The differences in the ways medical devices are regulated in the U.S. and Europe are subtle but important to understand. This article examines those differences and explains how digitization facilitates adherence to the regulatory requirements in both regions.
On February 23, 2022, the FDA issued a proposed rule to amend the current good manufacturing practice (CGMP) requirements of the QSR to align with the international consensus standard for quality management systems (QMS) for medical devices used by regulatory authorities globally, specifically ISO 13485:2016. The alignment will reduce the burden of duplicating medical device regulation compliance efforts and record keeping redundancies currently imposed on device manufacturers. The updated QSR will incorporate the requirements of ISO 13485:2016 as the foundational medical device quality management system requirements and will include additional requirements to align with existing requirements in the Federal Food, Drug, and Cosmetic Act. The intention is to promote consistency in the regulation and provide timelier introduction of safe, effective, high-quality devices for patients. Additionally, edits to 21 CFR Part 4 will be made to clarify the device CGMP requirements for combination products. The current Quality System Inspection Technique (QSIT) will be reviewed and, as applicable, revised to incorporate the requirements of the finalized rule.
The ISO 13485 requirements for compliance are substantively the same as under the current Part 820, with risk management requirements being the most noticeable difference. In 21 CFR 820, the only risk-specific requirement is listed in §820.30(g), as it relates to risk analysis as a part of design validation. ISO 13485 details risk requirements for application of a risk-based approach to the control of processes needed for the QMS. These include software validation, product realization, design control, purchasing, process validation, equipment, and feedback.
The transition period for MDR QMS compliance was May 21, 2022. The MDR replaces the earlier Medical Device Directive (MDD) and the Active Implantable Medical Device Directive (AIMDD). CE mark submissions are performed within the new MDR unless the product was CE marked under the MDD where the CE mark will not expire until May 25, 2024. The manufacturer’s QMS for these devices must be compliant under several MDR Article 120 requirements.
Significant changes to post-market surveillance and vigilance of marketed devices have been included in the MDR.
Successful filing of CE mark submissions under the MDR will need understanding of the requirements for clinical and performance evaluations to prepare compliant — and convincing — reports since there are more rigorous requirements within the MDR for these elements.
The U.S. FDA marketing pathways include Premarket Notification (510(k)), De Novo, Exempt, Premarket Approval (PMA), Product Development Protocol (PDP), Humanitarian Device Exemption (HDE), and Biologics License Application (BLA).
The first step for a 510(k) submission is identifying the right class for the device using the FDA’s medical device databases.
Device classifications in the MDR are based on four categories of devices: non-invasive devices, invasive medical devices, active medical devices, and a special category. Classifications are based on risk, which determines the scale of data and evaluation required:
Every device class has separate testing requirements, as discussed in different chapters and Annexes of the MDR. Software may have additional requirements.
Evaluations to be completed in preparation of a 510(k) submission include:
Class I devices are evaluated per Annex IV and V and are exempt from conformity assessment by the Notified Body (NB) for CE marking. Some medium-risk Class I devices and Class IIa devices may need to undergo conformity assessments based on Annex XI (Part A). Class IIb and Class III devices need strong technical documentation of device type examinations, conformity verification, product verification, and extensive risk evaluation during the conformity assessments with the NBs, per Annex II, X, and XI (Part A and B).
Digitization in manufacturing reduces the burden to comply with current regulations for medical devices. Benefits include ease of data access, more efficiency and effectiveness of stakeholder time, and improved asset life cycles, customer service, security, and product quality. It can help increase productivity and competitiveness with enhanced stakeholder skills. Top management should identify critical information to protect and perform risk assessments to evaluate risk levels to data loss or compromise.
Digitization in manufacturing process controls must define infrastructure needs, security requirements, data flow, data sharing between systems, and process controls. Privacy should be consistently evaluated at each data collection process where identity is recorded, including data receipt from applications, the internet, cameras, and security systems (both computer-based and mobile). Cybersecurity (corporate and mobile) and website controls should also be included in process control evaluations. The following areas should be evaluated:
Implementation, training, and execution can be enhanced with the use of outside experts for specialty help (e.g., AI, automation, wireless infrastructure, etc.). Planned obsolescence should be included within the process controls to ensure technology and compatibility requirements remain efficient and effective, if not state of the art. System upgrades can be tested in parallel, phased, or a pilot implementation approach. Use of standard application programing interfaces (APIs) can reduce future innovation implementation nuances.
Enjoying this blog? Learn More.
EU MDR: How to Prepare for the Upcoming Changes in Regulation
Download Now