Risk management by Regulatory Authorities, Part 1 of 2

Regulatory Authorities are challenged to keep their markets open and to ensure that patients have proper access to devices while at the same time keeping non-compliant, possibly dangerous devices away from their populations. To achieve this they need to use risk control strategies. Authorities that are rethinking their approaches to risk management could consider a three-tier system:

1. A 100% check on all devices for a limited number of items per device;
2. A more extensive routine check on issues that emerge from the first check;
3. In-depth analysis of the few devices or dossiers that give rise to further questions from this second check.

Emergo has recently acquired specific expertise in this field. Now several Regulatory Authorities have requested assistance in developing efficient supervision strategies. This article will profile in general terms this type of risk management system.

This article is not intended to help non-compliant companies evade regulatory compliance--although it will help regulatory authorities detect dangerous or non-compliant devices. But there is no quick fix. Getting this right will still demand a lot of hard work from all involved.

Challenge for regulators

Regulators worldwide must balance the need to maintain open and competitive markets with the obligation to protect public health. The most thorough way to prevent non-compliant products from entering the market is by doing an in-depth check on all devices. This is not practical, as there are so many devices and by far most of them will be found compliant, with acceptable risks. Checking all devices before granting market access would therefore lead to very high costs, with minimal improvement in safety. So regulators should use sampling methods based on certain risk models.

The most opportune situations to check compliance of a device are:

• Market access: a manufacturer or importer wants to introduce a new device to the population.
• Market entry: a device that has been allowed market access is physically entering the market.
• Ad hoc cases: for example when an accident happens in which the device is involved.

In each of these instances, a Regulatory Authority could use a three-tier system for checking compliance of the device:

1. In the first tier, all devices or dossiers are checked on easily identifiable points.
2. Devices that score an elevated risk on those points will get a more thorough check.
3. If the device is still not clearly identified as compliant, it can be investigated in detail. This may include dossier examination or product testing.

Market access

The moment a newly developed device enters the market for the first time, that device should undergo some kind of market access approval. This market access approval process should be capable of handling two types of situations. This first is the situation where a local manufacturer wants to enter the market with his product using local (domestic) legislation; the second is that a manufacturer wants to enter the market with a device that has already been approved in another market under different market access legislation.

The situation of locally manufactured devices under local legislation can be handled by referring to procedures under national law. Manufacturers based somewhere else may refer to the same procedures as local manufacturers, for example when a manufacturer based outside of Europe uses a Notified Body for CE-marking. But often those devices are manufactured under foreign legislation. Sometimes there are mutual recognition agreements that enable market access for devices manufactured under different legislation, but that is not always the case.

Then authorities face a challenge. On one hand, devices should be compliant to their own legislation and requirements. On the other hand, there is an assumption of some level of quality and safety if a device is placed on another market.

But whatever the route of a device to the national market, authorities can try to make use of documents provided by other authorities, notified bodies or other accredited organisations to make market access an efficient and effective process. The first tier activities performed to grant market access will mainly be split into two groups:

1. Check the conformity of the device. This will be done based on documents and can be a relatively simple check. Authorities have various options for organising this check, but the approach should focus on documents only. Examples of this are:
   
   1. Certificates handed out by recognised authorities stating that the device is legally placed on the market elsewhere;
   2. Documents demonstrating a successful compliance assessment procedure;
   3. Certificates demonstrating the manufacturer uses a recognised quality system, combined with evidence of successful testing of the device;
2. Register the device. The device’s applicable certificates, manufacturer information and (if applicable) importer information can be put into a database for analysis and later use.

Read part 2 of this post

Ronald Boumans is Senior Global Regulatory Consultant at Emergo and formerly a senior inspector with the Dutch Healthcare Inspectorate. He has been involved in developing risk models for supervision of medical devices.