Author name: Robert Packard

Audit team communication

4 Comments / Remote Auditing / By

The lack of visual cues may hinder communication between the auditor and the auditee, but software tools can enhance audit team communication.

Audit Team Communication Cup Phone Audit team communication

Audit Team Communication Requirements

During the opening meeting, the lead auditor is responsible for confirming the “formal communication channels between the audit team and the auditee…[and] the auditee being kept informed of audit progress during the audit” (ISO 19011:2018, Clause 6.4.3). Typically, the audit program manager will follow the lead auditor during the audit. In that situation, audit team communication with the auditee is direct and verbal. However, if the audit team consists of multiple auditors, the lead auditor also needs to establish a method of communication between the team members and the lead auditor. Team members need to make the lead auditor aware of any potential nonconformities, but more critical information includes:

  1. audit trails that require follow-up by auditors in other process areas
  2. any delay experienced by team members
  3. if an audit team member is ahead of schedule

Communication Limitations During On-Site Audits

During an on-site audit, it is not uncommon to have limited communication with the rest of the team, because the team is interviewing auditees and walking through the facility–not sitting at their computer. Sometimes your cellular signal is inadequate for texting or other messenger services such as Slack. It may also be more difficult to have private discussions between team members during an on-site audit. Usually, the audit schedule is very tight, and team discussions must wait until lunch breaks or scheduled team discussions. Unfortunately, these limitations frequently result in the follow-up of audit trails waiting until the very end of the audit, instead of addressing audit trails at more convenient times in the middle of the audit.

Communication Between Auditors During Remote Audits

During a remote audit, all of the audit team members will readily be able to exchange information by email, text, or Slack. Besides, applications like Google Docs allow multiple auditors to type in the same audit report simultaneously. Therefore, auditors can type a specific follow-up item in the section of the audit report, where another auditor will be typing their notes for the applicable audit area. For example, if one auditor is interviewing incoming inspection activities, they can type a note for the auditor that will be auditing calibration to review the calibration certificates for inspection devices used in the incoming inspection process. If an audit team leader needs more time, they can type a quick note for the lead auditor about the need for more time. The lead auditor can also quickly send a Slack message to the rest of the audit team, asking if anyone can aid the audit team member that is behind schedule. This communication is efficient, documented directly within the report, and occurs in real-time. The result is that communication between team members is more effective, and the audit is completed earlier.

Improvement of Auditor Training with Remote Auditing

When audit team members are being trained, the lead auditor must observe their auditing and provide constructive feedback. Ideally, the lead auditor will wait for a “teachable moment.” This is the moment immediately after the lead auditor-in-training makes a mistake. Telling an auditor-in-training what to do during an audit teaches the auditor little. However, if the auditor is allowed to make a mistake, such as forgetting to ask for an audit record, then the lead auditor can point out the error immediately afterward. Correcting the auditor can be as simple as adding a note in red font within the audit report in the same section where the auditor is currently typing. The auditor will see the comment and make the correction, but the auditee will not be aware of the error. This approach avoids any embarrassment to the auditor, and the auditor is more likely to remember the instruction as constructive feedback that will make them better.

Remote Auditing Can Be Easily Recorded

Auditors can learn from the constructive feedback provided by a lead auditor, but they can also learn by watching and listening to themselves if the remote audit is recorded. This is especially easy to accomplish for internal audits, but suppliers may also allow recording of certain process audits. Opening meetings, closing meetings, and common procedures such as incoming inspection usually do not include confidential information. Therefore, you should be able to obtain permission to record these portions of the audit. These recordings can be reviewed by the auditor to identify when poorly worded questions were used. Auditors-in-training can identify when they miss an opportunity to follow an audit trail, or an auditor may realize that they ask auditees certain closed-ended (i.e., yes/no) questions instead of open-ended questions that will help them gather more information from the auditee.

Audit Team Communication with Guides

In addition to the communication between the lead auditor and the audit team members, audit team members also need to communicate with their audit guides. Guides should be used to communicate messages throughout the company. For example, if the audit is behind or ahead of schedule, the guide can communicate adjustments in the timing of the agenda. If an audit team member requests records to be provided, the guide can communicate this request and make sure the records are waiting for the auditor when they return to the audit conference room. Guides also are responsible for helping the audit team navigate from one process area to another during the audit, and to make sure that the audit team observes all safety and gowning requirements during the audit. Finally, guides may also be asked to act as an observer and verify objective evidence collected by the auditor.

Shifting Role of a Guide During Remote Audits

During a remote audit, requests for records to be provided and communication of deviations from the agenda can easily be communicated by the auditor chat features in the video conference, instant messengers, or email. Therefore, you might think that a guide is unneeded. However, when audit team members request viewing another area of a facility during a remote audit, it may be necessary to provide live video images of the process areas. It isn’t easy to speak with the auditor and provide live video images. It may be dangerous to walk backward through your facility, carrying a selfie stick, and concentrating on your discussion with the auditor instead of where you are walking. Instead, the guide should focus on providing live video, and the process owner should be concentrating on providing a guided tour and answering the auditor’s questions. The guide may also be asked to record certain information in video or picture format as objective evidence.

Conclusion

Audit teams should practice using shared documents in Google Docs and Slack during the audit to facilitate real-time audit team communication. Google Docs enables everyone to write their audit notes directly into an audit report template to eliminate delays in the completion of the audit report. Using Google Docs also makes it possible for the lead auditor to observe the progress of the audit in real-time. Audit team communications of audit trails for team members to follow-up can be accomplished in real-time by just adding a note about the trail in the applicable section of the audit report. Finally, remote auditing can facilitate better training of auditors.

Audit team communication Read More »

Remote audit opening meeting – 5 changes

2 Comments / Remote Auditing / By

This article describes five minor adjustments that lead auditors should make when they plan a remote audit opening meeting.

Remote Audit Opening Meeting Remote audit opening meeting 5 changes

Regardless of whether you are conducting an on-site audit or a remote audit, the first activity conducted during the audit is an opening meeting. The process for conducting opening meetings is defined in ISO 19011:2018, Clause 6.4.3, and it is the responsibility of the lead auditor to lead this meeting. There are three purposes to the opening meeting:

  1. confirm agreement to the audit plan,
  2. introduce the roles of the audit team, and
  3. ensure the audit can be conducted as planned.

Opening meeting checklists

There is a long list of items that are typically confirmed during the opening meeting. New auditors are trained to rely upon an opening meeting checklist to ensure that none of the things on the list are accidentally forgotten. Some auditors will depend on a formal presentation during an opening meeting, but usually, this requires more time to set-up. Therefore, most auditors work from a pre-written checklist on their computer or paper.

Change #1: Presentations replace checklists in a remote audit opening meeting

If you are conducting a remote opening meeting, most of the attendees will be looking at a computer screen. The lead auditor can share their screen as they go through a formal presentation, without wasting any set-up time during the opening meeting. Also, attendees can be emailed the presentation before the opening meeting, along with the audit plan. If you are the lead auditor planning a remote audit, you should use an opening meeting presentation template to make sure that none of the items in clause 6.4.3 are skipped. If your company is developing a work instruction for conducting audits remotely, you should create a controlled template to ensure consistency among auditors. This should also be done for closing meetings. You can learn more about conducting opening and closing meetings in our webinar on May 14, 2020.

Change #2: Every audit team member should create a personal slide

One of the challenges of being remote is that you have trouble establishing rapport with the auditees. To overcome this challenge, you should use live video to show your face, smile, and say hello to auditees. It would help if you also created a slide for the opening meeting presentation that includes a personal picture that conveys your congenial character and less formality. You should also include your preferred method(s) of contact during the audit, such as email address, mobile phone number, or Slack @username. If you are part of a team, you should also present the slide(s) that explain which process areas you will be responsible for auditing. If you have any special needs, such as vision or hearing impairment, you should also indicate how you prefer auditees to communicate with you.

Change #3: Edit the agenda during the remote audit opening meeting

Auditors confirm the planned agenda with the auditees during the opening meeting, but adjustments to the schedule are typical of remote and on-site audits. At most on-site opening meetings, everyone will have a hardcopy of the agenda and make notes on their agenda to reflect schedule changes. It is the responsibility of the lead auditor to distribute an updated version of the revised agenda and to include the updated agenda with the audit report. However, in a remote audit opening meeting, the lead auditor should share a copy of the agenda with everyone in a software tool like Google Docs(see below). When changes are made, switch screen sharing from your presentation to the agenda. You can make the changes in view of all attendees. Also, if you share the document with auditees, they can correct errors in the audit agenda for you (e.g., the spelling of names) and often with greater efficiency than giving you a verbal explanation of the changes.

Google Docs Audit Report Template Remote audit opening meeting 5 changes

Change #4: Verify meeting invitations are updated at the end of the opening meeting

When there is an audit team conducting a remote audit, each auditor should send out a separate meeting invitation and include the lead auditor. This is important because each of the auditors needs to be able to audit simultaneously, but they may need the lead auditor to join their segment of the audit briefly. When changes are made to the audit agenda, such as changing the sequence of process areas being sampled, the time of the invitations needs to be updated for everyone involved. The lead auditor should verify that all of the invitations on their calendar match the updated agenda.

Change #5: Record your remote audit opening meetings (and closing meetings)

Recordings document critical information that might not be captured in the notes of the lead auditor while they are presenting. Therefore, requesting permission to record an opening and closing meeting of an audit is recommended. More importantly, if anyone is absent, the recording can be shared with that person. Finally, recordings allow you to “replay” mistakes and successes. The ability to replay the meeting, and observe yourself, is an invaluable tool for lead auditors in training and anyone that wants to improve.  

How long should your opening meeting be?

Audits are challenging to complete on-time, and therefore shorter opening meetings are desirable. However, the opening meeting is also dependent upon the scope of activities being audited and the number of audit team members. A duration of 30 minutes is typical for an on-site audit, but the opening meetings are often preceded by casual discussion and informal greetings. Teleconference calls and video chat meetings are less conducive to informal greetings because it is difficult for two people to speak at the same time. The remote meetings also seem more likely to start on-time. Therefore, you should expect a remote audit opening meeting to be more efficient (i.e., shorter).

Remote audit opening meeting – 5 changes Read More »

Changes triggered by COVID19 in your quality system

3 Comments / Business Continuity Plan, Quality Management System, Remote Auditing / By

The 2020 global pandemic has changed life as we know it, but this article focuses on three crucial quality system changes triggered by COVID19.

3 things COVID19 changed 2 Changes triggered by COVID19 in your quality system

Last night my daughter Gracie mentioned that her teacher assigned an essay to write about three changes triggered by COVID19 in her life. The three things that she felt had changed the most were: 1) she goes to bed much later, and sleeps in every day; 2) her school is closed, and she only talks to her teacher twice per week via Zoom, and 3) she misses her friends. I know that her story is similar to my son Bailey who is in his Freshman year of college, and I know that my personal story is quite similar. Coincidentally, I started writing this article earlier this week about three significant-quality system changes triggered by COVID19:

  1. If you are going to conduct on-site audits, you need to ask about using personal protective equipment (PPE).
  2. There needs to be a greater focus on business continuity plans and robust supply chain monitoring.
  3. Remote audits are suddenly encouraged for 1st, 2nd, and 3rd-party audits.

Changes triggered by COVID19: #1 Use Face Masks

US FDA Issues EUAs

At the beginning of the COVID19 pandemic, the US FDA created several emergency use authorizations (EUA). The three EUA areas were IVD testing, ventilators, and face masks. The EUA for IVD testing is not surprising, because the FDA issues and EUA every time a new lethal and contagious virus emerges (e.g., Zika and Ebola). The EUA for ventilators was issued because the number of people with respiratory issues was expected to explode with the spread of the virus, and the supply chain for components of ventilators had already been disrupted by the initial spread of the virus in China. The EUA for face masks was issued because it is the second-best way to protect people from the virus, and existing infrastructure for face mask production could not possibly supply the entire world with face masks overnight.

Everyone in the World Gets a Face Mask

As soon as the EUA for face masks was issued, every regulatory consultant in the USA was inundated with urgent requests for help to complete EUA requests for masks. I also received similar requests for assistance with Canadian filings. The FDA did a great job of providing detailed information about the different types of face masks (i.e., face masks, surgical face masks, and N95 respirators). Testing companies created new website pages specifically for each of the different face mask tests, and every company with a sewing machine suddenly wanted to manufacture masks. I even read an article about an elderly woman making face masks for her entire family while she listened to The Beatles “HELP!” in the background.

Why aren’t you wearing your face mask?

Even after the world makes the first 7 billion face masks, not everyone will wear their face masks. Masks will protect us from touching our hands to our face–which spreads many germs in addition to the SARS-CoV-2 virus. Masks will also keep us from coughing on other objects and people if we have the virus. Finally, face masks protect us from the small droplets that carry the virus from one person to the next. Even though there are obvious safety reasons for everyone in the world to wear a face mask, most people don’t want to wear a face mask. This is no different from the argument to wear a seat belt, and unless our government creates a law or temporary order requiring us to wear face masks, most people won’t bother to wear one.

Changes triggered by COVID19: Auditors need to wear face masks 

As a medical device auditor, I feel I must always follow the safety rules in every facility I visit. Lead auditors are supposed to contact the company ahead of time and ask about the safety policies as part of audit preparation and initiating the audit. I’m 6’6” (2.00m) in height, and my shoe size is 14. There is seldom gowning for me to wear that fits appropriately–especially in Southeast Asia. I squeeze into the garments, and they are uncomfortable and hot, but I wear the garments anyway. My job includes auditing clean rooms, and I can’t do my job without gowning up. By following the rules, I also eliminate the excuses for anyone in the facility I visit. Now that we have a global pandemic, you should be wearing a face mask in every medical device facility to protect yourself, people you work with, and users of medical devices. You should also consider carrying spare face masks with you to protect yourself on airplanes, in hotels, etc.

Changes triggered by COVID19: #2 Business Continuity Plans

Will business continuity plans be required now?

In addition to the cultural shift to wearing face masks, we will also need to make significant changes in our overall preparations for natural disasters, fires, and biological threats. Although there is no specific requirement for a business continuity plan in ISO 13485:2016, there are many places where an auditor can identify a requirement to maintain the effectiveness of a quality system (no exceptions):

  1. Clause 1, Scope
  2. Clause 4.1.1 & 4.1.3, General Quality System Requirements
  3. Clause 5.3, Quality Policy
  4. Clause 5.4.2, Quality management system planning
  5. Clause 5.6.3, Management Review Output
  6. Clause 6.1, Provision of resources
  7. Clause 8.1, General requirements for Measurement, analysis, and improvement
  8. Clause 8.2.4, Internal audit
  9. Clause 8.5.1, General Improvement

Although any of these clauses could potentially be referenced as a requirement for a business continuity plan, the last clause would generally be the most appropriate. This clause states, “The organization shall identify and implement any changes necessary to ensure and maintain the continued suitability, adequacy and effectiveness of the quality management system…”. In this time of radical change, adding provisions to your business continuity plan for coping with a global biological threat seems obvious and urgently needed.

Suggested content for your business continuity plan

Sadly, the USA was probably better prepared for a disaster in the 1960s after the Cuban Missile Crisis than we are today. If you do not yet have a business continuity plan, or if you need suggestions for improving your plan, the following is a list of suggested items to include in your plan:

  1. Develop a plan for power outages, fires, floods, earthquakes, severe wind/tornadoes, hurricanes, workplace violence, and biological threats 
  2. Develop an emergency alert system to notify employees of any emergency
  3. Build emergency kits and store the kits for when they are needed
  4. Document your plan in multiple formats (virtual and physical) and distribute to all employees–including a social media plan
  5. Translate your plan into multiple languages for non-English speaking employees
  6. Develop a training program that addresses the various aspect of emergency preparation
  7. Practice your plan just like fire drills, so everyone is prepared and nobody panics

The Ready.gov website has many resources for the above items, including a series of “Ready Business Videos” and “Ready Business Toolkits.”

How to practice your business continuity plans

My sister is a teacher, and she is in the process of opening a new charter school in Maine. We were discussing her planning for the school, and the disruption of schools by the COVID19 pandemic has challenged all teachers to learn to use distance learning. My sister’s school focuses on teaching children about the environment, and she doesn’t like to spend lots of time on the computer. I was sharing some of the environmental studies my daughters are receiving via Zoom from their teachers. I suggested that she might want to pick one topic each week to teach via distance learning. The purpose of this would be to give her, and her students practice using distance learning for a variety of subjects. Therefore, when we experience another biological disaster, her students will already know precisely how to use distance learning to continue their education. My argument was that this routine use of distance learning would be a more effective preparation for emergencies than a once-per-month “fire drill.” Companies should use the same approach. Your company should create a schedule for practicing remote management meetings and working from home. This will ensure that systems are in place to keep your business running smoothly when disaster strikes again.

Changes triggered by COVID19: Expect regulators to require business continuity plans

The widespread shortage of face masks, ventilators, and other critical supplies needed during the COVID19 pandemic is going to result in new regulations requiring business continuity plans. This is a certainty born from the observation that every single medical device regulation we have resulted from severe public health threats. The COVID19 pandemic is the biggest global health crisis the world has experienced in 100 years. Therefore, we can expect corrective actions in the form of new regulations requiring companies to have a business continuity plan. Some regulators will act independently, but I would expect this also to be an action taken by the International Medical Device Regulators Forum (IMDRF). We can also expect there to be new laws requiring amendments to business continuity plans for public companies. The Sarbanes-Oxley Act of 2002 requires public companies in the USA to have business continuity plans. Despite this requirement, many public companies have been ruined by the COVID19 pandemic. Therefore, we should expect amendments to these requirements and revisions to the international standard for business continuity planning (i.e., ISO 22301:2019). We should also expect to see new interest in becoming certified to this standard.

Changes triggered by COVID19: #3 Remote Auditing

What are certification bodies doing about surveillance audits and re-certification audits?

Most of the companies that had initial certification audits scheduled for the first quarter of 2020 were forced to reschedule their audits because the employees must work from home, and the certification bodies must conduct at least some of their audits on-site. The FDA was also forced to cancel all foreign inspections temporarily. However, companies that already have certification need surveillance audits and re-certification audits to maintain the validity of their quality system certificates. Therefore, certification bodies now have plans for conducting audits remotely. For companies that virtual medical device manufacturers, certification bodies can conduct full quality system audits remotely. However, manufacturers with production activities on-site are only able to conduct partial audits. The certification bodies must still conduct on-site audits, but they are being permitted six months to conduct an on-site audit to cover the gaps remaining from the partial remote audits. Prior to conducting the partial remote audits, certification bodies are sending out questionnaires to all of their clients to gather information about whether the manufacturers can support a remote audit and to what degree.

Second-party audits conducted remotely

Second-party audits, also known as supplier audits, have always been of interest for manufacturers to conduct remotely–mainly if the supplier is located overseas. The US FDA regulations do not require companies to conduct supplier audits. However, if there are quality problems with suppliers, you are expected to conduct a thorough investigation to identify the root cause of quality problems, in most cases, that require an on-site audit. However, if your suppliers are providing good quality and they are ISO 13485:2016 certified, then you probably are using this as a justification for not conducting on-site audits or at least reducing the frequency of those audits. Now that most people are not able to travel, or because the people you need to speak with are working from home, manufacturers are being forced to conduct remote audits. This has always been permitted, but the effectiveness of remote audits is often questioned. Supply chain disruptions are now a global issue that is impacting the safety and effectiveness of our hospitals, and regulators will expect you to improve the rigor of your supplier evaluations–including conducting more supplier audits. Therefore, establishing more effective procedures for remote supplier auditing is urgently needed.

Changes triggered by COVID19: We need to develop procedures for remote auditing

Although most first-party audits are conducted on-site, especially if conducted by employees of your company, we will still need to establish procedures for remote auditing for internal audits. Some of our client’s scheduled internal audits for April and May that they had to cancel because they were unable to access the records needed for the audit while they were working from home. In addition, most of the US States have implemented stay-at-home audits that prevent our team from traveling to our clients. This is forcing our team to develop more robust procedures for remote auditing. We needed to change our audit agendas to accommodate eight 90-minute audit sessions in four days, instead of conducting two full days of on-site auditing. We are also doing more preparation before the audit to allow the auditees time to scan paper records so that we can review those records remotely. Finally, we are experimenting with techniques for collaboration as an audit team so that multiple auditors can simultaneously audit a client and complete a full quality system audit more quickly without forcing any one person to work for longer than 90 minutes in front of a computer. We are still perfecting these new methods, but we are writing a series of articles on this topic. You can order the book from Amazon ($5 pre-order discount until August 28, 2020).

Thank you & Future Articles

Thank you for reading. This is the longest article we have published on our site since 2012. This article also kicks off a ten-part blog series specific to remote auditing techniques:

  1. Remote audit opening meeting – 4 changes – May 12
  2. Audit team communications – May 19
  3. Remote audit resources – software and hardware tools – May 26
  4. How to apply a risk-based auditing approach to audits and remote audits – June 2
  5. How to make a supplier questionnaire for remote auditing – June 25
  6. Remote audit duration less than 90 minutes – June 30
  7. Remote auditing work instruction – July 14
  8. Planning partial remote audits – July 21
  9. Remote audit invitations – 4 things to remember – August 4
  10. Training new audit team members and lead auditors – August 11

There are also five new live webinars planned on related topics:

  1. Opening Meetings Webinar (free) – May 14, 2020
  2. Audit team communication during a remote audit (free) – June 4, 2020
  3. How to qualify your supplier’s Webinar (pre-order by June 1) – June 25, 2020
  4. Remote auditing techniques webinar (pre-order by July 1) – July 16, 2020
  5. MDSAP Certification Body Interviews (free) – August 6, 2020

Changes triggered by COVID19 in your quality system Read More »

NSE letter: A CAPA plan for your 510k process

1 Comment / 510(k), CAPA, Design Control / By

Cry, complain, call the reviewer…you might feel a little better, but you received an NSE letter, and tomorrow you still can’t sell your device.

NSE Letter NSE letter: A CAPA plan for your 510k process

Instead, try approaching an NSE letter like a CAPA investigation. What is the issue? The FDA determined that your device is not substantially equivalent to the predicate you selected. What is the root cause? There are four (4) possible root causes.

NSE Letter Cause #1: You failed to verify that the predicate is a legally marketed device.

If your predicate device is not legally marketed, you need to select a new predicate and resubmit. However, it is doubtful that your device would pass the refusal to accept the (RTA) screening process if the predicate was not legally marketed. If your predicate was not registered and listed with the FDA (check using this link), then you should have submitted a pre-sub request to determine if the agency has any problem with using the device you chose as a predicate. This is an essential question if the manufacturer is no longer in business, and the product is no longer for sale.

NSE Letter Cause #2: You failed to evaluate the substantial equivalence of your device’s intended use with the predicate.

The intended use of your predicate device is documented for every potential predicate since February 1992 on FDA Form 3881–which you can download along with the 510k clearance letter for the predicate. There is also an intended use documented for every device category in the applicable regulation for that device. This intended use is more generic than FDA Form 3881, but both are applicable. The FDA Form 3881 you submit for your device must be equivalent. I recommend a point-by-point comparison with regard to the following elements: 1) OTC vs. prescription use, 2) user, 3) patient population, 4) illness or medical condition, 5) duration of use, 6) environment of use and 7) target part of the body. Any difference can raise new issues of risk and may result in an NSE decision. However, the FDA typically will work with the company to modify the wording of FDA Form 3881 to ensure the intended use is equivalent or to make sure you provide clinical evidence to address the differences. In my pre-submission requests, I include a comparison document for the intended use to ensure that the FDA is aware of any differences in the intended use.

Cause #3: You failed to convince the FDA that technological differences do not raise different questions of safety and effectiveness.

Unless your device is identical in every way to the predicate device, you will have to persuade the FDA that differences do not raise questions of safety and effectiveness. At the beginning of the 510(k) process, it is helpful to document technological differences systematically. Specifically, this should include: 1) materials, 2) design, 3) energy source, and 4) other features. For each difference, you must justify why the difference does not raise different issues, or you must provide data to prove it. It is also possible that you were not aware of questions of safety and performance raised by technological differences. To avoid this problem, you can submit a detailed device description and draft labeling to the FDA in a pre-sub meeting request. If you ask questions about differences in a pre-sub meeting, you can avoid an NSE letter.

Cause #4: You failed to provide data demonstrating equivalence.

For each difference, you should determine an objective method for demonstrating that the difference is equivalent in safety and performance to the predicate. Your test method can be proposed to the FDA in a pre-sub request before testing. The FDA sees more than 3,000 companies propose testing methods to demonstrate equivalence each year. They have more experience than you do. Ask them in a pre-sub before you test anything. There may be a better test method, or you might need to adjust your test method. Sometimes results are unclear, but there might be another test you can perform to demonstrate equivalence, and then you can resubmit your 510k. Possibly you were unaware of the need to perform a test, and you were unable to complete a test within the 180 days the FDA allowed for submitting additional information. The good news is you now have all the time you need.

What is similar between all four causes of the NSE letter?

In all four root causes identified above, you could benefit greatly from the pre-sub meeting. Now you have an NSE letter, and you know which of the four reasons why your submission did not result in 510(k) clearance. However, the correction to your NSE letter may not be clear. Therefore, you should consider requesting a pre-sub meeting as quickly as you can. Most companies choose not to submit a pre-sub meeting request because they don’t want to wait 60-75 days. However, sometimes pre-sub meetings are scheduled sooner. In addition, 60-75 days is not as costly as receiving a second NSE letter.

Prevent a future NSE letter by requesting a pre-sub meeting

Regardless of your corrections for the current NSE letter, you should prevent future occurrences by planning to submit a pre-sub meeting request for every submission. I try to help clients gather all the information they need without a pre-sub meeting, but each new 510k reminds me why a pre-sub meeting is so valuable. You always learn something that helps you with the preparation of your 510k.

Help with Pre-sub meeting requests

The FDA published a guidance document for pre-sub meeting requests. If you need additional help, there is a webinar on this topic.

NSE letter: A CAPA plan for your 510k process Read More »

Design change control – best practices in managing changes?

2 Comments / Design Control / By

This article describes best practices in managing your design change control process, including a list of the ten most common mistakes.

Tire Change Image for Change Control Blog Design change control best practices in managing changes?

During every visit by FDA inspectors, and CE Marking auditors, the changes you have made will be reviewed. The focus by inspectors and auditors is: 1) to verify that your design verification and validation was adequate for the changes, and 2) to verify that necessary regulatory approval of the changes was obtained. Due to this scrutiny, your design change control process is one of the most important processes to manage well.

Ten most common mistakes in managing design change control

  1. Failure to carefully update drawings and specifications. Often these errors are typos, but it is essential to perform a thorough review of all your drawing dimensions, tolerances, notes, etc.
  2. Failure to update procedures and work instructions, especially inspection instructions. As a quality system becomes more mature, it becomes harder to identify all the places where a reference is found. If you have a 100% electronic quality system, with the ability to include cross-references, finding the related documents is easier. MasterControl uses “info cards.” It is possible to do this in any system by adding tags to your master document list. The “tags” can be standards, regulations, other procedures, and forms.
  3. Failure to validate inspection methods. Often a new inspection tool or method may appear to be better, but it is important to re-validate inspection methods whether you are changing: 1) design, 2) inspection tools, or 3) inspection methods. A Gauge R&R study is an example of one method for the validation of inspection methods.
  4. Failure to re-verify and re-validate your design. In general, whenever you make a design or process change, you need to repeat your verification and validation that was initially performed. You may be able to abbreviate the verification and validation testing. Still, if you cannot provide a justification for the abbreviated method, then you should use the same method and the same acceptance criteria. This presents an enormous burden for any device that required a clinical study to demonstrate safety and effectiveness. This is also why it is so expensive to implement changes in CE Marking for Class III devices, and FDA approved Class III PMA devices. In both cases, there is typically a large supplement required for regulatory approval.
  5. Failure to update your risk management documentation and post-market surveillance plans. Risk management files and post-market surveillance plans are meant to be “living documents.” Therefore, whenever you make changes, even minor ones, you should document your evaluation of the need to update the risk management file or your PMS plan. If the changes planned are related to a CAPA or recall, it is critical to verify the effectiveness of the changes made. This verification is both verification of the design change and the effectiveness of your risk controls. It will also be critical to document the change in the PMS plan by identifying potential confusion and use errors associated with your change.
  6. Failure to change UDI. Most companies created their change control procedure in the early stages of their quality system, and very few revisions and updates are made to the change control procedure and associated forms. Your UDI process and procedure are probably much more recent, and many companies forget to add UDI requirements to their change control process. It is important to update your device identifier, not only for regulatory compliance but also as a tool to help your company better track which quality issues are related to the previous version of your device and which quality issues are limited to the new version.
  7. Since the EU MDR requires that DI portion of your UDI is included in your Declaration of Conformity, this is another document to make sure you update when you make a design change. I recommend identifying the date (or lot) of first CE Marking and last CE Marking for your previous version in an updated Declaration of Conformity. Then you will also need the date of first CE Marking for the new version of your product. This can create a very long and complicated declaration. Still, it is important to control these transitions in anticipation of potential complaint investigations during the period of time when both versions are in distribution/use.
  8. Failure to update your technical file and device master record (DMR). Every time you change a drawing, specification, tolerance, testing method, etc. you need to update your technical documentation and DMR. This is why using a Technical File Index, and DMR Index are considered best practices. These tools just list all the related controlled documents and the current revision. The best indices will also identify how revisions were controlled (e.g., change notification or design change order). You might even identify which CE Certificate or 510(k) clearance is associated with each item in the index. This is especially helpful when you have multiple accessories involved. FDA inspectors will verify that you updated your DMR, and they will review the MDR for design changes that were not adequately validated. Your Notified Body will also review changes made to your Technical File to make sure you have notified them of changes or obtained prior approval to commercial release.
  9. Failure to document your rationale for no new regulatory approval. Whenever you make a change, you need to document your rationale for whether a new regulatory submission is required. You should have a systematic method that is documented. The FDA has published two guidance documents with decision trees to assist with this decision for 510(k) cleared products: 1) Deciding When to Submit a 510(k) for a Change to an Existing Device, and 2) Deciding When to Submit a 510(k) for a Software Change to an Existing Device. For CE Marking and Canadian Licensing, there are guidance documents on determining when a submission is required for significant changes. Regardless of your decision, you need to document the decision, and the form you use to document this decision should be a controlled form within your change control process.
  10. Failure to notify suppliers of your changes. Whenever you make a change, it is critical to notify your suppliers of the change. However, you also need to determine if the change may impact any open purchase orders. Will you need to rework or scrap any work in progress? Will you need to coordinate the use of components so that all components are used up before the change? There may even be obsolete inventory that you need to disposition as “use-as-is” or “rework.”

Create controlled templates for verification and validation testing

For every verification and validation test that you perform, you should have some kind of documented testing plan or formal protocol. Plans are more appropriate when the testing will be outsourced to a lab that has their testing protocols. If you are performing the testing in-house, you should have a formal protocol that references any internal testing work instructions that may be relevant and any testing standards that apply. The protocols should also be designed for “fill-in-the-blank” use to facilitate reuse of the protocol for multiple devices. Protocols should also identify the following required elements: 1) facilities needed for testing, 2) calibrated devices needed for measurement, 3) any controlled documents or standard referenced in the protocol, 4) sample requirements, 5) acceptance criteria, and 6) statistical rationale for sample sizes. The FDA also released a guidance document defining the format and content for testing reports. Whenever a standard is revised, it will also be important to assess the impact on current regulatory approval. CE Marked products will need to be retested to the new standards, or at least a scientific justification must be provided. By maintaining these plans and protocols as controlled documents, you will be able to execute testing plans and protocols much more quickly and consistently. You may also want to consider maintaining an appendix for testing plans that identifies any vendors and contacts for obtaining quotations for new testing.

Organizing design change control approval forms

One of the biggest mistakes people make is to try and streamline questions down to checkboxes or yes/no questions. For example, don’t ask the question, “Is 510(k) clearance required for this change?” Instead, require the person always to fill out a form to document the decision for whether a 510(k) is required or not–which should also be a controlled form. Don’t ask the person if there is an inventory that is affected by the change. Instead, ask the person to identify how many units are at each stage of the process (i.e., pending purchase orders, inspection quarantine, and finished good inventory). Then ask the person to identify the disposition for the product at each stage. This would typically be documented with a nonconforming material record (i.e., NCMR). You should also define which roles and responsibilities complete each part of your form unless you have a small company where key individuals are responsible for multiple roles.

Who should approve design changes?

There is no specific requirement for who must review and approve changes, but each document that is revised and updated will need to be reviewed and approved by the same functions that approved the previous version. Therefore, it would make sense that the same functions that reviewed and approved the design in a final design review should also be involved in the review and approval of a design change for the same device. There is no requirement for an independent reviewer for design change review and approval. Still, I have observed so many mistakes, and I think an independent reviewer and approver are extremely valuable for design changes.

What if you are facing a deadline

There is always pressure from peers and superiors to release design changes to the market as soon as possible. In theory, everything new is better, but this is often untrue. Forcing everyone to follow your change control process is intended to prevent the release of a product that is not ready for release. Therefore, you should fill out as much of your design change approval form at the beginning of a design change as possible. This will help everyone identify the documentation updates at the beginning. All the documentation and testing that is required should be planned, target dates for completion of each update should be documented, and the person responsible for each updated document should be identified. By documenting your plan and maintaining that plan, everyone will know what needs to be completed before a modified device can be released. By controlling the changes in this way, it becomes the responsibility of the whole team to make sure the responsible person and on-time complete each document. If you adopt this strategy, more device changes will be released on-time. You will also find that fewer mistakes will be made, and the team will share the burden of meeting launch deadlines.

Are “full” design controls required?

For minor design changes, you don’t want to apply “full” design controls and create a new design history file (DHF). However, you may want to create a shorter version of a design plan to document what level of control is required and how the project will be managed. This could be as short as a page, but it is likely to be several pages. The following is a list providing examples of things you might document in the abbreviated plan for control of design changes:

  1. Previous regulatory approvals [e.g., 510(k) number]
  2. Applicable Technical File or DMR Index that will be updated
  3. Any new risks identified
  4. Any new applicable standards
  5. Approved Design Inputs (indicate if changes are needed)
  6. Design Outputs that need to be updated (consider highlighting in your DMR index)
  7. Changes to your supply chain (e.g., process changes, supplier changes, supplier quality agreements, and process changes)
  8. Process validation and Revalidation required
  9. Labeling and UDI changes
  10. Obsolescence of inventory and reverse/forward compatibility of components
  11. Impact on service procedures and/or providers
  12. Changes and changeover of internal calibrated tooling and testing stations

What if you are making a design change before a product is commercialized?

The quality system requirement for control of design changes also applies to changes made before the release of a product. During the design process, changes made before “design freeze” will be frequent. For these changes, you want to make the process as simple as possible. Once you begin purchasing capital equipment and performing verification or validation testing, now the design changes are costly. This is when you really must have tight control of changes. Many companies designate that drawings and specifications have begun design transfer when the revision changes from a number (e.g., 1, 2, 3) to a letter (e.g., A, B, C). This helps identify any documentation that will now require tighter design change control. If the design is being conducted internally, then a representative of top management may need to approve changes. If a contract design firm is conducting the design, then approval by the customer may be required for any changes during design transfer.

Additional design change control resources

If your firm needs a procedure for design change control, please visit our webpage for our Change Control Procedure (SYS-006). If you are interested in Design Controls, before the release of a product from the design process, please visit our webpage for the Design Change Procedure (SYS-008).

Design change control – best practices in managing changes? Read More »

What can you do to save freedom today?

Leave a Comment / News / By

Today Americans remember Dr. Martin Luther King Jr, but this weekend I had the privilege to visit the Liberty Bell and saw the picture below.Martin Luther King Jr with Liberty Bell rvp 1 19 2020 What can you do to save freedom today?Today, the third Monday in January is the day Americans observe Dr. Martin Luther King Jr’s birthday. Dr. King was a leader of the Civil Rights Movement in the USA, but he also stood for peace. I like to think that on February 1, National Freedom Day, he would still be visiting our Liberty Bell in the City of Brotherly Love.

Saturday, I was in Philadelphia, and Tifany and I took the time to visit the Liberty Bell. It has been more than 30 years since I last visited the Liberty Bell in Philadelphia. The last time I was with my grandparents as a young boy. My grandfather was a Quaker, and he taught me every day about principles he believed in:

  • Peace
  • Religious Tolerance
  • Helping Others

He lived these principles in everything he did, and I remember most of his gentle greeting when he said hello to someone. If the other person said, “How are you today?” his reply would always be, “All the better for meeting you today.”

This was one of the Quakerisms he developed on his own over his life, and I encourage everyone reading this to do three things:

  1. Use my grandfather’s greeting to make someone smile today.
  2. Help someone else in need today.
  3. Remember that peace was part of Dr. King’s message too.

The image above includes the following description: “In 1959, Dr. Martin Luther King Jr. and Dr. Emmanual Wright, leaders of the modern Civil Rights Movement, participated in the annual tradition of celebrating National Freedom Day, the commemoration of the Thirteenth Amendment, at the Liberty Bell begun by Dr. Wright’s father. Photograph. “Dr. Martin Luther King, Jr. and Dr. Emmanuel C. Wright at the Liberty Bell,” February 1, 1959. Courtesy, Urban Archives, Temple University Library.”

 

What can you do to save freedom today? Read More »

eCopy Guidance is Finally Updated by FDA

3 Comments / 510(k) / By

This blog summarizes the changes in FDA policy, released on April 27, 2020, as a new eCopy guidance for device manufacturers.

eCopy statement screen capture eCopy Guidance is Finally Updated by FDA

The date of the guidance above was updated, but the changes to the guidance do not represent any changes in policy. It is an update of contact information and a note regarding eCopies for EUA requests. In August 2016, I had a frustrating week where I had three (3) different submissions placed on eCopy hold by the FDA, three (3) separate times, for a total of nine (9) eCopy hold in the same week. That resulted in an extra $175 of FedEx charges and wasted six (6) USB flash drives. The biggest problem was the submission delay experienced by each client that week, which wasn’t very comfortable. This terrible, no good, dreadful week ultimately resulted in our company creating a new productized service–preparing FDA eCopies for clients and competitor consultants. We also became international experts on the FDA eCopy guidance. If my experience was this painful, there must be other people experiencing the same problem, or many people would experience this problem as soon as they tried to submit their next filing with the FDA.

For about 18 months, we helped many companies prepare FDA eCopy submissions, but then there was a government shutdown, and the FDA unofficially changed its policy. A printed paper copy of pre-submissions, 510ks, and De Novo classification requests would no longer be required. You only needed to print a paper copy of your cover letter and include an electronic copy on a CD, DVD, or USB flash drive. Despite this policy change, many clients still requested the printed copy because the FDA legislation was not yet changed, and there was no updated guidance. We explained to each client that the policy had changed, and only two clients asked us to print the paper copy anyway.

In October of 2018, the unofficial policy became official, but there was still no updated FDA eCopy guidance for us to share with clients. This situation frequency resulted in questions from clients about how they should phrase the “eCopy Statement” in their submission cover letter. The eCopy guidance that was current in 2018 stated that you should include the following phrase in your cover letter: “This submission includes an eCopy and a paper copy. The eCopy is an exact duplicate of the paper copy.” However, the paper copy consisted only of the cover letter, and the rest of the submission was solely provided in electronic format.

The FDA released a new pilot version of the eSubmitter software to help companies prepare 510(k) submissions and to streamline the FDA review of submissions in 2018. However, even electronic submissions prepared with eSubmitter must be sent by courier or mail to the FDA Document Center. In 2019, the FDA mentioned that they would be releasing new guidance documents regarding electronic submissions. Still, we were also told that the FDA has no near-term plans to enable companies to submit pre-submissions, 510ks, or De Novo classification requests to the FDA via an electronic submissions gateway (ESG).

Finally, on December 16, 2019, the FDA released a new eCopy guidance. The eCopy guidance was updated again on April 27, 2020, but the changes are updated to include emails, updated webpages, and a note regarding EUA requests.

July 2022 Update for the FDA eCopy process

The FDA created a Customer Collaboration Portal (CCP) for medical device manufacturers. Originally, the portal’s purpose was to provide a place where submitters can track the status of their submissions and verify the deadlines for each stage of the submission review process. Last week, on July 19, the FDA emailed all active FDA CPP account holders that they can upload both FDA eCopy and FDA eSTAR files to the portal 100% electronically. Since our consulting team sends out submissions daily, everyone on the team was able to test the new process. If you have a CCP account, you no longer need to ship submissions via FedEx to the Document Control Center (DCC).

What DID NOT change in the new eCopy guidance?

The file name requirements are identical. You can still organize your submission in volume structure or document-only structure. You are still limited to PDF file sizes of 50 MB. The eCopy will still be problematic for the FDA to upload if your submission exceeds 1 GB. You still need to ship your eCopy to the FDA Document Center unless you submit it to CBER instead of CDRH. You can and should continue to use the eCopy validation software module provided by the FDA to ensure that your eCopy will properly upload. The guidance barely changed in length; it’s just a few pages shorter now.

What DID change in the new eCopy guidance?

Only two things changed in the new guidance. First, there is no mention of an eCopy statement anywhere. Second, you must submit a cover letter in paper format (replaced by Zip file to FDA CCP), but it does not need to be included in the electronic format (that’s only recommended).

The “new” eCopy process is not any easier than the process we have used since February 2018. However, we did update our cover letter template. If you would like a copy, please register for our FDA eCopy webinar.

Should you create your own eCopies, or should you outsource?

If my job was Director of Regulatory Affairs (or a similar position), I would outsource. Regulatory managers in companies are swamped with trying to remain compliant with new and revised medical device regulations and changes to applicable standards.

Does it take one hour to create an eCopy?

No, we can prepare, validate, and upload an FDA eCopy in less than 15 minutes. This is only possible because we do this almost every day. On the last business day before the end of the FDA fiscal year (September 30), we average four (4) submissions on that day alone. We know exactly what to do, we know how to fix all of the most common errors, we know our validation software module is up-to-date, and we never run out of USB flash drives (replaced by Zip files to FDA CCP).

How long could it take you to create an eCopy?

If you haven’t done an eCopy in that past year, it could easily take you all day to create an eCopy. You have to read the new eCopy guidance document. You must format your submission according to the rules and proofread 100% of the folder and file names. You need to find a new flash drive. You need to save the submission on your USB flash drive. You need to run the eCopy validation software module.

Or you could just outsource your eCopy problems.  

eCopy Guidance is Finally Updated by FDA Read More »

ISO 14971:2019 – Risk Management Standard

4 Comments / ISO 14971:2019 (Risk Management) / By

The 3rd edition of the risk management standard for medical devices, ISO 14971:2019, was released on December 16, 2019.

Risk management process 2019 1024x773 ISO 14971:2019 Risk Management Standard
ISO 14971:2019 – Risk Management Standard, 3rd edition

In October of 2018, I wrote a blog on the draft version of ISO 14971:2019 for risk management of medical devices. That article explained the differences between the different versions of the ISO 14971 standard (i.e., 2000, 2007, 2009, and 2012). I also explained what changed between ISO 14971:2007 and ISO/DIS 14971:2018. The final 2019 version of ISO 14971 3rd edition is now available.

The changes proposed in the draft included subtle changes to the names of the processes and a minor adjustment to the numbering of the clauses. Many of the annexes were also moved to ISO/TR 24971 guidance–which was released in 2020. The draft did not, however, result in a change in the overall process of risk management.

All of the changes that were discussed in my 2018 review were maintained in the final 2019 version that was released, but the ISO/TR 24971 guidance was not released at the same time as the committee had hoped for.

There are not any surprises in the 3rd edition (i.e., ISO 14971:2019). Therefore, I plan to wait until the ISO/TR 24971 guidance is released and then prepare a new blog specific to the guidance. If you are interested in training on the ISO 14971:2019 standard, the training I recorded on October 19, 2019, provides an excellent overview of these changes and highlights some of the challenges that you will encounter when trying to harmonize your risk management procedure between the ISO 14971:2019 standard and Regulation (EU) 2017/745.

Below are additional risk management resources:

This is a lot of information to absorb. Therefore, I recommend purchasing the October 2019 webinar and your copy of the ISO 14971 standard from AAMI. Anyone that has already purchased either the webinar or the procedure will receive an email offering them a discount on this new bundle that credits them for their previous purchase. If you have purchased both, you will receive credits for both purchases. Just think you can watch the video and read the new version of the standard while you are working out at the gym in January. Learn and burn!

ISO 14971:2019 – Risk Management Standard Read More »

Classification Recommendation – How to write one for a De Novo request

1 Comment / De Novo / By / ,

This article explains how to write your classification recommendation for a De Novo Classification Request using a risk-based approach.

Classification Recommendation 1024x678 Classification Recommendation How to write one for a De Novo request

“Automatic Class III Designation” does not mean that your device is a Class III device. That phrase means that the device is new, and therefore it will be automatically classified as Class III until a company submits a De Novo Classification Request. You and your company, not the FDA, should make the classification recommendation and propose the regulatory pathway for a new device. Submitting a 513g request is an option, but a 513g request involves paying the FDA money to write a classification recommendation. The FDA will always be more conservative in their assessment than the manufacturer.

Although no FDA guidance explains how to write a classification recommendation, companies have been writing these documents for years–for Technical Files. Most countries have risk-based classification rules, while the FDA’s product classification database is centered upon precedents and adjusted over time by historical trends of adverse events and recalls. Therefore, you should write a classification recommendation for the FDA that is focused on a documented risk assessment. Your approach will also need to be modified to include classification information for similar indications for use and technological characteristics that are already established in the US market.

Most Common Mistakes in Writing a Classification Rationale 

Many people mistakenly write a short classification rationale for a technical file, which simply states which classification rule applies and why. Although this approach is acceptable for a Declaration of Conformity, you must provide a comprehensive classification rationale in your technical file. First, you need to make sure that there is only one classification rule that applies. For example, classification rules fall into four general categories:

  1. Non-invasive Devices
  2. Invasive Devices
  3. Active Devices
  4. Special Rules

The software was haphazardly added to the active devices category until recently, and special rules were created to address emerging areas of interest and concern. Therefore, most active devices have a second rule that applies regarding the invasive nature of the device–or lack thereof. In order to write a comprehensive classification rationale, you need to review each classification rule and document your explanation for why it applies or does not apply to your device.

A Classification Recommendation Compares Indications for Use

The FDA does have classification rules, but the rules are not 13 numbered items in the Code of Federal Regulations (CFR). The FDA expects a risk assessment of comparing your device with existing devices on the US market. The basis of comparison should be: 1) the indications for use and 2) the technological characteristics. First, you should identify other devices that have similar indications for use. For example, a device intended for home use or over-the-counter (OTC) use represents a higher risk to patients and users than a device intended for prescription use only. Patients may fail to identify contraindications for a device properly, or the lack of formal medical training may result in use errors that would not occur when a physician uses the same device.

Other aspects of indications for use that impact the risk assessment are the part of the body where your device will be used and the duration of use. For example, implants are at higher risk than non-implants, because implants are in contact with the body for a much longer period of time. Implants can also expose the body to systemic risks, while a surface contacting device is likely only to have a localized effect. Degradation of implants also exposes the body to small particles, with more surface area, that can travel from one part of the body to another.

If your device is used for life support, the device will also be considered at higher risk than devices that are not required for life support. If your device is the only device used for diagnosis, this also represents a higher risk than a device that acts as an adjunct to other devices. Finally, if your device is an accessory to other devices that are high risk, your device may be considered a higher risk as well–especially if it controls the higher risk device.

In your analysis, you need to identify devices that are already on the US market that have similar indications for use. Usually, those devices will be Class II devices. However, if some of those devices are Class I or Class III, you will need to be more careful with how you differentiate your indications for use from those other devices.

A Classification Recommendation Compares Technological Characteristics

When comparing technological characteristics, the following aspects should be considered: 1) materials, 2) design, 3) energy source, and 4) other design features. For example, absorbable materials are generally considered at higher risk than devices that are not absorbable. Sterile devices are generally at higher risk than non-sterile devices because the failure of the sterilization process or the package integrity can result in serious infections and death. Devices that are electrically powered are usually considered at higher risk than devices that are not powered. Finally, software-controlled devices that provide feedback control are considered at higher risk than a device that does not have feedback control. Each technological characteristic also represents a different category of hazard. Hazard categories are listed in Table E1 of Annex E in ISO 14971:2007. These include chemical, biological, electrical, radiation, etc.

Once you have identified the Classification of other devices with similar indications for use and technological characteristics, you need to estimate the risks for each hazard identified. This involves more than just listing hazards and assigning scores for severity and probability for the occurrence of harm. Severity should consider the type of injuries, the number of injuries, and the duration of harm. Probability should consider the frequency of events (P1), and the probability of events resulting in injury (P2). These risk estimates also require clinical data.

Benefit/Risk Analysis

In the end, you prepare a benefit/risk analysis for your device. This is much more than a statement that the benefits outweigh the risks. You need to identify the clinical benefits of your device when compared to alternative treatments. You also need to analyze risks relative to alternative treatments. You will need to prepare this as a summary of risks–not a list of hazards. Ultimately, your benefits should be equivalent to the benefits of existing devices on the market or better, and the risks should be equivalent to existing devices on the market or less.

Examples of Classification Recommendation

Eight different medical devices are legally marketed in the USA for weight loss or weight management:

  1. Lap-Band Adjustable Gastric Banding System – Class III, PMA
  2. Maestro Rechargeable System – Class III, PMA
  3. ORBERA Intragastric Balloon System – Class III, PMA
  4. Obalon Balloon System – Class III, PMA
  5. TransPyloric Shuttle/TransPyloric Shuttle Delivery Device – Class III, PMA
  6. AspireAssist – Class III, PMA
  7. Sensor Monitored Alimentary Restriction Therapy (SMART) Device – Class II, De Novo
  8. Plenity – Class II, De Novo

The indications for use for these products are similar, but not identical. Plenity is indicated for patients with a BMI of 25 – 40 kg/m2. In comparison, ORBERA is indicated for patients with a BMI of 30-40 kg/m2, and AspireAssist is indicated for patients with a BMI of 35-55 kg/m2. All three of these indications have overlapping BMI ranges. However, the clinical benefits to a person with a BMI of 25 kg/m2 are not the same as the clinical benefits to a person with a BMI of 40 or 50 kg/m2. Therefore, these minor differences in BMI can have a significant impact on the benefit/risk analysis used for a De Novo approval decision and the Classification (i.e., Class II or Class III) determined by the FDA.

The only two weight management devices that received the approval of the De Novo Classification Request had very different technological characteristics from the other six devices. All six Class III, PMA devices, are implants, while the Class II devices are not implants. The risks associated with implants are much greater than with non-implants. The risk of implants breaking or leaking, and the difficulty in removing an implant, are just two of the considerations that must be evaluated in deciding whether an implantable device should be a Class II or Class III device.

Classification Recommendation – How to write one for a De Novo request Read More »

De Novo pre IDE Meeting

1 Comment / De Novo / By

The article describes the most critical part of the preparation for a De Novo Classification Request, the De Novo pre IDE meeting.pre IDE Meeting Timeline De Novo pre IDE Meeting

There are two critical differences between a De Novo classification request and a 510k submission. First, 510k clearance is based upon a substantial equivalence comparison of a device and a predicate device that is already marketed in the USA, while a De Novo classification is based upon a benefit-risk analysis of a device’s clinical benefits compared with the risk of harm to users and patients. Second, 510k clearance usually does not require clinical data to demonstrate safety and efficacy, while a De Novo classification request usually does require clinical data to demonstrate safety and efficacy. Therefore, it makes sense that the two most common challenges for innovative medical device companies are: 1) learning how to write a benefit-risk analysis, and 2) designing a clinical study. Success with both of these tasks can be significantly improved by requesting a De Novo pre IDE meeting with the FDA.

Benefit-Risk Analysis Questions to Ask During a De Novo pre IDE Meeting

Most device companies are only familiar with substantial equivalence comparisons–not a benefit/risk analysis. The statement “the benefits outweigh the risks” is not a benefit/risk analysis. The European MDD requires a benefit/risk analysis (mentioned eight times), while Regulation (EU) 2017/745 mentions benefit/risk 69 times. Despite the obvious increased emphasis on benefit/risk analysis in the new EU Regulations, the new ISO 14971 standard that is expected to be released next month still does not require a benefit/risk analysis for all risks as required by the regulations. The international standard also does not clearly explain how to perform a benefit/risk analysis. The best explanation for how to perform a benefit/risk analysis is provided in the FDA guidance.

In addition to reading that guidance, you will need to systematically identify all of the current alternative methods of treatment, diagnosis, or monitoring for your intended use. Therefore, you should ask in a pre-submission meeting if there are any additional devices or treatments that the FDA feels should be considered. You should review each of the alternative treatments for clinical studies that may help you in the design of your clinical study. You should carefully review the available clinical data for alternative treatments to help you quantify the risks and benefits associated with those treatments too. Finally, you should consider whether one or more of these alternative treatments might be a suitable control for your clinical study. Ideally, your clinical study design will show that the benefits of your device are greater, and the risks are less, but either may be enough for approval of your classification request. If you think the risks of your device are significantly less than alternative treatments, then ask the FDA about using this factor as an endpoint in your study design.

Clinical Study Design Considerations

Ideally, there is already a well-accepted clinical model for assessing efficacy for your desired indications. This means multiple, published, peer-reviewed journal articles. You might have a better method for evaluating subjects, but don’t propose that method instead of a “gold standard.” If you feel strongly that your method is more appropriate, propose both methods of evaluation. You also need multiple evaluators who can be objective. Randomization, blinding, and monitoring of clinical studies is critical to ensure an unbiased evaluation of clinical results.

You also need to design your study with realistic expectations. Murphy’s law is always active. That means, “things will go wrong in any given situation if you give them a chance.” Therefore, you must avoid optimism and devise methods for detecting errors quickly. This is why electronic data capture systems and eSource is preferred for data collection instead of the manual collection of data on paper case study forms. Not only does it reduce errors in data collection, but it also facilitates remote monitoring of clinical sites. This includes asking questions that are open-ended or quantitative–instead of Yes/No questions or qualitative evaluations that encourage subjectivity. You can always anticipate every mistake that will be made, and open-ended questions often capture essential data that would otherwise be lost. Asking the quantitative questions also will provide you with additional data you can analyze, which may reveal unexpected relationships or help you to explain unexpected results. To help facilitate the development of these questions, try asking yourself how you could detect an error for each data point you are collecting. Then add a detection mechanism to your data collection plan wherever and whenever you can.

Goals of De Novo pre IDE Meeting

A pre-IDE meeting is not typically your first pre-submission meeting with the FDA. Usually, your first pre-submission meeting is to verify that the FDA agrees that the regulatory pathway is a De Novo classification request rather than a 510(k) submission. Hopefully, you also were able to review your overall testing plan with the FDA during your first pre-submission meeting. You may have even reviewed a clinical synopsis with the FDA during your initial pre-submission meeting. During the pre-IDE meeting, your goal is to finalize your clinical study protocol. That doesn’t mean that the FDA should agree 100% with your draft protocol. You want positive and negative feedback on all aspects of your protocol before the IDE submission. During the IDE review, changes will be made.

The most important aspects of getting right before the IDE submission are the fundamentals. Most of my De Novo clients feel that a control group is not possible, because they think that test subjects will know when a sham is used. However, trying to avoid a control group is nearly impossible. The most important factors for why a control group is needed are:

  • you need to minimize differences between experimental and control subjects, but you can’t do that if you are relying on data from other clinical studies
  • you also need to ensure that your evaluation methods are identical, which is nearly impossible when performed by different people, at different facilities, using slightly different protocols

Another area of weakness in most draft clinical protocols is the method of evaluation. Specifically:

  • Who is doing evaluations?
  • Which endpoints are important?
  • When are your endpoints?
  • What are your acceptance criteria?

The last area to consider in a pre-IDE meeting is your statistical plan. You need a statistical plan, but the statistical analysis seldom appears to be the reason for the rejection of clinical data. The reason is that changes can be made to your statistical analysis of data after the study is completed, but you can’t change the data once the study is over. The FDA is now accepting adaptive designs that allow the company to analyze data during the study to recalculate the ultimate sample size needed based upon actual data rather than initial assumptions.

Other De Novo Classification Request Resources

On Thursday, October 17, we presented a live webinar showing medical device companies on how to avoid a stunning disaster. Click here to access the webinar recording. We recorded another webinar about the preparation De Novo Classification Requests that you can download from our website. I wrote a blog about De Novo classification requests. You can also learn a lot about how to Design your own De Novo clinical study by reviewing the Decision Summaries published by the FDA for each De Novo in the list of De Novo classification requests. Finally, the FDA pre-sub guidance 2019 is an invaluable resource for preparing any pre IDE meeting request.

De Novo pre IDE Meeting Read More »

Scroll to Top