Understanding FDA’s UDI Guidance: The Key to Compliance

UDI mislabeling recall? Not on your watch.

The latter half of 2016 saw the second highest number of U.S. medical device recalls since 2000 with 650 medical devices and over 180 million units pulled from the market, according to Stericycle ExpertSOLUTIONS’ 2016 Q4 Recall Index report. The cause of these device recalls? Software problems led the way accounting for 23 percent of all recalls, with product mislabeling following in a close second. While the report doesn’t cite the specific labeling issues implicated in the recalls, it is likely that at least some of them were due to noncompliance with unique device identification (UDI) requirements.
UDI has been a hot topic – and source of concern – in the med device industry since the final UDI rule was introduced in September 2013. To aid those responsible for creating UDI-compliant labels, the FDA released its UDI guidance in July 2016 which clarifies the key elements of the UDI rule, including form and content. Though the guidance is nearly a year old and still in final review, there are at least three good reasons to revisit it now:
1.     The incidence of recalls due to mislabeling is on the rise. Class II and Class III device makers must ensure that they are, in fact, UDI-compliant even if they already have a UDI program in place.
2.     There is an upcoming UDI deadline for Class I and unclassified medical devices in September 2018.
3.     Europe and the rest of world will soon implement a UDI system based heavily on the FDA’s ruling.

FDA UDI Requirements: A Refresher

U.S. market registrants and FDA-accredited UDI issuing agencies alike should revisit the UDI guidance to ensure their UDI programs are in compliance with the FDA’s current expectations, as summarized below. As the FDA has declared that UDI requirements are subject to change, labelers will need to ensure they remain compliant over time to avoid becoming a mislabeling statistic.
Two Forms of UDI: Plain Text and AIDC
Manufacturers must display their UDIs in both easily readable plain text and a form of Automatic Identification and Data Capture (AIDC) – most commonly a bar code. Both content forms must be present on device labels and packages, and they must be placed in proximity to one another.
The plain text form of the UDI should include the device identifier (DI), production identifiers (PI) and data delimiters contained in the UDI. “Easily readable” means it is legible to the human eye and can be read without technological assistance, serving as a backup if the AIDC form cannot be scanned.
AIDC is any form of data presentation that can be scanned and entered into a computer system by an automated process. While there are multiple forms of AIDC, the FDA allows labelers to choose which types they use as long as they can be read by some sort of bar code scanner or other AIDC technology/ UDI capture technology.
Disclosure of AIDC
If the AIDC is not immediately apparent or visible to the human eye (e.g., radio-frequency identification (RFID) technology), the label or device package must indicate the presence of the technology as the labeler sees fit; there is no official marking or symbol.
UDI Components
The FDA calls for a UDI to include a single DI and one or more of the five PIs listed in 21 CFR 801.3 and 801.40(b) along with data delimiters for the DI and all PIs. A notable exception is that Class I devices are not required to include a PI.
Data Delimiters
Data delimiters must accompany each DI and PI in a UDI. A data delimiter is a character or set of characters that identify the information immediately following. Data delimiters allow users to quickly verify that the information encoded in the AIDC matches the plain text form, and they enable electronic systems to parse the UDI once scanned. Delimiters can also accompany non-UDI elements in a UDI carrier, but they must be distinguishable from the core UDI elements. Each FDA-accredited issuing agency has its own data delimiters consisting of a specific set of characters.
Order of Data
Combined, the plain text and AIDC representation of the UDI and non-UDI elements comprise the UDI carrier. In the UDI carrier, UDI information must be presented in a specific order, with the UDI elements preceding and kept separate from any non-UDI elements. The plain text form of the UDI should present the DI first followed by the PIs and any non-UDI elements.
While manufacturers of Class II and Class III devices should already be familiar with the UDI rule and guidance, some experts speculate about the delayed issuance of the guidance nearly three years after the release of the UDI final rule. In a previous GxP Lifeline article, an FDA compliance lawyer urged device companies and issuing agencies to be particularly aware of the language and new terms that are introduced in the guidance but not mentioned in the UDI rule, such as data delimiter and UDI carrier.
This article is related to the Webinar:
To get the full details, please view your free Webinar.
“For a labeler that has already obtained a UDI from an accredited issuing agency, this language in the draft guidance may cause some concern, as it seems to imply that the issuing agencies have in fact been issuing UDIs that are not in compliance with the UDI labeling requirements,” said Jennifer D. Newberger, an attorney who counsels medical device clients on FDA regulation, including labeling compliance.
The FDA has not explicitly stated that it is aware of the issuance of non-compliant UDIs by accredited issuing agencies.

UDI Will Soon Extend to Europe

As implementation of the final UDI rule is well underway in the U.S., other parts of the world look to follow suit, continuing the prominent trend in the medical device and products industry toward common global regulatory standards. Global regulatory bodies are expected to base their requirements primarily on the FDA’s UDI rule, making amendments when needed to meet the specific regulatory requirements of individual countries.
Currently, the EU is next in line to implement a UDI system. England’s National Health Service (NHS) announced in late 2016 that it plans to launch a barcoding system for medical implants to help improve patient safety and reduce supplier costs. This continues the efforts of the Department of Health (DoH) which in 2014 began raising awareness and making a case for device tracking when it implemented the Scan4Safety program and mandated that hospital trusts become members of GS1, the first UDI issuing agency accredited by the FDA in December 2013. In healthcare and other industries, GS1 is recognized as the benchmark for identification and bar coding.
“The idea of providing unique identifiers on medical devices is therefore not novel in itself, although rolling it out is seen as a pioneering move to bring the NHS in line with expected changes in the EU regulatory framework,” explains Peter Rose, European managing director for the life sciences consulting company Maetrics, in a recent MedTech Intelligence article. “In fact, as the new Medical Device Regulations (MDR) rolls out across Europe, Unique Device Identification (UDI), a system used to identify medical devices through their distribution and use, will become a requirement for all medical device manufacturers.”
Rose and others say that UDI’s arrival in Europe is not a question of if, but a question of when. He urges all European device manufacturers to create a UDI program right away, even before it becomes mandatory under the new MDR.
We All Stand to Gain
The UDI final rule’s phased introduction into the device market is nearing completion, set to conclude in 2020. In many ways, UDI labeling is like a real-time portal into the lifecycle of a medical device from the time it leaves the distributor. It enables the FDA to become aware of and address potentially dangerous product issues in a timely manner. It also allows patients to easily pinpoint whether their devices are affected by safety recalls and confidently take the necessary action. And while it may seem like a costly undertaking to implement, UDI helps device companies track and trace their products so they can manage inventory and execute recalls more efficiently, saving them valuable time and money.
But there is still more to gain from a universal device tracking system. The FDA and now NHS are doing their part by implementing and executing the UDI rule, but soon the onus will be on health care facilities – those administering the devices in patient care and treatments – to integrate and optimize their IT systems to support and fully leverage the insights afforded by UDI. The good news is that the first quarter of 2017 has already seen a healthy decrease in both med device recalls and recalled units, according to the recently released 2017 Q1 Recall Index report. But while the overall trend is positive, mislabeling remains the second-leading cause of all recalls after software issues, leaving plenty of room for improvement for both labelers and issuing agencies alike.
Beth Pedersen is a content marketing specialist at the MasterControl headquarters in Salt Lake City, Utah. Her technical and marketing writing experience in the enterprise software space includes work for Microsoft, Novell, NetIQ, SUSE and Attachmate. She has a bachelor’s degree in life sciences communication from the University of Wisconsin-Madison and a master’s degree in digital design and communication from the IT University of Copenhagen.