Risk Management + Adverse Event Reporting: FDA Guidance
Risk management and adverse event reporting protocols for medical device manufacturers have been addressed by new FDA guidance. Producing and controlling electronic records will be critical to ongoing efforts.
Medical Device Reporting: FDA Provides Clarity
Specifically, the November 8 FDA guidance offers the FDA’s latest thinking when it comes to Medical Device Reporting (MDR). FDA defines these as “events that manufacturers become aware of that reasonably suggest that one of their marketed medical devices may have caused or contribute to a death or serious injury or has malfunctioned and the malfunction of the medical device or a similar medical device that the market would be likely to cause or contribute to a death or serious injury if the malfunction were to occur.”
Risk Management: Risk-Based Thinking
The November 8 guidance itself has had a long and winding road — the first draft was issued in July 2013 — and it has been chock full of back and forth comments from the medical device manufacturing industry because it recognizes the importance of properly handling MDR. To further illustrate the continued importance of implementing risk-based thinking, a key aspect of the ISO 13485:2016 update involves medical device manufacturers incorporating risk-based approaches beyond product realization. A quality management system (QMS) incorporating a risk management solution like AssurX serves as a key tool in addressing this literally life or death situation.
Detailed Complaints Management Procedures In Place
The guidance is intended for medical device manufacturers alone – it is not applicable to user facilities, importers, or distributors. As the guidance makes clear, FDA expects any medical device manufacturers to have MDR procedures in place that identify the roles and responsibilities of contractors or consultants that work on the companies behalf to review and process complaints. Quality Management System (QMS) regulations also require medical device manufacturers to have a formally designated complaint management process to receive, review, and evaluate complaints. To do this properly, a medical device manufacturer must have a firm grip on risk management to be able to quickly identify the most serious user complaints and remediate the situation in a timely manner.
Further stressing the importance of document management and retrieval, FDA makes it clear in the guidance that it expects medical device manufacturers facing an MDR-reportable event to be able to produce information it can obtain by contacting a user facility, importer, or another initial reporter. FDA also wants to see a report that includes any relevant information already in a medical device manufacturer’s possession and information it can obtain by analysis, testing, or other evaluation of the device.
Implied Impact on Document Management – Electronic Records
What the FDA doesn’t say outright is that being able to quickly retrieve comprehensive electronic records for the agency can go a long way toward ensuring the AE does less damage to the company from a regulatory perspective – not to mention safety issues for the users of its medical device Any FDA regulated shop that has had any dealings with the agency knows this is true across the board for life sciences companies of all stripes.
Quality Management System Checklist: FDA Details What Is Needed
Taking a deeper dive into the guidance, FDA spells out in more detail what it expects of a medical device manufacturer’s program to develop, maintain, and implement written MDR procedures. MDR procedures must include internal quality management systems (QMS) that provide for the following:
- Timely and effective identification, communication, and evaluation of events that may be subject to MDR requirements, including device-related complaints
- A standardized review process or procedure (based on the MDR regulation) for determining whether or not an event is in fact an MDR reportable event.
- Timely transmission of these reports to the FDA.
Procedures must also include documentation and recordkeeping requirements for:
- Information that was evaluated to determine if an event was reportable.
- All medical device reports and information already submitted to the FDA.
- Any information that was evaluated for the purpose of preparing the submission of annual reports.
- Systems that ensure access to information that facilitates timely follow-up and inspection by FDA.
FDA recommends that written MDR procedures – which should also spell out the policy and procedures for processing an MDR – be maintained as a separate document. “If you combine them with other procedures (e.g., complaint handling or vigilance reports) the MDR portion should be located in a separate section,” it further clarifies in the guidance.
Medical Device Manufacturers Show The FDA Good Faith
Procedures must also describe how the medical device manufacturer will conduct its investigation of events that may be reportable. As an example, FDA notes that a company trying to get to the bottom of the situation may need to make multiple attempts to contact the reporter via different means such as phone or email. FDA expects medical device manufacturers to make what it calls a “good faith” effort to obtain additional information including a written request for information.
Clearly, the ability to maintain and produce electronic records effectively can go a long way toward demonstrating good faith to the agency. Companies that have invested in a best practice document management system or risk management system – especially an automated quality manufacturing system like AssurX that was created specifically for medical device manufacturers – will have eliminated many of the extra time-consuming steps detailed above should an adverse event arise.