Is the complexity of achieving medical device compliance keeping you up at night? Losing sleep over patient safety concerns? It’s no wonder. You’re in the business of developing medtech that has the potential to save lives and help people – and the longer it takes to achieve compliance, the longer patients and healthcare professionals have to manage without… not to mention the extra money you end up spending just to get your medical device on the market.
With medical device recalls up by 71% in 2018 and 2019 vs the previous two years, and software issues becoming the leading cause of medical device recalls, it’s more vital than ever to build a robust product with patient safety in mind from the ground up. For the health of all patients and operators involved – and for your business. Here are our top 5 tips for hitting the ball out of the park when it comes to medical device quality assurance and regulatory compliance.
Patient safety needs to come first - always
Achieving medical device regulatory compliance can seem like a daunting task, and often causes medtech developers and manufacturers a huge level of stress. And who can blame them? However, these exhaustive standards exist – and are being increasingly enforced – for good reason. In the last ten years, more than 80,000 deaths and over two million injuries have been caused by faulty medical devices.
It doesn’t help that product risk assessments are still often carried out in isolated spreadsheets – creating just enough of a paper trail to pass regulatory approvals, but often failing to properly evaluate and document the actual design of the medical device. Achieving compliance is not just about ‘ticking the right boxes’: it’s there to ensure patient and operator safety. As a result, Product Risk Management needs to be taken seriously from the start, which can’t be done when completed in isolation from the device design.
Tip #1: Establish a clear Product Risk Framework (with integrated Design Controls) as soon as you start planning your new medical device. This is key to ensuring that your product is developed with patient safety in mind from the get-go.
Document-based workflows holding you back? It’s time to level up
Creating and marketing a medical device can take anywhere from three to seven years. The process entails a whole lot of design activities to meet requirements, which can (and do!) change all the time because of stakeholder feedback which can come from different teams all over the world. Unfortunately, the industry is lagging somewhat behind in content collaboration technology, and many MedTech companies are still trying to manage documentation control using regular desktop applications for word processing and spreadsheet calculation. To top it off, they’re also circulating these huge documents by email, often for years at a time.
Trying to manage something as complex as medical device development by email is an enormous challenge – one that leaves a lot of room for error. Legacy tools for design control process automation, unfortunately, aren’t much better. They tend to propose a single, rigid workflow that can’t be adapted or customized to a company’s specific needs.
Tip #2: Breakups are sad, but in some cases 100% needed. It’s time to leave document-based workflows behind and embrace state of the art content collaboration, or in this industry, a modern requirements management platform. These platforms empower users to collaborate with a number of stakeholders through the entirety of the design lifecycle process, from planning to concepting, prototyping and manufacturing. All this with automated documentation of item history, zero compromise on system performance, and slim to none chances of missing a crucial step because some email landed in your spam folder.
Traceability is key to adopting a lifecycle mindset
In the field of medical device product development, developers need to track absolutely everything. From tasks, to feedback, to change requests, requirements and verification – every step that goes into the process needs to be traceable. More specifically, traceability helps MedTech developers to:
- Consistently connect software and hardware requirements to medical device system requirements
- Clearly display all requirements and corresponding tests in a single system
- Automatically generate an audit trail when needed for compliance
Achieving the above with a document-based workflow – while trying to keep information consistent across all the files that you’re juggling manually – is a huge struggle.
Tip #3: Your best bet is to use a design control process automation tool tailored for MedTech use that provides full lifecycle traceability so that you don’t have to worry about it as you go along. Lifecycle traceability empowers medtech developers to view all relevant content in a single view, letting them establish and review links between everything from change requests to product risk management contents to requirements and tests.
Make like Hansel and Gretel (with an uncompromising audit trail)
With full lifecycle traceability comes another benefit: being able to generate an accurate audit trail. This is essential for following the design journey in medical product development and identifying contributors as you go along. Essentially at any step of the way you need to be able to determine why your medical device was built at the time that it was, and who built it.
An audit trail can be nearly impossible to create properly if left too late, or when you try to generate it manually. In order to create a compliant audit trail, transactional changes in the contents of your medical device product development lifecycle and all user credentials need to be systematically and automatically registered with corresponding timestamps.
Tip #4: You can leave your household chores to the last minute – but not your audit trails. To make it easier, use a medical device lifecycle automation tool which prioritizes the generation of audit trails and provides flexible reporting options.
Full Electronic Signature Part 11 Compliance. Come again?
It’s a bit of a mouthful, but we’re here to break it down for you. The FDA’s 21 CFR Part 11 is a regulation which defines how electronic signatures and records can be considered equally as valid as their paper counterparts. Many medical device design process automation tools claim Part 11 compliance, but don’t actually meet all the necessary requirements. Most importantly, Part 11 compliance does not end by asking for a username and password when a user enters the system, nor is it fulfilled by simply recording the username and timestamp for the audit trail.
So what do you need to look out for? In Section 11.200 of Part 11, the regulation explicitly states that either one or all of the electronic signature components of the user must be acquired in order to assure compliant signings. In other words: when executing a Part 11 compliant signature, the tool needs to request the user’s username and password again at the time of the signing. In order to meet this very high standard of proof of electronic record and signature compliance, you need to make sure you have the right access controls and security mechanisms in place, like user authentication, different group rights, full tracking of the creation of each signature, and options for exporting system data if necessary.
Tip #5: Get yourself a Requirements Management platform which has built-in Part 11 compliance. You’ll want to look for preconfigured workflows or templates that are relevant to your product development lifecycle, and which support Part 11-compliant signings.
Carrying out medical device development in a compliant way can be daunting, but if you take these tips on board you’re off to a great start. Shifting to a lifecycle mindset and incorporating product risk management is key, as is thorough preparation. Using a development platform for safety-critical industries like Intland Retina can drastically cut the costs and efforts of compliance – which is why global MedTech leaders like Medtronic, Roche Diagnostics, or Zimmer Biomet are using it to save lives and money, at scale. Find out more by reading our case study about MedTech giant Medtronic below:
For medical Quality Assurance specialists, Intland also offers a Medical Audit & CAPA Template, supporting MedTech developers in controlling quality documents, simplifying compliance assessments, and accelerating audits.