Sources of Medical Device / Equipment Field Use / Quality History

   Ques (heavily redacted) :  I am a South African medical doctor. I have been tasked by the         

   radiology department of one of our hospitals to do a review of medical diagnostic ultrasound 

   systems, specifically if there are studies looking specifically at the quality of the procured equipment 

   from the start.  I came across one of your articles and thought you may have some insights... 

Ans:  I'm not sure what article you're referring to, and the full nature of the assignment with which you've been tasked.  But, it sounds like you are to set up a system to review the quality of ultrasound products the hospital is considering purchasing.  If so, here's some approaches / suggestions: 

1.  ECRI Institute:  https://www.ecri.org/

     I haven't looked at them for many years, but they used to provide analysis like the U.S.'          

     Consumer Reports, but on medical products;

2.  The U.S. FDA:  https://www.fda.gov/

     The FDA maintains a MAUDE (Manufacturer's and Users Device Experience) database,

      https://www.fda.gov/medical-devices/mandatory-reporting-requirements-manufacturers-  importers-and-device-user- facilities/manufacturer-and-user-facility-device-experience-database-maude

     which lists products that have been voluntarily reported to have problems (adverse events) in
     the field that could or did cause serious injury or death.  It's not complete, but it can provide

     an idea of field / use issues facing families of products cleared / approved by the FDA.

     You have to get the product's regulation number, by searching the US Federal Register, 21 

     CFR 800-series, and use that number in the MAUDE database.  You can also  search it by 

     common name / description, or manufacturer.  

     New US and EU labeling requirements -- UDI, GUDID (a database), are new but should 

     ultimately provide similar data globally.

3.  Only purchase products from companies following a quality management system, US FDA 

     CGMPs, 21 CFR 820 for devices / equipment, or ISO 13485 / EU MDD / MDR for   

     CE-marked equipment in Europe.  These companies are periodically inspected as to 

     adherence to those respective QMS', which means the equipment meet applicable

     standards / requirements, and were built / documented to required QMS law.

     jel@jelincoln.com

ISO 11135:2014 and The QMS

A little more on my answer to the question posed after the EO sterilization webinar:

Ques:  I have a vendor ETO a load for me... what do i need to ensure that they let the load sit or air out between PQ runs?    ISO  11135 or FDA requirement?

Ans:  As mentioned early in the presentation, ISO 11135 presupposes the existence of a viable QMS / CGMP system, as well as adherence to the validation requirements of the standard to complete a successful validation.  Since ISO 11135 is an international standard, it specifically references ISO 13485 requirements under (page 11 of the standard) 4 Quality Management System, 4.1 Documentation, and 4.2 Management Responsibility, and 4.3 Product Realization, et al.   ISO 13485 requires, among others, that a company and its supply chain / vendors adhere to the requirements of 13485 for medical devices.  The US FDA recognizes ISO 11135 as a consensus standard, so for the US, the QSR 21 CFR 820, the CGMPs would be the device QMS in lieu of ISO 13485 (both requirements are very similar).  

So such adherence would assure that your question is addressed.  This can be reafirmed by a Quality Agreement or Contractual Requirement, verified by Certification / Audit, and or by other means. 

-- John E. Lincoln     jel@jelincoln.com

CRO and Client Disagreement

Here's my further response to the question from the Device Changes webinar of 03/20:

Ques:    What is a CRO's responsibility in educating the sponsor in whether or not the product is a medical device or not? Often times sponsors argue that their product is a cosmetic when it is more like a medical device.

Ans:   As I mentioned, I'm not qualified to directly answer this question.  It goes to the heart of how you as a CRO determine what potential clients you will accept as a formal client, and your legal department's and corporate policies.  As mentioned, as a consultant, I lay out the terms under which I will take on a client, and one of those is clarity of the definition of the project and its scope.  That includes agreement on applicable FDA requirements and definitions.  If the definition is subject to disagreement, then clarify what the proposal will address.

If the definition of cosmetic or device is not clear then define in your agreement just what your services cover, and the approach required by the FDA based on the definition chosen, and that the results are dependent on the chosen definition as it lays out the approaches taken.  This obviously has to be run through your legal department (as mentioned, I am not a lawyer and do not give legal advice). 

You have the right (and responsibility) to turn down clients that will not work with you, and certainly those who will not abide by FDA requirements.

Ref:  https://www.fda.gov/downloads/RegulatoryInformation/Guidances/ucm127073.pdf

Hope that helps.

jel@jelincoln.com

Does the addition of new production equipment require a revalidation of the sterilization process?

To answer that question:  If the particulate count only increases, that will not affect the sterilization validation.  If the bioburden load increases then additional verification / testing will be required.  I doubt that the addition of another piece of equipment will increase bioburden, though it will increase particulate (and possibly oil vapor if any compressed air escapes into the controlled environment (should be plumbed out)).  If the equipment also requires additional human handling of the product, then there could be increased product bioburden.

After the implementation of the new equipment, If there is increased product bioburden, then at the very least a half cycle should be run on the product, and then test sterility of some product / PCDs in the most difficult to sterilize locations in the load at a half cycle.  Then either complete the cycle or do a full cycle on the load if that was a production run (with data to prove that additional sterilization runs do not negatively affect product function). 

Generally the addition of some additional equipment into a controlled environment does not create a serious challenge to the sterilization cycle.

Of course document all the above.  Could be an addendum to the last sterilization validation test report.

jel@jelincoln.com

Process Verification / Validation

An answer to a query:

Ques:  The  company  (site) that I work for, manufactures intermediate products.  The question that we have is-If a change is made to a process,  should we do validation or is verification sufficient?  All our processes have QC/acceptance criteria.  For example, we got a validated instrument from another site (of our company).   We got IQ/OQ done by the vendor at our site.  We also have the same instrument from another vendor, which will be retired in couple of months.  Can we do verification of the new instrument by writing a technical report ?    In other words, we will  first conduct  a risk assessment and then do experiments to compare the data of the two instruments and record them in a report.  Actually we have already done feasibility studies to show that the new instrument gives the same data as the old one for the same samples .  I heard , in your talk that FDA doesn't require validation if we have the means for 100% checking.  We have similar situations in which we sometimes make a change in the process but we always have means to verify the final product because we have acceptance criteria in place.  Is verification enough for such situations?    Please advise.

Ans:  "FDA doesn't require validation if ..."  The specific reference for my comment for medical device manufacturing is 820.75 "Process validation, (a) "where a the results of a process cannot be fully verified by subsequent inspection and test, the process shall be validated with a high degree of assurance..."  The key exception to this is automated (computerized) processes, which per 820.70(i) must be validated no matter what.

As to the rest of your question, part of the answer depends upon your definitions of verification and validation, technical report, feasibility studies, et al.  Any change requires some level of verification (testing, checking, feasibility studies, etc), or a series of verifications (part of a validation) to prove that the change does what it should and doesn't do what it shouldn't.  While I won't state what you've outlined will satisfy requirements (though on the surface it appears to), if you've satisfied the CGMPs and what I've outlined above, yielding data that nothing has changed and that product quality / specifications are assured after the changes per your data, documented, then you've met the requirements.

Method Validations

Some Q&A from a recent webinar:

Ques: Do you have any recommended references to create risk categories for method validations?

 Ans:

JVT Article 2004, especially note flow charts; caveat – include potential problems from normal use, not just from a failure mode:

 http://www.validation.org/wp-content/uploads/2015/02/JVT2004_Risk-Management.pdf

PDA Slides:

https://www.slideshare.net/StephanOKrausePhD1/riskbased-analytical-method-validation-and-maintenance-strategies-sksep13

Q8, Q9, & Q10 Questions and Answers, U.S. FDA:

https://www.fda.gov/drugs/guidancecomplianceregulatoryinformation/guidances/ucm313087.htm

U.S. FDA Guidance, 2015: Analytical Procedures and Methods Validation for Drugs and Biologics; note several of the headings may provide risk categories, e.g, Apparatus/Equipment, Operating Parameters, Reagents/Standards, Sample Preparation, Standards Control Solution Preparation, Procedure, System Suitability, Calculations, Data Reporting... :


https://www.fda.gov/downloads/drugs/guidancecomplianceregulatoryinformation/guidances/ucm386366.pdf

jel@jelincoln.com

CE-Marking and China; Design Inputs / Requirements


Answers to some questions from my recent 3 hour DHF, DMR, DHR ... TD webinar:

CE Mark and China?

The European Union comprises 28 countries that require CE-Marking. Three additional countries (Norway, Iceland, Liechtenstein), although not officially part of the European Union, are signatories to the European Economic Area (EEA). Switzerland is not an EU member nor a signatory to the EEA, but they have transposed the Medical Devices Directives into their national law and these countries require CE Marking. -- https://www.emergobyul.com/resources/europe/where-ce-mark-is-required

 As I mentioned, the China Food and Drug Administration (CFDA) is the administrative body responsible for the regulation of medical devices and pharmaceuticals on the Chinese mainland. The US FDA resident posts in China assisted them in setting up their CFDA.  I personally know that many Chinese companies that manufacture finished devices and components for sale in the EU are certified to ISO 13485 and the CE-Marking of those products.  And those that do so for US destined products are also registered with the US FDA and subject to US FDA periodic inspections.

Writing good design inputs / requirements [for devices, processes, equipment (manufacturing, test)]?

• List requirements needed / the reason why acquiring the equipment, RM, components in the "requirements"; expectations for it, (see below "functional, performance, interface" also),  Marketing, company manufacturing / engineering inputs; documentation and calibratable instrumentation requirements; spare parts; etc;

• Also address the following as applicable (from one of my webinar slides): 

           "Virtually every product will have requirements of the following three types:

1.Functional requirements:  what the device does, focusing on the operational capabilities of the device and processing of inputs and the resultant outputs;

2.Performance requirements:  how much or how well the device must perform:  e.g., speed, strength, response times, accuracy, limits of operation, etc. This includes a quantitative characterization of the use environment, including, temperature, humidity, shock, vibration, and electromagnetic compatibility.  Device reliability and safety (see ISO 14971, Device Risk Management)  fit into this category;

3.Interface requirements:   characteristics of the device critical to compatibility with external systems;  characteristics mandated by external systems and outside the control of the developers.  One such important interface is the user and/or patient interface (see Use / Human Factors Engineering IEC 62366-1)."

• Add required ISO + standards;
• Add applicable US FDA guidance document requirements or their equivalent;
• Convert to quantifiable / measurable terms where necessary;

Remember the requirements become the basis for V&V -- Instalation (IQ) and Operational  (OQ, all the remainining requirements) / Performance (PQs;  those requirements that need additional challenging due to allowable "worst case" inputs, e.g., different operator shifts, large volume RM, power fluctuations, other highly variable inputs.

As I mentioned, DIs and DO's during the R&D process is an iterative process, recognized as such by the FDA in it's Design Control Guidance Document.  A DI becomes a DO which in turn becomes a DI at the next level of development, which becomes a DO, until the product reaches the final stage of development.  Generally I recommend that the interim "DO's" be retained under Design Input in the DHF, and only the final DO that outputs to Design Transfer to Manufacturing, be retained under Design Output.  But the company would develop a system that works best for their culture / system, and then specify this in their Design Control SOP and then follow their SOP. 

jel@jelincoln.com