No Shortcuts: Building Out the Right Processes to Ensure Medical Device Safety and Security
| Medical Devices
EMERGO BY UL SUMMARY OF KEY POINTS:
- Regulatory focus on medical device safety and risk management intensifying;
- Functions such as clinical research, post-market surveillance and ISO 14971 compliance should bolster safety and risk management efforts;
- More robust safety and risk management processes to help medical device companies pivot faster when regulators change requirements.
Ensuring safe and effective use of medical devices for patients and users is a crucial responsibility for manufacturers and developers, not only in terms of addressing regulatory requirements but also of mitigating risks to public health. In order to pass scrutiny from market regulators and demonstrate that their products do not compromise public health and trust, medical device and technology companies must tie safety and risk management processes closely to their design, development and pre- and post- commercialization efforts.
The challenges of building in safety and risk management functions across device lifecycles are significant, but manufacturers can ill afford to adopt inadequate measures if their goal is to reduce the risk of post-market problems such as field safety corrective actions (FSCAs), adverse events or device recalls. Implementing appropriate measures can also help manufacturers navigate pre-market regulatory reviews and obtain market authorizations faster. Below, we discuss considerations device companies should evaluate in order to build more robust safety and risk management processes, including clinical research and post-market surveillance capabilities, best practices for human factors engineering and usability as well as ISO 14971 compliance and related risk management approaches.
Perennial regulatory challenges
Over the past several years, Emergo by UL research has shown that device manufacturers and developers of all sizes consistently cite changing regulatory environments as their top business challenge.
Recent developments in Europe and the US show that this trend will continue for industry. The European Medical Devices Regulation (MDR), coming fully into force in May 2020, introduces major changes to CE Marking, clinical data and related requirements, necessitating ongoing transition efforts by manufacturers. And in the US, the Food and Drug Administration plans a significant overhaul of its 510(k) premarket notification program through which roughly 80% of all medical devices sold in the country are registered, which will likely result in more rigorous premarket device reviews and clinical data requirements for more types of devices.
Medical device safety constitutes a shared responsibility among regulators, industry and healthcare providers. Although US FDA and other medical device market regulators often adjust their registration and approval systems to address public health issues or government policy changes, it is also incumbent upon manufacturers to establish and maintain adequate risk management practices well-integrated with their design and development processes; companies that have done so will find themselves in a stronger position when regulators change their market authorization requirements.
Elements of a strong medical device safety process
In order to ensure safety and effectiveness of their marketed devices, manufacturers must keep track of many moving parts. Acknowledging the caveat that one size does not fit all, a robust device safety and risk management process applicable to most manufacturers should include components such as:
- Clinical research: Both US and European regulators have made a stronger emphasis on clinical data to support device safety claims, which will help drive the need for more clinical research capabilities from industry. However, clinical study and related regulations vary from market to market, making it difficult for many manufacturers to manage these efforts using internal resources. For most device companies, partnering with an established third-party clinical research organization (CRO) will help them effectively address clinical data requirements from regulators in order to secure and maintain market access.
- Post-market surveillance: Most major market regulators require manufacturers to meet post-market obligations once commercialization of their devices begins. US FDA, European Competent Authorities and other regulators require registrants to monitor for and report adverse events and FSCAs involving their devices according to specific guidelines. Companies will find proactive approaches to post-market surveillance processes becoming more necessary as regulators step up scrutiny of device safety.
- Human factors research and design: Minimizing the potential for human operation error when devices are being used or incorporated into a broader clinical environment is another critical component to ensuring healthcare products are successfully and safely used as intended. Utilizing best practices for human factors engineering and usability allows manufacturers to not only meet their functional and aesthetic goals but also demonstrate that they have incorporated patient and user safety considerations into their product design and development processes. Device design based on patient and user research and analysis, rigorous evaluation and testing of designs, and ongoing human factors research and design training linked closely to safety and risk management efforts help companies conform to evolving regulatory requirements.
- ISO 14971 risk management: Compliance with the ISO 14971 standard allows manufacturers to demonstrate to regulators in the US, Europe, Canada and other major markets that they have built, documented and maintained systematic risk management processes around their devices and technologies. As market regulators evaluate registrants’ risk management practices more closely, companies must ensure such practices are in place across all stages of their products’ lifecycles.
- Digital health and cybersecurity: An emerging and adjacent concern to medical device product safety is its ability to securely coexist with and connect to information systems. Protecting the secure passage of Personal Health Information (PHI) is another significant activity to ensuring patient trust. New guidelines such as ANSI UL 2900 2-1 are a step in the right direction to clarify modern security expectations, helping manufacturers implement robust connected device, software and accessory security protocols in order to proactively demonstrate conformance.
Over the next several weeks, Emergo by UL will more closely examine these and related processes necessary for medical device safety. Stay tuned.
Related medical device regulatory and safety resources from Emergo by UL:
- Medical device clinical trial management and monitoring support
- European medical device post-market vigilance and incident reporting
- US FDA eMDR adverse event reporting for medical devices
- Human factors engineering (HFE) user research for medical devices and IVDs
- Medical device usability training and consulting
- US FDA cybersecurity guidance consulting
- Medical technology cybersecurity risk management support