Insights & Intelligence for Regulatory Leaders

This article is an excerpt from Post-market surveillance for medical device in the European Union.

Table of Contents

• What is post-market surveillance?
• What classes of medical devices require post-market surveillance?
• Components of a successful post-market surveillance plan
• PMS data requirements
• Post-market surveillance system goals
• Required post-market surveillance reporting
• Embracing post-market surveillance as an integral part of your quality program
• Getting started with post-market surveillance

Post-market surveillance (PMS) is designed to monitor the performance of a marketed medical device by collecting and analyzing field use data. Article 10 of the EU MDR and IVDR requires all device manufacturers to have a post-market surveillance system in place. The main elements of the PMS are laid out in Article 83, and additional details for lower-risk and higher-risk devices are covered in articles 84 and85, respectively.

In general, a PMS system consists of both proactive activities and reactive, or vigilance, activities. While post-market surveillance and vigilance are sometimes used interchangeably, vigilance consists of separate activities that feed post-market surveillance programs.

Post-market surveillance systems are used to collect and analyze data not only about the manufacturer’s device but also about related competitors’ devices that are on the market. Data collected through PMS procedures is then used to identify trends that may lead to, among other things, quality improvements, updates to user training and instructions for use, and identification of manufacturing issues.

Note that “market surveillance” encompasses activities performed by a Competent Authority to verify MDR compliance, and should not be confused with the topic of this ebook,“post-market surveillance," which is performed by the manufacturer.

All medical devices marketed in the EU require some level of post-market surveillance, and all medical device manufacturers must implement a post-market surveillance system (PMS). The requirements of the PMS, however, vary and should be “proportionate to the risk class and appropriate for the type of device” (MDR Chapter VII). In particular, the type and frequency of reporting vary based on a device’s risk class.

A post-market surveillance plan (PMS) is an integral part of a manufacturer’s quality management system and provides a system for compiling and analyzing data that is relevant to product quality, performance, and safety throughout the entire lifetime of a device. The PMS should also provide methods for determining the need for and implementing any preventative and corrective actions. A PMS system should include and define:

Surveillance data sources

With the increased focus on proactive risk identification in the MDR, it is important to design post-market surveillance systems that actively acquire knowledge and detect potential risks. It is not sufficient to rely solely on spontaneous reporting by healthcare providers, patients, and other stakeholders.

In addition to information coming from Clinical Evaluation Reports and complaint and adverse event reporting, typical sources of surveillance data include:

• Social media networks: Because many of your stakeholders may be communicating on social media networks, it is important to employ social listening techniques and/or tools to identify issues and concerning trends as they develop.

• Industry and academic literature: Any studies, academic papers, and other literature that addresses similar devices or the specific use cases for which your device is designed should be evaluated. In particular, risk factors and adverse events identified with similar devices should be closely examined. It is also important to identify newer technologies that may affect the benefit-risk ratio and establish a new definition of “state of the art” for the device type.

• EUDAMED: While the European Database on Medical Devices (EUDAMED) is not yet fully functional, it is intended to provide a living picture of the lifecycle of all medical devices marketed in the EU. Manufacturers should take special care to consider information for similar devices made available through the EUDAMED system in the future.

• Registries: Patient, disease, and device registries can provide information that informs the clinical evaluation process which provides input into the post-market surveillance system.

Data analysis methodology

A well-defined data analysis methodology will accurately identify trends and lead to defendable decisions in the application of post-market experience. Once the necessary information has been identified and collected, and potentially cleaned of incomplete or otherwise unusable data, the data needs to be analyzed.

The goal is to identify meaningful trends, correlations, variations, and patterns that can lead to improvements in the safety and efficacy of the device. There are many data analysis tools available that can assist with:

• Regression analysis that will identify correlations between data (e.g. the device location/geography correlates to battery life).

• Data visualization that can be useful in spotting trends in the data.

• Predictive analytics, which can be particularly useful with large data sets, to identify future trends based on historical data.

• Data mining, which is also normally used with large datasets, to organize data and identify data groups for further analysis.

Benefit-risk indicators and thresholds

The MDR requires that medical device manufacturers not only demonstrate the clinical benefit of their device but also quantify the benefit-risk ratio. The benefit of a device must be shown to clearly outweigh the risk for it to gain market approval. Article 2 (24) of the MDR defines the benefit-risk determination as “the analysis of all assessments of benefit and risk of possible relevance for the use of the device for the intended purpose when used in accordance with the intended purpose given by the manufacturer.”

A PMS system should clearly define benefit-risk calculations and the data used to support them. Post-market surveillance activities are critical in order to re-evaluate and maintain the benefit-risk calculations and determinations of a device throughout its life. Information that is gained through a PMS system can lead to:

• Identification of new risk factors.

• Adjustments to risk frequency and/or severity values based on actual use data.

• Adjustments to established risk calculations based on new “state of the art” technologies becoming available.

• Adjustments to established benefit calculations based on actual use data.

While complaint handling and other feedback tracking are more often described as part of post-market vigilance systems, they play a role in the more proactive post-market surveillance processes as well. A PMS system should define ...

To continue reading this ebook, download the full version.

What is 21 CFR Part 820?

21 CFR 820 is the FDA federal regulation that pertains to quality systems for medical device manufacturers, and it is part of the agency’s set of Current Good Manufacturing Practices (CGMP) for industry. Also referred to as the FDA’s quality system regulation (QSR), the regulation defines design controls and quality processes at all stages of device development in order to ensure that all medical devices marketed in the United States are safe and effective.

21 CFR 820 consists of 15 subparts, which define quality system requirements for each stage and function within the medical device manufacturing process. We define each subpart below.

Federal regulations are organized as Title → Chapter → Subchapter → Part, which means that 21 CFR 820 is short-hand for:

21 CFR 820 vs ISO 13485

ISO 13485 is the de facto international quality system standard for medical device manufacturers, but this is not currently the standard in the United States. While Part 820 and ISO 13485 are structured differently, they have no conflicting requirements. Therefore, companies that are marketing medical devices in the U.S. and in other markets will need to comply with both ISO 13485 and the FDA’s QSR, as defined in 21 CFR 820. 

However, the FDA is moving towards harmonizing these standards, and on February 23, 2022 issued a proposed rule to amend the QSR to align more closely with the international consensus standard for Quality Management Systems, primarily by incorporating reference to the ISO 13485 standard. The FDA has published FAQ’s about the proposed rule.

21 CFR Part 820 Requirements

Part 820: General Controls (subpart A)

The General Controls subpart contains three sections providing general information about the regulation, including the scope and applicability along with key definitions.

Scope

The regulation defines current good manufacturing practice (CGMP) requirements governing the methods, facilities, and controls used for the “design, manufacture, packaging, labeling, storage, installation, and servicing of all finished devices intended for human use." Specifically, this subpart defines:

• Applicability:

The requirements of this regulation are intended to ensure the safety and efficacy of all finished medical devices intended for human use that are manufactured in or imported into the United States. Manufacturers that are involved in some, but not all, manufacturing operations should comply with those requirements that are applicable to the functions they are performing. 

Exceptions:

• This regulation does not apply to manufacturers of medical device components, but such manufacturers are encouraged to use this regulation as guidance.
• Class I medical devices are exempt from the Design Controls defined in this regulation, except for those listed in § 820.30(a)(2). 
• Manufacturers of blood and blood components are not subject to this regulation but are subject to Biologics good manufacturing practices as defined in Subchapter F, Part 606 of the regulation.

Definitions

This section of the regulation contains definitions for a number of terms used throughout the document. The following are the major definitions related to quality records:

• Design history file (DHF): A compilation of records that describes the design history of a finished device.
• Design input: The physical and performance requirements of a device that are used as a basis for device design.
• Design output: The results of a design effort at each design phase and at the end of the total design effort. The finished design output is the basis for the device master record. The total finished design output consists of the device, its packaging and labeling, and the device master record.
• Device history record (DHR): A compilation of records containing the production history of a finished device.
• Device master record (DMR): A compilation of records containing the procedures and specifications for a finished device.

Quality System

The section of the regulation sets the basic requirement for a quality system by stating that “Each manufacturer shall establish and maintain a quality system that is appropriate for the specific medical device(s) designed or manufactured, and that meets the requirements of this part.” 

The term “appropriate” is used throughout this regulation and can be open to interpretation. A manufacturer, however, should assume that all requirements are appropriate and applicable except in cases where non-implementation of the requirement can be shown to have no effect on the product's specified requirements or ability to carry out necessary corrective actions.

Quality system requirements (subpart B)

This section of the regulation defines the overall responsibilities and the resources required for the management of the quality system.

Management responsibilities

Executive management is responsible for establishing a quality policy and ensuring adequate resources to effectively maintain and manage the quality system. In addition, management is responsible for establishing a specific quality plan, consisting of relevant practices, resources, activities, and procedures.

Quality audit

Periodic audits of the quality system are required to be conducted by personnel not directly responsible for the activities being audited. The dates and results of each audit need to be documented, along with the results of the audit. It is expected that corrective actions and, when necessary, reaudits, be performed for any identified noncompliances.

Personnel

Manufacturers are responsible for assigning sufficient personnel with appropriate experience and training to perform all tasks required by the quality system plan.

Design controls (subpart C)

Manufacturers of all class II and class III medical devices, along with the specific class I devices listed in paragraph (a)(2) of this regulation, are required to establish design control procedures that ensure design requirements are met as specified. 

Design controls shall define:

• Design and development planning - Plans that describe the design and development activities, and responsibilities for these activities and their implementation.
• Design input - Procedures that ensure design requirements are appropriate and address the intended use of the device.
• Design output - Procedures that document design output, including acceptance criteria, so that conformance to design input requirements can be adequately evaluated.
• Design review - Formal and documented reviews of the ensign results that include participation from representatives of all.
• Design verification - Procedures for verifying the device design that confirm that the design output meets the design input requirements.
• Design validation - Procedures for validating the device design, ensuring that devices conform to defined user needs and intended uses, and including testing of production units under actual or simulated conditions.
• Design transfer - Procedures to ensure that the device design is correctly translated into production specification.
• Design changes - Procedures for identifying, documenting, validating, and managing the verification and approval process of all design changes before they are implemented.
• Design history file - A design history file (DHF) is required for each type of device and should include or reference the records necessary to demonstrate that the design was developed in accordance with the approved design plan and device requirements.

Document controls (subpart D)

Medical device manufacturers are required to put in place document controls for all documents required in this regulation.

Document approval and distribution

One or more people must be assigned to review and approve documents prior to issuance. The approval must be documented, include a date and the signature of the approver, and be made available at all locations where applicable. Procedures must also be in place to ensure that obsolete documents are removed and/or prevented from being used.

Document changes

Similar to document approval procedures, changes to documents must be approved, reviewed, and documented. Records of all changes must be maintained.

Purchasing controls (subpart E)

To continue reading this Regulatory Brief, including a definition of the remaining subparts and a comparison of 21 CFR 820 to ISO 13485, please download the full brief.

‍