Featured
Rimsys Announces Rimsys AI to Eliminate Repetitive Tasks and Enhance Decision-Making for MedTech Regulatory Teams
Rimsys, the leading Regulatory Information Management (RIM) platform for the MedTech industry, today announced the launch of Rimsys AI, a suite of embedded artificial intelligence (AI) agents.
The beginner's guide to the FDA 510(k)
This article is an excerpt from The beginner's guide to the 510(k) ebook.
Table of Contents
- Introduction
- 510(k) basics
- Contents of a Traditional 510(k)
- 510(k) submission and timelines
- Other 510(k) forms
Congratulations! You have successfully developed a new medical device. Now you need to take it to market. In the United States, this often means submitting a 510(k). A 510(k) is a structured package of information about your device and its performance and safety that you submit to the Food and Drug Administration (FDA) for “clearance” before you can sell your device in the U.S. In order to receive clearance from the FDA, your 510(k) will need to demonstrate that your medical device is substantially equivalent to another legally marketed device (called a predicate device). The substantial equivalence approval process is a simple equation that looks something like this:
The 510(k) is generally the most efficient route to market clearance in the U.S. because you show your device is safe and effective based on this substantial equivalence standard, instead of needing to present more extensive clinical trial data.
There are three types of 510(k): Traditional, Abbreviated, and Special. This eBook will begin with a general overview of the 510(k) process, including its purpose and benefits. Next, we will explore the Traditional 510(k) and the sections and components required in depth. Finally, we will look at the Special and Abbreviated 510(k).
FDA: background and device oversight
Before we explain what a 510(k) is let’s first talk generally about the FDA and device oversight. The FDA is the U.S. governmental agency responsible for overseeing medical devices, drugs, food, and tobacco products. When it comes to medical devices, the FDA’s mission is to “protect the public health by ensuring the safety, efficacy, and security of…medical devices.” At the same time, the FDA also has an interest in “advancing public health by helping to speed innovations.” In other words, the FDA’s goal is to make sure devices are safe and effective for public use, while also ensuring that devices have a quick and efficient path to market.
In order to achieve this balance of safety and efficiency, the FDA has three different levels of oversight depending on the risk level of the device: (1) exempt from premarket submission, (2) Premarket Notification, also known as 510(k), and (3) Premarket Approval (PMA).
When is a 510(k) required?
A 510(k) is required for medium risk devices that have a predicate on the market which can be used to demonstrate the safety and effectiveness of the new device. Meanwhile, a PMA is required for high-risk or novel devices which require a higher level of scrutiny to be confirmed safe and effective.
A 510(k) is not only required for new devices, but also for devices that have been modified in a way that could impact safety or effectiveness. This could include changes to the:
- Design
- Components
- Materials
- Chemical composition
- Energy source
- Manufacturing process
- Intended use
You must submit your 510(k) at least 90 days before marketing the device.
What Exactly is Substantial Equivalence?
Now that we know what a 510(k) is, let’s talk about the substantial equivalence standard. You’ll recall from the introduction that your 510(k) must show that the new (or modified) device is substantially equivalent to at least one other legally marketed device, called a predicate device. Substantial equivalence looks at the intended use and the technological characteristics of the two devices.
More specifically, you must show:
- that the new device has the same intended use as the predicate, and
- the differences between the two devices do not raise questions about the safety and effectiveness of the new device.
Now let’s take a closer look at intended use and technological characteristics.
Intended use
Intended use means the general purpose or function of the device. The FDA will look at your proposed labelling and your Indications of Use section of the 510(k) to determine the intended use of your device (this is covered in Chapter 2). Intended use includes:
Technological characteristics
Once the FDA has determined that a predicate device exists and that the new device and the predicate device have the same intended use, it will move on to compare the technological characteristics. Technological characteristics include:
- Materials
- Design
- Energy source
- Other device features
The two devices do not have to be identical, and in fact they almost never are. The key here is to demonstrate that any differences do not have a significant impact on safety or effectiveness. Here’s what to cover when you compare your device’s technological characteristics with that of the predicate device:
Overall description of the device design
- Engineering drawings or diagrams to explain the device and component parts.
- List of component parts and explanation of how each component contributes to the overall use and function of the device.
- Physical specifications: dimensions, weight, temperature, tolerances, etc.
Materials
- Detailed chemical formulation used in all materials of constructions (especially those that come into contact with a patient).
- Any additives, coatings, paint, or surface modifications.
- How materials have been processed and what state they’re in.
Energy Sources
- Use of batteries, electricity, etc.
Other technological features
- Software/hardware
- Features
- Density
- Porosity
- Degradation characteristics
- Nature of reagents
- Principle of the assay method
In deciding whether the differences in technological characteristics impact safety or effectiveness, the FDA will typically rely on descriptive information about the technological characteristics as well as non-clinical and clinical performance data.
Let’s look at an example: A manufacturer submits a 510(k) for a new type of contact lens. Both the new device and the predicate device are indicated for daily wear for the treatment of astigmatism. The predicate device is only available in a clear lens, but the new device comes in a line of colors, including purple tinted lenses.
Who is responsible for submitting a 510(k)?
The following four types of organizations may be responsible for submitting a 510(k):
Manufacturers
- End-of-line device manufacturers who will be placing a device on the U.S. market.
- Note: Does not apply to component part manufacturers unless components will be marketed independently.
Specification developers
- Companies that develop the specifications for a finished device which has been manufactured elsewhere
Repackers or relabelers
- Required to submit a 510(k) if they significantly alter the labeling or condition of the device, including modification of manuals, changing the intended use, deleting or adding warnings, contraindications, sterilization status.
- Note: This is rare. The manufacturer, not the repackager or labeler, is typically responsible for the 510(k) submission.
Importers
- Importers that introduce a new device to the U.S. market may need to submit a 510(k), if it hasn’t already been submitted by the manufacturer.
Now that we’ve covered the basics, let’s explore what actually goes into your 510(k).
A Traditional 510(k) should contain all the following components in the list below. In some cases, a particular section may not apply to your device. When that happens, it’s a good idea to include the section anyway and just state “This section does not apply” or “N/A” under that heading.
To continue reading this eBook including a detailed walk-through of all the Traditional 510(k) components, submission requirements and timelines, and an overview of the other 510(k) forms including the Abbreviated 510(k) and the Special 510(k), please register to download the full version
The ultimate guide to the China UDI system and database
This article is an excerpt from The ultimate guide to the China NMPA UDI system and database ebook.
Table of Contents
- Overview
- UDI basics and benefits
- UDI format requirements and issuing entities
- UDI database and submission requirements
- Implementation of UDI and the UDI database in China
The current Chinese medical device regulatory regime kicked-off in 2014 with the Regulation on Supervision and Administration of Medical Devices. This core set of registration requirements, modeled after the United States and European Union systems, established a set of device classifications (class I, II, and III) based on risk and procedures for obtaining market clearance for each type of device.
Medical devices in China are regulated by the National Medical Products Administration (NMPA). Class I devices, such as clinical laboratory equipment or non-invasive skin dressings, require only notification to the NMPA for marketing authorization, and that authorization does not expire. Class II and III devices such as implantable devices or devices with a measuring function require full registration and a formal review before market clearance can be obtained.
These initial regulations have been expanded since their introduction, adding accelerated pathways to market for certain products in certain regions, easing acceptance of clinical data from overseas, and more specific roles and responsibilities for local agents of international manufacturers. In addition, in 2019, the regulations added a provision that medical devices carry a unique device identification (UDI). China’s UDI requirements are similar to those in the US and European Union. They establish specific device ID and labeling requirements, as well as a central, state-administered database of devices.
This eBook walks through the basics of medical device UDIs, the specifics of China’s implementation, and how MedTech companies who market their devices in China can prepare for the full rollout of these regulations in the coming years.
A UDI is a unique alphanumeric code that is designed to identify medical devices sold in a particular country/region from manufacturing, through distribution, to use by a patient. Like other aspects of the medical device regulatory regime, the UDI system in China follows the approach taken by the United States FDA and European Commission, and is based on the guidance from the International Medical Device Regulators Forum (IMDRF). Generally, UDI systems are designed to improve patient safety and optimize care by:
- Increasing the traceability of medical devices, including field safety corrective actions
- Providing an unambiguous identification method for medical devices throughout distribution and use
- Making adverse event reports more accessible
- Reducing medical errors by providing detailed information related to the device
- Simplifying medical device documentation and making it more consistent
There are three components to the UDI system in China:
- UDI code: The actual UDI code can be assigned by one of three (3) issuing agencies and contains information about the product, it’s expiration date, and the manufacturing batch/lot it’s associated with.
- UDI labeling: Put simply, medical devices must carry the UDI code on them. The regulations stipulate how devices and their packaging must be labeled for compliance.
- UDI database: In addition to labeling, all device UDIs must be submitted to a central database that is administered by the NMPA.
The following sections explore each of these components in more detail.
The UDI code
The first element of the UDI system is the code itself. The UDI code is the alphanumeric identifier that is associated with a specific medical device. UDI codes have two (2) elements to them, the UDI device identifier (UDI-DI) or static portion, and the UDI production identifier (UDI-PI) or dynamic portion. You can see the two components in the UDI diagram below:
The UDI-DI contains information about the issuing entity—the organization that is authorized to assign UDI codes. In China, this can be one of three entities: GS1, an international barcode and electronic data interchange standards organization, and two domestic organizations: the Zhongguancun Industry & Information Research Institute (ZIIOT), and AliHealth. Additional details about the issuing agencies are covered in Chapter 2. In addition, the UDI-DI contains information about the manufacturer and the specific model or version of the device.
The UDI-PI contains information about the manufacturing and production of the device. This typically includes information about the lot or batch number in which the device was manufactured, the manufacturing date and expiration date for the device (if applicable), and the specific serial number for the device. Here you can see all of the components marked up using the same UDI example:
Note that each packaging permutation and level for a given device will need to be assigned its own UDI. So for example, let’s say that a company manufactures 5ml enteral (oral) syringes in two packaging options: 1 – packaged individually and 2 – packaged in a box of 5. Each packaging option would need its own UDI, despite the fact that the underlying product is the same.
Now looking at packaging levels, let’s assume that the manufacturer packages the single syringe offering into boxes of 6, and again into larger containers of 24. Each of those packaging options needs its own UDI as well.
Labeling
In addition to obtaining UDI code for each device as outlined in the previous section, medical device manufacturers are required to ensure that devices are appropriately labeled with the assigned UDI. This label is called the UDI Carrier. The UDI is represented in two forms on the UDI Carrier: a machine-readable form and a human-readable form.
The machine-readable form or automatic identification data capture (AIDC) is a barcode or some other technology that can be used to automatically capture UDI information. The NMPA regulations support 3 types of machine-readable formats: 1-dimensional barcode, 2-dimensional barcode, and radio-frequency identification (RFID).
The regulations note that “use of advanced automatic identification and data collection technologies is encouraged”—prompting manufacturers to use more modern 2D and RFID machine-readable carriers where possible. Note, however, that if a device uses RFID, the UDI Carrier must also include the UDI in barcode format.
The human-readable form or human-readable interpretation (HRI) is the numeric or alphanumeric code for the UDI that can be read and manually entered into systems.
The UDI Carrier should be included on the device and on all levels of packaging. The UDI Carrier must be clear and readable during the operation and use of devices. If there isn’t room on the device for both the human and machine-readable forms of the UDI, then manufacturers should prioritize the machine-readable form.
UDI database
The third component of the NMPA UDI system is the UDI database. This is a centralized database of UDI and product information, administered by the NMPA. Manufacturers are required to submit UDI information into the database within 60 days after a product is approved (for sale in China) and before it is commercialized. The database contains a more detailed product record than what is included in the UDI itself, and it is the responsibility of the manufacturer (and/or their in-country representative) to submit the information correctly, and ensure that it’s kept up to date.
Chapter 3 of this eBook goes into detail about the specific fields and data requirements for UDI database submissions.
To continue reading this eBook including information about UDI format requirements and issuing entities, implementation timelines, and affected device types, please register to download the full version.
The ultimate guide to the EU MDR/IVDR unique device identifier (UDI) System
This article is an excerpt from The ultimate guide to the EU MDR/IVDR UDI ebook.
Table of contents
- Overview
- UDI basics and benefits
- UDI format requirements and issuing entities
- UDI rules for specific device types
- Implementation of UDI and UDAMED in the European Union
- US vs EU UDI comparison
The EU Medical Device Regulation (2017/745) (“MDR”) and EU In Vitro Diagnosis Regulation (2017/746) (“IVDR”) introduce two new systems for information exchange: UDI (Unique Device Identifier) for device identification and EUDAMED (European Databank on Medical Devices) to centralize and disseminate information. UDI is a specific code assigned to all devices and higher levels of packaging. This will allow for devices being sold in the European market to be identified and traced through a globally harmonized approach. EUDAMED is the IT system developed by the European Commission to replace the EUDAMED2 database previously in place under the Medical Device Directives (MDD). EUDAMED is a multi-functional system that will be used to coordinate device registration, provide information about devices to industry professionals and the public, and highlight necessary safety details.
The EU MDR and IVDR UDI system is based upon the guidance of the International Medical Device Regulators Forum (IMDRF). It’s a globally harmonized system that’s designed to increase patient safety and optimize care.
UDI system goals
Increase patient safety
- Improve tracing of devices
- Reduce the presence of counterfeit devices
Ensure access to accurate information
- Unambiguous identification of devices throughout distribution and use
Improve post-market surveillance
- Improve accessibility of adverse event reports
Enhance supply chain Management
- Streamline supply chain process and inventory management
- Simplify medical device documentation processes
The UDI system has four key elements
Element 1: Assignment of UDI (UDI Components)
The first element of the UDI system is the assignment of a UDI. The UDI is a code of alphanumeric characters that acts as the access key to information about a specific medical device on the market. The EU MDR and EU IVDR requires that a UDI be assigned to all medical devices except for custom-made or investigational devices. There are three components of a UDI:
- Basic UDI-DI
- UDI (consisting of UDI-DI and UDI-PI)
- Packaging UDI (Note: This is not an official term used in the EU MDR and IVDR, but we’re using it to help explain the concept. The Packing UDI is part of the UDI itself.)
1. Basic UDI-DI
The Basic UDI-DI identifies the device group that a particular device fits into. A device group is a group of products that all share the same intended purpose, risk class, essential design, and manufacturing characteristics. A device group is generally classified by medical device manufacturers as a “Product Family” or “Product Category,” depending on the internal nomenclature used within the company. The Basic UDI-DI functions as a parent or higher-level descriptor of a device.
NOTE: There can only be one Basic UDI-DI per UDI-DI.
The Basic UDI-DI is not printed on the product itself or on the packaging of a product, but rather it must be included in the following documents and applications:
- Certificates (Including Certificate of Free Sale)
- EU Declarations of Conformity
- Techical Documentation
- Summary of Safety and Clinical Performance
2. UDI (UDI-DI and UDI-PI)
The second component is the UDI itself, which consists of two parts:
Device Identifier (DI)
Production Identifier (PI)
The UDI-DI (Device Identifier DI, also referred to as “static”) identifies specific, detailed information about a particular device. If any of the below details should change, the device will need a new UDI-DI.
- Name or trade name of the device
- Device version or model
- If labelled as a single use device
- Packaged as sterile
- Maximum number of uses
- Need for sterilization before use
- Quantity of devices provided in a package
- Critical warnings or contra-indication
- CMR/endocrine disruptors
NOTE: There can be several UDI-DIs for one Basic UDI-DI.
Meanwhile, the UDI-PI (Production Identifier PI, also referred to as "dynamic") contains manufacturing information (including serial number, lot/batch number, software identification, and manufacturing or expiry date or both types of dates.)
To better illustrate this concept of Basic UDI-DI and UDI (UDI-DI and UDI-PI), let’s use a syringe as an example. The Basic UDI-DI would identify the category of a syringe, for example, "Enteral (Oral) Syringe."
A 5ml Enteral (Oral) Syringe – Sterile (Color: Purple) would get a unique UDI-DI and a 10m Enteral (Oral) Syringe – Sterile (Color: Orange) would get a unique UDI-DI. Both products would be associated to the same Basic UDI-DI. In this case, the "Enteral (Oral) Syringe," which defines the category.
Each time that 5ml Enteral (Oral) Syringe – Sterile (Color: Purple) is manufactured at the same revision, it will get a new UDI-PI per lot. See the graphic below.
Each product is identical and therefore has the same UDI-DI. However, the UDI-PI changes to reflect the manufacturing date, lot number, expiry date, and serial number, as applicable.
The UDI will contain all device-specific information and have the same functions as the comparable database (GUDID) of the United States FDA. The main difference (in EUDAMED) is that the UDI data is divided into components of Basic UDI-DI, UDI, and Packaging UDI.
3. Packaging UDI
The third component of UDI is the Packaging UDI. (Note: This is not an official term used in the EU MDR and IVDR, but we’re using it to help explain the concept.)
Each level of packaging, except shipping containers, must receive its own unique UDI. Packaging UDI refers to the unique UDI assigned to higher levels of packaging instead of the device itself.
In the event of significant space constraints on the unit of use packaging, the UDI Carrier may be placed on the next higher packaging level.
Returning to our earlier example of syringes, if a manufacturer first packages a single sellable syringe into an individual box, this package would receive its own UDI-DI and UDI-PI.
If then the manufacturer packages those individual boxes into containers of six (6), those containers would receive their own UDI-DI and UDI-PI.
And finally, if the manufacturer packages those six (6) containers into cases of four (4), those cases would receive their own UDI-DI and UDI-PI.
Each of those levels of packaging must be assigned its own UDI-DI and UDI-PI. The initial syringe did not change, but the way it is packaged did, therefore, requiring its own UDI-DI and UDI-PI.
Element 2: Placing UDI on the device and/or packaging
The second element to the UDI system is the placing of the UDI on the device or on its packaging through what is referred to as a “UDI Carrier.” The UDI Carrier is the part of the label that contains the UDI information that is applied directly to the device or included on the device packaging. The UDI Carrier should have both a machine-readable portion (AIDC) and a human-readable portion (HRI). (Specific details about each element of the UDI will be covered in Chapter 2.)
- Machine-readable form – AIDC – (Automatic Identification and Data Capture) is a barcode or other machine-readable technology that can be accessed automatically by scanning the UDI information.
- Human-readable form – HRI – (Human Readable Interpretation) is the numeric or alphanumeric code, which can be manually entered into the system for access to the UDI information.
If there are space constraints limiting the use of both the AIDC and HRI on the label, then only the AIDC is required to appear. However, on devices that are intended to be used in home-health care or other non-medical facility settings, the HRI would be required to appear.
Single-use devices may contain the UDI Carrier on its lowest level of packaging rather than on the device itself.
Reusable devices must include the UDI Carrier on the device itself, unless any type of direct marking would interfere with the safety or performance of the device, or if it is not technologically feasible to directly mark the device. If so, this should be properly documented in your design history file.
Most importantly, the UDI Carrier must be readable for the intended lifecycle of the device.
Below is an example of a GS1 AIDC and HRI barcode label.
Element 3: Storage of UDI information by Economic Operators
Storage of UDI information by "Economic Operators" is the third element of the UDI system. 2017/745 Articles 2(35), 22(1), and 22(3) define an economic operator as:
- A manufacturer
- An authorized representative
- A distributor
- An importer
- An investigator for clinical investigations
- A person who sterilizes systems or procedure packs
Class III, implantable device:
According to EU MDR 2017/745 Annex II, the manufacturer shall keep an updated list of all UDIs that it has assigned. Economic operators and all health institutions are required to store, preferably by electronic means, the UDI of all the devices for which they have supplied or with which they have been supplied.
For Devices Other than Class III:
Member States are encouraged, and in some cases require, health institutions to store, preferably by electronic means, the UDI of the devices with which they have been supplied. The UDI must also be included in any field safety notice for reporting serious incidents and field safety corrective actions.
The EU MDR and EU IVDR also give the European Commission authority to make additional requirements regarding the submission or maintenance of UDI information. In making those decisions, the European Commission must consider six (6) areas:
- Confidentiality and data protection
- Risk-based approach
- Cost-effectiveness of the additional measures
- The need to avoid duplications in the UDI system
- The needs of the healthcare systems of the member states
- Harmonization with other medical device identification systems
To continue reading this eBook including information about the EUDAMED database, UDI format requirements and issuing entities, implementation timelines, and key differences between the EU and US UDI systems, please register to download the full version
STED is dead
What is STED?
The STED, or Summary of Technical Documentation, format was created originally by the Global Harmonization Task Force (GHTF), the precursor to the current International Medical Device Regulators Forum (IMDRF). The original STED format, defined in 2007, was the first attempt to harmonize medical device submission information and standardize the information required under the EU MDD and regulations in other countries.
As medical devices and corresponding regulations developed more stringent regulations that defined their market access submissions, regulators found that this original harmonized format did not require sufficiently detailed technical information, nor did it provide enough structure. As a result, more recent regulations have replaced STED with expanded requirements. Note that some in the industry may refer to “STED” when discussing the newer requirements that have replaced it.
Is STED still valid?
Technical documentation formatted using STED may come close to meeting current requirements in some cases. However, many major markets have updated their regulations and requirements for technical documentation, or they have standardized on MDR. EU notified bodies expect MDR technical files, which may have specific requirements depending on the notified body that a manufacturer is using.
In addition to MDR in the EU, we have seen other countries over the past few years make changes to their regulatory systems and requirements, including:
- New regulations in China based on IMDRF in June, 2021 (Order #739)
- Emerging regulations in Canada and Brazil that are currently based on the IMDRF ToC
- New Regulations for Saudi Arabia that closely resemble EU MDR
- Massive regulatory restructuring in ASEAN market
What has replaced STED?
STED has been replaced by the IMDRF Table of Contents (ToC) submission dossier. This submission template has more defined requirements than STED and we are seeing countries update their regulations to adhere closely to the IMDRF ToC. There are a few additional benefits to the IMDRF ToC:
- Additional Flexibility - The IMDRF ToC has a specific numbering structure for technical requirements that allow authorities to “pick and choose” requirements based on submission type and risk classification.
- Efficiency – Countries that use the IMDRF ToC will have a matrix structure for their submissions to note what is required (R), Conditionally Required (CR), Not Required (NR) or optional (O). This can cut down on extraneous information that does not need to be in a submission. Canada already has draft guidance in place with their matrix submission style.
- Standardization – each country that follows the IMDRF ToC will number their submission document requirements with the same Table of Contents.
There are also other markets that are using alternative pathways to STED. The ASEAN market uses ASEAN CSDT (common submission dossier template), which is similar to the IMDRF ToC format, but uses different numbering. There are also two versions of the CSDT – one for standard medical devices and one for in vitro diagnostic devices.
Note that Singapore HSA has good information and is considered the “gold standard” for regulatory submission processes in the ASEAN market.
Expectations for future medical device submission requirements
We expect requirements to only get more complex and burdensome as countries move to further improve patient safety and address the needs of increasingly complex medical devices. A well-defined submission template strategy is critical to managing your device types. Within Rimsys, you can not only access standard IMDRF, NMPA, and other templates - you can design customized templates as needed for your holistic regulatory strategy.
Additional resources
Would you like to learn more about how Rimsys handles submission templates? Schedule a conversation with our experts now.
An overview of the UK Medicines and Healthcare Products Regulatory Agency (MHRA)
There’s no question that the medical device market is global, and the United Kingdom (England, Scotland, Wales, and Northern Ireland) is one of the world’s most viable and vital markets. It’s certainly one that you want your medical device in if you hope to make a global impact. The Medicines and Healthcare products Regulatory Agency (MHRA) is the gatekeeper of that market and one of the world’s most influential regulatory bodies.
Knowing who the MHRA is and understanding their role in ensuring that only safe, effective, high-quality medical devices enter the market is vital to your success in the UK. In this brief article, we’ll tell you more about who the MHRA is, their authority and responsibilities, and even some of the requirements you must meet to get your medical device into this market.
What is the MHRA?
The MHRA is an executive branch of the Department of Health and Social Care. It’s the UK’s equivalent of the US Food and Drug Administration (FDA), meaning that they set the quality and regulatory standards for medical devices in Great Britain.
Because the UK used to be part of the European Union, products required a CE marking to enter the UK market. Since Brexit, the MHRA has been the sole regulatory authority in Great Britain (England, Scotland, and Wales) and the gatekeeper to its robust medtech market.
What does the MHRA do?
As you know, medical devices must meet specific requirements before they can be sold in most markets around the world. Generally, the more developed the nation and its healthcare and medical device industries, the more complex its healthcare regulations are.
The MHRA is responsible for:
- Monitoring and regulating post-market surveillance of all medical devices currently on the market and creating regulations and requirements for medical devices entering the UK. They also enforce regulations, ensure medical devices meet the necessary safety, efficacy, and quality standards, and have the power to pull noncompliant products from the shelves.
- Making sure that supply chains for medical devices and the materials that comprise them are safe and secure. This includes everything from the facilities where products are made and stored, to their packaging and the systems and logistics applied in their transport.
- Educating the general public, healthcare professionals, and manufacturers about the risks and health benefits of medical devices.
- Engaging in harmonization efforts with other countries to develop standardized pathways to global markets. They influence international regulatory standards, best practices, and frameworks to support this effort.
How do you register a medical device with the MHRA?
Registering a medical device in the UK is different than in years past due to Brexit, which was the British exit from the European Union. Before Brexit, the UK adhered to the EU regulatory requirements as put forth in the EU MDD/IVDD, which Regulation EU 2017/745 (MDR) and Regulation EU 2017/746 (IVDR) eventually replaced. However, the MHRA will be instituting its new regulations currently set to be in force in July 2024.
One of the first steps of registering a product in the UK is getting the UK Conformity Assessment (UKCA) marking on your device and packaging. Manufacturers of Class I (lowest-risk classification) devices and general In Vitro diagnostic devices can self-certify against UKCA marking if these devices are non-measuring and non-sterile.
Class II and III devices must go through conformity assessment by a UK approved body. Approved bodies are the UK’s equivalent of Notified Bodies in the EU. These organizations have the authority to perform conformity assessments and apply UKCA markings on medical devices. UK approved bodies also perform post-market surveillance of devices currently on the market to ensure they’re safe and compliant for as long as they’re in use.
The process is a little different for device manufacturers outside of the UK who want to market their medical devices. Foreign manufacturers must designate a single person based in the UK to serve as their authorized representative (or UK Responsible Person). The UK Responsible Person acts as a liaison between the manufacturer and the relevant approved regulatory bodies, and handles the task of registering that company’s products with the MHRA.
The MHRA and Northern Ireland
When registering a device in Great Britain and Northern Ireland, you’ll notice that there are different procedures even though both were part of Brexit. According to the Northern Ireland Protocol (Northern Ireland’s response to Brexit), Northern Ireland applies Regulation EU 2017/745 (MDR) and Regulation EU 2017/746 (IVDR) to its own regulatory framework, whereas Great Britain has decided to implement its own regulations over the next couple of years.
For instance, as Northern Ireland still adheres closely to Regulation EU 2017/745 (MDR) and Regulation EU 2017/746 (IVDR), UK approved bodies cannot provide conformity assessments for them. In fact, if a manufacturer based in Great Britain wants to put a medical device on the market in Northern Ireland, they must designate an EU Authorized Representative to register the product for them.
Furthermore, an EU Notified Body must provide a conformity assessment according to Regulation EU 2017/745 (MDR) and Regulation EU 2017/746 (IVDR) for the device to receive UKNI marking (Northern Ireland’s conformity assessment mark). Likewise, Northern Ireland Authorized Representatives cannot represent Northern Irish or other foreign manufacturers in Great Britain, nor can Northern Ireland Notified Bodies provide UKCA marking for medical devices. In short, Northern Ireland has decided to continue to abide by EU medical device and in vitro diagnostics regulations as set forth by the European Medicines Agency, whereas Great Britain has not.
How to achieve compliance
The MHRA is firmly positioned as one of the foremost regulatory authorities in the world. They’re responsible for creating, implementing, and enforcing regulations for medical devices and IVDs in the UK while also providing research and education to promote the safety and efficacy of devices worldwide.
Adherence to UK regulations is essential to getting your medical device on that market and keeping it there. Medical devices entering the Great Britain market must adhere to the MDR/IVDR (until June 30, 2023) or UK MDR 2002, whereas Northern Ireland still abides by EU regulations.
Manufacturers based outside of Great Britain that want to put their devices on the market there must designate a UK Responsible Person (UKRP) to represent their interests and a UK-approved body to perform conformity assessments and apply UKCA marks. At the same time, Northern Ireland still adheres to EU regulations, requiring foreign manufacturers to utilize EU and NI responsible persons and notified bodies to assess medical devices, documentation, and manufacturing facilities while requiring the EU’s CE marking.
Bringing your device to market in the UK requires a dynamic regulatory strategy that enables you to optimize your projects and processes, ensuring your medical devices hit the mark for both the GB and NI markets. Also, it’s vital that you do your due diligence to ensure conformity with the regulations of both markets while also avoiding conflating their processes and regulatory requirements. Ultimately, getting your medical devices compliant with both markets could set your medtech company up to be a mainstay in the UK.
Introducing impact surveys
When we think of medtech regulatory affairs it’s easy to focus in on pre-market activities: the identification of market entrance requirements and the submission process to obtain market clearance for a new device. This is an important aspect of the work that RA teams do, but it’s definitely not all they do.
The reality is that regulatory work is never done because products are never done. Medtech companies are consistently making product updates, whether optimizing manufacturing or supply chains, adding accessories, working with new materials, or releasing software updates. This is normal, but in a highly-regulated industry, any of these changes can have an impact on a product’s license or market clearance status.
Impact assessments of new regulations, product or manufacturing changes, or standards updates are a core RA activity and one that we’ve focused on automating within Rimsys. Our unique “product-centric” data structure allows registrations, submissions, standards, and technical files to be linked to individual products. This association means that any RA team member can instantly pull a list of products that may be impacted by a standards change, or, conversely, a list of registrations that may be impacted by a product change.
Now we’ve enhanced Rimsys’ impact assessment capabilities by allowing teams to survey registration owners or country managers and collect their individual feedback about the impact of pending changes.
Feedback is a critical element of impact assessments
Communication and feedback within a broader regulatory team is a critical component of any impact assessment. In larger organizations, different teams often have responsibility for different regions, whether those are dedicated RA teams, consultants, or in-country representatives. A product or manufacturing change can impact any number of country registrations in different ways, so to properly assess the regulatory workload needed to process the change, teams need to gather and document input across the extended RA team.
Traditionally this activity has involved a flurry of emails, some shared spreadsheets, and no clear tracking or management, making it time-consuming and difficult to effectively collect this information.The new impact survey feature from Rimsys automates this task and centrally collects all of the necessary feedback within a consolidated project plan.
How it works
Impact surveys are included in the projects module in Rimsys. Now, when you start a new project request you can automatically send a survey to all of the owners for registrations that are associated with the project. Owners are notified to log into Rimsys, review the product details and any linked documentation, and fill out a short form to document whether they think their particular registration will be impacted by the proposed project, the remediation required (registration update, audit, etc.), and the expected time required.
Registrations where the owner indicates an impact are automatically flagged, and a progress bar provides an at-a-glance view of the survey status (completed responses, pending responses, % of registrations impacted). When the project request is approved, all impacted registrations and timeline are carried over to the active project plan.
Automated impact assessments deliver more than efficiency
The new survey feature is another key piece in our goal to streamline and automate as many regulatory activities as possible. Centralizing the surveys within the Rimsys platform ensures that everybody has access to the information they need to assess the impact of proposed changes on specific markets and registrations. It allows surveys to be completed more quickly and ensures that all of the potential impacts are incorporated into a project plan.
This allows RA teams to work more quickly, but more importantly, it ensures that all potential impacts are properly identified, preventing project delays and eliminating noncompliance risks. If a product design change unexpectedly invalidates a license in a particular country, companies may have no choice but to withdraw that product until it can be recertified. Regulatory automation isn’t just about increasing efficiency, it can also have a significant revenue impact.
Want to learn more about automated impact assessments in Rimsys? Contact us today for a custom demo.
Medical Devices: Comparing standards, regulations, directives, guidance, and laws
The energy sector, the financial sector, and the healthcare sector are some of the most heavily regulated sectors out there due to the possibility of significant risk to consumers in those industries. In particular, the healthcare sector is regulated to ensure that only the highest quality care is provided to patients and that medical devices are optimized for safety and efficacy.
In the world of Regulatory Affairs, words such as “standards” and “regulations” are used frequently. While they can be rather similar, they do have different meanings in different situations. Let’s explore their definitions and meanings when being used by medical device regulatory affairs professionals.
In general, legislative bodies pass laws, government agencies develop regulations to implement the laws, and industry groups and organizations create and approve standards.
Medical Device Standards
Standards refer to industry standards that device manufacturers use to design, develop, and manufacture safe medical devices. Standards help to demonstrate safety, manage risk, and to achieve regulatory compliance. Harmonized standards are used, when possible, to make working across borders easier.
Example: ISO, IEC, and UL are all examples of industry standard organizations that develop standards to help guide manufacturers on safe design, development, and manufacturing of quality products.
Standards are:
- Technical documents
- Driven by the need for a consensus
- Crafted by experts
- Approved by peers within the industry
Medical Device Laws
Laws are created by the government, as are regulations, but the two are different. Regulations are the practices which need to be followed to ensure that the law are followed.
Example: Criminal laws, civil laws, federal laws, international laws, etc.
Laws are:
- Rules created by the government
- Designed to regulate commercial and business transactions
- Legal rules that apply to all members of society and/or institute
- Not changed frequently
Medical Device Regulations
Regulations are the process of monitoring and enforcing established government rules and laws.
Example: The EU implemented the Medical Device Regulation (MDR) Regulation EU 2017/745 for all its member states. This regulates the clinical investigation and sale of medical devices for human use. If you want to sell a medical device in the EU, it must be designed, developed, and manufactured according to this regulation.
Regulations:
- Define processes for the monitoring and enforcing the laws
- Provide a consistent method to ensure laws are followed
- Are known to change often and without notice
Medical Device Directives
In Europe, Directives are legal acts of the European Union. Directives comply with the EU's desire for subsidiarity and acknowledges that different member states have different legal systems, allowing each member state the leeway to choose its own statutory wording.
Directives:
- Are legal acts set up by the European Parliament and Council .
- Require member states to uphold the acts without dictating specific processes.
- Allow member state to have flexibility as to how the rules are to be adopted.
Medical Device Guidance
Guidance documents are designed by federal and/or regulatory agencies, such as the FDA and European Union, and are meant to help further explain or provide clarity on existing rules.
Example: The FDA provides many guidance documents to help medical device manufacturers better understand the rules and regulations governing the safe design, development, and manufacturing of medical devices.
Guidance documents are:
- Designed by federal and regulatory agencies
- Intended to help people better understand legal rights and obligations
- Not designed to be enforceable under law
Medical Device Policies
A policy defines how an institution should execute a regulation. While it’s not against the law to not follow policy, failing to follow the policy can result in situations that cause an organization to operate outside of the law. The government creates regulatory policies to ensure that industries operate in a sustainable manner and that any risks are minimized (i.e., foreign policy, economic policy, ethics policy, environmental policy, etc.).
A Policy is:
- How an institution interprets and implements regulations.
- Is meant to execute a regulation, depending on an institution’s size, complexity, location, and other factors.
- Helpful in providing people with guidelines for making day-to-day decisions.
As you can see, there are many different rules, regulations, etc. that need to be considered and followed, and they can sometimes be intertwined. When developing and selling medical device equipment, it’s very important for regulatory affairs teams to understand how each needs to be followed. You also need to be aware of the constant changes, especially when doing business in more than one country. A regulatory information management system is a great place to start to ensure the security of your products – no matter where they are being distributed and sold.
EU MDR transitional period to be extended
The Council of the European Commission has concluded their December 9th meeting meant to address member states’ concerns over the challenges and issues in meeting current MDR deadlines. MDD certificates for medical devices will continue to be accepted for an additional three to four years beyond current MDR deadlines, with limited exceptions.
While not all details are available, it is believed that the following changes will be adopted:
- An extension of the transitional period, allowing medical devices to continue to be marketed under MDD certifications through 2027 for class IIb and class III devices, 2028 for class IIa and class I devices that require an external conformity assessment, and 2028 for class 1 devices that are sterile or have a measuring function.
- An extension of the validity of certificates issues under the MDD.
- Some restrictions will be put in place under the new extensions. Devices not eligible for extended deadlines will include those devices presenting an unacceptable risk, those that have undergone significant changes since being certified, and devices for which the manufacturers are already in the process of obtaining certification under the MDR.
- The removal of the existing “sell off” provision.
It is expected that the MDCG will release a guidance to address bridging the gap for expiring MDD certificates within the coming days and that the full legislative proposal will be introduced in January, 2023.
Stay tuned for additional information as we learn exactly how this will be implemented and what restrictions will be in place.
Additional articles and information:
- MDCG 2022-18: MDCG Position Paper on the application of Article 97 MDR to legacy devices for which the MDD or AIMDD certificate expires before the issuance of a MDR certificate
- New extension to implement MDR (MDlaw.eu)
- Summary of the EU Commission Meeting – including video (Easy Medical Device LinkedIn post)
- Jan 6 update - EC adopts proposal
- 6 reasons medtech companies shouldn't delay MDR certification
Making the case for a RIM system
Regulatory Information Management (RIM) systems are becoming more prevalent in medical technology companies of all sizes. Yet many regulatory teams still rely on spreadsheets and software designed for other purposes, such as quality systems or pharmaceutical regulatory applications. When your team is ready for a medical device RIM system, what information and arguments can you use to obtain the budget and executive buy-in you will need?
In this article, we discuss the benefits of a RIM system that can be used in calculating and estimating ROI, along with examples of results achieved by Rimsys customers.
Improved efficiency
Arguably the greatest benefit to implementing a RIM system is the increased process efficiencies it brings, but this benefit is often the most difficult to quantify. It is not difficult to imagine that moving from spreadsheets and manual processes to a dedicated regulatory information management system will improve efficiency, but how do you measure this?
- Eliminate “non-value add” work
Identify the processes on which your RA team spends the most “non-value add” time. How much time does it take for them to determine all of the countries in which a product is approved for sale? What registrations are expiring this year? What GSPRs need to be updated because a standard has changed? For many medical device manufacturers, these processes take hours, days, or even weeks, of combing through multiple data sources and verifying information. A properly implemented RIM system can be expected to provide this type of information in minutes. - Improve communication between departments
Consider how your systems and departments communicate with each other. When the product team makes a change, how quickly and seamlessly are the quality and regulatory teams notified? Do they always have the time they need to react to such changes? If the regulatory team identifies a new requirement that the quality and product teams need to be aware of - how seamlessly is that handled? A RIM system can not only identify items that need to be communicated to other teams, but can also be integrated with PLM, eQMS, and ERP systems to automate such communication. One good example of this is Rimsys’s ability to share a product’s selling status with the manufacturer’s ERP system. This ensures that a product is never sold into a market where it has not been approved. - Enforce company processes and workflows
A RIM system can help enforce your processes and ensure proper communication by managing approvals and other tasks within the system. By automating communications around process tasks, teams do not need to rely on individual emails (or remember to send those emails). RA teams don’t need to hunt through email history to confirm that they haven’t missed anything, and processes, approvals, and actions are recorded in a secure and compliant system.
Reduce the impact of RA staff turnover
A strong RIM system not only helps to reduce the risk and cost associated with staff turnover, but can also help reduce turnover in the first place! When RA staff turns over, or a new member joins the team, a RIM system will provide:
- Clear and defined processes that are standardized and built into the system.
- A central repository of product registration information, submission records, and more.
- Immediate availability of current and historical records when dealing with regulatory agencies and notified bodies.
A RIM system also speeds up the onboarding process new RA team members, which can otherwise take 6 months or more for employees to get fully up to speed on the product portfolio, in-flight and upcoming projects, and previous interactions with health authorities.
Providing your existing RA team with a well-implemented RIM system reduces the time they spend searching for information, allowing them to spend more time doing what they do best—implementing regulatory strategies and managing the regulatory affairs of the company. Your RA team will be more productive, feel more empowered, and be more likely to say in their role.
Minimize compliance risks
Medtech regulatory teams need to ensure that they are staying current with ever-changing global regulations, guidance documents, and standards. Each change needs to be evaluated for its impact on items such as existing GSPRs and pending compliance deadlines (think of the changing UDI labeling and database deadlines in many countries). RA teams are also responsible for ensuring that required reporting and submission deadlines are met for every product in every country in which they are sold.
RA teams that rely on manual processes and spreadsheets are opening their companies to a higher level of compliance risk than those using holistic RIM systems. RIM systems can automate many of the processes required to ensure regulatory compliance, including:
- Identification of GSPRs affected by a standards change.
- Notifications of pending license expirations and regulatory deadlines.
- Approval and notification tasks.
Without a central regulatory system and automated processes, required regulatory actions may be missed resulting in expired registrations that require products to be pulled from the market or audit findings resulting from information being incomplete or unavailable.
In addition, RIM systems like Rimsys are designed to be verified under 21 CFR part 11 requirements and provide quick access to data required during an audit or by a notified body or regulatory agency.
Reduced costs
Wasted time
Many of the RIM advantages discussed above also lead directly to cost savings. When making the case for a RIM system in your organization, use as much specific data as possible - including average RA salary and time-savings estimates based on your team and processes. In general, though, consider that:
- The average RA professional wastes 30-50% of their time looking for information that could be easily retrieved with a RIM system.
- The average salary of an RA professional is $97,000.
- Approximately $30-$49k of each employee's salary is wasted due to inefficient processes.
In addition, a RIM system may allow you to reduce the cost of outside consultants and contracted regulatory work. Medtech regulatory consultants can charge between $150 and $300 an hour - resulting in consultant fees in the millions of dollars for many medical device manufactuers. One Rimsys customer was able to eliminate 15 consultants at the time they implemented the Rimsys RIM solution.
Cost of non-compliance
If your organization is found to be out of compliance by any regulatory agency, the cost can be extremely high. Not only must you put time and effort into becoming compliant, but you may likely face fees, penalties, higher consultant fees, and other direct costs. If a product needs to be removed from a market, and then re-approved, the costs can be significant. The largest concern for most companies, however, may be the costs associated with a well-publicized non-compliance issue (often following an adverse event or major quality issue). While difficult to quantify, if your company has faced major recalls or other public issues, use the actual lost revenue and increased cost numbers as available.
According to a McKinsey report, the average share value of a company experiencing a major quality event drops by 16.8%. The same report lists the average cost of a recall in companies surveyed at $2 million, a warning letter at $1 million, and a consent decree at $400 million (this last number is one consent decree at a single company).
Increased revenue
We believe that regulatory teams do not get enough credit for driving revenue within their organizations. A well-run regulatory team with the right tools drives:
- Increased speed to market: Regulatory teams using RIM systems complete new product submissions and registrations renewals in much less time than those without dedicated regulatory software. This means more products getting to market more quickly. Consider estimating how many weeks/months you can reduce product submission activities by and estimate additional revenue based on expected product releases in the coming year.
- Less revenue at risk from compliance issues: The potential for lost revenue can also be reduced by improving regulatory processes through a RIM system. If a product needs to be pulled from a market or experiences a serious and public regulatory event, how much revenue will your company lose in that market during the months or years it will take to recover? Medical device manufacturers reduce this risk by implementing strong regulatory systems that ensure registration renewals, ongoing reporting requirements, and updated requirements are visible and well-managed.
Real-world examples from Rimsys customers
- A leading In-Vitro diagnostic manufacturer reduced the time it took to update the 1400 GSPRs they were managing when a single standard changed by from 360 person-hours (3 regulatory professionals x 3 weeks) to 30 minutes. The time to create a GSPR table was reduced by 50% and required maintenance was reduced by 99%. (read the full case study)
- One medical device company had no communication between their PLM, eQMS, and ERP systems - causing delays in getting products registered and into new markets. They implemented Rimsys (replacing existing spreadsheets) and streamlined their product authorization process - reducing workload by 88%. It now takes just a few minutes to determine where a product is sold, versus the hours it took previously. (read the full case study here)
- BISCO, a leading global manufacturer of dental adhesives and cement, has a well-organized product registration process, but the information was difficult to share and search. Maintaining essential principle tables was also a growing concern. According to Ryan Hobson, BISCO's Global RA Manager, Rimsys allowed them to take “a process that could take a week or a week-and-a-half all told, and shortened it to a matter of minutes.” (read the full case study here)
Looking for information and data you can use to make the case for budget or leadership buy-in for a regulatory information management project? Download our RIM ROI infographic for a quick reference of all of the potential cost savings and revenue growth that can be realized with a RIM system.
