Phil Brown, the Association of British Healthcare Industries (ABHI)’s director of technical and regulatory, examines the nature of the new medical device regulation.
Regulations
The Medical Device Regulation (MDR) was published in May 2017. Rather than being an update or an extension to the old Medical Device Directive (MDD), it is considered a new document in its own right. It includes a whole raft of requirements that bring medical device control into the 21st century, whilst ensuring a much greater business integration of quality and technical detail.
No longer can the signature on a company ‘declaration of conformity’ that allows for CE marking, be the singular purview of the regulatory or technical department. This legal declaration demands a more robust compliance with elements of quality management, risk management, distribution control, transparency, post-marketing surveillance and training.
These elements are without a doubt, now ingrained within the business process, ensuring that CE marking has a more holistic feel. The influence for example, of post-marketing surveillance on risk management and how this is then communicated through ‘patient transparent’ media will be an ever-increasing necessity for the manufacturer of medical devices.
The below highlights some of the more critical business-related processes needed to allow for future CE marking and suggests ways in which companies can prepare for change.
Transition period and timing
The MDR has a transition period of three years. Until May 2020, either the new MDR or the old MDD can be applied to medical devices prior to being placed on the European market. Beyond May 2020, all new products must comply with the new MDR.
This all sounds reasonable and logical of course, but there are caveats and nuances that impact on these timeframes and that will influence company strategies surrounding their product portfolio. For example:
- A notified body that will certify ‘conformity assessment’ of a product or quality system must apply to be accredited under the new scheme. Only accredited bodies can issue certificates against the new MDR. This application and accreditation period is underway, with the first notified body accreditation expected towards the beginning of 2019 at the earliest. This does not leave a great deal of time for companies to organise certification and CE Marking against the MDR and requires early dialogue with their notified body.
- Notified body capacity is a constant issue within the CE Marking scheme. The number of bodies has been decreasing steadily over the last two to three years, meaning that timelines for auditing and certification is extending. Again, early discussions with the notified bodies is essential to determine whether delays can be expected and to explore potential mitigations.
- Conformity assessment certificates against the old MDD issued during the transition period, will have their own inherent ‘shelf-life’, which will extend their usefulness beyond the end of the new MDR transition period. Products therefore, may still be placed on the EU market using these certificates, potentially four years after May 2020. It should be noted however, that this implies no significant technology changes may be made to these products beyond May 2020. If this is the case, then the new MDR will apply post May 2020.
These added complications are being used by some as an opportunity to re-assess current product portfolios and to reconsider product life-cycle management processes. With all issues comes opportunities.
Quality management
One of the guiding principles of the ‘new legislative framework’, to which the new MDR forms part, is the presumption of conformity afforded by the application of mandated standards – those standards harmonised through a European process. One such standard is EN ISO 13485, which controls the quality management system of a manufacturer. Quality management considers all aspects of the manufacturers activities, from product conformity to management responsibilities and actions.
Application of standards however, should always be considered as voluntary, rather than a legal requirement. For aspects of manufacturing control therefore, a manufacturer can cite EN ISO 13485 or not, depending on circumstance. If the standard has not been followed however, a satisfactory reason for this deviation must be provided. In all cases, application of a mandated standard is considered a route to compliance.
Unlike the MDD, the new regulation includes aspects of quality management within its legal text. As a result, although application of the EN ISO 13485 standard is recommended, there is a certain degree of legal necessity. For example, the regulation demands details of quality objectives, organisation of the business, design and development, as well as details on post-marketing plans and activities.
The ‘declaration of conformity’ therefore, which is the legal document stating that a given product is compliant with the regulation, demands that aspects of management review and business practice are carried out, and that these aspects are audited by the notified body. The signatory to the ‘declaration’ must be cogniscent of such processes to be assured that compliance requirements are met.
Distribution chain
The MDR now requires that a manufacturer has greater control over the distribution of their products. All ‘economic operators’, which includes the manufacturer, authorised representative, warehouses, importers and distributors, have defined roles and responsibilities. Indeed, all have a responsibility for ensuring that only products that are MDR compliant are placed on the EU market.
The underlying reason behind such tight distribution control is twofold:
- The need to ensure appropriate post-marketing surveillance and;
- The need to ensure that only regulatory conforming product reaches the end-user.
Manufacturers must have complete transparency of their distribution network, including sub-distributors. In addition, the authorised representatives must have a ‘person responsible for regulatory compliance’, who effectively releases only conforming products onto the EU market.
Therefore, manufacturers need appropriate contracts in place with their distribution chain, to ensure that responsibilities are understood and carried out. This may also need an auditing process to ensure compliance is maintained.
Post marketing surveillance
Post marketing surveillance is considered as both reactive and pro-active, in that it covers vigilance and adverse effects, as well as continual monitoring of products in use. Both are critical to understanding how a product performs and how product ‘risk’ changes.
The MDR requires that these processes are audited by the notified body, as they form part of the legal text rather than part of European guidelines. A company must also have plans for conducting post-marketing clinical follow-ups either to verify or enhance product performance.
Although these processes are also part of the MDD, they are considerably enhanced within the new regulation. Combined with the additional requirements for the initial establishment of clinical performance, they represent a broader and more systematic challenge to companies in monitoring use of the product once made available to the patient.
A company can organise these post-marketing surveillance programmes depending on the risk of the product and perhaps the amount of time that the product has already been made available. For example, a wound dressing that has been available and used safely for the last twenty years, would need less post marketing data than a newly developed hip stem.
The mechanisms for obtaining data may also vary from one product to the next and may include interactions from many stakeholders such as marketers, sales teams, end-users, surgeons, nurses, quality representatives and so on.
Summary
Rather than being specifically aimed at controlling products, the MDR includes several aspects that will exercise not only the regulatory professional, but the chief executive.
Can regulatory and quality now be considered part of the strategic thinking within companies? Is the regulatory department still to be known as the ‘sales prevention team’? These new requirements would suggest not.