Featured
Rimsys Announces Rimsys AI to Eliminate Repetitive Tasks and Enhance Decision-Making for MedTech Regulatory Teams
Rimsys, the leading Regulatory Information Management (RIM) platform for the MedTech industry, today announced the launch of Rimsys AI, a suite of embedded artificial intelligence (AI) agents.
The beginner's guide to the FDA De Novo classification process
This article is an excerpt from The beginner's guide to the FDA De Novo classification process ebook.
Contents
- Introduction
- Chapter 1: What is an FDA De Novo request?
- Chapter 2: Contents of a De Novo request
- Chapter 3: Submitting a De Novo request
- Appendix A: Acceptance review checklist
Congratulations, you have successfully developed a new medical device! Now you need to take it to market. Normally in the United States this would mean completing a 510(k) submission. However, the 510(k) relies on “substantial equivalence”—a comparison to a similar device already on the market (also called a predicate device) to assess the risk profile of the new device. What if your device is totally new, and there isn’t a similar device to compare it to? Enter the FDA De Novo process. The De Novo process provides a pathway to market for novel devices with a low to medium risk profile.
What does De Novo mean?
According to the Merriman-Webster dictionary, de novo is a Latin word meaning “as if for the first time; or anew.” Perfectly fitting that the FDA uses this term “De Novo” to describe market approval requests for new medical devices or technology where there is no comparable predicate device on the market.
The Food and Drug Administration Modernization Act of 1996 provided the FDA with the authority to create the De Novo Classification Process. It's a process that uses a risk-based strategy for a new, novel kind of medical device, in vitro diagnostic, or medical software solution whose type has previously not been identified and/or classified. It’s a process by which a novel medical device can be classified as a Class I or Class II device, instead of being automatically classified as Class III, which may not be appropriate. Before the implementation of the De Novo process in 1997, all the “not substantially equivalent” (NSE) products were required to be initially classified as a Class III device. But for a lot of devices, this risk class didn’t really make sense. The De Novo process provides a pathway for more accurate classifications of novel, lower-risk devices.
October, 2021, the FDA released a final guidance document "De Novo Classification Process (Evaluation of Automatic Class III Designation)" to provide guidance to the requester (also known as the manufacturer) and the FDA on the process for the submission and review of a De Novo Classification Request under section 513(f)(2) of the Federal Food, Drug, and Cosmetic Act (the FD&C Act). This process provides a pathway to an initial Class I or Class II risk classification for medical devices for which general controls or general and special controls, provide a reasonable assurance of safety and effectiveness, but for which there is no legally marketed predicate device. This guidance document replaced the "New Section 513(f)(2) – Evaluation of Automatic Class III Designation, Guidance for Industry and CDRH Staff" document, dated February 19, 1998.
Consistent with the final rule, the FDA updated the guidance documents below to provide recommendations for submitting De Novo requests, as well as criteria and procedures for accepting, withdrawing, reviewing, and making decisions on De Novo requests, effective January 3, 2022.
- User Fees and Refunds for De Novo Classification Requests
- FDA and Industry Actions on De Novo Classification Requests: Effect on FDA Review clock and Goals
- Acceptance Review for De Novo Classification Requests
The 510(k) and the De Novo processes are similar in that they are both pathways to market for medical devices with low to moderate risk, which is Class I and Class II. The biggest difference between the two is that the 510(k) heavily relies on the concept of "substantial equivalence" to an existing medical device. You must prove this to get the clearance of your 510(k) submission. In the De Novo process, there isn’t a product currently on the market that is “substantially equivalent” to yours, so it’s like starting with a clean slate. For more on the 510(k) process, see our Beginner’s Guide to the 510(k) ebook.
A result of the De Novo process to be aware of is that a successful submission will lead to a new predicate device type that someone else can reference to bring their product to market through the 510(k) process. You’ve done all the work, so now it’s available for anyone to use to provide "substantial equivalence".
De Novo history/timeline
Preparing a De Novo request
1. Do your research! Be sure to complete all the necessary research prior to your submission. You want to be sure that your device is not substantially equivalent to an existing device. Resources to review include:
- The Center for Devices and Radiological Health (CDRH)
- U.S. FDA Device Classification Database
- Device Classification Under Section 513(f)(2)(De Novo)
2. A De Novo request can be submitted with or without a preceding 510(k). There are two options for when you can submit a De Novo request:
Option A: After receiving a not substantially equivalent (NSE) determination (that is, no predicate, new intended use, or different technological characteristics that raise different questions of safety and effectiveness) in response to a 510(k) submission.
Option B: If you’ve determined, after extensive research, that there is no legally marketed device on which to base a determination of substantial equivalence.
3. Be sure all fees are paid to the FDA in advance of submitting a De Novo request. The FDA’s fiscal year begins in October and runs through the following September. Fees have increased each year since they were introduced, but the FDA’s percentage of reviews completed within the 150-day window has increased as well.
A business that is qualified and certified as a “small business” is eligible for a substantial reduction in most of the FDA user fees, including De Novo. The CDRH is responsible for the Small Business Program that determines whether a business is qualified.
Medical Device User Fee Amendments (MDUFA) guidance documents can provide more detailed information about all FDA user fees.
4. The initial request process serves only to determine if the De Novo request is administratively acceptable based upon the Acceptance Checklist. The initial acceptance is followed by substantive review which will determine the final risk classification of your device.
5. A Pre-Submission (Pre-Sub) is a formal written request for feedback from the FDA that is provided in formal written form, and then followed by a meeting. Although a Pre-Sub is not required prior to a De Novo request, it can be extremely helpful to receive early feedback, especially for devices that have not previously been reviewed under a 510(k). If you think you would like to submit a pre-sub first, there are suggested guidelines for submission you should consider:
- Describe your rationale for a Class I or Class II classification for your device.
- Provide the search results of FDA public databases and other resources used to determine that no legally marketed device and no classification for the same device type exists.
- Provide a list of regulations and/or product codes that may be relevant.
- Provide a rationale for why the subject device does not fit within and/or is different from any identified classification regulations, based on available information.
- Identify each health risk associated with the device and the reason for each risk.
- Briefly describe any ongoing and/or planned protocols/studies that need to be completed in order to collect the necessary data to establish the device’s risk profile.
- Provide information regarding the safety and effectiveness of the device. Cite the types of valid scientific evidence you anticipate providing in your De Novo request, including types of data/studies relating to the device’s safety and effectiveness.
- Briefly describe any ongoing and/or planned protocols/studies that need to be completed to collect the necessary safety and effectiveness data.
- Provide protocols for non-clinical and clinical studies (if applicable), including how they will address the risks you anticipate and targeted performance levels that will demonstrate that general controls or general and special controls are sufficient to provide reasonable assurance of safety and effectiveness.
- Share any proposed mitigation measure(s)/control(s) for each risk, based on the best available information at the time of the submission. Highlight which mitigations are general controls and which are special controls and provide details on each.
- Include any other risks that may be applicable, in addition to those identified in the Pre-Sub, given the indications for use for the device.
- If applicable, provide any controls that should be considered to provide a reasonable assurance of safety and effectiveness for the device.
- Provide any non-clinical study protocols that are sufficient to allow the collection of data from which conclusions about device safety and/or effectiveness can be drawn. These protocols should address whether the identified level of concern is the appropriate level of concern for the device software, and if any additional biocompatibility and/or sterility testing is required.
- If clinical data is needed, provide information to show that the proposed study design and selected control groups are appropriate?
6. The FDA will attempt to review the De Novo request submission within 15 calendar days of receipt of the request to make a determination that the submission is declined or accepted for review. If they are unable to complete the review within the 15 days, your submission will automatically move to “accepted for review” status. https://www.fda.gov/regulatory-information/search-fda-guidance-documents/de-novo-classification-process-evaluation-automatic-class-iii-designation
7. There are times when the FDA will refund your application fee. They have created a guidance document “User Fees and Refunds for De Novo Classification Requests” for the purpose of identifying:
- the types of De Novo requests subject to user fees
- exceptions to user fees
- the actions that may result in refunds of user fees that have been paid
When is a De Novo request subject to a user fee?
When will the FDA refund a De Novo user fee?
What fee must be paid for a new device submission following a De Novo “decline” determination?
To continue reading this eBook including a detailed walk-through of all the Traditional 510(k) components, submission requirements and timelines, and an overview of the other 510(k) forms including the Abbreviated 510(k) and the Special 510(k), please register to download the full version.
The ultimate guide to the medical device single audit program (MDSAP)
This article is an excerpt from The ultimate guide to the medical device single audit program (MDSAP) ebook.
Table of contents
- What is MDSAP?
- History of MDSAP
- Who is responsible for the MDSAP?
- How does an MDSAP audit work?
- Audit sequence
- You got a nonconformity – now what?
- What does an MDSAP audit cost?
- Why choose the MDSAP certification process?
- Potential disadvantages of the MDSAP
- Ready to participate? – Here’s how to get started
- Completing a successful MDSAP audit
The Medical Device Single Audit Program (MDSAP) was designed and developed to allow a single audit of a medical device manufacturer to be applied to all country markets whose regulatory authorities are members of the program. The MDSAP provides efficient and thorough coverage of the standard requirements for medical device manufacturer quality management systems, and requirements for regulatory purposes (ISO 13485:2016). In addition, there are specific requirements of each medical device regulatory authority participating in the MDSAP that must be met:
- Conformity Assessment Procedures of the Australian Therapeutic Goods (Medical Devices) Regulations (TG(MD)R Sch3)
- Brazilian Good Manufacturing Practices (RDC ANVISA 16)
- Medical Device Regulations of Health Canada (ISO 13485:2003)
- Japan Ordinance on Standards for Manufacturing Control and Quality Control of Medical Devices and In Vitro Diagnostic Reagents (MHLW Ministerial Ordinance No 169)
- Quality System Regulation (21 CFR Part 820), and specific requirements of medical device regulatory authorities participating in the MDSAP program.
This means that a report from a single MDSAP audit of a medical device manufacturer would be accepted as a substitute for routine inspections by all the member Regulatory Authorities (RAs) across the world. There are currently five participating Regulatory Authorities (RA) representing the following countries: Australia, Brazil, Canada, Japan and the USA.
In April, 2021, the RAs released an “Audit Approach” document (MDSAP AU P0002.006) that combines the formerly separate MDSAP Audit Model and Process Companion documents into a single guidance document. It includes guidance for assessing the conformity of each process and includes an audit sequence, instructions for auditing each specific process, and identifies links that highlight the interactions between the processes.
In March 2012 the US FDA announced that they had approved a final pilot guidance document “Guidance for Industry, Third Parties and Food and Drug Administration Staff: Medical Device ISO 13485:2003 Voluntary Audit Report Submission Pilot Program.” This allowed the owner or operator of a medical device manufacturing facility to be removed from FDA’s routine inspection work plan for 1 year upon completing a ISO 13485:2003 audit. This guidance document went into effect in June 2012, and was intended as an interim measure while a single audit program was being developed.
This pilot program was not very successful and few companies signed up because they did not see any advantage in participating. The manufacturer had to pay for a third party to inspect their facilities, generate a report, and share the inspection results back to the FDA. Many companies were reluctant to contract “someone else” to perform their inspection when they could easily wait for the FDA to conduct an inspection for free.
During its inaugural meeting in Singapore in 2012, the International Medical Device Regulators Forum (IMDRF) appointed a working group to develop a set of documents for a harmonized third-party auditor system. Hence, the “Medical Device Single Audit Program” (MDSAP) was formed. The concept was similar to the FDA’s original idea of creating a third-party auditor to help reduce their workload of performing regulatory audits of medical device manufacturers’ quality management systems. This new approach would consist of a single audit that would review regulatory QMS compliance, conducted by a third-party, who would later be called an Auditing Organization (AO).
From January 2014 to December 2016, five countries participated in a Medical Device Single Audit Program Pilot. In June 2017, a report was generated summarizing the outcomes of prospective “proof- of-concept” criteria established to confirm the success of the program. The outcomes are documented in the final MDSAP Pilot Report and recommended that the program become fully active and open to any manufacturer who requested this type of audit.
The governing body of the MDSAP is the Regulatory Authority Council (RAC), which is composed of two senior managers (and a few other staff members) from each participating RA. They are responsible for executive planning, strategic priorities, setting policy, and making decisions on behalf of the MDSAP International Consortium. The RAC also reviews and approves documents, procedures, work instructions, and more. The mission of the MDSAP International Consortium is to jointly leverage regulatory resources to manage an efficient, effective, and sustainable single audit program focused on the oversight of medical device manufacturers on a global scale.
Other international partners that are involved in the MDSAP include:
MDSAP Observers:
- European Union (EU)
- United Kingdom’s Medicines and Healthcare products Regulatory Agency (MHRA)
- The World Health Organization (WHO) Prequalification of In Vitro Diagnostics (IVDs) Program
MDSAP Affiliate Members:
- Argentina’s National Administration of Drugs, Foods and Medical Devices (ANMAT)
- Republic of Korea’s Ministry of Food and Drug Safety
- Singapore’s Health Sciences Authority (HSA)
The observers and affiliate members are not the same as the participating member RA’s. The observers simply observe and/or contribute to RAC activities. Affiliate members, on the other hand, are interested in engaging in the MDSAP program and are subject to certain rules. They are only given access to a certain level of information about the manufacturers, audit dates, and information in audit reports.
They are also invited to attend sessions that are open to members, observers, and affiliates only.
Audits can also be conducted by MDSAP participating RAs at any time and for various reasons including:
- "For Cause" due to information obtained by the regulatory authority
- as a follow up to findings from a previous audit
- to confirm the effective implementation of the MDSAP requirements
The purpose of audits conducted by the RAs is to ensure appropriate oversight of the AOs MDSAP auditing activities. The AOs are appointed by the RAs and a list of the currently approved AO’s is published on the FDA website. Most AOs offer a broad range of management system certification services, beyond just medical devices. Manufacturers should verify that prospective AOs are clearly trained and perform MDSAP audits of medical devices.
AOs have the final word as to whether a manufacturer has met the requirements for the MDSAP during the execution of the audit and generation of the associated reports summarizing the results. MSDAP RAC participating RAs have the final decision regarding all development, implementation, maintenance, and expansion activities associated with the program.
Although an unannounced visit by an AO is rare, it can happen in circumstances where high-grade nonconformities have been detected.
To continue reading this eBook including a detailed look at the MDSAP audit process and grading, pros and cons of the approach, and how to get started please register to download the full version.
STED is dead
What is STED?
The STED, or Summary of Technical Documentation, format was created originally by the Global Harmonization Task Force (GHTF), the precursor to the current International Medical Device Regulators Forum (IMDRF). The original STED format, defined in 2007, was the first attempt to harmonize medical device submission information and standardize the information required under the EU MDD and regulations in other countries.
As medical devices and corresponding regulations developed more stringent regulations that defined their market access submissions, regulators found that this original harmonized format did not require sufficiently detailed technical information, nor did it provide enough structure. As a result, more recent regulations have replaced STED with expanded requirements. Note that some in the industry may refer to “STED” when discussing the newer requirements that have replaced it.
Is STED still valid?
Technical documentation formatted using STED may come close to meeting current requirements in some cases. However, many major markets have updated their regulations and requirements for technical documentation, or they have standardized on MDR. EU notified bodies expect MDR technical files, which may have specific requirements depending on the notified body that a manufacturer is using.
In addition to MDR in the EU, we have seen other countries over the past few years make changes to their regulatory systems and requirements, including:
- New regulations in China based on IMDRF in June, 2021 (Order #739)
- Emerging regulations in Canada and Brazil that are currently based on the IMDRF ToC
- New Regulations for Saudi Arabia that closely resemble EU MDR
- Massive regulatory restructuring in ASEAN market
What has replaced STED?
STED has been replaced by the IMDRF Table of Contents (ToC) submission dossier. This submission template has more defined requirements than STED and we are seeing countries update their regulations to adhere closely to the IMDRF ToC. There are a few additional benefits to the IMDRF ToC:
- Additional Flexibility - The IMDRF ToC has a specific numbering structure for technical requirements that allow authorities to “pick and choose” requirements based on submission type and risk classification.
- Efficiency – Countries that use the IMDRF ToC will have a matrix structure for their submissions to note what is required (R), Conditionally Required (CR), Not Required (NR) or optional (O). This can cut down on extraneous information that does not need to be in a submission. Canada already has draft guidance in place with their matrix submission style.
- Standardization – each country that follows the IMDRF ToC will number their submission document requirements with the same Table of Contents.
There are also other markets that are using alternative pathways to STED. The ASEAN market uses ASEAN CSDT (common submission dossier template), which is similar to the IMDRF ToC format, but uses different numbering. There are also two versions of the CSDT – one for standard medical devices and one for in vitro diagnostic devices.
Note that Singapore HSA has good information and is considered the “gold standard” for regulatory submission processes in the ASEAN market.
Expectations for future medical device submission requirements
We expect requirements to only get more complex and burdensome as countries move to further improve patient safety and address the needs of increasingly complex medical devices. A well-defined submission template strategy is critical to managing your device types. Within Rimsys, you can not only access standard IMDRF, NMPA, and other templates - you can design customized templates as needed for your holistic regulatory strategy.
Additional resources
Would you like to learn more about how Rimsys handles submission templates? Schedule a conversation with our experts now.
An overview of the UK Medicines and Healthcare Products Regulatory Agency (MHRA)
There’s no question that the medical device market is global, and the United Kingdom (England, Scotland, Wales, and Northern Ireland) is one of the world’s most viable and vital markets. It’s certainly one that you want your medical device in if you hope to make a global impact. The Medicines and Healthcare products Regulatory Agency (MHRA) is the gatekeeper of that market and one of the world’s most influential regulatory bodies.
Knowing who the MHRA is and understanding their role in ensuring that only safe, effective, high-quality medical devices enter the market is vital to your success in the UK. In this brief article, we’ll tell you more about who the MHRA is, their authority and responsibilities, and even some of the requirements you must meet to get your medical device into this market.
What is the MHRA?
The MHRA is an executive branch of the Department of Health and Social Care. It’s the UK’s equivalent of the US Food and Drug Administration (FDA), meaning that they set the quality and regulatory standards for medical devices in Great Britain.
Because the UK used to be part of the European Union, products required a CE marking to enter the UK market. Since Brexit, the MHRA has been the sole regulatory authority in Great Britain (England, Scotland, and Wales) and the gatekeeper to its robust medtech market.
What does the MHRA do?
As you know, medical devices must meet specific requirements before they can be sold in most markets around the world. Generally, the more developed the nation and its healthcare and medical device industries, the more complex its healthcare regulations are.
The MHRA is responsible for:
- Monitoring and regulating post-market surveillance of all medical devices currently on the market and creating regulations and requirements for medical devices entering the UK. They also enforce regulations, ensure medical devices meet the necessary safety, efficacy, and quality standards, and have the power to pull noncompliant products from the shelves.
- Making sure that supply chains for medical devices and the materials that comprise them are safe and secure. This includes everything from the facilities where products are made and stored, to their packaging and the systems and logistics applied in their transport.
- Educating the general public, healthcare professionals, and manufacturers about the risks and health benefits of medical devices.
- Engaging in harmonization efforts with other countries to develop standardized pathways to global markets. They influence international regulatory standards, best practices, and frameworks to support this effort.
How do you register a medical device with the MHRA?
Registering a medical device in the UK is different than in years past due to Brexit, which was the British exit from the European Union. Before Brexit, the UK adhered to the EU regulatory requirements as put forth in the EU MDD/IVDD, which Regulation EU 2017/745 (MDR) and Regulation EU 2017/746 (IVDR) eventually replaced. However, the MHRA will be instituting its new regulations currently set to be in force in July 2024.
One of the first steps of registering a product in the UK is getting the UK Conformity Assessment (UKCA) marking on your device and packaging. Manufacturers of Class I (lowest-risk classification) devices and general In Vitro diagnostic devices can self-certify against UKCA marking if these devices are non-measuring and non-sterile.
Class II and III devices must go through conformity assessment by a UK approved body. Approved bodies are the UK’s equivalent of Notified Bodies in the EU. These organizations have the authority to perform conformity assessments and apply UKCA markings on medical devices. UK approved bodies also perform post-market surveillance of devices currently on the market to ensure they’re safe and compliant for as long as they’re in use.
The process is a little different for device manufacturers outside of the UK who want to market their medical devices. Foreign manufacturers must designate a single person based in the UK to serve as their authorized representative (or UK Responsible Person). The UK Responsible Person acts as a liaison between the manufacturer and the relevant approved regulatory bodies, and handles the task of registering that company’s products with the MHRA.
The MHRA and Northern Ireland
When registering a device in Great Britain and Northern Ireland, you’ll notice that there are different procedures even though both were part of Brexit. According to the Northern Ireland Protocol (Northern Ireland’s response to Brexit), Northern Ireland applies Regulation EU 2017/745 (MDR) and Regulation EU 2017/746 (IVDR) to its own regulatory framework, whereas Great Britain has decided to implement its own regulations over the next couple of years.
For instance, as Northern Ireland still adheres closely to Regulation EU 2017/745 (MDR) and Regulation EU 2017/746 (IVDR), UK approved bodies cannot provide conformity assessments for them. In fact, if a manufacturer based in Great Britain wants to put a medical device on the market in Northern Ireland, they must designate an EU Authorized Representative to register the product for them.
Furthermore, an EU Notified Body must provide a conformity assessment according to Regulation EU 2017/745 (MDR) and Regulation EU 2017/746 (IVDR) for the device to receive UKNI marking (Northern Ireland’s conformity assessment mark). Likewise, Northern Ireland Authorized Representatives cannot represent Northern Irish or other foreign manufacturers in Great Britain, nor can Northern Ireland Notified Bodies provide UKCA marking for medical devices. In short, Northern Ireland has decided to continue to abide by EU medical device and in vitro diagnostics regulations as set forth by the European Medicines Agency, whereas Great Britain has not.
How to achieve compliance
The MHRA is firmly positioned as one of the foremost regulatory authorities in the world. They’re responsible for creating, implementing, and enforcing regulations for medical devices and IVDs in the UK while also providing research and education to promote the safety and efficacy of devices worldwide.
Adherence to UK regulations is essential to getting your medical device on that market and keeping it there. Medical devices entering the Great Britain market must adhere to the MDR/IVDR (until June 30, 2023) or UK MDR 2002, whereas Northern Ireland still abides by EU regulations.
Manufacturers based outside of Great Britain that want to put their devices on the market there must designate a UK Responsible Person (UKRP) to represent their interests and a UK-approved body to perform conformity assessments and apply UKCA marks. At the same time, Northern Ireland still adheres to EU regulations, requiring foreign manufacturers to utilize EU and NI responsible persons and notified bodies to assess medical devices, documentation, and manufacturing facilities while requiring the EU’s CE marking.
Bringing your device to market in the UK requires a dynamic regulatory strategy that enables you to optimize your projects and processes, ensuring your medical devices hit the mark for both the GB and NI markets. Also, it’s vital that you do your due diligence to ensure conformity with the regulations of both markets while also avoiding conflating their processes and regulatory requirements. Ultimately, getting your medical devices compliant with both markets could set your medtech company up to be a mainstay in the UK.
Introducing impact surveys
When we think of medtech regulatory affairs it’s easy to focus in on pre-market activities: the identification of market entrance requirements and the submission process to obtain market clearance for a new device. This is an important aspect of the work that RA teams do, but it’s definitely not all they do.
The reality is that regulatory work is never done because products are never done. Medtech companies are consistently making product updates, whether optimizing manufacturing or supply chains, adding accessories, working with new materials, or releasing software updates. This is normal, but in a highly-regulated industry, any of these changes can have an impact on a product’s license or market clearance status.
Impact assessments of new regulations, product or manufacturing changes, or standards updates are a core RA activity and one that we’ve focused on automating within Rimsys. Our unique “product-centric” data structure allows registrations, submissions, standards, and technical files to be linked to individual products. This association means that any RA team member can instantly pull a list of products that may be impacted by a standards change, or, conversely, a list of registrations that may be impacted by a product change.
Now we’ve enhanced Rimsys’ impact assessment capabilities by allowing teams to survey registration owners or country managers and collect their individual feedback about the impact of pending changes.
Feedback is a critical element of impact assessments
Communication and feedback within a broader regulatory team is a critical component of any impact assessment. In larger organizations, different teams often have responsibility for different regions, whether those are dedicated RA teams, consultants, or in-country representatives. A product or manufacturing change can impact any number of country registrations in different ways, so to properly assess the regulatory workload needed to process the change, teams need to gather and document input across the extended RA team.
Traditionally this activity has involved a flurry of emails, some shared spreadsheets, and no clear tracking or management, making it time-consuming and difficult to effectively collect this information.The new impact survey feature from Rimsys automates this task and centrally collects all of the necessary feedback within a consolidated project plan.
How it works
Impact surveys are included in the projects module in Rimsys. Now, when you start a new project request you can automatically send a survey to all of the owners for registrations that are associated with the project. Owners are notified to log into Rimsys, review the product details and any linked documentation, and fill out a short form to document whether they think their particular registration will be impacted by the proposed project, the remediation required (registration update, audit, etc.), and the expected time required.
Registrations where the owner indicates an impact are automatically flagged, and a progress bar provides an at-a-glance view of the survey status (completed responses, pending responses, % of registrations impacted). When the project request is approved, all impacted registrations and timeline are carried over to the active project plan.
Automated impact assessments deliver more than efficiency
The new survey feature is another key piece in our goal to streamline and automate as many regulatory activities as possible. Centralizing the surveys within the Rimsys platform ensures that everybody has access to the information they need to assess the impact of proposed changes on specific markets and registrations. It allows surveys to be completed more quickly and ensures that all of the potential impacts are incorporated into a project plan.
This allows RA teams to work more quickly, but more importantly, it ensures that all potential impacts are properly identified, preventing project delays and eliminating noncompliance risks. If a product design change unexpectedly invalidates a license in a particular country, companies may have no choice but to withdraw that product until it can be recertified. Regulatory automation isn’t just about increasing efficiency, it can also have a significant revenue impact.
Want to learn more about automated impact assessments in Rimsys? Contact us today for a custom demo.
Medical Devices: Comparing standards, regulations, directives, guidance, and laws
The energy sector, the financial sector, and the healthcare sector are some of the most heavily regulated sectors out there due to the possibility of significant risk to consumers in those industries. In particular, the healthcare sector is regulated to ensure that only the highest quality care is provided to patients and that medical devices are optimized for safety and efficacy.
In the world of Regulatory Affairs, words such as “standards” and “regulations” are used frequently. While they can be rather similar, they do have different meanings in different situations. Let’s explore their definitions and meanings when being used by medical device regulatory affairs professionals.
In general, legislative bodies pass laws, government agencies develop regulations to implement the laws, and industry groups and organizations create and approve standards.
Medical Device Standards
Standards refer to industry standards that device manufacturers use to design, develop, and manufacture safe medical devices. Standards help to demonstrate safety, manage risk, and to achieve regulatory compliance. Harmonized standards are used, when possible, to make working across borders easier.
Example: ISO, IEC, and UL are all examples of industry standard organizations that develop standards to help guide manufacturers on safe design, development, and manufacturing of quality products.
Standards are:
- Technical documents
- Driven by the need for a consensus
- Crafted by experts
- Approved by peers within the industry
Medical Device Laws
Laws are created by the government, as are regulations, but the two are different. Regulations are the practices which need to be followed to ensure that the law are followed.
Example: Criminal laws, civil laws, federal laws, international laws, etc.
Laws are:
- Rules created by the government
- Designed to regulate commercial and business transactions
- Legal rules that apply to all members of society and/or institute
- Not changed frequently
Medical Device Regulations
Regulations are the process of monitoring and enforcing established government rules and laws.
Example: The EU implemented the Medical Device Regulation (MDR) Regulation EU 2017/745 for all its member states. This regulates the clinical investigation and sale of medical devices for human use. If you want to sell a medical device in the EU, it must be designed, developed, and manufactured according to this regulation.
Regulations:
- Define processes for the monitoring and enforcing the laws
- Provide a consistent method to ensure laws are followed
- Are known to change often and without notice
Medical Device Directives
In Europe, Directives are legal acts of the European Union. Directives comply with the EU's desire for subsidiarity and acknowledges that different member states have different legal systems, allowing each member state the leeway to choose its own statutory wording.
Directives:
- Are legal acts set up by the European Parliament and Council .
- Require member states to uphold the acts without dictating specific processes.
- Allow member state to have flexibility as to how the rules are to be adopted.
Medical Device Guidance
Guidance documents are designed by federal and/or regulatory agencies, such as the FDA and European Union, and are meant to help further explain or provide clarity on existing rules.
Example: The FDA provides many guidance documents to help medical device manufacturers better understand the rules and regulations governing the safe design, development, and manufacturing of medical devices.
Guidance documents are:
- Designed by federal and regulatory agencies
- Intended to help people better understand legal rights and obligations
- Not designed to be enforceable under law
Medical Device Policies
A policy defines how an institution should execute a regulation. While it’s not against the law to not follow policy, failing to follow the policy can result in situations that cause an organization to operate outside of the law. The government creates regulatory policies to ensure that industries operate in a sustainable manner and that any risks are minimized (i.e., foreign policy, economic policy, ethics policy, environmental policy, etc.).
A Policy is:
- How an institution interprets and implements regulations.
- Is meant to execute a regulation, depending on an institution’s size, complexity, location, and other factors.
- Helpful in providing people with guidelines for making day-to-day decisions.
As you can see, there are many different rules, regulations, etc. that need to be considered and followed, and they can sometimes be intertwined. When developing and selling medical device equipment, it’s very important for regulatory affairs teams to understand how each needs to be followed. You also need to be aware of the constant changes, especially when doing business in more than one country. A regulatory information management system is a great place to start to ensure the security of your products – no matter where they are being distributed and sold.
EU MDR transitional period to be extended
The Council of the European Commission has concluded their December 9th meeting meant to address member states’ concerns over the challenges and issues in meeting current MDR deadlines. MDD certificates for medical devices will continue to be accepted for an additional three to four years beyond current MDR deadlines, with limited exceptions.
While not all details are available, it is believed that the following changes will be adopted:
- An extension of the transitional period, allowing medical devices to continue to be marketed under MDD certifications through 2027 for class IIb and class III devices, 2028 for class IIa and class I devices that require an external conformity assessment, and 2028 for class 1 devices that are sterile or have a measuring function.
- An extension of the validity of certificates issues under the MDD.
- Some restrictions will be put in place under the new extensions. Devices not eligible for extended deadlines will include those devices presenting an unacceptable risk, those that have undergone significant changes since being certified, and devices for which the manufacturers are already in the process of obtaining certification under the MDR.
- The removal of the existing “sell off” provision.
It is expected that the MDCG will release a guidance to address bridging the gap for expiring MDD certificates within the coming days and that the full legislative proposal will be introduced in January, 2023.
Stay tuned for additional information as we learn exactly how this will be implemented and what restrictions will be in place.
Additional articles and information:
- MDCG 2022-18: MDCG Position Paper on the application of Article 97 MDR to legacy devices for which the MDD or AIMDD certificate expires before the issuance of a MDR certificate
- New extension to implement MDR (MDlaw.eu)
- Summary of the EU Commission Meeting – including video (Easy Medical Device LinkedIn post)
- Jan 6 update - EC adopts proposal
- 6 reasons medtech companies shouldn't delay MDR certification
Making the case for a RIM system
Regulatory Information Management (RIM) systems are becoming more prevalent in medical technology companies of all sizes. Yet many regulatory teams still rely on spreadsheets and software designed for other purposes, such as quality systems or pharmaceutical regulatory applications. When your team is ready for a medical device RIM system, what information and arguments can you use to obtain the budget and executive buy-in you will need?
In this article, we discuss the benefits of a RIM system that can be used in calculating and estimating ROI, along with examples of results achieved by Rimsys customers.
Improved efficiency
Arguably the greatest benefit to implementing a RIM system is the increased process efficiencies it brings, but this benefit is often the most difficult to quantify. It is not difficult to imagine that moving from spreadsheets and manual processes to a dedicated regulatory information management system will improve efficiency, but how do you measure this?
- Eliminate “non-value add” work
Identify the processes on which your RA team spends the most “non-value add” time. How much time does it take for them to determine all of the countries in which a product is approved for sale? What registrations are expiring this year? What GSPRs need to be updated because a standard has changed? For many medical device manufacturers, these processes take hours, days, or even weeks, of combing through multiple data sources and verifying information. A properly implemented RIM system can be expected to provide this type of information in minutes. - Improve communication between departments
Consider how your systems and departments communicate with each other. When the product team makes a change, how quickly and seamlessly are the quality and regulatory teams notified? Do they always have the time they need to react to such changes? If the regulatory team identifies a new requirement that the quality and product teams need to be aware of - how seamlessly is that handled? A RIM system can not only identify items that need to be communicated to other teams, but can also be integrated with PLM, eQMS, and ERP systems to automate such communication. One good example of this is Rimsys’s ability to share a product’s selling status with the manufacturer’s ERP system. This ensures that a product is never sold into a market where it has not been approved. - Enforce company processes and workflows
A RIM system can help enforce your processes and ensure proper communication by managing approvals and other tasks within the system. By automating communications around process tasks, teams do not need to rely on individual emails (or remember to send those emails). RA teams don’t need to hunt through email history to confirm that they haven’t missed anything, and processes, approvals, and actions are recorded in a secure and compliant system.
Reduce the impact of RA staff turnover
A strong RIM system not only helps to reduce the risk and cost associated with staff turnover, but can also help reduce turnover in the first place! When RA staff turns over, or a new member joins the team, a RIM system will provide:
- Clear and defined processes that are standardized and built into the system.
- A central repository of product registration information, submission records, and more.
- Immediate availability of current and historical records when dealing with regulatory agencies and notified bodies.
A RIM system also speeds up the onboarding process new RA team members, which can otherwise take 6 months or more for employees to get fully up to speed on the product portfolio, in-flight and upcoming projects, and previous interactions with health authorities.
Providing your existing RA team with a well-implemented RIM system reduces the time they spend searching for information, allowing them to spend more time doing what they do best—implementing regulatory strategies and managing the regulatory affairs of the company. Your RA team will be more productive, feel more empowered, and be more likely to say in their role.
Minimize compliance risks
Medtech regulatory teams need to ensure that they are staying current with ever-changing global regulations, guidance documents, and standards. Each change needs to be evaluated for its impact on items such as existing GSPRs and pending compliance deadlines (think of the changing UDI labeling and database deadlines in many countries). RA teams are also responsible for ensuring that required reporting and submission deadlines are met for every product in every country in which they are sold.
RA teams that rely on manual processes and spreadsheets are opening their companies to a higher level of compliance risk than those using holistic RIM systems. RIM systems can automate many of the processes required to ensure regulatory compliance, including:
- Identification of GSPRs affected by a standards change.
- Notifications of pending license expirations and regulatory deadlines.
- Approval and notification tasks.
Without a central regulatory system and automated processes, required regulatory actions may be missed resulting in expired registrations that require products to be pulled from the market or audit findings resulting from information being incomplete or unavailable.
In addition, RIM systems like Rimsys are designed to be verified under 21 CFR part 11 requirements and provide quick access to data required during an audit or by a notified body or regulatory agency.
Reduced costs
Wasted time
Many of the RIM advantages discussed above also lead directly to cost savings. When making the case for a RIM system in your organization, use as much specific data as possible - including average RA salary and time-savings estimates based on your team and processes. In general, though, consider that:
- The average RA professional wastes 30-50% of their time looking for information that could be easily retrieved with a RIM system.
- The average salary of an RA professional is $97,000.
- Approximately $30-$49k of each employee's salary is wasted due to inefficient processes.
In addition, a RIM system may allow you to reduce the cost of outside consultants and contracted regulatory work. Medtech regulatory consultants can charge between $150 and $300 an hour - resulting in consultant fees in the millions of dollars for many medical device manufactuers. One Rimsys customer was able to eliminate 15 consultants at the time they implemented the Rimsys RIM solution.
Cost of non-compliance
If your organization is found to be out of compliance by any regulatory agency, the cost can be extremely high. Not only must you put time and effort into becoming compliant, but you may likely face fees, penalties, higher consultant fees, and other direct costs. If a product needs to be removed from a market, and then re-approved, the costs can be significant. The largest concern for most companies, however, may be the costs associated with a well-publicized non-compliance issue (often following an adverse event or major quality issue). While difficult to quantify, if your company has faced major recalls or other public issues, use the actual lost revenue and increased cost numbers as available.
According to a McKinsey report, the average share value of a company experiencing a major quality event drops by 16.8%. The same report lists the average cost of a recall in companies surveyed at $2 million, a warning letter at $1 million, and a consent decree at $400 million (this last number is one consent decree at a single company).
Increased revenue
We believe that regulatory teams do not get enough credit for driving revenue within their organizations. A well-run regulatory team with the right tools drives:
- Increased speed to market: Regulatory teams using RIM systems complete new product submissions and registrations renewals in much less time than those without dedicated regulatory software. This means more products getting to market more quickly. Consider estimating how many weeks/months you can reduce product submission activities by and estimate additional revenue based on expected product releases in the coming year.
- Less revenue at risk from compliance issues: The potential for lost revenue can also be reduced by improving regulatory processes through a RIM system. If a product needs to be pulled from a market or experiences a serious and public regulatory event, how much revenue will your company lose in that market during the months or years it will take to recover? Medical device manufacturers reduce this risk by implementing strong regulatory systems that ensure registration renewals, ongoing reporting requirements, and updated requirements are visible and well-managed.
Real-world examples from Rimsys customers
- A leading In-Vitro diagnostic manufacturer reduced the time it took to update the 1400 GSPRs they were managing when a single standard changed by from 360 person-hours (3 regulatory professionals x 3 weeks) to 30 minutes. The time to create a GSPR table was reduced by 50% and required maintenance was reduced by 99%. (read the full case study)
- One medical device company had no communication between their PLM, eQMS, and ERP systems - causing delays in getting products registered and into new markets. They implemented Rimsys (replacing existing spreadsheets) and streamlined their product authorization process - reducing workload by 88%. It now takes just a few minutes to determine where a product is sold, versus the hours it took previously. (read the full case study here)
- BISCO, a leading global manufacturer of dental adhesives and cement, has a well-organized product registration process, but the information was difficult to share and search. Maintaining essential principle tables was also a growing concern. According to Ryan Hobson, BISCO's Global RA Manager, Rimsys allowed them to take “a process that could take a week or a week-and-a-half all told, and shortened it to a matter of minutes.” (read the full case study here)
Looking for information and data you can use to make the case for budget or leadership buy-in for a regulatory information management project? Download our RIM ROI infographic for a quick reference of all of the potential cost savings and revenue growth that can be realized with a RIM system.
