A Few New Challenges with EU MDR
The upcoming EU Medical Device Regulation (MDR) was a popular topic at MD&M West, as the industry is working to understand specific requirements as well as any emerging implications. A few specific requirements were examined in the Feb. 11 panel discussion, “Strategies for Implementing the New EU MDR Requirements.” Read on for insights that may surprise you.
Periodic Safety Update Report (PSUR) and Summary of Safety and Clinical Performance (SSCP)
“We just became comfortable dealing with post-market surveillance and post-market clinical follow up . . . and now we find ourselves having to understand PSUR and SSCP,” said Jim Talbot, vice president, RA/QA, Zap Surgical, who spoke in the panel discussion. “Where it gets challenging with PSUR is the requirement for a risk-benefit analysis. Most people struggle with that, and there’s different approaches you can take.” He added that there is a way to upload PSURs via an e-submission gateway, but he said the template is lacking. “The content is described, but there is no set template,” he said.
Also, “the challenge is how you get that information. Most people are familiar with the benefits of their products,” he said. “It is easy to quantify benefits, but the risks are more difficult to quantify. . . . You are expected to quantify a risk and weigh it against the benefits.”
“It is a ratcheting up of risk management expectations,” said Kim Trautman, executive vice president, medical device international services at NSF International. “Long gone are the days you can pull out and dust off a little FMEA and call that risk management. There’s a lot of legacy files out there and design files through acquisitions that really aren’t up to snuff.”
“Do you know that as of May 26, 2020, your post-market surveillance requirements kick in regardless of your marketing plan and regardless of your current certs?” she asked the audience.
In response to an attendee’s question about the expectations for PMS (whether it would be retroactive before Date of Application), Anthony Rizzo, assistant vice president healthcare development at BSI Medical Devices, said that “we are not looking retroactively, we are looking forward.”
“How many of you think you are going to have an MDD recertification this year?” Trautman of NSF International asked the audience. “The commission and the competent authorities have told notified bodies, ‘You need to start applying the MDR requirements now.’ So don’t be shocked when you start seeing these requirements that aren’t in the MDD being applied because the notified bodies have been given these instructions. . . . One of the things I’ve seen [are] tech files that have been [assessed as acceptable] for the past 20 years with the same notified body now have 9, 12 major [nonconformances] written up against them because there is a different bar. And you need to be prepared for that bar sooner than later.”
Trautman said she’s seen companies struggling with the lack of coordination between different teams. “There is so much interconnectivity with the requirements,” she said. “It is so essential that [there] is a coordinated team. I think the larger companies do have a more difficult job because they have different owners of different data. That data has not traditionally been normalized. Who’s pulling that together and coordinating that for some of the new reporting requirements?
“It is really prudent for you to be well prepared whether it is a recertification/renewal or going for a new [MDR certificate],” she added. “The queue is so long and if you have major nonconformances that require a notified body to come back in, you’re at the end of the queue. This is not something that is going to be resolved easily and quickly over a couple months like it may have before. It’s simply a supply and demand problem.”
“Don’t wait around for the commission to give guidance,” said Trautman. “There’s tea leaves out there. Yes, EUDAMED is going to be delayed. But if you want to see some of the components of EUDAMED from a vigilance reporting perspective, go look at the regulatory nonconforming exchange group on IMDRF.org. Look at the adverse event reporting coding that IMDRF has published." And she later explained MD+DI: "Start aligning patient codes, problem codes, and everything else now, because FDA also is going to align to these codes and the codes and data fields are going to be what’s in EUDAMED.”
EUDAMED will be delayed for two years. However, “you cannot breathe a sigh of relief,” said Rizzo of BSI speaking of EUDAMED. “It is just a database. And the key thing is that the reporting requirement—just because that database isn’t there—it’s not going away—you are going to have to upload all that later.”
Trautman agreed, adding that “those requirements don’t go away even though there is no database to upload. So you have to have hard copies of the required elements and you have to be talking with your notified bodies. . . And there are a variety of answers of how they want that data initially before EUDAMED is ready to go, so you really need to communicate with your notified body.”
Notified bodies “have been given strict orders that they cannot consult,” Trautman told the audience. “You should be seeing a different tenor from notified bodies. . . . So you need to be the ones to put things in place within your quality system that make the best sense for your organization and from the public health perspective that your product brings. It is your QMS and you need to defend how that thinking meets the requirements.”
“Everything started with RoHS,” explained Vinay Goyal, a principal consultant/project manager. “But if you look at the MDR or most new regulations and you search by substance, you will always find something. There’s always something banned or restricted or requiring disclosure.”
He also spoke of substances that are carcinogenic, mutagenic, or toxic to reproduction (CMRs) listed as part of REACH. “There are 1600 substances on the CMR 1A/1B,” he added, “and they will keep adding substances.
“And when it comes to substances, you can’t say you are 99.9% compliant,” he added. “You’re either compliant or you’re not.” Companies need to “go through every patient-contacting part and full declaration of 100%. . . . if you aren’t sure what is in the product, send it to a test lab.”
Kerri Casino, senior manager, regulatory affairs at Edwards LifeSciences, explained to the audience that the new regulation’s “contact requirements” state that if the medical device material is invasive and in contact with the body or if it delivers or re-administers blood or fluids or gases or fluids to the human body, it is in scope.
“There are labs that do full material disclosure testing . . . or there are labs that do exclusionary testing,” she furthered. With exclusionary testing, there’s a risk, she said, because “you are good for that moment in time but as soon as the regulation changes and they add a new chemical to the list, you have to send it back to the lab.”
Trautman said that when you do identify a substance, “incorporate it into your risk management,” and “add it to labeling and IFUs as required. It really needs to be pulled through your risk-management system.”
To wrap up the panel discussion, moderator Marcelo Trevino, global vice president, regulatory affairs & quality assurance at Agendia, asked Rizzo of BSI to share a few pitfalls with the audience. Rizzo offered a few parting thoughts:
- "Even though [there are] those of you who are not applying for MDR right away because you have MDD renewals, those vigilance requirements are effective in May of this year—right away,” said Rizzo. “So audits for the MDD are going into those areas (MDR PMS/vigilance) as well.”
- “We expect that your QMS according to the MDR is documented, released, and in use, and the documents are in practice as much as practical. Where they are not, we expect to see those procedures are set up and in use,” he said.
- For legacy devices, “you can’t just submit old technical files,” Rizzo said. “These are completely new technical documentation reviews.”
- For companies marketing legacy devices with lots of versions, it must be very clear as to which versions’ testing and clinicals apply, he said. In addition, “for companies with both MDD and MDR devices on the market at the same time, full traceability is going to be expected under both separately.”
- “Class 2A and 2B devices will be reviewed in same depth as Class 3 devices were looked at in the past,” he said.
- For General Safety and Performance Requirements (GSPRs), “we are finding more nonconformities than we used to—the trick is full justification and the depth of how you’re justifying what you are doing,” Rizzo said.