notified Body involved. It is often valuable to have an Authorized Representative located in one of the Member States where you intend to sell a larger percentage of the product because the labeling will include a physical address in that Member State.

Other ways an Authorized Representative Can Help

Some manufacturers complain that they are paying $3,000-$5,000 each year for a competent authority to do very little. However, Authorized Representatives are required to review your procedures before CE Marking, and anytime you notify them of an update. This additional review of procedures is equivalent to hiring a consultant to review your procedures.

European Authorized Representatives can be helpful at other times too. For example, if your company and your Notified Body do not agree on the classification of a device, the Authorized Representative may be able to assist you in the same way that an experienced regulatory consultant can. If you receive communication from a Competent Authority, the Authorized Representative can act as your liaison. Most important of all, the Authorized Representative can help you determine when complaints require vigilance reporting and provide support if a recall or advisory notice must be initiated.

How to Select an Authorized Representative

I recommend a three-step approach to selecting your Authorized Representative. First, visit the EAARMED website. One of the 15 members of this association should be your starting point because these are the most experienced Authorized Representatives. Next, you should determine which of the 15 members is located in a country that matches the country you intend to sell in. For example, if 100% of your sales are through a distributor located in Italy, Donawa would be a better choice than a German Authorized Representative. Finally, you should obtain quotes and interview more than one Authorized Representative. You want to make sure that the Authorized Representative is responsive and easy to communicate with. It’s surprising how much we learn about responsiveness and communication during the quoting process.

If you need any additional help preparing for the CE Marking product in Europe, please email Rob Packard.

Selecting and Changing the European Authorized Representative Read More »

5 Alternatives When You Can’t Find a Predicate Device

2 Comments / 510(k) / By

This article summarizes five alternatives that medical device manufacturers have for regulatory approval in the US when a 510k submission predicate device cannot be identified.

success and failure choices 5 Alternatives When You Can’t Find a Predicate Device
Choosing the best 510k submission predicate device is critical to success or failure.

The premise behind the FDA 510k regulation is that your new device is substantially equivalent to another device (i.e., predicate device) that is already on the market. Therefore, you only need to submit a premarket notification to the FDA instead of a premarket approval (PMA) submission. Most 510k submissions reference a similar device manufactured by a competitor, but what do you do when you can’t find a predicate device?

Your 5 Options if you cannot identify a 510(k) predicate device

  1. Conduct a Clinical Study and Prepare a PMA Submission = $$$ + 2 years min.
  2. Prepare a De Novo Submission = avg. review time was 307 days in 2019
  3. Submit a 510k with Your Best, Poor Choice & Expect One of Two Responses: Refusal to Accept (RTA) or Not Substantially Equivalent (NSE)
  4. Request a Pre-Sub Meeting with the FDA = 60-day Delay at the front of Project
  5. Submit a 513(g) Request to the FDA = $ + 60-day Delay at Front of Project

Option 1 – Clinical Study & PMA preparation

If you cannot identify a predicate device, you may need to conduct a clinical study to demonstrate that your new device is safe and efficient. Some devices even require an investigational device exemption (IDE) approval from the FDA if the risks of the device are significant. If your device presents significant risks, likely, the De Novo process (Option #2 below) will not be an option, and the device will be considered a Class III device by the FDA. In this case, the fastest pathway to regulatory approval is a modular PMA submission. The minimum timeline for this type of submission is typically two years, and the FDA user fee for a PMA submission is very high–unless you are a start-up company and this is your first product. The following FDA webpage summarizes the process for a modular PMA.

Option 2 – De Novo Classification Request if there is no predicate device

Originally the De Novo process was created with IVD products in mind where the technological characteristics are nearly identical between the two devices. Still, the intended use is different (i.e., the device is used to diagnose a different disease). The problem with the original process is that you had to submit a 510k and have it rejected before you were allowed to submit a De Novo application. Now the De Novo process allows two pathways. A company can submit a 510k, have it rejected with a “not substantially equivalent” (NSE) letter, and then submit a De Novo application. The new option allows a company to skip the initial 510k submission and submit a De Novo application first. This extends the decision time from 90 days to 120 days, but the previous option took even longer. We recorded a webinar on the De Novo Classification Request Process in 2019. The FDA also recently updated the De Novo webpage to summarize the regulations related to the De Novo new final rule. The following FDA webpage summarizes all the De Novo Classification Requests recently granted.

Option 3 – Submit a 510k with whatever device you found

This is probably not your best approach, but sometimes it’s worth a shot to see what the FDA will say instead of waiting to schedule a pre-submission meeting, and this approach doesn’t eliminate option #2. There are two likely outcomes from this approach. First, the reviewer screening your 510k submission during the 15-day, refusal to accept (RTA) process will determine that you have not selected a suitable predicate device, and you will receive an RTA letter. In this case, you have an answer in just 15 days. You should never accept your first RTA letter. You should make the requested changes the reviewer indicates and re-submit. The FDA’s goal is to have all submissions make it through the RTA process on the second try. Therefore, you might have more success on the second try with another predicate or just by fixing other problems the reviewer identified.

The other possible outcome of this approach is that you will make it through the RTA process, but your submission will be determined to be NSE. In this case, you will receive an NSE letter from the FDA, and it will suggest options–typically a PMA or a De Novo submission. If a De Novo submission is a good option, it will be stated in the letter.

Option 4 – Request a pre-sub meeting to discuss a potential predicate device

If you are not able to identify a suitable predicate, you might consider preparing a classification rationale and selecting a potential predicate. Then this information can be summarized in a pre-submission meeting request to the FDA. The FDA will respond within 75-90 days from your submission. If you are still developing your device and you have not started any performance testing, then this option may be your best approach. I recently recorded a webinar on pre-submission meeting requests.

The webinar includes specific dos and don’ts for pre-submission meetings. There is also final guidance for the pre-submission program that was released last year on February 18, 2014. The FDA pre-submission guidance document was updated again on January 6, 2021, and we recorded a webinar on pre-submission meeting requests.

Option 5 – Submit a 513(g) application to identify the regulatory pathway

When a company has difficulty identifying a 510k submission predicate device, the FDA recommendation is to submit a 513(g) application. As I indicated in a past blog, the 513(g) process may not be your best choice for two reasons. First, the 513(g) process takes 60 days before the FDA responds. Second, the 513(g) process has a user fee that is higher than hiring a consultant to do the same research. Since the FDA 513(g) response is “non-binding,” the FDA’s opinion doesn’t necessarily hold any more weight than an experienced consultant. Therefore, paying a consultant to do the research and then requesting a pre-sub meeting is probably a better approach, but the timeline for a 513(g) submission is slightly shorter.

Do you still have questions about 510(k) predicates?

Rob Packard recorded an updated webinar on the topic of predicate selection. If you are interested in this topic, please register for the webinar. The updated webinar was recorded on March 28, 2022.

5 Alternatives When You Can’t Find a Predicate Device Read More »

Status of the European Medical Device Regulations?

1 Comment / CE Marking / By

This article describes the status of the new European Medical Device Regulations, and it provides some advice for what you should be doing to prepare for the changes.

MudI 600x334 Status of the European Medical Device Regulations?

The picture above is not a picture of people on their way to the local maple sugar shack, trying to get a car unstuck during mud season in Vermont. It’s actually a photo of paid actors reenacting the European negotiations for new medical device regulation. The European Parliament is in the overcoat on the left. The four men on the right represent the various presidents–Greek, Italian, Latvian, and Luxembourg. The Dutch President is driving the horse team in the front in the hopes of getting unstuck in time for next Spring.

Yes, in a word, the negotiations are “stuck”!

My friend Erik Vollebregt did a wonderful job of summarizing the status of negotiations on April 30, in his blog posting. The best guess anyone has is that we might have a final version released next year in Spring 2016. It’s only two years later than I was expecting. I guess they encountered more mud than expected.

There are a number of issues that the member states appear to be stuck on:

  • Ingested products
  • Non-medical devices
  • Companion diagnostics
  • Non-viable human tissues and cells
  • Viable biologic substances
  • Reprocessing single-use devices
  • Genetic testing
  • Implant cards
  • Eudamed & UDI
  • Summary of safety & performance
  • Notified Bodies
  • Pre-market approval
  • Clinical investigations
  • Post-market surveillance
  • Market surveillance & vigilance
  • Reference laboratories
  • Hazardous chemicals
  • Classification rules
  • Governance & oversight

I’m not quite sure whether the remaining list of issues the member states agree upon is shorter than this or longer. Still, this list includes a number of fundamental principles that could dramatically change the nature of medical device regulation in Europe. We expect that many of these issues will be resolved with a compromise of some sort. Still, I suspect every medical device manufacturer with a CE Mark will be extremely busy from 2016-2019 revising their procedures, technical documentation, and training personnel on the new European Medical Device Regulations.

 What Should You Be Doing to Prepare?

  1. Update Your Quality System to ISO 13485:2015 Early – The second Draft International Standard (DIS2) for ISO 13485 was released in February, and the final version is expected to be published this Fall. The changes to ISO 13485 are minor, but audits by your Notified Body will be far less complicated if you upgrade your quality system to the new revision before you attempt to address the new European Medical Device Regulations.
  2. Strengthen Your Internal Auditing & CAPA Processes – Companies with strong internal audit programs and CAPA processes have fewer findings resulting from Notified Bodies. When you have multiple outcomes from a previous audit to close, your annual surveillance audits and recertification audits become longer and more complex. These findings must also be closed before a manufacturer may transfer a quality system or CE Certificate from one Notified Body to another. Therefore, strengthening your internal audit and CAPA processes will result in a shorter Notified Body audit, and you will find it much easier to transfer from one Notified Body to another–if your current Notified Body is no longer able to issue a CE Certificate for one or more of your products.
  3. Update Your Technical Files – Companies that have a Design Dossier are required to submit all changes to their Design Dossier for approval before implementation. Still, companies with a Technical File for a lower risk device have their technical documentation sampled periodically. A sampling of technical documentation allows companies to fall behind in their documentation of changes. Re-issue of new CE Certificates will require a more thorough review of these Technical Files that may not have been sampled in several years. Therefore, I recommend that companies allocate resources to updating technical documentation now so that there is less work to update the technical documentation for the new European Medical Device Regulations.
  4. Review Your Product Portfolio and Prune It – The more mature product lines become, the more likely it is that you have products you are maintaining that just aren’t selling. The cost of maintaining your technical documentation and updating everything for compliance with the new European Medical Device Regulations will be expensive. Therefore, you can save some money now and a larger amount of money later by eliminating any products from your CE Certificate that is not selling well. If you have customers that are still buying an older version of the product, now is the time to persuade them to transition to the current version of your product. You don’t want to maintain your Technical File for two versions of the same product.

Regardless of what compromises are made, the new European Medical Device Regulations are guaranteed to be the most substantial change in regulatory requirements that the medical device industry has endured since 2003–much more dramatic than the 2007/47/EC amendment to the Medical Device Directive (MDD).  

Will someone please buy the negotiators a pair of Bogs and a Subaru Crosstrek?

Subaru XTrek 300x199 Status of the European Medical Device Regulations?

Bogs Status of the European Medical Device Regulations?

Status of the European Medical Device Regulations? Read More »

HDE Application and 510k Submissions

1 Comment / 510(k) / By

This explains the differences between the regulatory pathways for a Humanitarian Use Device (HUD) or HDE and 510k submissions.

HUD Designation 300x229 HDE Application and 510k Submissions

HDE Application

In September 2019, the FDA released a final guidance document explaining the regulatory process for a Humanitarian Device Exemption (HDE) Application. HUD designation is for a product that affects less than 8,000 patients per year in the United States. The limitation of 8,000 There are three steps required before a HUD may be used at a user facility:

  1. HUD Designation Request to Office of Orphan Products Development (OOPD)
  2. HDE Application to Center for Devices and Radiological Health (CDRH)
  3. Investigational Review Board (IRB) approval of using the HUD

Note: The above regulatory pathway may not apply to combination products. In the case of combination products, you should contact the Office of Combination Products (OCP).

Major Differences between the HDE Application and a 510k submission

  • Unlike the 510k process, HDE approval is device approval rather than “clearance” for marketing and distribution.
  • If another equivalent (an actual term used is “comparable”) device is already being legally marketed, then the FDA may not approve an HDE application. In contrast, the first requirement for the determination of substantial equivalence of a subject device for a 510k submission is that the predicate device must be a legally marketed device that is equivalent.
  • There are no user fees, while 510k submissions generally are subject to FDA user fees; pediatric-only products are an exception to the requirement for 510k user fees.
  • There is no requirement to demonstrate the effectiveness of devices in an HDE application. Instead, devices approved for HDE must provide an acceptable benefit/risk analysis.
  • HDE-approved devices are not generally eligible to make a profit. Any device that a manufacturer intends to sell for more than $250 requires a report issued by an independent public accountant.
  • IRB approval for the use of HUD-approved marketing is required, but IRB approval is not for a clinical study, and IRB approval is not required in the case of an emergency.

The FDA guidance document also explains how HDE approval is different from pre-market approval (PMA).

HDE Application and 510k Submissions Read More »

CE Marking Approval of a Medical Device (Case Study)

4 Comments / CE Marking / By

This case study explains the process for CE Marking approval of a medical device under the EU MDD regulations.

CE marking case study CE Marking Approval of a Medical Device (Case Study)

For this case study, I selected the same hypothetical client that I chose for my case study on Canadian Medical Device Licensing and a 510k submission to the US FDA. The product is a cyanoacrylate adhesive sold by the makers of Krazy Glue®. This hypothetical client wants to expand its target market to include the healthcare industry by repackaging and marketing the product as a topical adhesive in Europe.

My client called to ask if I could help obtain CE Marking approval. In Europe, cyanoacrylate is a medical device when it is used as a topical adhesive. My first step is to determine the device classification as per Annex IX in the Medical Device Directive (93/42/EEC as modified by 2007/47/EC). Instead of relying solely upon the Directive, I use guidance documents published on the Europa website–specifically MEDDEV 2.4/1 rev 9 (the following link explains the European MEDDEV guidance documents – http://bit.ly/Whats-a-MEDDEV).

I identified three potential device classifications: 1) Class 1 as per Rule 4 (a non-invasive device which comes into contact with injured skin, if the device is intended to be used as a mechanical barrier, for compression or absorption of exudates); 2) Class 2a as per Rule 7 (a surgically invasive device intended for short-term use [i.e., < 30 days] are in Class 2a; and 3) Class 2b as per Rule 8 (an implantable device). These three applications match the three possible indications that I identified when I was reviewing classifications for Canadian Medical Device Licensing for this product.

If this device were not required to be “sterile,” then a Class 1 device could use the Annex VII route of conformity (i.e., self-declaration). However, even generic bandages are sold as sterile devices. Therefore, whether the device is a sterile Class 1 device or a Class 2a device, obtaining CE Marking approval will still require a Notified Body’s review and approval. The most common route would be the Annex V route of conformity. If my client were to launch their product as a “glue” for internal use, then the device would require an Annex II.3 Full Quality System Certificate or the combination of an Annex V Certificate and a Type Examination Certificate (i.e., Annex III).

STOP!

The previous paragraph was hard to understand, but the source of this jargon is Article 11 of the Medical Device Directive. This one section is the best practices in European legalese. If you want to make something almost unintelligible, copy Article 11. If you’re going to understand this stuff, a flow chart of the various routes to conformity is as good as it gets (still hard to understand, but fewer words). The following simplified table is what I use in my CE Marking webinar:

Classification Routes for CE Marking CE Marking Approval of a Medical Device (Case Study)

What you need to know…

My client only has one product family, and they are currently selling the product in Canada for external use by healthcare professionals—not as an implant. Therefore, the device is a Class 2a device requiring an Annex V certificate. My client will need to do the following:

  1. Select a Notified Body
  2. Submit a Technical File for review and approval
  3. Select a European Authorized Representative, because my client does not have a physical presence in Europe

Fortunately, my client already obtained an ISO 13485:2003 certificate with CMDCAS from their current registrar as part of the Canadian Licensing process. Therefore, the changes required for the Quality System consist of adding a few work instructions to meet European-specific requirements, such as vigilance reporting, creating a technical file, and performing clinical evaluations. My client also needs to add the European Requirements as an applicable regulatory requirement in the Quality Manual.

The more significant challenge is an assembly of a Technical File for submission. Since the product is already on the market in Canada, all of the technical requirements have been met. The documentation of these requirements now needs to be converted into a format acceptable to a Notified Body. There are three recommended strategies:

  1. Whatever the Notified Body prefers. Some of the Notified Bodies have a checklist of requirements for a Technical File. If such a list exists, the client should organize the Technical File in the same order.
  2. The GHTF STED format (GHTF/SG1/N011:2008). The Global Harmonization Task Force (http://bit.ly/GHTFSTEDGuidance) published this guidance document to standardize the format for submission of regulatory submissions. This is the format required for Class III and IV Canadian medical device license applications. This is also the format specified in the proposed EU Medical Device Regulations that is expected to be released in 2015.
  3. The NB-MED recommended format (NB-MED 2.5.1/rec 5). This document was created by the “Big 5” Notified Bodies. It provides a template in a two-part format for submissions. This was the format I used most often for auditing files and for creating new files. However, the proposed EU Regulations that are anticipated for release in 2015 are closer to the format of the GHTF guidance. Therefore, I no longer recommend this format.

My client chose option 3 for organizing their Technical File because they have full reports for each of the verification and validation tests that were performed, but creating summaries for each report would take longer than assembling a Technical File with copies of each of these full reports.

In all, I estimate that the overall timescale for completing this project is about 60 days–not including review by the Notified Body. Therefore, I suggested that the client obtain a quotation from their registrar for an Annex V Certificate. In addition, I suggested hiring a consultant from Medical Device Academy to help them with the preparation of a Clinical Evaluation. Before 2010, Clinical Evaluations were only required for high-risk devices. As part of the new MDD, clinical evaluations are now needed for all devices. Since the use of and risks associated with cyanoacrylates is well characterized in published literature, my client may use a literature search method for preparing a Clinical Evaluation as per MEDDEV 2.7/1 rev 3.

My client hired an Authorized Representative to handle European registration, receive customer complaints, and to act as a liaison with the Competent Authority in the event of an adverse event. An Authorized Representative Agreement was signed, and the Authorized Representative recommended a few corrections to procedures they reviewed as part of entering the contract with a new client.

The company also hired another clinical consultant from our firm to complete a literature search and write a Clinical Evaluation in four weeks. The complete Technical File was assembled and submitted to the Notified Body electronically with seven weeks of starting the project. The Notified Body’s first round of questions was received within six weeks. The client and I prepared responses to the questions in a week and submitted them to the Notified Body. Fortunately, the responses were thorough, and the Technical File was well-organized from the start. The Notified completed their final review and recommended the product for CE Marking within three more weeks. The Notified Body conducted two-panel reviews to verify the technical, regulatory, and risk aspects of the submission. Finally, the Annex V certificate was received 12 weeks after the initial submission of the Technical File.

If you are interested in additional training or assistance with CE Marking of medical devices, please email Rob Packard (mail to: rob@fdaestar.com). We have standardized procedures to meet each of the requirements in the European Regulations and a couple of webinar recordings that explain both the Medical Device Directive and how to create a technical file or design dossier.

CE Marking Approval of a Medical Device (Case Study) Read More »

Scroll to Top