Implant Card Requirement – A New Requirement of EU 2017/745

This article breaks down and reviews the new implant card requirement as well as Article 18 of EU 2017/745.

We also have available for sale, SYS-037 Implant Card Procedure written to be Article 18 compliant of Regulation (EU) 2017/745, and includes;

  • SYS-037 A, Implant Card Procedure
  • FRM-044 Checklist for Information to be supplied to the patient with an implant
  • FRM-045 Implant Card Checklist for Article 18 Reg 2017-745
  • Native Slide Deck for Implant Card Webinar
  • Recording of the Implant Card Webinar

Implant Card Procedure Implant Card Requirement   A New Requirement of EU 2017/745

Implant Card Requirement, a new requirement from Regulation (EU) 2017/745.

One of the new changes to the regulation is an introduction of a new requirement for implantable devices. These devices must now come with an “implant card” that contains information about the implanted medical device for the patient. The responsibility of the implementation of the new implant card rules lies with the manufacturer of the implantable device and the health institution as required by the EU member states.

What is an implantable device?

Before discussing the specifics of the implant card, we must first define what an implantable device is to determine if the implant card requirements apply to your device or devices. Article 2 Definitions, number 5 of Regulation (EU) 2017/745 defines and outlines what is considered an implantable device.

(5) ‘implantable device’ means any device, including those that are partially or wholly absorbed, which is intended:

– to be introduced in the human body, or

– to replace an epithelial surface or the surface of the eye,

By clinical intervention and which is intended to remain in place after the procedure.

Any device intended to be partially introduced into the human body by clinical intervention and intended to remain in place after the procedure for at least 30 days shall also be deemed to be an implantable device;

(Taken from http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32017R0745 English version)

Is my device considered implantable?

Working with the above definition of an implantable device, you can now compare those requirements against your own devices to determine if they are considered to be an implantable device or not. This can be done by performing a gap analysis of the definition against your device.

Consider what your device is and ask yourself the following questions:

Is my device intended to be partially or wholly absorbed?

If the answer is no, then your device may not be an implantable one. If it is, then you must keep asking yourself questions until you can sufficiently determine your device’s status as implantable or not.

Is my device intended to be introduced in the human body?

No. Ok, that is fine, but is it intended to replace an epithelial surface or the surface of the eye?

To make an awful analogy of the process, it is almost like playing a game of Guess Who with your device. Instead of asking your device if they have red hair or a mustache, you have to ask your device questions like, “Are you intended to remain in place after the procedure?”.

The gap analysis is fine, but you also have to consider some other factors within the wording of the definition. Be careful navigating the specifics because the devil is in the details. In the definition, which is only eighty-nine words long, by the way, uses the word “intended” three different times.

That is important because the definition applies not only to some of the characteristics and uses of the device but also to the intent behind the device. Just because the device can be wholly introduced into the body does not mean that the device is ‘intended’ to be. A better example would be, by clinical intervention, can your device remain in place after the procedure? Could it, perhaps, but is it intended to be? Also, is it the intent of the device to be done so by clinical intervention?

Where to find the implant card requirement?

Regulation (EU) 2017/745 of the European Parliament and of the Council of 5 April 2017 on medical devices is where the introduction of implant cards can be found. The definition of an implantable device is found in Article 2 Definitions, definition number 5.

Article 18- ‘Implant card and information to be supplied to the patient with an implanted device’ is where the implant card requirements can be found. This article contains three sections and four subsections pertaining to implant cards.

Article 18 Implant card requirement and information to be supplied to the patient with an implanted device

Below is article 18 in its entirety so that we can discuss it further in detail.

“1. The manufacturer of an implantable device shall provide together with the device the following:

(a) information allowing the identification of the device, including the device name, serial number, lot number, the UDI, the device model, as well as the name, address and the website of the manufacturer;

 

(b) any warnings, precautions or measures to be taken by the patient or a healthcare professional with regard to reciprocal interference with reasonably foreseeable external influences, medical examinations or environmental conditions;

 

(c) any information about the expected lifetime of the device and any necessary follow-up;

 

(d) any other information to ensure the safe use of the device by the patient, including the information in point (u) of Section 23.4 of Annex I.

The information referred to in the first subparagraph shall be provided, to make it available to the particular patient who has been implanted with the device, by any means that allow rapid access to that information and shall be stated in the language(s) determined by the concerned Member State. The information shall be written in a way that is readily understood by a layperson and shall be updated where appropriate. Updates of the information shall be made available to the patient via the website mentioned in point (a) of the first subparagraph.

Also, the manufacturer shall provide the information referred to in point (a) of the first subparagraph on an implant card delivered with the device.

  1. The Member States shall require health institutions to make the information referred to in paragraph 1 available, by any means that allow rapid access to that information, to any patients who have been implanted with the device, together with the implant card, which shall bear their identity.
  2. The following implants shall be exempted from the obligations laid down in this Article: sutures, staples, dental fillings, dental braces, tooth crowns, screws, wedges, plates, wires, pins, clips, and connectors. The Commission is empowered to adopt delegated acts in accordance with Article 115 to amend this list by adding other types of implants to it or by removing implants therefrom.”

(taken from http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32017R0745)

Who does the implant card requirement apply to?

Section 1. of Article 18 states explicitly that it is the manufacturer who shall supply the information. Fortunately, it is also outlined what information needs to be included and some guidance on how to provide the information.

Take note, though, that the article states it “shall” be provided, “together with the device.” This means that merely having the information available or accessible such as a downloaded PDF on your website, is not sufficient to comply with section 1. Because that is not being supplied together with the device as outlined.

Section 2. of Article 18 applies to member states’ requirements of health care institutions.

Section 1 of Article 18

Section 1 is by far the most extended section of the article and outlines precisely what information must be provided with the implantable device. Not only is this information that must be provided, it specifically must be provided by the manufacturer. The subsections are broken down by topic and can be summarized as the information, warning, maintenance, and misc. Sections.

Section 1. Sub-Section A

This sub-section outlines the specific identifying information that must be provided. It is even specifically “information allowing the identification of the device.” For devices that are produced and manufactured compliant with other standards such as ISO 13485 or the QSR portion of the United States Code of Federal Regulations, a lot of this information is the same information that is required for traceability.

Besides the generic “information allowing the identification of the device,” the other specific information that ‘shall’ be provided is:

  • The name of the device,
  • The device serial number,
  • The lot number of the device,
  • The UDI,
  • The model of the device,
  • The name of the manufacturer,
  • The manufacturers address,
  • The manufacturers’ website.

They don’t just want your device’s driver’s license; they want the driver’s license, library card, passport, blood type, and favorite color. This is done for a purpose but also carries some implications on the maintenance actions of the manufacturer.

First such strict ID requirements mean that the device is traceable and identifiable. There should be absolutely no doubt about who made the device. In the event of an incident, that device should be traceable back to when and where the individual components were created and assembled into the final device. For traceability of an incident, tracking for corrective or preventive action, or just general inventory tracking this is the type of strict diligence that is expected when the end-user or patient is receiving medical care with an implantable device. There is no demonizing of this requirement. Yes, it is strict, but it is also just part of good housekeeping for a manufacturer in general. Only now it must be provided to the patient receiving care with the device as well.

What is implied is that the information provided along with the device is somewhat of a living document, and the information could vary a bit from patient to patient. Because things like lot numbers or any number of trackable metrics used with the UDI are included, the implant card information cannot be generically the same for each device but that it will have sections that are specific to individual devices. Sure this may initially create some logistical headaches for keeping track that the implant cards don’t get mixed up in situations where the devices are being manufactured, but this creates a level of accountability that is designed for the ultimate safety of the end patient.

Section 1. Sub-section B

Sub-section B contains the warning information of the device. The first part is pretty self-explanatory as meaning literally what is stated “any warnings” and “precautions”. It is the next part that I do not interpret literally. Where it says “measures to be taken by the patient or a healthcare professional with regard to reciprocal interference with reasonably foreseeable external influences, medical examinations or environmental conditions”.

If I were the manufacture of an implantable medical device, I would most definitely include measures to be taken by the patient as well as measures to be taken by a healthcare professional. There are a couple of spots that use the word ‘or’, and if it were me, I would read it ‘as well as’.

I say that for a few reasons. One is that without explicit clarification of a governing body as exactly what a silly little word like that is intended to me, this creates an area that is open for debate. Does that ‘or’ mean that at least one of those needs to be included and the rest can be excluded?

As one who likes to err on the side of caution, if you have the information available, why would you not provide it? By going above and beyond not only demonstrates your goodwill but also avoids hang-ups where an auditor might not agree with how you viewed the requirement, and you end up with a nonconformity, or in the same situation with an incident investigator. Ink is cheap; liabilities are expensive.

Section 1. Sub-section C, and Sub-section D.

These two subsections are relatively short and straight forward.

“(c)         any information about the expected lifetime of the device and any necessary follow-up;

How long can the user expect your device to last once it has been implanted?  I there any maintenance they should be performed? Perhaps once a year, a physician needs to double-check the device placement?

(d)         any other information to ensure the safe use of the device by the patient, including the information in point (u) of Section 23.4 of Annex I.”

The rest of Section 1. Of Article 18.

“The information referred to in the first subparagraph shall be provided, to make it available to the particular patient who has been implanted with the device, by any means that allow rapid access to that information and shall be stated in the language(s) determined by the concerned Member State. The information shall be written in a way that is readily understood by a layperson and shall be updated where appropriate. Updates of the information shall be made available to the patient via the website mentioned in point (a) of the first subparagraph.

Also, the manufacturer shall provide the information referred to in point (a) of the first subparagraph on an implant card delivered with the device.”

(Taken from http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32017R0745 English version)

At the end of this section, it provides a little bit more information about the purpose of the article but also lays out some guidelines for how to make the required information available.

I specifically mentioned earlier that having the information slapped on a website is not enough by itself. The text states, “any means that allow rapid access to that information”. Certainly, available on the internet is a means that allows rapid access, and it is if you have internet. Using a web-based approach like that is assuming that all the possible patients all have the technology and budget to reach the information. This means that every single possible patient needs a means to access the internet, and the money to pay for internet access. Also, being able to simply access the information rapidly isn’t necessarily providing the information “together with the device” as required.

You also need to have a conversation with your notified body and determine what languages are required by the member state in which your device is sold. It does not do the patient much good if they do not understand the language in which the information is being presented. It also needs to be presented in easy to understand terms, not in technical jargon.

Updates, unlike the initial presentation of information, needs to be included on your website. Specifically, the website that was included in the implant card given to the patient.

Section 2. of Article 18

Unlike what we saw in Section 1. Section 2. Outlines requirements for the health institutions and not the manufacturer. More specifically, Section 2. Requires member states to require health institutions to perform actions.

This section makes health institutions provide the same information that manufacturers had to provide to patients who have been implanted with a device, with the same stipulations as to how the information is provided. However, it also includes the health institution to include their identity on the implant card as well.

  1. Member States shall require health institutions to make the information referred to in paragraph 1 available, by any means that allow rapid access to that information, to any patients who have been implanted with the device, together with the implant card, which shall bear their identity.

(Taken from http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32017R0745 English version)

Exemptions allowed in Article 18.

Section 3 of Article 18 is the list of exempted implants, exempted devices are:

  • Sutures
  • Staples
  • Dental Fillings
  • Dental Braces
  • Tooth Crowns
  • Screws
  • Wedges
  • Plates
  • Wires
  • Pins
  • Clips

This is not an exhaustive list and can change with time at the discretion of the Commission. What it has done is taken implanted devices and exempted some of the most common and widely used ones. Thankfully so too, imagine if every staple needed an implant card to be presented to the receiving patient with individual batch and identifying numbers. Then coordinate the effort with a health institution so that the card also bears their identification as well. This would quickly become exhaustive.

  1. The following implants shall be exempted from the obligations laid down in this Article: sutures, staples, dental fillings, dental braces, tooth crowns, screws, wedges, plates, wires, pins, clips, and connectors. The Commission is empowered to adopt delegated acts in accordance with Article 115 to amend this list by adding other types of implants to it or by removing implants therefrom.”

(Taken from http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32017R0745 English version)

Implant Card Requirement – A New Requirement of EU 2017/745 Read More »

Design change control – best practices in managing changes?

This article describes best practices in managing your design change control process, including a list of the ten most common mistakes.

Tire Change Image for Change Control Blog Design change control   best practices in managing changes?

During every visit by FDA inspectors, and CE Marking auditors, the changes you have made will be reviewed. The focus by inspectors and auditors is: 1) to verify that your design verification and validation was adequate for the changes, and 2) to verify that necessary regulatory approval of the changes was obtained. Due to this scrutiny, your design change control process is one of the most important processes to manage well.

Ten most common mistakes in managing design change control

  1. Failure to carefully update drawings and specifications. Often these errors are typos, but it is essential to perform a thorough review of all your drawing dimensions, tolerances, notes, etc.
  2. Failure to update procedures and work instructions, especially inspection instructions. As a quality system becomes more mature, it becomes harder to identify all the places where a reference is found. If you have a 100% electronic quality system, with the ability to include cross-references, finding the related documents is easier. MasterControl uses “info cards.” It is possible to do this in any system by adding tags to your master document list. The “tags” can be standards, regulations, other procedures, and forms.
  3. Failure to validate inspection methods. Often a new inspection tool or method may appear to be better, but it is important to re-validate inspection methods whether you are changing: 1) design, 2) inspection tools, or 3) inspection methods. A Gauge R&R study is an example of one method for the validation of inspection methods.
  4. Failure to re-verify and re-validate your design. In general, whenever you make a design or process change, you need to repeat your verification and validation that was initially performed. You may be able to abbreviate the verification and validation testing. Still, if you cannot provide a justification for the abbreviated method, then you should use the same method and the same acceptance criteria. This presents an enormous burden for any device that required a clinical study to demonstrate safety and effectiveness. This is also why it is so expensive to implement changes in CE Marking for Class III devices, and FDA approved Class III PMA devices. In both cases, there is typically a large supplement required for regulatory approval.
  5. Failure to update your risk management documentation and post-market surveillance plans. Risk management files and post-market surveillance plans are meant to be “living documents.” Therefore, whenever you make changes, even minor ones, you should document your evaluation of the need to update the risk management file or your PMS plan. If the changes planned are related to a CAPA or recall, it is critical to verify the effectiveness of the changes made. This verification is both verification of the design change and the effectiveness of your risk controls. It will also be critical to document the change in the PMS plan by identifying potential confusion and use errors associated with your change.
  6. Failure to change UDI. Most companies created their change control procedure in the early stages of their quality system, and very few revisions and updates are made to the change control procedure and associated forms. Your UDI process and procedure are probably much more recent, and many companies forget to add UDI requirements to their change control process. It is important to update your device identifier, not only for regulatory compliance but also as a tool to help your company better track which quality issues are related to the previous version of your device and which quality issues are limited to the new version.
  7. Since the EU MDR requires that DI portion of your UDI is included in your Declaration of Conformity, this is another document to make sure you update when you make a design change. I recommend identifying the date (or lot) of first CE Marking and last CE Marking for your previous version in an updated Declaration of Conformity. Then you will also need the date of first CE Marking for the new version of your product. This can create a very long and complicated declaration. Still, it is important to control these transitions in anticipation of potential complaint investigations during the period of time when both versions are in distribution/use.
  8. Failure to update your technical file and device master record (DMR). Every time you change a drawing, specification, tolerance, testing method, etc. you need to update your technical documentation and DMR. This is why using a Technical File Index, and DMR Index are considered best practices. These tools just list all the related controlled documents and the current revision. The best indices will also identify how revisions were controlled (e.g., change notification or design change order). You might even identify which CE Certificate or 510(k) clearance is associated with each item in the index. This is especially helpful when you have multiple accessories involved. FDA inspectors will verify that you updated your DMR, and they will review the MDR for design changes that were not adequately validated. Your Notified Body will also review changes made to your Technical File to make sure you have notified them of changes or obtained prior approval to commercial release.
  9. Failure to document your rationale for no new regulatory approval. Whenever you make a change, you need to document your rationale for whether a new regulatory submission is required. You should have a systematic method that is documented. The FDA has published two guidance documents with decision trees to assist with this decision for 510(k) cleared products: 1) Deciding When to Submit a 510(k) for a Change to an Existing Device, and 2) Deciding When to Submit a 510(k) for a Software Change to an Existing Device. For CE Marking and Canadian Licensing, there are guidance documents on determining when a submission is required for significant changes. Regardless of your decision, you need to document the decision, and the form you use to document this decision should be a controlled form within your change control process.
  10. Failure to notify suppliers of your changes. Whenever you make a change, it is critical to notify your suppliers of the change. However, you also need to determine if the change may impact any open purchase orders. Will you need to rework or scrap any work in progress? Will you need to coordinate the use of components so that all components are used up before the change? There may even be obsolete inventory that you need to disposition as “use-as-is” or “rework.”

Create controlled templates for verification and validation testing

For every verification and validation test that you perform, you should have some kind of documented testing plan or formal protocol. Plans are more appropriate when the testing will be outsourced to a lab that has their testing protocols. If you are performing the testing in-house, you should have a formal protocol that references any internal testing work instructions that may be relevant and any testing standards that apply. The protocols should also be designed for “fill-in-the-blank” use to facilitate reuse of the protocol for multiple devices. Protocols should also identify the following required elements: 1) facilities needed for testing, 2) calibrated devices needed for measurement, 3) any controlled documents or standard referenced in the protocol, 4) sample requirements, 5) acceptance criteria, and 6) statistical rationale for sample sizes. The FDA also released a guidance document defining the format and content for testing reports. Whenever a standard is revised, it will also be important to assess the impact on current regulatory approval. CE Marked products will need to be retested to the new standards, or at least a scientific justification must be provided. By maintaining these plans and protocols as controlled documents, you will be able to execute testing plans and protocols much more quickly and consistently. You may also want to consider maintaining an appendix for testing plans that identifies any vendors and contacts for obtaining quotations for new testing.

Organizing design change control approval forms

One of the biggest mistakes people make is to try and streamline questions down to checkboxes or yes/no questions. For example, don’t ask the question, “Is 510(k) clearance required for this change?” Instead, require the person always to fill out a form to document the decision for whether a 510(k) is required or not–which should also be a controlled form. Don’t ask the person if there is an inventory that is affected by the change. Instead, ask the person to identify how many units are at each stage of the process (i.e., pending purchase orders, inspection quarantine, and finished good inventory). Then ask the person to identify the disposition for the product at each stage. This would typically be documented with a nonconforming material record (i.e., NCMR). You should also define which roles and responsibilities complete each part of your form unless you have a small company where key individuals are responsible for multiple roles.

Who should approve design changes?

There is no specific requirement for who must review and approve changes, but each document that is revised and updated will need to be reviewed and approved by the same functions that approved the previous version. Therefore, it would make sense that the same functions that reviewed and approved the design in a final design review should also be involved in the review and approval of a design change for the same device. There is no requirement for an independent reviewer for design change review and approval. Still, I have observed so many mistakes, and I think an independent reviewer and approver are extremely valuable for design changes.

What if you are facing a deadline

There is always pressure from peers and superiors to release design changes to the market as soon as possible. In theory, everything new is better, but this is often untrue. Forcing everyone to follow your change control process is intended to prevent the release of a product that is not ready for release. Therefore, you should fill out as much of your design change approval form at the beginning of a design change as possible. This will help everyone identify the documentation updates at the beginning. All the documentation and testing that is required should be planned, target dates for completion of each update should be documented, and the person responsible for each updated document should be identified. By documenting your plan and maintaining that plan, everyone will know what needs to be completed before a modified device can be released. By controlling the changes in this way, it becomes the responsibility of the whole team to make sure the responsible person and on-time complete each document. If you adopt this strategy, more device changes will be released on-time. You will also find that fewer mistakes will be made, and the team will share the burden of meeting launch deadlines.

Are “full” design controls required?

For minor design changes, you don’t want to apply “full” design controls and create a new design history file (DHF). However, you may want to create a shorter version of a design plan to document what level of control is required and how the project will be managed. This could be as short as a page, but it is likely to be several pages. The following is a list providing examples of things you might document in the abbreviated plan for control of design changes:

  1. Previous regulatory approvals [e.g., 510(k) number]
  2. Applicable Technical File or DMR Index that will be updated
  3. Any new risks identified
  4. Any new applicable standards
  5. Approved Design Inputs (indicate if changes are needed)
  6. Design Outputs that need to be updated (consider highlighting in your DMR index)
  7. Changes to your supply chain (e.g., process changes, supplier changes, supplier quality agreements, and process changes)
  8. Process validation and Revalidation required
  9. Labeling and UDI changes
  10. Obsolescence of inventory and reverse/forward compatibility of components
  11. Impact on service procedures and/or providers
  12. Changes and changeover of internal calibrated tooling and testing stations

What if you are making a design change before a product is commercialized?

The quality system requirement for control of design changes also applies to changes made before the release of a product. During the design process, changes made before “design freeze” will be frequent. For these changes, you want to make the process as simple as possible. Once you begin purchasing capital equipment and performing verification or validation testing, now the design changes are costly. This is when you really must have tight control of changes. Many companies designate that drawings and specifications have begun design transfer when the revision changes from a number (e.g., 1, 2, 3) to a letter (e.g., A, B, C). This helps identify any documentation that will now require tighter design change control. If the design is being conducted internally, then a representative of top management may need to approve changes. If a contract design firm is conducting the design, then approval by the customer may be required for any changes during design transfer.

Additional design change control resources

If your firm needs a procedure for design change control, please visit our webpage for our Change Control Procedure (SYS-006). If you are interested in Design Controls, before the release of a product from the design process, please visit our webpage for the Design Change Procedure (SYS-008).

Design change control – best practices in managing changes? Read More »

What can you do to save freedom today?

Today Americans remember Dr. Martin Luther King Jr, but this weekend I had the privilege to visit the Liberty Bell and saw the picture below.Martin Luther King Jr with Liberty Bell rvp 1 19 2020 What can you do to save freedom today?Today, the third Monday in January is the day Americans observe Dr. Martin Luther King Jr’s birthday. Dr. King was a leader of the Civil Rights Movement in the USA, but he also stood for peace. I like to think that on February 1, National Freedom Day, he would still be visiting our Liberty Bell in the City of Brotherly Love.

Saturday, I was in Philadelphia, and Tifany and I took the time to visit the Liberty Bell. It has been more than 30 years since I last visited the Liberty Bell in Philadelphia. The last time I was with my grandparents as a young boy. My grandfather was a Quaker, and he taught me every day about principles he believed in:

  • Peace
  • Religious Tolerance
  • Helping Others

He lived these principles in everything he did, and I remember most of his gentle greeting when he said hello to someone. If the other person said, “How are you today?” his reply would always be, “All the better for meeting you today.”

This was one of the Quakerisms he developed on his own over his life, and I encourage everyone reading this to do three things:

  1. Use my grandfather’s greeting to make someone smile today.
  2. Help someone else in need today.
  3. Remember that peace was part of Dr. King’s message too.

The image above includes the following description: “In 1959, Dr. Martin Luther King Jr. and Dr. Emmanual Wright, leaders of the modern Civil Rights Movement, participated in the annual tradition of celebrating National Freedom Day, the commemoration of the Thirteenth Amendment, at the Liberty Bell begun by Dr. Wright’s father. Photograph. “Dr. Martin Luther King, Jr. and Dr. Emmanuel C. Wright at the Liberty Bell,” February 1, 1959. Courtesy, Urban Archives, Temple University Library.”

 

What can you do to save freedom today? Read More »

eCopy Guidance is Finally Updated by FDA

This blog summarizes the changes in FDA policy, released on April 27, 2020, as a new eCopy guidance for device manufacturers.

eCopy statement screen capture eCopy Guidance is Finally Updated by FDA

The date of the guidance above was updated, but the changes to the guidance do not represent any changes in policy. It is an update of contact information and a note regarding eCopies for EUA requests. In August 2016, I had a frustrating week where I had three (3) different submissions placed on eCopy hold by the FDA, three (3) separate times, for a total of nine (9) eCopy hold in the same week. That resulted in an extra $175 of FedEx charges and wasted six (6) USB flash drives. The biggest problem was the submission delay experienced by each client that week, which wasn’t very comfortable. This terrible, no good, dreadful week ultimately resulted in our company creating a new productized service–preparing FDA eCopies for clients and competitor consultants. We also became international experts on the FDA eCopy guidance. If my experience was this painful, there must be other people experiencing the same problem, or many people would experience this problem as soon as they tried to submit their next filing with the FDA.

For about 18 months, we helped many companies prepare FDA eCopy submissions, but then there was a government shutdown, and the FDA unofficially changed its policy. A printed paper copy of pre-submissions, 510ks, and De Novo classification requests would no longer be required. You only needed to print a paper copy of your cover letter and include an electronic copy on a CD, DVD, or USB flash drive. Despite this policy change, many clients still requested the printed copy because the FDA legislation was not yet changed, and there was no updated guidance. We explained to each client that the policy had changed, and only two clients asked us to print the paper copy anyway.

In October of 2018, the unofficial policy became official, but there was still no updated FDA eCopy guidance for us to share with clients. This situation frequency resulted in questions from clients about how they should phrase the “eCopy Statement” in their submission cover letter. The eCopy guidance that was current in 2018 stated that you should include the following phrase in your cover letter: “This submission includes an eCopy and a paper copy. The eCopy is an exact duplicate of the paper copy.” However, the paper copy consisted only of the cover letter, and the rest of the submission was solely provided in electronic format.

The FDA released a new pilot version of the eSubmitter software to help companies prepare 510(k) submissions and to streamline the FDA review of submissions in 2018. However, even electronic submissions prepared with eSubmitter must be sent by courier or mail to the FDA Document Center. In 2019, the FDA mentioned that they would be releasing new guidance documents regarding electronic submissions. Still, we were also told that the FDA has no near-term plans to enable companies to submit pre-submissions, 510ks, or De Novo classification requests to the FDA via an electronic submissions gateway (ESG).

Finally, on December 16, 2019, the FDA released a new eCopy guidance. The eCopy guidance was updated again on April 27, 2020, but the changes are updated to include emails, updated webpages, and a note regarding EUA requests.

July 2022 Update for the FDA eCopy process

The FDA created a Customer Collaboration Portal (CCP) for medical device manufacturers. Originally, the portal’s purpose was to provide a place where submitters can track the status of their submissions and verify the deadlines for each stage of the submission review process. Last week, on July 19, the FDA emailed all active FDA CPP account holders that they can upload both FDA eCopy and FDA eSTAR files to the portal 100% electronically. Since our consulting team sends out submissions daily, everyone on the team was able to test the new process. If you have a CCP account, you no longer need to ship submissions via FedEx to the Document Control Center (DCC).

What DID NOT change in the new eCopy guidance?

The file name requirements are identical. You can still organize your submission in volume structure or document-only structure. You are still limited to PDF file sizes of 50 MB. The eCopy will still be problematic for the FDA to upload if your submission exceeds 1 GB. You still need to ship your eCopy to the FDA Document Center unless you submit it to CBER instead of CDRH. You can and should continue to use the eCopy validation software module provided by the FDA to ensure that your eCopy will properly upload. The guidance barely changed in length; it’s just a few pages shorter now.

What DID change in the new eCopy guidance?

Only two things changed in the new guidance. First, there is no mention of an eCopy statement anywhere. Second, you must submit a cover letter in paper format (replaced by Zip file to FDA CCP), but it does not need to be included in the electronic format (that’s only recommended).

The “new” eCopy process is not any easier than the process we have used since February 2018. However, we did update our cover letter template. If you would like a copy, please register for our FDA eCopy webinar.

Should you create your own eCopies, or should you outsource?

If my job was Director of Regulatory Affairs (or a similar position), I would outsource. Regulatory managers in companies are swamped with trying to remain compliant with new and revised medical device regulations and changes to applicable standards.

Does it take one hour to create an eCopy?

No, we can prepare, validate, and upload an FDA eCopy in less than 15 minutes. This is only possible because we do this almost every day. On the last business day before the end of the FDA fiscal year (September 30), we average four (4) submissions on that day alone. We know exactly what to do, we know how to fix all of the most common errors, we know our validation software module is up-to-date, and we never run out of USB flash drives (replaced by Zip files to FDA CCP).

How long could it take you to create an eCopy?

If you haven’t done an eCopy in that past year, it could easily take you all day to create an eCopy. You have to read the new eCopy guidance document. You must format your submission according to the rules and proofread 100% of the folder and file names. You need to find a new flash drive. You need to save the submission on your USB flash drive. You need to run the eCopy validation software module.

Or you could just outsource your eCopy problems.  

eCopy Guidance is Finally Updated by FDA Read More »

ISO 14971:2019 – Risk Management Standard

The 3rd edition of the risk management standard for medical devices, ISO 14971:2019, was released on December 16, 2019.

Risk management process 2019 1024x773 ISO 14971:2019   Risk Management Standard
ISO 14971:2019 – Risk Management Standard, 3rd edition

In October of 2018, I wrote a blog on the draft version of ISO 14971:2019 for risk management of medical devices. That article explained the differences between the different versions of the ISO 14971 standard (i.e., 2000, 2007, 2009, and 2012). I also explained what changed between ISO 14971:2007 and ISO/DIS 14971:2018. The final 2019 version of ISO 14971 3rd edition is now available.

The changes proposed in the draft included subtle changes to the names of the processes and a minor adjustment to the numbering of the clauses. Many of the annexes were also moved to ISO/TR 24971 guidance–which was released in 2020. The draft did not, however, result in a change in the overall process of risk management.

All of the changes that were discussed in my 2018 review were maintained in the final 2019 version that was released, but the ISO/TR 24971 guidance was not released at the same time as the committee had hoped for.

There are not any surprises in the 3rd edition (i.e., ISO 14971:2019). Therefore, I plan to wait until the ISO/TR 24971 guidance is released and then prepare a new blog specific to the guidance. If you are interested in training on the ISO 14971:2019 standard, the training I recorded on October 19, 2019, provides an excellent overview of these changes and highlights some of the challenges that you will encounter when trying to harmonize your risk management procedure between the ISO 14971:2019 standard and Regulation (EU) 2017/745.

Below are additional risk management resources:

This is a lot of information to absorb. Therefore, I recommend purchasing the October 2019 webinar and your copy of the ISO 14971 standard from AAMI. Anyone that has already purchased either the webinar or the procedure will receive an email offering them a discount on this new bundle that credits them for their previous purchase. If you have purchased both, you will receive credits for both purchases. Just think you can watch the video and read the new version of the standard while you are working out at the gym in January. Learn and burn!

ISO 14971:2019 – Risk Management Standard Read More »

Private Labeled Devices with FDA Approval

This article explains the FDA regulations related to private labeled devices that are already 510k cleared and distributors want to import.

Untitled presentation 1 e1650334733162 Private Labeled Devices with FDA Approval

This article was initially inspired by a question asked on the Medical Devices Group website hosted by Joe Hage. Companies often ask about how to private labeled devices in the USA, because they are unable to find anywhere in the FDA regulations where private labeling of the device is described. The reason for this is because the FDA regulations for devices allow for the labeling to identify the distributor only—without any mention of the OEM manufacturer on the label. In contrast, most other countries have “own-brand labeling” regulations or regulations for private labeling devices. It is also important to remember that the FDA only approves devices through the pre-market approval (PMA) pathway. All other devices fall into one of three categories: 1) 510k exempt, 2) 510k cleared, or 3) De Novo classification request approved. Devices that fall into the third category will subsequently fall into category 1 or 2 after the FDA approves the classification request.

Questions about the private labeled devices process for FDA

Our distribution company is interested in getting a private labeled devices agreement with an OEM to sell a Class II medical device in the USA. The OEM has 510(k) clearance, and the only product change will be the company’s name and address on the label. There will be no change to the indications for use. Please answer the following questions:

  1. Is it legal to eliminate all mention of the OEM from the device labeling?
  2. Who is responsible for complaint handling and medical device reporting? OEM or private-labeled distributor?
  3. What is the process to get this private label for the Class II device?
  4. How can our distribution company avoid paying the FDA user fee?

Answer to the first question about private labeled devices

The FDA is unique in that they allow either the distributor or the manufacturer to be identified on the label, but both are not required. Therefore, if Joe Hage were the distributor, and you were the manufacturer, there are two legal options for the private labeled device: 1) “Distributed by Joe Hage”, or 2) “Manufactured for Joe Hage.”

The manufacturer is not required to be identified on the label. However, the OEM must be registered and listed with the FDA. If the OEM is outside the USA, then the distributor must register and list with the FDA as the initial importer and reference the K number when they complete the FDA listing. There is no approval required by the FDA. You will need a quality agreement defining the roles and responsibilities of each party, but that is all.

Answer to the second question about private labeled devices

The quality agreement must specify which company is responsible for complaint handling (21 CFR 820.198) and medical device reporting (21 CFR 803). In this situation, the OEM is the specification developer, as defined by the FDA. Therefore, the OEM will be responsible for reporting and execution of recalls. Therefore, even if the distributor with a private label agreement is identified as the “complaint file establishment,” the OEM will still need to obtain copies of the complaint information from the distributor, and determine if medical device reporting and/or corrections and removals are required (i.e., recalls).

Answer to the third question about private labeled devices

There is no formal process for “getting a private label.” The entire private label process is negotiated between the distributor and the OEM with no involvement of the FDA. However, in the listing of devices within the FDA FURLS database, all brand names of the device must be identified. Therefore, the OEM will need to add the new brand name used by the distributor to their listing for the 510(k) cleared product. However, the FDA does have the option to keep this information confidential by merely checking a box in the device listing form.

Answer to the fourth question about private labeled devices

If the distribution company is the initial importer of a device into the USA, then the distributor must be registered with the US FDA as the initial importer, and the distributor will need to pay the FDA user fee for the establishment registration. That user fee is $5,236 for FY 2020, and there is no small business discount for this fee. The only way to avoid paying the user fee is to have another company import the device, who is already registered with the FDA, and to distribute the product for that company. I imagine some logistics brokers might be acting as an initial importer for multiple distributors to help them avoid paying the annual FDA user fee for establishments. That company might also be providing US Agent services for multiple OEMs. However, I have not found a company doing this.

Is private labeling of device legal in the USA?

The FDA is unique in that they allow either the distributor or the manufacturer to be identified on the label, but both are not required. Therefore, if Joe Hage were the distributor, and you were the manufacturer, there are two legal options for the private label: 1) “Distributed by Joe Hage”, or 2) “Manufactured for Joe Hage.”

Who must register, list, and pay user fees for medical devices?

This question is frequently asked, and the table with the information was not visible on my mobile browser. Therefore, I copied the table from the FDA website and posted the information in the image below. The information is copied directly from the FDA website:

Registration and Listing Requirements for Domestic Establishments

Who must register list and pay fig 1 1024x697 Private Labeled Devices with FDA ApprovalWho must register list and pay fig 2 1024x710 Private Labeled Devices with FDA Approval

Registration and Listing Requirements for Foreign Establishments

Who must register list and pay fig 3 1024x947 Private Labeled Devices with FDA Approval

For products that are manufactured outside the USA, and imported into the USA, the initial importer is often the company identified on the label. There are two typical private labeling situations, but other possibilities exist:

  1. If the initial importer owns the 510(k), then the manufacturer outside the USA is identified as the “contract manufacturer,” and the initial importer is identified as the “specifications developer.” Both companies must register their establishments with the FDA, and there needs to be a quality agreement between the two companies defining roles and responsibilities. The contract manufacturer outside the USA is not automatically exempt from reporting requirements and complaint handling. The contract manufacturer outside the USA may decide to label the product as a) “Manufactured by”, b) “Manufactured for”, or c) “Distributed by.” Options “a”, “b” and “c” would list the importer’s name because they own the 510(k), and they are the distributor. This situation often occurs when companies outside the USA want to sell a product in the USA, but they do not want to take on the responsibility of obtaining 510(k) clearance. These firms often believe this will exempt them from FDA inspections, but the FDA is increasingly conducting FDA inspections of contract manufacturers due to this private label situation.
  2. If the manufacturer owns the 510(k), then the manufacturer outside the USA is identified as the “specifications developer” and the “manufacturer,” while the initial importer will be identified as the “initial importer.” The importer may also be specified as the complaint file establishment and/or repackager/relabeler in the FDA registration database. The manufacturer outside the USA will not be able to import the device into the USA without identifying an initial importer in the USA in the FDA FURLS database. The manufacturer outside the USA may decide to label the product as a) “Manufactured by”, b) “Manufactured for”, or c) “Distributed by.” Options “b” and “c” would list the importer’s name, while option “a” would list the manufacturer’s name. This situation often occurs when US companies want to be the distributor for a product made outside the USA, and the company wants a private labeled product. This also happens when the OEM wants the option to have multiple US distributors.

In both of the above private-label situations, the non-US firm must have a US Agent identified because the company is located outside the USA. The US Agent may be the initial importer, but this is not required. It could also be a consulting service that acts as your US Agent. The US Agent will be responsible for receiving communications from the FDA and confirming their role as US agents each year when the registration is renewed. Medical Device Academy offers this service to non-US clients we help obtain 510(k) clearance.

Follow-up questions

A Korean company, with a US distribution subsidiary, would like to private label a medical device with an existing 510(k) owned by another company in their name. Does the Korean company need a contract in place before private labeling? Does the US subsidiary and/or the Korean parent company need to be registered in the USA prior distribution of the private-labeled version of the device in the USA?

Rob’s response: Initially, it was unclear from the wording of the question as to whom is the 510(k) owner, which company will be on the label, who is doing the labeling, and who is doing the importing to the USA. The person asking Joe Hage this question tried clarifying their question via email, but we quickly switched to scheduling a phone call using my calendly link. I have reworded the question above, but here are some of the important details I learned during our phone call:

  1. The person asking was already acting as the relabeler, repackager, and they were distributing the product in the USA. This person’s company is also registered with the FDA.
  2. The device is 510(k) cleared by another US company, and there is no need to worry about the complications of an initial importer being identified for a product manufactured in the USA.

In this situation, the relabeler/repackager can relabel the product for the Korean company’s US subsidiary as long as there is a quality agreement in place for all three parties (i.e., relabeler, distributor, and manufacturer). There is no need for the Korean parent company to register with the FDA. There is no need for a new 510(k) submission, and the US subsidiary does not need to register with the FDA—as long as the quality agreement specifies that the US subsidiary will maintain records of distribution, facilitate recalls if required, and notify the manufacturer of any potential complaints and/or adverse events immediately. The manufacturer with 510(k) clearance will be responsible for complaint handling, medical device reporting, and execution of recalls according to the agreement. The relabeler will be responsible for maintaining records of each lot of product that is relabeled for the US subsidiary, and the relabeler must maintain distribution records that link the original manufacturer’s lot to the lot marked on the relabeled product.

If you have questions about the private labeling of your device, please contact us.

Private Labeled Devices with FDA Approval Read More »

Integrating usability testing into your design process

This article explains how you should be integrating usability testing into your design control process–especially formative usability testing.

Integrating Usability Engineering and Risk Management into your Design Control Process Integrating usability testing into your design process

Why you should be integrating usability testing into the design

We recently recorded an updated usability webinar and released a usability procedure (SYS-048) with help from Research Collective–a firm specializing in human factors testing. After listening carefully to the webinar, and reading through the new usability procedure, I felt we needed to update our combined design/risk management plan to specify formative testing during phase 3 and summative (validation) testing during phase 4 of the design process. This is necessary to ensure your usability testing is interwoven with your risk management process. Integrating usability testing into all phases of your design process is critical–especially design planning (phase 1), feasibility (phase 2), and development (phase 3).

Integrating usability testing into your design plan helps identify issues earlier

During the usability training webinar, Research Collective provided a diagram showing the various steps in the usability engineering process. The first five steps should be included in Phases 1 and 2 of your design process. Phase 1 of the design process is planning. In that phase, you should identify all of the usability engineering tasks that need to be performed during the design process and estimate when each activity will be performed. The first of these usability activities is the identification of usability factors related to your device. Identifying usability factors is performed during Phase 2 of your design process before hazard identification.

Indentifying Usability Issues 300x209 Integrating usability testing into your design process

Before performing hazard identification, which should include identifying potential use errors, you need to identify five key usability elements associated with your device:

  1. prospective device users during all stages of use must be defined
  2. use environments must be identified
  3. user interfaces must be identified
  4. known use errors with similar devices and previous generations of your device must be researched
  5. critical tasks must be described in detail and analyzed for potential use errors

Defining users must include the following characteristics: physical condition, education, literacy, dexterity, experience, etc. Use environment considerations may consist of low lighting, extreme temperatures or humidity, or excessive uncontrolled motion (e.g., ambulatory devices). User interfaces may include keyboards, knobs, buttons, switches, remote controllers, or even a touch screen display.

Often the best reason for developing a new device is to address an everyday use error that is inherent to the design of your current device model or a competitor’s product. Therefore, a thorough review of adverse event databases and literature searches for potential use errors is an important task to perform before hazard identification. This review of adverse event data and literature searches of clinical literature are key elements of performing post-market surveillance, and now ISO 13485:2016 requires that post-market surveillance shall be an input to your design process.

Finally, the step-by-step process of using your device should be analyzed carefully to identify each critical user task. User tasks are defined as “critical” for “a user task which, if performed incorrectly or not performed at all, would or could cause serious harm to the patient or user, where harm is defined to include compromised medical care.” Not every task is critical, all critical tasks must be identified, and ultimately you need to verify that each critical task is performed correctly during your summative (validation) usability testing.

Evaluating Risk Control Options – Formative Usability Testing in Phase 3 (Development)

Once your design team has conducted hazard identification and identified your design inputs (i.e., design phase 2), you will begin to evaluate risks and compare various risk control options. Risk control option analysis requires testing multiple prototype versions to assess which design has the optimum benefit/risk ratio. This is an iterative process that involves screening tests. For any use risks you identify, formative usability testing should be performed. Sometimes the risk controls you implement will create new use errors or new risks of other types. In this case, you must compare the risks before implementing a risk control with risks created by the risk control.

Formative Usability Testing Process 220x300 Integrating usability testing into your design process

Ideally, each design iteration will reduce the risks further until all risks have been eliminated. The international risk management standard (ISO 14971) states that risks shall be reduced as low as reasonably practicable (ALARP). However, the European medical devices regulations require risks to be reduced as far as possible, considering the state-of-the-art. For example, all small-bore connectors in the USA are now required to have unique connectors that are incompatible with IV tubing Luer lock connections to prevent potential use errors. That requirement is considered “state-of-the-art.” If your device is marketed in both the USA and Europe, you will need to reduce errors as far as possible–before writing warnings and precautions in your instructions for use.

Reaching the point where use errors cannot be reduced any further may require many design iterations, and each iteration should be subsequently evaluated with formative usability testing. Formative testing can be performed with prototypes, rather than production equivalents, but the formative testing conditions should also address factors such as the use environment and users with different levels of education and/or experience. Ultimately, if the formative testing is done well, summative (validation) testing will be a formality.

Risk Control Effectiveness During Phase 4 – Summative Usability Testing during Verification

Once your team freezes the design, you will need to conduct verification testing. This includes integrating usability testing into the verification testing process. Summative (validation) testing must be performed once your design is “frozen.” If you are developing an electrical medical device, then you will need to provide evidence of usability testing as part of your documentation for submission to an electrical safety testing lab for IEC 60601-1 testing. There is a collateral standard for usability (i.e., IEC 60601-1-6). For software as a medical device (SaMD), you will also be expected to conduct usability testing to demonstrate that the user interface does not create any user errors.

Summative Usability Testing Process 174x300 Integrating usability testing into your design process

When you conduct summative (validation) testing, it is critical to make sure that you are using samples that are production equivalents rather than prototypes. Also, it is crucial to have your instructions for use (IFU) finalized. Any residual risks for use errors should be identified in the precautions section of your IFU, and the use of video is encouraged as a training aid to ensure use errors are identified, and the user understands any potential harm. When the summative testing is performed, there should be no deviations and no use errors. Inadequate identification of usability factors during Phase 2, or inadequate formative testing during Phase 3, is usually the root cause of failed summative testing. If your team prepared sufficiently in Phase 2 and 3, the Phase 4 results would be unsurprisingly successful.  

Additional Training Resources for Usability Engineering

The following additional training resources for usability engineering may be helpful to you:

Integrating usability testing into your design process Read More »

What is a pFMEA? (i.e., process Failure Mode and Effect Analysis)

This article explains what a pFMEA is (i.e. Process Failure Modes and Effects Analysis) and how to use them as part of your risk management process.

RPN Scoring Table What is a pFMEA? (i.e., process Failure Mode and Effect Analysis)

I recently had someone ask for help understanding the Process Failure Mode and Effect Analysis (pFMEA) a little better. I can’t blame them, because I was lost the first time I tried to fill out a form for one. It can be confusing and overwhelming if you have never created one before.

First things first, what is a pFMEA

FMEA= Failure Modes and Effects Analysis

A lower-case letter will come before the FMEA, and that denotes the ‘what’, of what the failure is that is being analyzed. A pFMEA will often be examining process failures where a dFMEA might evaluate design failures.

Some systems capitalize all the letters. Some capitalize none. That is not what is important as long as it is consistent throughout your system. Everyone should be able to easily understand that whatever variation of pfmea is used; it means “process failure modes and effects analysis.” 

What does a pFMEA do?

A pFMEA will break down your manufacturing process into its individual steps and methodically examine them for potential risks or failures. For companies that utilize our Turn-Key Quality Management System, FRM-025 process Failure Modes, and Effects Analysis can be used as a template.

For this example, we will look at receiving inspection of injection-molded casing parts for a medical device. This receiving inspection includes a manual inspection of 10 randomly selected parts out of each delivery of 100 using an optical overlay.

Process Step

This area, as the section title suggests, is the process step. When looking at the process as a whole, the pFMEA will break it down into each and every step included in that process. This area is simply that individual step that is going to be examined.

The Process Step or item function depending on what your form uses for this scenario, is going to be part of the random sampling for manual inspection of the received parts using an optical overlay. Our example is going to be the backlighting element of the optical overlay display. The backlighting element will illuminate the inspected part against the template to verify that the part is within specific dimension criteria.

Potential Failure Modes

A failure mode is a way in which that process step might fail. Since it is failure modeS, it needs to be considered that there may be more than one way for the process step to fail. Do not be fooled that because this box on the form has been filled in that the pFMEA will be complete. A thorough examination of all of the possible failures should be investigated.

Our example in this process requires the backlighting element to illuminate a visual template over the parts. The light not illuminating properly is a potential failure mode of this process.

Potential Effects of Failure

the potential effects of the failure is a look into what the ramifications would be if that failure for that process step actually happened.

In our scenario, one of the potential effects of the lighting not functioning properly is that parts outside of the designated sizing acceptance criteria may be accepted rather than rejected as non-conforming parts.

S (Severity)

The next area is the first area that requires an estimated grading of the failure. That is ‘Severity’ which is abbreviated as S. There is a scale provided in the rating section of FRM-025 that outlines the numbering system that Medical Device Academy uses.

Below is a snippet of the rating scale used, this is included with the purchase of the SYS-010 Risk Management Procedure.

Severity (S)
Severity of the effectScale Definition
Business Risk 0 No potential harm to patient or user
Superficial2 Little potential for harm to patient or user

In this case, our example is using molded plastic pieces of the outside casing of a medical device. Pieces that are too large or too small will not fit when making the final assembly of the device. These plastic pieces do not happen to be patient contacting, and do not affect the function of the device.

The evaluation of this failure is determined to have no potential effect on patient safety or increase any potential for risk of harm, therefore the severity is assigned as a ‘business risk’ meaning that it bears no risk for the user or the patient. This makes the Severity Score 0.

Causes of Failure

This column is exactly that. What might cause this identified failure to happen? In our example might be the light bulbs in the overlay machine may slowly burn out over time with use. This burnout causes potential failure.

If the bulb is expected to only have a lifetime of 100 hours, then the more hours the bulb is used, the dimmer the light may become. A slowly dimming light decreases the sharpness of the overlay template and our parts that are supposed to have a + or – size criteria of 10% now have a fuzzy template that in reality changes the overlay to show closer to + or – 13%. Now parts that are too small or too large may be accepted.

O (Occurrence/Probability)

This grading criterion is also found in the Rating section of FRM-025. This is how often the failure is expected to occur. How often will the lighting element of our optical overlay fail to function in the appropriate manner for this cause?

Hopefully not very often. In fact, regularly scheduled maintenance and calibration of the overlay machine could prevent this from ever happening in the best-case scenario. Our evaluations determine that the probability of this happening is low. However, since we cannot be certain it will never happen the potential for this risk exists and makes the Occurrence score a 4.

Current Process Controls

What is currently being done to control this risk? Our example uses regularly scheduled maintenance and calibration to prevent bulb burnout affecting the overlay.

D (Detectability)

Our current process is based on routine maintenance and visual inspection. This means that the bulb burnout is something that is visually inspected for and visual inspections for detectability on the rating scale are graded as 8. This chart is found in the Rating Section of FRM-025.

RPN (Risk Priority Number)

This is a number that is found by multiplying the Severity, by the Probability, by the Detectability. In our example, the numbers RPN is  0X4X8=32 for an RPN of 32 which is considered LOW.

pFMEA math

Below is a short video explaining the math behind calculating the Risk Priority Number

https://www.youtube.com/watch?v=OWfyHyx-zhI&feature=youtu.be

What if anything can be done to improve this process? In our example, a recommended action may be to transfer from visual only inspections to verification of light output by the meter. This makes the Detectability of the failure measurable by meter or gage which is a detectability score of 4.

This changes the RPN now to 0X4X4=16

The pFMEA shouldn’t be a solo thing

If it can be avoided this type of analysis should be done by a multidisciplinary team. Sometimes in smaller companies, people end up having to wear more than one hat. There are many entrepreneurs that have to function as the CEO/CFO/Design Engineer/RA/QA manager.

Ideally, a team approach should be used if feasible. Have the management level staff who have ownership of the processes participating in this analysis. They should know the process more intimately than anyone else in the company and should have more insight into the possible failure modes of the processes as they have likely seen them first hand. They are also the type of employee who would know the types of recommended actions to control the risk of those failures as well.

The pFMEA should also be a living document

As new failure modes are discovered they should be added to your pFMEA. A new failure mode might be discovered through a CAPA because the process had an actual failure that was not originally analyzed. Take an instance like that as an opportunity for improvement and to update your pFMEA as part of a living breathing risk management system. Also, use this as a time to re-brainstorm potentially similar failure modes that may not have been considered previously so that they can be controlled before they happen.

If you took the time to watch the video above it is also mentioned that in some instances the very first FMEA must be based on estimates because there is no data. Managers and engineers may be forced to estimate the probability of occurrence. If that is the case the FMEA should be updated in the future to adjust the (O) score to reflect what is occurring in actuality based on real data and not the theoretical data that was used for the initial estimate.

What is a pFMEA? (i.e., process Failure Mode and Effect Analysis) Read More »

Hiking Expedition

On August 9, 2019, three generations of my family left Glastonbury, CT, on a two-week hiking expedition to complete three of the highest peaks in the USA.

Our plan for the hiking expedition was to hike four of the highest peaks. My father, Bob Packard (age 77), is trying to complete all 50 of the highest peaks in each of the United States. For this trip we planned to hike the following mountains:
  1. Wheeler Peak – New Mexico
  2. Kings Peak – Utah
  3. Borah Peak – Idaho
  4. Granite Peak – Montana

Bailey Packard (18), Noah Packard (20), Rob Packard (47), and Bob Packard (77) started on Friday, August 9, from Glastonbury, CT.

Start 300x225 Hiking Expedition
Glastonbury, CT

Then we drove West for a long time. On Saturday, August 10, we stopped at the Waffle House.

Waffle House 300x169 Hiking Expedition
Waffle House

Then we got back in the car.

3 Driving 300x169 Hiking Expedition

Finally, on Sunday, August 11, we arrived at the base of Wheeler Peak. We decided to hike it that day despite not acclimating to the altitude and not sleeping in two days.

4 Bailey Base of Wheeler e1566919907502 225x300 Hiking Expedition
Bailey Packard

5 Noah Base of Wheeler e1566919966989 225x300 Hiking Expedition
Noah Packard

Wheeler Peak 1 300x225 Hiking Expedition
Wheeler Peak

Wheeler Peak 2 300x225 Hiking Expedition

Wheeler Peak 3 1 e1566920143315 225x300 Hiking Expedition

Wheeler Peak 4 e1566920187157 225x300 Hiking Expedition

Wheeler Peak 5 e1566920220978 225x300 Hiking Expedition

Wheeler Peak 6 300x225 Hiking Expedition

Then we headed back across the ridge and down to the car. The evening we drove to Colorado and slept. The following morning, Monday, August 12, we drove through Colorado.

Driving through Colorado 300x169 Hiking Expedition

That evening we arrived at Henry’s Fork Trail Head in Utah several hours after dark. We pitched tents in the parking area and slept for the night. In the morning, Tuesday, August 13, we woke to ice on our tents. Then we began the long hike into the valley (see Bailey’s video above).

Entering Valley Near Kings Peak 300x169 Hiking Expedition

We were all carrying too much gear, and we needed some rest.

Taking a Break on Kings Peak Day 1 300x169 Hiking Expedition

While we enjoyed the view of the valley.

Taking a Break on Kings Peak Day 1 from a different view 300x169 Hiking Expedition

Later we saw a couple of moose (Bailey got close enough for a selfie).

Bailey says hello to the Moose 300x169 Hiking Expedition

We slept the night just below Gun Sight Pass and then headed up Kings Peak in the morning of Wednesday, August 14.

Kings Peak Group Photo 300x169 Hiking Expedition

Another spectacular view.

Kings Peak View 300x169 Hiking Expedition

Then we headed back across the ridge (very challenging and exposed).

Kings Peak Ridge 300x169 Hiking Expedition

That afternoon Bailey got lost, but we found him back at the tents several hours later just before dark. Noah was exhausted and took a nap in the middle of the Gun Sight Pass. We all slept well and hiked back to the car in the morning of Thursday, August 15.

Dad Taking a Break e1566921771896 169x300 Hiking Expedition

Then we drove to Idaho Falls, and we had all you can eat steak at Stockman’s.

We took at rest day on Friday, August 16. On Saturday, it was perfect weather, and we drove to Borah Peak in Idaho–just two hours Northwest from Idaho Falls. We arrived just after 6 am and began hiking as the sun rose.

Borah Peak 300x225 Hiking Expedition

Now I understand why Wheeler was rated a 1+ in difficulty. Kings Peak was rated a 2+ in difficulty, and Borah is 3+ in difficulty. There is a 2,000+ foot cliff on both sides of a goat path across a knife-edge. There is sharp, jagged shale everywhere and no trees. Winds are fierce, and it’s not a windy day. Temperatures were in the low 40s. I decided to “chicken out” just before we got to “Chicken Out Ridge.”

Where Rob Waited 300x225 Hiking Expedition
This is where Rob waited for the others.

The ice bridge was not expected, and dozens of weekend hikers with no experience were trying to crawl across the ice. Bailey used his knife for extra grip on the ice. Bob was almost knocked off the mountain by a falling boulder, and they made it to the peak waiting for Bailey’s pictures to be added later.

Then we all headed down the mountain.

Dad and Bailey on Borah e1566921715900 225x300 Hiking Expedition

Noah on Borah e1566921886585 225x300 Hiking Expedition

Rob on Borah e1566921940799 225x300 Hiking Expedition

The following day, Sunday, August 18, we drove home our feet were too sore to attempt Granite Peak. But along the way, we stopped on Monday, August 19 at Portillo’s for

20190819 173135 300x225 Hiking Expedition
Chocolate Cake Shake

Thank you for your support, and thank you to Noah and Bailey for joining my dad and me on this hiking expedition. These are memories we’ll never forget.

Hiking Expedition Read More »

What is a Gap Analysis?

This article describes what a gap analysis is in the context of managing your quality system when standards and regulations are updated.

Compliance Assessment Gap Analysis Picture 1024x683 What is a Gap Analysis?
Compliance Assessment/Gap Analysis

What is a Gap Analysis? An introductory look.

Well, that depends on the context. The dictionary definition is “A technique that businesses use to determine what steps need to be taken in order to move from its current state to its desired, future state. Also called need-gap analysis, needs analysis, and needs assessment.” 

For the most part, this is correct, but we need to tweak it just a little bit to fit better into our regulatory affairs niche, specifically medical device manufacturers. A gap analysis for financial investment or an advertising firm will be very different than one for a medical device distributor. It might even be better served to be called a compliance assessment/gap analysis, but I am sure someone else has thought of that long before me.

For our purposes, the gap analysis is a formal comparative review of an internal process or procedure against a standard, good practice, law, regulation, etc. This blog article will be an introductory look into that process. We also created a procedure case study that shows how a gap analysis can be used to review your management procedure against the requirements in ISO 13485:2016.

What are the two BIG goals of a Gap Analysis?

It sounds like a simple exercise, but the gap analysis or “GA” for short can have two very different but complementary functions. Rather than simply hunting for areas of non-compliance, the first goal is to find and demonstrate areas of compliance. 

The second more obvious goal is to find the gaps between the process and the regulatory requirements they are being compared against. 

Why is demonstrating compliance important?

Because this is a formal documented review, a gap analysis provides documentation in a traceable manner of meeting the requirements that have been laid out. That traceability is important because it allows anyone to read the report, see the requirement, and locate the area of the procedure that demonstrates conformity with that requirement. 

The report itself is an objective tool, not something that is meant to be a witch hunt. The gap analysis will compare document contents. If you want to verify that the entire process is fully compliant, you will need to dig deeper and observe if the activities laid out within the procedure are being performed per the procedure instructions. It is possible to draft procedures that are compliant with text requirements but non-compliant in the manner that the actions are being performed and documented.

What about gaps?

The gaps, or areas of non-compliance highlight opportunities for improvement, if there are any. A gap assessment may not find any gaps and present a report that clearly and neatly outlines and explains how each regulatory requirement is being met. 

If there are any gaps identified, that does not mean that there is cause for concern. This should be viewed instead as an opportunity for improvement. Standards and procedures change over time, and, naturally, procedures and processes will have to change with them.

The very act of the gap analysis shows that there is a documented effort towards continual improvement as long as the gaps are addressed. 

Addressing the Gaps

The report is ideally the first and last step, and you have a wonderful piece of paper to show that someone checked, and all of the required areas are being met. However, this is not always the case. When there are gaps, they must be filled.

Addressing a gap should happen in a traceable manner, one that shows it was identified, acknowledged, and then how it was fixed. Something that might be addressed through your CAPA process, but that is a topic for a different time. 

In Closing

The compliance assessment/gap analysis is a singular tool used in the overall maintenance of a quality system. Its actions and performance are similar to a simplified type of audit, but the gap analysis itself is not going to replace your regularly scheduled audit activities. However, it will help you monitor and keep your fingers on the overall pulse of your quality system. This is also especially helpful in situations where standards and regulations are updated, and your quality system needs to be evaluated and updated accordingly.

For more in-depth education in specialized areas of the assessment, look into our training on Technical File Auditing for MDR compliance against Regulation (EU) 2017/745 at the link below.

https://medicaldeviceacademy.com/technical-file-auditing/

What is a Gap Analysis? Read More »

Scroll to Top