Questions received from a recent seminar on Post-Market Surveillance - MDR's
QUES: In "Become aware" - it says "including any trend analysis." This suggests that non-public
information is included in all this. Please speak to any difference between
public and company-private (secret) information?
ANS:
The FDA has not made a distinction between public and private
information in a MDR investigation and response. And they repeatedly require trending of CAPA
/ Complaint data in their 483’s (I have also seen this personally) and have
sometimes done it themselves (the trending) when such data is missing. You do have the right to indicate what
information you supply that you desire to be treated as “confidential” and/or
redacted from FOI responses from them (21 CFR 803.9(b)(1)). They may or may not agree/comply.
QUES: Manufacturer Reporting
Requirements –
A reportable death, serious injury, or
malfunction is based on information a manufacturer receives or otherwise
becomes aware of, from any source.
- Here
and throughout subsequently, it appears that this includes
company-internal information. Okay. But, what does that mean in practice?
Of course, it does not mean everything, such as lunch-cooler
conversations. Is there some easy definitions, such as information that is
subject to audit? Or, something else?
ANS:
If you become aware of any instance of your device causing a death or
serious injury, or could cause such, from any source, you are required to
report it – the only qualifier is the following on “reasonably suggests” (which
could even apply to your lunch-cooler example, depending…). 21 CFR 803.03 “Become aware
means that an employee of the entity required to report has acquired
information that reasonably suggests a
reportable adverse event has occurred.” You start an investigation, first to
determine if it is true, and report the findings up to the time you report
initially to the FDA at/within the timeline required, with the information you
have at the time. If incomplete, you then
continue your investigation until you have gone as far as you can in good faith
efforts, reporting what is verifiable to the FDA as supplements / updates to
the original MDR.
In cases where you determine that the problem is not MDR-reportable, you should still record it as a complaint, and include the investigation data leading to the conclusion not to report, retained in your complaint file (such as your example of serious event lunch-cooler talk found to be incorrect).
QUES:
The “Manufacturer” - Manufactures components or accessories that
are medical devices.
- Consider
product produced inside and outside US either by true manufacturer or
under license by another.
Consider illicit versions (copies)
produced not by or under license of the true manufacturer.
Produced not in US, used not in US.
ANS:
The FDA is involved in devices produced in the US, no matter where sold,
if the conditions of an MDR submission are met. Same for product produced
outside the US but marketed and/or used (e.g., IDEs …) in the US.
Counterfeit devices in complaints that
were presented to you as yours by the user, initially as your product (and third
party reprocessed SUDs where you are the OEM and not the reprocessor but
thought to be the one responsible due to old labeling…) are reportable to the
FDA by you, if you're the one who becomes aware of the problem, and if they meet the requirements of MDR submission, with the
subsequent findings (and follow-on MDR update / submission to the FDA) that the
product is not yours with justification / facts proving so.
QUES: “Become aware” - 1
You said: "You can't blow this
stuff off."
- No
question, but this was a key takeaway that prompted my questions.
“Become aware” – 2
- You
talked about "delay."
- The
following question comes up often for us. Can you answer or provide a
resource to answer this question:
Is there a difference between a
Delayed Result < 24 hours vs. Delayed Result >= 24 hours?
This question is in the context of a
lab instrument giving a result to the doctor: bacterial identification,
antimicrobial susceptibility, blood work, etc.
Where the typical answer is on the
order of < 24 hours response time.
ANS:
I don’t remember saying “You can’t blow this stuff off”, but I agree
with the thought.
I did not discuss anything on any “delayed
result<24 hours vs. delayed result + or > 24 hours”, and am not sure of
the question. If this is a manufacturer-defined
malfunction, which is a reportable category for the MDR if that was a
requirement for the product and it didn’t meet it - it malfunctioned. Your MDR
SOP should define how to handle, but the FDA doesn’t want splitting hairs on
timing of problems, etc. If a problem occurred
at a certain time interval, it’s possible / assumed it could occur sooner or
later the next time, absent test data to the contrary. However this is a
specific product question which I cannot address in this general context further.
The only "delay I would have talked about is a "become aware" delay, i.e., the information may have related to an event that occurred much earlier, but was delayed in getting to you / the company. You are obligated to send the MDR once you become aware of it, even it it actually occurred considerably earlier - days, weeks, months (I haven't seen a time limit, as long as the version of the device causing the problem is still on the marketplace - there's still a risk posed to the potential users, hence the need for the MDR).
QUES:
“Caused or contributed” to death / serious injury
- If
someone using the device makes a mistake? This is easily understood as:
reportable.
- What
about off-label use? You said: reportable. Okay.
- What
about an actor that is purposely doing it wrong? I understand this to be
same as off-label use: reportable.
- What
about a bad actor? That is, someone purposefully using the device to cause
harm?
ANS: All the above are reportable, including the
last bullet point. Your findings of such
(such as bad actor / willful misuse) would then be included in your MDR to the
FDA. Most risk and use / human factors
requirements include user error as a consideration, but purposeful misuse is not
(in use / risk analysis, unless done by a doctor who can use a device in any
way they deem necessary to benefit a patient, usually with the patient’s
agreement after informed of the benefit / risk – ISO 14971 …), as I mention in other
presentations on use / human factors engineering and/or device risk management.
So you would still report a “a bad
actor” in your findings and if you have solid proof, you would have no way to
prevent that (as you have no way to prevent a doctor from their “off label” use
of the same product), which would become part of your findings (cite as part of
your rationale the references cited above).
QUES: The
most famous case at our company internally: A device analyzing blood
running in a hospital lab would beep when it needed attention. There was
an instance where the device was beeping at night, which bothered a person
somewhat like a janitor, someone not in the lab hierarchy. They knew how
to and did turn off the beeping. When the morning shift came in, the
machine was not beeping so they missed doing what they need to with it,
and did not report a result to the doctor as they would have if they had
known to address it. A death occurred.
- Was
this a mistake? No. Was this an actor-purposely-wrong? Probably. What if
this had been a bad actor, purposely causing harm?
- Perhaps
you have other examples (or a book or articles I could read) about this
topic?
ANS: Sorry, I don’t have a reference for such a
book. However, ICH 62366-1 on Usability
Engineering and ISO 14971 on Device Risk
Management discuss briefly purposeful misuse.
However,
since a death could (and did) occur, the MDR requires that it be reported. The findings reported to the FDA would be as
indicated above. The organization having
that incident and their legal department, et al, and senior management, would
have to determine corrective actions to be taken internally regarding controls
and behavior of company personnel to prevent such from recurring – e.g., both
the janitor who made an unauthorized change to the device, AND the morning
shift who should have verified it’s operation first thing. Your IFU’s may have to address the fact that
such events could compromise results.
Be
aware that any change to your labeling for your products’ field problems may
require a new marketing submission, e.g., 510(k), especially a caution or
warning. See the two guidance documents
on Device Changes and the 510(k):
https://www.fda.gov/regulatory-information/search-fda-guidance-documents/deciding-when-submit-510k-change-existing-device
https://www.fda.gov/regulatory-information/search-fda-guidance-documents/deciding-when-submit-510k-software-change-existing-device
- jel@jelincoln.com