Insights & Intelligence for Regulatory Leaders

When we think of medtech regulatory affairs it’s easy to focus in on pre-market activities: the identification of market entrance requirements and the submission process to obtain market clearance for a new device. This is an important aspect of the work that RA teams do, but it’s definitely not all they do.

The reality is that regulatory work is never done because products are never done. Medtech companies are consistently making product updates, whether optimizing manufacturing or supply chains, adding accessories, working with new materials, or releasing software updates. This is normal, but in a highly-regulated industry, any of these changes can have an impact on a product’s license or market clearance status.

Impact assessments of new regulations, product or manufacturing changes, or standards updates are a core RA activity and one that we’ve focused on automating within Rimsys. Our unique “product-centric” data structure allows registrations, submissions, standards, and technical files to be linked to individual products. This association means that any RA team member can instantly pull a list of products that may be impacted by a standards change, or, conversely, a list of registrations that may be impacted by a product change.

Now we’ve enhanced Rimsys’ impact assessment capabilities by allowing teams to survey registration owners or country managers and collect their individual feedback about the impact of pending changes.

Feedback is a critical element of impact assessments

Communication and feedback within a broader regulatory team is a critical component of any impact assessment. In larger organizations, different teams often have responsibility for different regions, whether those are dedicated RA teams, consultants, or in-country representatives. A product or manufacturing change can impact any number of country registrations in different ways, so to properly assess the regulatory workload needed to process the change, teams need to gather and document input across the extended RA team.

Traditionally this activity has involved a flurry of emails, some shared spreadsheets, and no clear tracking or management, making it time-consuming and difficult to effectively collect this information.The new impact survey feature from Rimsys automates this task and centrally collects all of the necessary feedback within a consolidated project plan.

How it works

Impact surveys are included in the projects module in Rimsys. Now, when you start a new project request you can automatically send a survey to all of the owners for registrations that are associated with the project. Owners are notified to log into Rimsys, review the product details and any linked documentation, and fill out a short form to document whether they think their particular registration will be impacted by the proposed project, the remediation required (registration update, audit, etc.), and the expected time required.

Registrations where the owner indicates an impact are automatically flagged, and a progress bar provides an at-a-glance view of the survey status (completed responses, pending responses, % of registrations impacted).  When the project request is approved, all impacted registrations and timeline are carried over to the active project plan.

Automated impact assessments deliver more than efficiency

The new survey feature is another key piece in our goal to streamline and automate as many regulatory activities as possible. Centralizing the surveys within the Rimsys platform ensures that everybody has access to the information they need to assess the impact of proposed changes on specific markets and registrations. It allows surveys to be completed more quickly and ensures that all of the potential impacts are incorporated into a project plan.

This allows RA teams to work more quickly, but more importantly, it ensures that all potential impacts are properly identified, preventing project delays and eliminating noncompliance risks. If a product design change unexpectedly invalidates a license in a particular country, companies may have no choice but to withdraw that product until it can be recertified. Regulatory automation isn’t just about increasing efficiency, it can also have a significant revenue impact.

Want to learn more about automated impact assessments in Rimsys? Contact us today for a custom demo.

‍

The energy sector, the financial sector, and the healthcare sector are some of the most heavily regulated sectors out there due to the possibility of significant risk to consumers in those industries. In particular, the healthcare sector is regulated to ensure that only the highest quality care is provided to patients and that medical devices are optimized for safety and efficacy.

In the world of Regulatory Affairs, words such as “standards” and “regulations” are used frequently. While they can be rather similar, they do have different meanings in different situations. Let’s explore their definitions and meanings when being used by medical device regulatory affairs professionals.

In general, legislative bodies pass laws, government agencies develop regulations to implement the laws, and industry groups and organizations create and approve standards. ‍

Medical Device Standards

Standards refer to industry standards that device manufacturers use to design, develop, and manufacture safe medical devices. Standards help to demonstrate safety, manage risk, and to achieve regulatory compliance. Harmonized standards are used, when possible, to make working across borders easier.

Example: ISO, IEC, and UL are all examples of industry standard organizations that develop standards to help guide manufacturers on safe design, development, and manufacturing of quality products.

Standards are:

• Technical documents
• Driven by the need for a consensus
• Crafted by experts
• Approved by peers within the industry ‍

Medical Device Laws

Laws are created by the government, as are regulations, but the two are different. Regulations are the practices which need to be followed to ensure that the law are followed.  
Example: Criminal laws, civil laws, federal laws, international laws, etc.

Laws are:

• Rules created by the government
• Designed to regulate commercial and business transactions
• Legal rules that apply to all members of society and/or institute
• Not changed frequently

Medical Device Regulations

Regulations are the process of monitoring and enforcing established government rules and laws.

‍Example: The EU implemented the Medical Device Regulation (MDR)  Regulation EU 2017/745 for all its member states. This regulates the clinical investigation and sale of medical devices for human use. If you want to sell a medical device in the EU, it must be designed, developed, and manufactured according to this regulation.

Regulations:

• Define processes for the monitoring and enforcing the laws
• Provide a consistent method to ensure laws are followed
• Are known to change often and without notice  

‍Medical Device Directives

In Europe, Directives are legal acts of the European Union. Directives comply with the EU's desire for subsidiarity and acknowledges that different member states have different legal systems, allowing each member state the leeway to choose its own statutory wording.

Directives:

• Are legal acts set up by the European Parliament and Council .
• Require member states to uphold the acts without dictating specific processes.
• Allow member state to have flexibility as to how the rules are to be adopted.

Medical Device Guidance

Guidance documents are designed by federal and/or regulatory agencies, such as the FDA and European Union, and are meant to help further explain or provide clarity on existing rules.   

Example: The FDA provides many guidance documents to help medical device manufacturers better understand the rules and regulations governing the safe design, development, and manufacturing of medical devices.

Guidance documents are:

• Designed by federal and regulatory agencies
• Intended to help people better understand legal rights and obligations
• Not designed to be enforceable under law

Medical Device Policies

A policy defines how an institution should execute a regulation. While it’s not against the law to not follow policy, failing to follow the policy can result in situations that cause an organization to operate outside of the law. The government creates regulatory policies to ensure that industries operate in a sustainable manner and that any risks are minimized (i.e., foreign policy, economic policy, ethics policy, environmental policy, etc.).

A Policy is:

• How an institution interprets and implements regulations.
• Is meant to execute a regulation, depending on an institution’s size, complexity, location, and other factors.
• Helpful in providing people with guidelines for making day-to-day decisions.  

As you can see, there are many different rules, regulations, etc. that need to be considered and followed, and they can sometimes be intertwined. When developing and selling medical device equipment, it’s very important for regulatory affairs teams to understand how each needs to be followed. You also need to be aware of the constant changes, especially when doing business in more than one country. A regulatory information management system is a great place to start to ensure the security of your products – no matter where they are being distributed and sold.

Learn how Rimsys can help your regulatory team keep track of each product and related regulations, standards, and more!

The Council of the European Commission has concluded their December 9^th meeting meant to address member states’ concerns over the challenges and issues in meeting current MDR deadlines. MDD certificates for medical devices will continue to be accepted for an additional three to four years beyond current MDR deadlines, with limited exceptions.  

While not all details are available, it is believed that the following changes will be adopted:

• An extension of the transitional period, allowing medical devices to continue to be marketed under MDD certifications through 2027 for class IIb and class III devices, 2028 for class IIa and class I devices that require an external conformity assessment, and 2028 for class 1 devices that are sterile or have a measuring function.
• An extension of the validity of certificates issues under the MDD.
• Some restrictions will be put in place under the new extensions. Devices not eligible for extended deadlines will include those devices presenting an unacceptable risk, those that have undergone significant changes since being certified, and devices for which the manufacturers are already in the process of obtaining certification under the MDR.
• The removal of the existing “sell off” provision.

It is expected that the MDCG will release a guidance to address bridging the gap for expiring MDD certificates within the coming days and that the full legislative proposal will be introduced in January, 2023.  

Stay tuned for additional information as we learn exactly how this will be implemented and what restrictions will be in place.

Additional articles and information:

• MDCG 2022-18: MDCG Position Paper on the application of Article 97 MDR to legacy devices for which the MDD or AIMDD certificate expires before the issuance of a MDR certificate
• New extension to implement MDR (MDlaw.eu)
• Summary of the EU Commission Meeting – including video (Easy Medical Device LinkedIn post)
• Jan 6 update - EC adopts proposal
• 6 reasons medtech companies shouldn't delay MDR certification

‍

Regulatory Information Management (RIM) systems are becoming more prevalent in medical technology companies of all sizes. Yet many regulatory teams still rely on spreadsheets and software designed for other purposes, such as quality systems or pharmaceutical regulatory applications. When your team is ready for a medical device RIM system, what information and arguments can you use to obtain the budget and executive buy-in you will need?

In this article, we discuss the benefits of a RIM system that can be used in calculating and estimating ROI, along with examples of results achieved by Rimsys customers.

Improved efficiency  

Arguably the greatest benefit to implementing a RIM system is the increased process efficiencies it brings, but this benefit is often the most difficult to quantify. It is not difficult to imagine that moving from spreadsheets and manual processes to a dedicated regulatory information management system will improve efficiency, but how do you measure this?  

• Eliminate “non-value add” work
  Identify the processes on which your RA team spends the most “non-value add” time. How much time does it take for them to determine all of the countries in which a product is approved for sale? What registrations are expiring this year? What GSPRs need to be updated because a standard has changed? For many medical device manufacturers, these processes take hours, days, or even weeks, of combing through multiple data sources and verifying information. A properly implemented RIM system can be expected to provide this type of information in minutes. ‍
• Improve communication between departments
  Consider how your systems and departments communicate with each other. When the product team makes a change, how quickly and seamlessly are the quality and regulatory teams notified? Do they always have the time they need to react to such changes? If the regulatory team identifies a new requirement that the quality and product teams need to be aware of - how seamlessly is that handled? A RIM system can not only identify items that need to be communicated to other teams, but can also be integrated with PLM, eQMS, and ERP systems to automate such communication. One good example of this is Rimsys’s ability to share a product’s selling status with the manufacturer’s ERP system. This ensures that a product is never sold into a market where it has not been approved.  ‍
• Enforce company processes and workflows
  A RIM system can help enforce your processes and ensure proper communication by managing approvals and other tasks within the system. By automating communications around process tasks, teams do not need to rely on individual emails (or remember to send those emails). RA teams don’t need to hunt through email history to confirm that they haven’t missed anything, and processes, approvals, and actions are recorded in a secure and compliant system.

Reduce the impact of RA staff turnover

A strong RIM system not only helps to reduce the risk and cost associated with staff turnover, but can also help reduce turnover in the first place! When RA staff turns over, or a new member joins the team, a RIM system will provide:

• Clear and defined processes that are standardized and built into the system.
• A central repository of product registration information, submission records, and more.
• Immediate availability of current and historical records when dealing with regulatory agencies and notified bodies.

A RIM system also speeds up the onboarding process new RA team members, which can otherwise take 6 months or more for employees to get fully up to speed on the product portfolio, in-flight and upcoming projects, and previous interactions with health authorities.

Providing your existing RA team with a well-implemented RIM system reduces the time they spend searching for information, allowing them to spend more time doing what they do best—implementing regulatory strategies and managing the regulatory affairs of the company. Your RA team will be more productive, feel more empowered, and be more likely to say in their role.

Minimize compliance risks

Medtech regulatory teams need to ensure that they are staying current with ever-changing global regulations, guidance documents, and standards. Each change needs to be evaluated for its impact on items such as existing GSPRs and pending compliance deadlines (think of the changing UDI labeling and database deadlines in many countries). RA teams are also responsible for ensuring that required reporting and submission deadlines are met for every product in every country in which they are sold.  

RA teams that rely on manual processes and spreadsheets are opening their companies to a higher level of compliance risk than those using holistic RIM systems. RIM systems can automate many of the processes required to ensure regulatory compliance, including:

• Identification of GSPRs affected by a standards change.
• Notifications of pending license expirations and regulatory deadlines.
• Approval and notification tasks.

Without a central regulatory system and automated processes, required regulatory actions may be missed resulting in expired registrations that require products to be pulled from the market or audit findings resulting from information being incomplete or unavailable.

In addition, RIM systems like Rimsys are designed to be verified under 21 CFR part 11 requirements and provide quick access to data required during an audit or by a notified body or regulatory agency.

Reduced costs  ‍

Wasted time

Many of the RIM advantages discussed above also lead directly to cost savings. When making the case for a RIM system in your organization, use as much specific data as possible - including average RA salary and time-savings estimates based on your team and processes. In general, though, consider that:

• The average RA professional wastes 30-50% of their time looking for information that could be easily retrieved with a RIM system.
• The average salary of an RA professional is $97,000.
• Approximately $30-$49k of each employee's salary is wasted due to inefficient processes.

In addition, a RIM system may allow you to reduce the cost of outside consultants and contracted regulatory work. Medtech regulatory consultants can charge between $150 and $300 an hour - resulting in consultant fees in the millions of dollars for many medical device manufactuers. One Rimsys customer was able to eliminate 15 consultants at the time they implemented the Rimsys RIM solution.

Cost of non-compliance

If your organization is found to be out of compliance by any regulatory agency, the cost can be extremely high. Not only must you put time and effort into becoming compliant, but you may likely face fees, penalties, higher consultant fees, and other direct costs. If a product needs to be removed from a market, and then re-approved, the costs can be significant. The largest concern for most companies, however, may be the costs associated with a well-publicized non-compliance issue (often following an adverse event or major quality issue). While difficult to quantify, if your company has faced major recalls or other public issues, use the actual lost revenue and increased cost numbers as available.

According to a McKinsey report, the average share value of a company experiencing a major quality event drops by 16.8%. The same report lists the average cost of a recall in companies surveyed at $2 million, a warning letter at $1 million, and a consent decree at $400 million (this last number is one consent decree at a single company).

Increased revenue

We believe that regulatory teams do not get enough credit for driving revenue within their organizations. A well-run regulatory team with the right tools drives:

• Increased speed to market: Regulatory teams using RIM systems complete new product submissions and registrations renewals in much less time than those without dedicated regulatory software. This means more products getting to market more quickly. Consider estimating how many weeks/months you can reduce product submission activities by and estimate additional revenue based on expected product releases in the coming year. ‍
• Less revenue at risk from compliance issues: The potential for lost revenue can also be reduced by improving regulatory processes through a RIM system. If a product needs to be pulled from a market or experiences a serious and public regulatory event, how much revenue will your company lose in that market during the months or years it will take to recover? Medical device manufacturers reduce this risk by implementing strong regulatory systems that ensure registration renewals, ongoing reporting requirements, and updated requirements are visible and well-managed.

Real-world examples from Rimsys customers

• A leading In-Vitro diagnostic manufacturer reduced the time it took to update the 1400 GSPRs they were managing when a single standard changed by from 360 person-hours (3 regulatory professionals x 3 weeks) to 30 minutes. The time to create a GSPR table was reduced by 50% and required maintenance was reduced by 99%. (read the full case study)
• One medical device company had no communication between their PLM, eQMS, and ERP systems - causing delays in getting products registered and into new markets. They implemented Rimsys (replacing existing spreadsheets) and streamlined their product authorization process - reducing workload by 88%. It now takes just a few minutes to determine where a product is sold, versus the hours it took previously. (read the full case study here)
• BISCO, a leading global manufacturer of dental adhesives and cement, has a well-organized product registration process, but the information was difficult to share and search. Maintaining essential principle tables was also a growing concern. According to Ryan Hobson, BISCO's Global RA Manager, Rimsys allowed them to take “a process that could take a week or a week-and-a-half all told, and shortened it to a matter of minutes.” (read the full case study here)

Looking for information and data you can use to make the case for budget or leadership buy-in for a regulatory information management project? Download our RIM ROI infographic for a quick reference of all of the potential cost savings and revenue growth that can be realized with a RIM system.

‍

Your regulatory team needs dedicated software to manage market entry activities, maintain regulatory integrity, and ensure post-market compliance. While small medtech companies often start out managing regulatory data in spreadsheets, this quickly becomes unwieldy.  

Can you develop a system that tracks product information and registration expiration dates? Yes, absolutely – especially if your medical device company has internal software development capabilities as part of your IT team. However, a strong RIM system will also give you the ability to completely manage market entrance documents and regulatory workflows. And building a RIM system will also require significant input from your regulatory and quality teams, in addition to IT resources.

Admittedly, we are a bit biased here, but this is the reason we started Rimsys – to create regulatory order in the medtech community and help regulatory professionals automate processes and digitize information so that they can spend more time on activities that truly make a difference for their organizations.

Before you begin a project to build your own RIM system, or to modify an existing system to meet regulatory needs, consider the entire size and scope of the project. This article discusses the common areas where custom-built RIM projects can run into unanticipated costs or issues.

Meeting software regulatory requirements

RIM systems are the source of information used by your regulatory team to provide accurate and timely information to regulators and auditors to ensure that your organization is compliant with existing regulations. This means that the software system itself needs to meet certain requirements. To ensure a compliant and secure RIM system, you need the following:

• ISO 9001 certification

Your organization may already be ISO 9001 certified, but in developing your own software to manage internal data and processes, you are greatly expanding the scope of your ISO 9001 project.

• ISO/IEC 27001 certification

ISO/IEC 27001 is the global standard for information security management, including data protection and cyber security and resilience. You will need to obtain ISO/IEC 27001 certification for your RIM system.

• 21CFR Part 11 compliance (US) and EU annex 11 (EU)

21 CFR Part 11 is the portion of US federal regulation that addresses electronic records and electronic signatures as related to FDA processes and documents. The EU Annex 11 is the equivalent regulation in the EU. A good RIM system is designed with Part 11 and Annex 11 compliance in mind and can easily be validated to the regulations. You will need to demonstrate procedures that ensure all electronic records kept in the RIM system are controlled, authentic, and can be verified. Features such as data audit trails and specific electronic signature requirements need to be implemented.

• SOC II Type 2

SOC II Type 2 may be used in place of ISO/IEC 27001 to demonstrate suitable data security, particularly in cloud-based systems. SOC II Type 2 reports prove a company’s controls, but are not a certification provided by an independent registrar. SOC II Type 2 also requires an Informational Security Management System (ISMS), which is the framework focused on risk management and risk mitigation.

• GDPR compliance (EU)

While often associated with email marketing activities, the EU General Data Protection Regulation requires companies that store any information about an EU citizen to have specific safeguards in place. In particular, if your RA team includes EU citizens then their personal data is subject to GDPR and, among other things, they have the right to request their data is deleted from the system if they leave the company. All personal data needs to be protected from outside access as well.

Reducing overall cost of ownership

Building a RIM system from scratch or building RIM features into a QMS or PLM system is not a one-time endeavor. Consider the following on-going activities that will be required:

• Addressing regulatory changes

Global medtech regulations are constantly changing. For example, Rimsys created an entirely new module to handle Unique Device Identifier (UDI) requirements as countries announced compliance dates related to UDI labeling and databases. In this example, and in others, each country has different requirements regarding the data that needs to be stored, the format of that data, and the ways in which it is to be reported.  

A RIM system is not just a software development project. It requires the attention of regulatory professionals who can ensure that the system is properly handling the requirements of each country in which your device is marketed.

• Managing validation documentation

As with a medical device, a validated RIM system cannot be modified without following specific and documented procedures designed to ensure the system’s integrity. Any time a new feature is added, or a change is made to the system – whether it be a small bug fix or the addition of a major new function to address an updated regulation – the affected part of the system will need to be revalidated.

• System support  

The cost of maintaining and supporting a system as complex as a RIM system is significant. Such costs include not only the development costs, but the cost to train and support users of the system on an ongoing basis. If you are using internal resources, as many companies do, it is important that you include the lost opportunity cost for your development team in cost calculations. What are your developers not working on while they build your RIM system?

Consider carefully whether your IT team is positioned to become a software development team in the long-term. An IT team that is advocating for an in-house solution should be able to provide a plan for how often new features will be provided, how the system will be supported, and how an ongoing product roadmap will be managed.

Reasons not to build a RIM system in-house

Considering the above information, the primary arguments you can make against building a RIM system in-house are:

• Building a RIM system is not just a software development project. We will need to stay on top of changing regulations and requirements and be prepared to update the system frequently. Note that this is the primary argument to be made when an IT team is pushing for an in-house solution (a situation we see frequently).
• A RIM system built with internal resources builds your existing regulatory process into the system. Are you sure that those processes can’t be improved upon? A RIM system that is used by many medtech companies not only includes built-in industry best practices but will evolve to support new workflows and processes as the industry changes. A custom-built RIM system will have none of those advantages.
• The system will need to be validated and certified according to several standards and regulations, like our medical devices. This has the potential to significantly increase the scope of our ISO-related processes and other internal procedures.
• Purchasing a dedicated RIM system from a company that is solely focused on providing up-to-date functionality for regulatory professionals is a safer and simpler choice.

We have worked with a number of companies that ultimately chose to implement Rimsys after attempting to build a RIM system in-house. Faced with the unexpected complexity of the development project, they ultimately chose to go with a packaged solution. Be sure to carefully evaluate all potential costs, including on-going costs, when making the build vs buy decision.

‍

This article is an excerpt from Post-market surveillance for medical device in the European Union.

Table of Contents

• What is post-market surveillance?
• What classes of medical devices require post-market surveillance?
• Components of a successful post-market surveillance plan
• PMS data requirements
• Post-market surveillance system goals
• Required post-market surveillance reporting
• Embracing post-market surveillance as an integral part of your quality program
• Getting started with post-market surveillance

Post-market surveillance (PMS) is designed to monitor the performance of a marketed medical device by collecting and analyzing field use data. Article 10 of the EU MDR and IVDR requires all device manufacturers to have a post-market surveillance system in place. The main elements of the PMS are laid out in Article 83, and additional details for lower-risk and higher-risk devices are covered in articles 84 and85, respectively.

In general, a PMS system consists of both proactive activities and reactive, or vigilance, activities. While post-market surveillance and vigilance are sometimes used interchangeably, vigilance consists of separate activities that feed post-market surveillance programs.

Post-market surveillance systems are used to collect and analyze data not only about the manufacturer’s device but also about related competitors’ devices that are on the market. Data collected through PMS procedures is then used to identify trends that may lead to, among other things, quality improvements, updates to user training and instructions for use, and identification of manufacturing issues.

Note that “market surveillance” encompasses activities performed by a Competent Authority to verify MDR compliance, and should not be confused with the topic of this ebook,“post-market surveillance," which is performed by the manufacturer.

All medical devices marketed in the EU require some level of post-market surveillance, and all medical device manufacturers must implement a post-market surveillance system (PMS). The requirements of the PMS, however, vary and should be “proportionate to the risk class and appropriate for the type of device” (MDR Chapter VII). In particular, the type and frequency of reporting vary based on a device’s risk class.

A post-market surveillance plan (PMS) is an integral part of a manufacturer’s quality management system and provides a system for compiling and analyzing data that is relevant to product quality, performance, and safety throughout the entire lifetime of a device. The PMS should also provide methods for determining the need for and implementing any preventative and corrective actions. A PMS system should include and define:

Surveillance data sources

With the increased focus on proactive risk identification in the MDR, it is important to design post-market surveillance systems that actively acquire knowledge and detect potential risks. It is not sufficient to rely solely on spontaneous reporting by healthcare providers, patients, and other stakeholders.

In addition to information coming from Clinical Evaluation Reports and complaint and adverse event reporting, typical sources of surveillance data include:

• Social media networks: Because many of your stakeholders may be communicating on social media networks, it is important to employ social listening techniques and/or tools to identify issues and concerning trends as they develop.

• Industry and academic literature: Any studies, academic papers, and other literature that addresses similar devices or the specific use cases for which your device is designed should be evaluated. In particular, risk factors and adverse events identified with similar devices should be closely examined. It is also important to identify newer technologies that may affect the benefit-risk ratio and establish a new definition of “state of the art” for the device type.

• EUDAMED: While the European Database on Medical Devices (EUDAMED) is not yet fully functional, it is intended to provide a living picture of the lifecycle of all medical devices marketed in the EU. Manufacturers should take special care to consider information for similar devices made available through the EUDAMED system in the future.

• Registries: Patient, disease, and device registries can provide information that informs the clinical evaluation process which provides input into the post-market surveillance system.

Data analysis methodology

A well-defined data analysis methodology will accurately identify trends and lead to defendable decisions in the application of post-market experience. Once the necessary information has been identified and collected, and potentially cleaned of incomplete or otherwise unusable data, the data needs to be analyzed.

The goal is to identify meaningful trends, correlations, variations, and patterns that can lead to improvements in the safety and efficacy of the device. There are many data analysis tools available that can assist with:

• Regression analysis that will identify correlations between data (e.g. the device location/geography correlates to battery life).

• Data visualization that can be useful in spotting trends in the data.

• Predictive analytics, which can be particularly useful with large data sets, to identify future trends based on historical data.

• Data mining, which is also normally used with large datasets, to organize data and identify data groups for further analysis.

Benefit-risk indicators and thresholds

The MDR requires that medical device manufacturers not only demonstrate the clinical benefit of their device but also quantify the benefit-risk ratio. The benefit of a device must be shown to clearly outweigh the risk for it to gain market approval. Article 2 (24) of the MDR defines the benefit-risk determination as “the analysis of all assessments of benefit and risk of possible relevance for the use of the device for the intended purpose when used in accordance with the intended purpose given by the manufacturer.”

A PMS system should clearly define benefit-risk calculations and the data used to support them. Post-market surveillance activities are critical in order to re-evaluate and maintain the benefit-risk calculations and determinations of a device throughout its life. Information that is gained through a PMS system can lead to:

• Identification of new risk factors.

• Adjustments to risk frequency and/or severity values based on actual use data.

• Adjustments to established risk calculations based on new “state of the art” technologies becoming available.

• Adjustments to established benefit calculations based on actual use data.

While complaint handling and other feedback tracking are more often described as part of post-market vigilance systems, they play a role in the more proactive post-market surveillance processes as well. A PMS system should define ...

To continue reading this ebook, download the full version.