Introduction to FDA’s Digital Health

Digital Health

The categories of digital health include mobile health (mHealth), Health Information technology (IT), wearable devices, telemedicine, telehealth and personal medicine. Digital health has the potential to improve the ability to accurately diagnose and treat diseases which enhances the delivery of health care for the individual.

The applications of these technologies range from general wellness to applications as a medical device. They include technologies intended to use as a medical product, as a companion diagnostics or an adjunct to other medical products (devices, drugs and biologics). They are also used to develop or study medical products.

The technologies such as smart phones, social media and internet applications are only changing the way we communicate; it is also providing us with ingenious paths to monitor the health and greater access to information.

Benefits of Digital health technologies

The most important benefit of digital health technology to the patient is the accessibility of data and thereby giving more control for patients over their health. It gives real opportunities to improve their health which enhances efficiency.

These technologies can empower patients to make better decisions about their health and opens up new options for early diagnosis of life threatening diseases and other also better management of chronic conditions.

Following are the benefits expected by providers and other stakeholders when these technologies used.

– Reduced inefficiencies,

– Improved access,

– Reduction in costs,

– Increase in quality, and

– Personalized medicine for patients.

For patients and consumers, these technologies help in better management and tracking of their health and wellness related activities.

FDA’s Focus on Digital Health technologies

Modern medical devices have the ability to connect and communicate with other systems. Meanwhile, devices that are already approved are being upgraded to add digital features. New categories of devices are being explored.

Following topics are the point of interest for FDA which is trying to provide more clarity using practical approaches that balance benefits and risks.

– Software as a Medical Device (SaMD)

SaMD is defined as ‘software intended to be used for one or more medical purposes that perform these purposes without being part of a hardware medical device’.

This can be used in various platforms such as medical device platforms, commercial off the shelf platforms, virtual networks etc. these systems were previously known as ‘Stand alone software’, ‘medical device software’, or ‘health software’. 

– Artificial Intelligence and Machine Learning (AI/ML) in Software as a Medical Device

Artificial Intelligence (AI) is broadly defined as producing intelligent machines, especially computer programs with the help of science and engineering. AI uses varied techniques such as statistical analysis data, machine learning and so on.

Machine Learning (ML) is one of the AI technique used to design and train software algorithms based on the obtained data. Software developers can make use of ML to create an algorithm which can be ‘Locked’ or ‘Adaptive’. These two decides the behavior of the device when new data is gathered.

Since AI and ML technologies have immense potential to transform healthcare by providing the important insights based on the data gathered every day. The FDA’s CDRH is considering a regulatory framework which should include total product life cycle which will allow modifications to be made from real world learning adaptation while ensuring the safety and effectiveness of the device.

– Cyber security

In the present scenario, there is an increase in the cyber security risks to medical devices as they are connected to internet and other networks which can be easily hacked if there is no efficient security which impacts the safety and effectiveness of the device. The healthcare environment is complex, all the stakeholders must work together to ensure the cyber security risks are mitigated and eliminated time to time.

– Device Software Functions, including Mobile Medical Applications

The software functions that meet the definition of a device are deployed on mobile platforms, general purpose computing platforms, or in the function or control of a hardware device.

Mobile apps are primarily software programs that run on smart phones and other mobile devices. They can also be used as accessories that attach to a smart phone or other devices or combination of accessories and software. Mobile apps can help people manage their own health and wellness there by promoting healthy living, and easy access to information.

The FDA encourages the development of Mobile Medical Apps (MMAs) that improve the health and provide both consumers and health care professionals with valuable health information. FDA also has responsibility to oversee the safety and effectiveness of medical devices including MMAs. The FDA applies the same risk based approach to device software functions as other medical devices.

For many software functions that meet the regulatory definition of a ‘device’ but poses minimal risk. For these devices, FDA will not expect manufacturers to submit premarket review application or to register and list their software with the FDA.

– Health IT

Health Information technology or health IT is defined as ‘Hardware, Software, Integrated technologies or related licenses, Intellectual property, upgrades, or packaged solutions sold as entities or patients for the electronic creation, maintenance,  access or exchange of health information.

FDA worked with Federal Communications Commission (FCC), and National coordinator for heath IT (ONC) to propose a strategy and make recommendations on appropriate risk based regulatory framework for health IT that promotes innovation, protects patient safety and avoids unnecessary and duplicate regulation.

The three agencies are committed to a vision that supports a strong health system based on safe and innovative health IT that improves and advances public health.

On 4/3/2014, the FDA, FCC and ONC released the Food and Drug Administration Safety and Innovation Act (FDASIA) Health IT Report outlining a proposed strategy and recommendations for a risk-based framework.

– Medical Device Data Systems

Medical Device Data Systems (MDDS) are hardware or software products intended to transfer, store, convert formats, and display medical device data. A MDDS does not modify the data or modify the display of the data, and it does not by itself control the functions or parameters of any other medical device. MDDS may or may not be intended for active patient monitoring.

– Medical Device Interoperability

Medical device interoperability is the ability to safely, securely, and effectively exchange and use information among one or more devices, products, technologies, or systems. This exchanged information can be used in a variety of ways including display, store, interpret, analyze, and automatically act on or control another product.

Interoperable devices with the ability to share information across systems and platforms can:

– Improve patient care,

– Reduce errors and adverse events,

– Encourage innovation, and

– Enable more diverse study datasets.

– Telemedicine

The Health Resources and Services Administration (HRSA) define telehealth as ‘the use of electronic information and telecommunications technologies to support and promote long-distance clinical health care, patient and professional health-related education, public health and health administration’. Technologies which fall under this category are videoconferencing, the internet, store-and-forward imaging, streaming media, and terrestrial and wireless communications.

– Wireless Medical Devices

Radio frequency (RF) wireless medical devices perform at least one function that utilizes wireless RF communication such as Wi-Fi, Bluetooth, and cellular/mobile phone to support health care delivery. Examples include controlling and programming a medical device, monitoring patients remotely, or transferring patient data from the medical device to another platform such as a cell phone. As RF wireless technology continues to evolve, this technology will increasingly be incorporated into the design of medical devices.

The use of RF wireless technology can translate to advances in health care, and patients should be informed about the safe and effective use of these devices in the course of daily life.

Health care facilities should consider the following:

– Selection of wireless technology

– Quality of service

– Coexistence

– Security

– Electromagnetic Compatibility (EMC)

Digital Health Center of Excellence

For the advancement of digital health technologies, CDRH has established Digital Health Center of Excellence which helps the digital health stakeholders to advance health.

The aim of the Digital Health Center of Excellence is to

– Share knowledge

 -Connect and build partnerships

– Innovate regulatory approaches

Through fulfilling the above objectives, the following advancements in digital health have been anticipated

– Advancement in the science of digital health that meets the requirements of stakeholders

– Well organised structure for the easier access to highly specialised expertise, information and tools to accelerate digital health technology

– Aligned regulatory approach to harmonize international regulatory expectations and industry standards

– Increased awareness and understanding of digital health trends

– Consistent application of digital health technology policy and oversight approaches

– Restructured medical device regulatory model specifically for digital health

Medical Device registration and approval process in China

National Medical Products Administration (NMPA) is responsible for the regulation of Medical devices and Pharmaceuticals in China. The predecessor to NMPA was founded in 1998, and renamed as State Food and Drug Administration in 2003. On September 1, 2018 China Food and Drug Administration was replaced by NMPA and it operates under the state jurisdiction and is an administrative agency of China’s central government. The responsibility of NMPA is to create, supervise and implement the standards and guidelines related to medical devices. The agency also oversees the registration and inspection process of medical devices. 

The NMPA has various departments; they include the Department of Medical Device Registration, Department of Policy, Law, and Regulation, National Institute for Food and Drug Control, Technology and International Cooperation, and Department of Medical Device Supervision and Administration.

Classification:

According to the ‘Regulations for the Supervision and Administration of Medical Devices’, the classification of medical devices are based on the risk level and are classified as I, II, and III.

Class I

-Low risk

-No testing is required

Class II

-Medium risk

-Full technical dossier and review

Class III

-High risk

-Full technical dossier and review

Overview of regulation process:

There is no expiry for class I devices. Whereas, class II and III devices have 5 year validity. If a manufacturer intends to extend the registration, can submit the application 6 months prior to expiry. If there are any changes made to the approved product, then a modification application should be submitted to the registration body.

If a medical device has to be imported, then a proof of marketing approval is required from the country of origin. Manufacturers outside China must appoint an agent, who acts as local regulatory contact for device in China.

Class I:

For a Class I medical device, first manufacturer has to determine the applicable product code. This can be confirmed by NMPA’s classification catalog and NMPA classification announcements. If the product code is not clear with these methods, then the manufacturer can submit a formal classification application to NMPA to confirm the device classification in China.

Class I applicants must prepare a submission dossier which is known as Class I Record Filing, which includes risk related information, clinical evaluation report, Technical requirements related to product, test reports (tests conducted outside China are considered and accepted for Class I devices) and manufacturing information.

Upon submission, Class I Record Filings undergo only completeness check rather than full technical review. Post completeness check, the applications are either selected or rejected.

Once the submission is approved, NMPA will issue a Class I voucher with a record number. This number must be printed on IFU and product labeling. The product information with the record number will be published in the NMPA website.

There is no expiry for class I record filling. However, if there are any changes made to the technical information, then a modification application must be submitted to NMPA by the manufacturer.

Class II and III:

Manufacturers of class II and III medical devices must undergo a comprehensive technical review form NMPA.

The submission dossier includes:

a) Product technical requirement

b) Foreign and local test reports

c) Clinical data, if applicable

d) Biocompatibility test reports, if applicable

e) Risk analysis document or reports

f) Process and manufacturing information

g) ISO 13485 certificate

h) Additional documents specific to NMPA

First, manufacturer must confirm the device code and device classification before initiating the registration process.

Then, the product technical requirement must be developed based on the testing completed by the manufacturer for international approvals as well as from the NMPA approved test lab or centers.

Test reports are must and part of NMPA application process to demonstrate compliance to the requirements established in the product technical requirement document.

For class I devices, reports from test centers outside China will suffice. However, for class II and III devices, the reports must be issued from the test labs approved by NMPA.

The manufacturer must provide data collected from either clinical trial or from literature for all class II and III devices. However, this is not required if the device falls under clinical trial exemption list.

Submission process:

Once all the necessary documents are complied, the completed dossier will be submitted to NMPA for review. All the applications must be in Chinese. If the applicant is outside China, then the application can be in English. However, public notarization has to be completed before the initiation of application.

The steps are highlighted below:

a) The application will be first checked for completeness. The NMPA require the payment of registration fees after the acceptance of application

b) The Center for Medical Device Evaluation (CMDE) will take up the technical review

c) There is a possibility of request from NMPA regarding the inspection of manufacturing facility, in compliance to China’s Good Manufacturing Practices during the review stage. However, NMPA has the right to inspect the facility at any time

d) The reviewer usually requests for supplementary information, clarification, additional testing (if required), and additional data related to clinical trials. The manufacturer will have only one chance to provide a response which is satisfactory, with a maximum frame of one year from the request

e) The reviewer may also request for expert panel meeting for high risk or novel medical devices. The panel consists of experts from different fields selected by NMPA. Additional information may be requested based on the outcome of the meeting

f) Once the technical review is complete, a final administrative review will be conducted before certificate issuance

Fast Track approval:

There are three ‘fast track’ approval procedures under NMPA known as Green Channels. The key difference between the standard registration process and fast track procedure is that they will have relatively shorter review and approval timelines. In case of emergency product review, the time is significantly reduced to 10 to 15 days.

a) Innovative Medical Device (IMD):

This route is established by NMPA to bring innovative technology into China. This is applicable during the initial registration process of class II and III devices. Application fee exemption will be applicable for small and micro companies. Once this designation is granted, NMPA will appoint an officer who will help the applicant throughout the process.

b) Priority Evaluation Approval (PEA):

This route is applicable for devices which have significant clinical applications in treating rare diseases. The application is applied along with the standard registration procedure. If the application for PEA is approved, then the technical review and audit will be prioritized. If the application is not approved, then the devices will have the same review process as standard procedure.

c) Emergency Use Approval (EUA):

This route is applicable for devices which are manufactured in response to public health emergency which impacts the national health.

Marketing medical devices in China can be a daunting process for high risk devices considering the clinical trial requirements. In recent years, NMPA has expanded its list of medical devices which are exempt from clinical trial requirements and also the emergence of fast track approval procedures eased the market entry. Based on these factors, foreign manufacturers can now diversify their devices into China.

Software as a Medical Device (SaMD) – Basics to know

In today’s world of healthcare, technology plays an important role in the life cycle of medical devices and software has become an integral part of majority of products that serve both medical and non medical purposes.

There are three types of medical devices related to software. Namely, Software as a Medical Device (SaMD), Software in a medical device and software used in the manufacture or maintenance of a medical device.

Use of SaMD is increasing gradually.  It can be used across a wide range of technological platforms such as medical device platforms, commercial “off-the-shelf” platforms, and virtual networks to name a few. Previously these were referred by industry, international regulators, and health care providers as “standalone software,” “medical device software,” and/or “health software,” and can sometimes be confused with other types of software.

Definition:

The definition of SaMD as defined by IMDRF is as follows “software intended to be used for one or more medical purposes that perform these purposes without being part of a hardware medical device.”

Since the software possesses unique features which extend beyond the traditional medical device, there is a need to come up with a common framework and principles that enables all the stakeholders to promote innovation which is safe and protects patient safety. By keeping this in mind, International Medical Device Regulators Forum (IMDRF) in 2013 formed a group known as Software as a Medical Device Working Group (WG) aimed to develop guidance supporting innovation and timely access to safe and effective SaMD globally. The group mainly works on key definitions of SaMD, risk categorization, QMS and clinical evaluation of SaMD.

Following are the guidelines released by IMDRF to outline the key considerations of SaMD.

GuidelinesTopics Covered
IMDRF/SaMD WG/N10Key Definitions
IMDRF/SaMD WG/N12Possible framework for Risk Categorization and corresponding considerations
IMDRF/SaMD WG/N23Application of QMS
IMDRF/SaMD WG/N41Clinical Evaluation

Consideration as SaMD:

Software that is embedded as part of a hardware medical device and is necessary to drive the intended medical purpose IS NOT a SaMD. However, if the software is interfaced with other hardware medical devices and acts as an additional enhancement for its medical purposes can be considered as a SaMD.

Fitness or wellness apps are not considered as SaMD. It is clearly mentioned in both EU MDR 2017/745 and 520(o) (1) (A) – (D) of the FD&C Act (FDA) that are endorsed by IMDRF. In simple terms, a fitness or wellness software that are not related to diagnosis, cure, mitigation, prevention or treatment of a disease is not qualified to be called as SaMD.

The examples of “Not a SaMD software” are given below:

a) Mobile apps intended to manage stress

b) Mobile apps related to general lifestyle

c) Mobile apps that track baby’s sleeping and feeding habits

d) Apps that track sleeping patterns

Categorization of SaMD:

There are four risk categories identified based on the impact the SaMD has on the patient or public health. 

Classification:

Unfortunately, different regulatory agencies have different criteria for classification.

United States:

The SaMD classification criteria used by USFDA are as same as traditional medical devices. Additionally, SaMD involves level of concern. While it may be strongly correlated with risk class, but level of concern is not used to determine your device’s risk classification.

EU:

There is no specific class for SaMD in EU. However, Medical device software uses the same risk classification as traditional medical devices: class I, class IIa, class IIb, and class III.

Rule 11 of EUMDR states:

Software intended to provide information which is used to take decisions with diagnosis or therapeutic purposes is classified as class IIa, except if such decisions have an impact that may cause: 

a) Death or an irreversible deterioration of a person’s state of health, in which case it is in class III; or

b) A serious deterioration of a person’s state of health or a surgical intervention, in which case it is classified as class IIb. 

Software intended to monitor physiological processes is classified as class IIa, except if it is intended for monitoring of vital physiological parameters, where the nature of variations of those parameters is such that it could result in immediate danger to the patient, in which case it is classified as class IIb. 

All other software is classified as class I.

IMDRF:

The IMDRF has put forth a guidance document to categorize SaMD. Based on the information provided in the document, there are four categories and the categorization is based on two factors namely, state of healthcare situation and significance of the information provided by the SaMD. The categorization table is provided below.

However, the IMDRF categorization is not widely used. But, it is helpful in determining the risk class in EU. One of the EU document, MDCG 2019-11, includes a table that combines both the IMDRF categorization and EU risk classes.

IEC 62304:

The IEC 62304 classification system has three levels based on the severity of injury that a software failure could cause: 

-Class A – no injury

-Class B – non-serious injury

-Class C – serious injury or death

Challenges in regulating SaMD:

-Software acting as medical device makes the data accessible over network. By keeping this in mind, it is important to maintain the data safety while aligning the functionality and efficiency of the product.

-With the diversification of software in the healthcare, the security concerns are high. Stakeholders, regulators, and various authorities at multiple levels must comply with regulations set by the FDA to fast track approval of the Software being developed for healthcare applications.

-Due to the dynamic evolve of internet there is a need to balance innovation and adaptability without putting the user’s data at risk.

SaMD is a growing sector and with new parties entering the domain, new ideas are pouring in. Developers need to Developers need to balance innovation and regulatory compliance to develop smart healthcare without compromising data sensitive to user.

KN CONSULTING AND SERVICES is a well-oiled marvel in the field of Medical devices regulatory consulting. We can provide you with flexible and detailed planning and consulting services suiting to your needs.

Medical Device Single Audit Program

History:

The Medical Audit Single Audit Program (MDSAP) was developed by the International Medical Device Regulators Forum (IMDRF) to allow third party auditors to conduct a single audit of a medical manufacturer that covers ISO 13485:2016 and the respective regulatory requirements.

A working group was established for MDSAP in 2012. Then, IMDRF initiated a three year pilot program between 2014 and 2016.

The main goal of the MDASAP program is to establish a union internationally that can work together to provide oversight and safety on a global scale to the medical device manufacturers.

Participating partners:

International partners that are participating in the MDSAP include:

MDSAP Members:

a) Therapeutic Goods Administration of Australia (TGA)

b) Brazil’s Agência Nacional de Vigilância Sanitária (ANVISA)

c) Health Canada (HC)

d) Japan’s Ministry of Health, Labour and Welfare, and the Japanese Pharmaceuticals and Medical Devices Agency

e) U.S. Food and Drug Administration (USFDA)

MDSAP Official Observers:

a) European Union (EU)

b) United Kingdom’s Medicines and Healthcare products Regulatory Agency (MHRA)

c) The World Health Organization (WHO) Prequalification of In Vitro Diagnostics (IVDs) Programme

MDSAP Affiliate Members:

a) Argentina’s National Administration of Drugs, Foods and Medical Devices (ANMAT)

b) Ministry of Health of Israel (NEW)

c) Republic of Korea’s Ministry of Food and Drug Safety

d) Singapore’s Health Sciences Authority (HSA)

Status of MDSAP adoption in participating countries:

a) US: FDA will accept the results of MDSAP audits rather than conducting inspection. However, the agency still conducts its own initial visits to manufacturers and ‘for cause’ inspections.

b) Canada: after January 1st 2019, HC fully transitioned to accept only MDSAP compliance audits from the manufacturers.

c) Brazil: the authority will accept MDSAP for initial audits. However, it will continue to conduct its own inspections and audits for high risk devices.

d) Japan: the authority has fully adopted MDSAP and will accept MDSAP audit results in place of J-QMS audit.

e) Australia: another adopter of MDSAP. The authority recognizes manufacturers who pass the audit and satisfied their QMS requirements. The TGA recognizes MDSAP certificates as equivalent to CE certificates.

Eligibility:

a) Any manufacturer may participate in the audit program if their product falls under the scope of at least one participating country and subject to QMS requirements

b) Located anywhere in the world are eligible to participate

c) Only the MDSAP participating countries will have access to audit report

d) Manufacturers cannot select which of the 5 regulatory schemes to be included in the audit scope. All country specific requirements of the manufacturer’s target sale countries must be included

MDSAP actors:

Regulatory Authorities (RA): They are responsible for designating the Auditing Organizations (AO).  There are certain criteria to be fulfilled to designate AO. The RA’s will continue to monitor the program and they have the final decision.

Auditing Organization (AO): They plan, conduct and report the audit to RA’s.

Manufacturer: they engage with the AO for QMS audits. If there is any non conformity, they need to provide corrective action plan.

Benefits of MDSAP certification:

-Reduces the burden for a manufacturer in case of audits and inspections

-Minimizes business obstacles, reduces cost and saves time due to the single audit process

-Helps the manufacturer to enter new markets with ease

-Consistent multiple regulatory programs by participating regulators

-Positive image for the company

MDSAP audit cycle:

The MDSAP audit program is based on three year audit cycle. The initial audit, also referred to as ‘Initial Certification Audit’ consists of stage 1 and stage 2 audit. The initial audit is followed by partial surveillance audit and a complete Re audit, also referred to as ‘Recertification audit’ in the third year. A recertification audit may include stage 1 audit, if there are any significant changes to the already audited QMS.

Special audits are extraordinary audits that are not part of the planned audit cycle. These audits mainly focus on specific elements of QMS. These include audits conducted in response to an application for the extension to the scope of an existing certification, to determine whether or not the extension can be granted or as short-notice audits conducted to investigate potentially significant complaints, or if specific information provides reasons to suspect serious non-conformities of the devices, or for other reasons.

Unannounced audits: The MDSAP participating regulatory authorities require AO to conduct unannounced audits in circumstances where high grade non-conformities have been detected.

MDSAP audit process:

The MDSAP audit process involves seven chapters or processes. They are, four primary processes, one enabling process and two supporting processes which are mentioned below.

-Management

-Measurement, Analysis and Improvement

-Design and Development

-Production and Service Controls

-Purchasing

-Device Marketing Authorization and Facility Registration, and

-Medical Device Adverse Events and Advisory Notices Reporting

Each chapter contains multiple audit tasks that are verified during the audit. Each audit task references the applicable clauses of ISO 13485:2016. Below table gives an overview of number of tasks mentioned in each chapter.

MDSAP PROCESSNUMBER OF TASKS
Management11
Device Marketing Authorization and Facility  Registration03
Measurement, Analysis and Improvement16
Medical Device Adverse Events and  Advisory Notices Reporting02
Design and Development17
Production and Service Controls29
Purchasing12

MDSAP audit sequence:

The MDSAP audit sequence follows a process approach and has four primary processes – Management process, Measurement, Analysis and Improvement process, Design and Development process and a Production and Service Controls process with links to the supporting process for Purchasing. Also, it has two additional supporting processes: Device Marketing Authorization and Facility Registration and Medical Device Adverse Events and Advisory Notices Reporting. These are necessary to fulfill specific requirements of the participating MDSAP regulatory authorities.

The audit sequence should be followed as designed. However, under certain circumstances, judicious exceptions to the audit sequence are allowed considering there is sufficient justification and the core elements of the MDSAP Audit Approach, are respected.

The flowchart shown in Figure 1 illustrates the MDSAP audit sequence and interrelationships.

Figure 1.  Audit sequence

MDSAP grading system:

The MDSAP grading system was created to clarify and address inconsistencies within traditional audit grading approaches that make use of ‘Major findings’ or ‘Opportunity for Improvement’.

Non Conformities (NC) are assigned a grade between 1 and 5, which is calculated using a two step scoring system.

To determine the initial score, four point NC matrix is used. There are two categories based on clauses of ISO 13485:2016.

Indirect – Clauses 4.1 through 6.3, which have indirect impact on safety and performance of a medical device, it includes general documentation, and quality manual(s).

Direct – Clauses 6.4 through 8.5.3, which has direct impact on medical device safety and performance. The documents are mainly related to design, production, CAPAs etc.

Below table gives an insight in to the NC grading system.

Credits: MDR guide

Why choose KN consulting

KN consulting and services takes a proactive approach in informing our customers about the regulatory changes concerning the industry.

-Saves time and money

-Faster market access

-Expert guidance

Health Canada Regulation

Health Canada’s Medical Device regulations are considered to be one of the stringent requirements in the world for the licensing of medical devices. Regulation of medical devices in Canada is based on the level of risk possessed by the device to the user. This approach helps to balance the need to provide the healthcare system with timely access to the technology which is new and innovative, with the appropriate level of monitoring and time required to assess the safety and effectiveness.

Classification

Before manufacturers of medical devices can sell their products in Canada, they must comply with Canadian Medical Device Regulations (CMDR). However, it is important to know the correct medical device classification of the product before initiating the registration process. Proper classification of the product is the key for minimizing the registration costs and time to market.

Medical devices are classified based on the potential risk associated with their use. There are four device classifications namely Class I, II, III, and IV using a set of 16 rules found in schedule 1, part 1 of CMDR. SOR/98 – 282. IVDs are also classified as Class I through IV using a set of 9 rules, which can be found in Schedule 1, Part 2 of the CMDR.

The classification rules are similar to EU regulation. However, classification may differ, for instance, when compared with US FDA classification, many Class I products in the US are Class II in Canada, while some Class II products in the US are Class III in Canada.

Based on the classification of the device, license type is decided as well as quality system requirements. Class II, III, and IV devices require a product-specific Canadian Medical Device License (MDL) and ISO 13485:2016 certification. Class I products require a Medical Device Establishment License (MDEL), which is held by the manufacturer or distributor/Importer.

Marketing the medical device in Canada

Health Canada issues two types of licenses: the Health Canada Medical Device Establishment License (MDEL) and the Health Canada Medical Device License (MDL). 

If a manufacturer has a class I medical device and plan to sell the product directly into Canada without a distributor, then a MDEL is required. If they choose to sell through distributors in Canada, then the distributor is required to have a MDEL. Distributors and importers must have a MDEL regardless of device classification. If the devices are class II – IV, the manufacturer must have both MDEL and MDL.

If the manufacturer is selling class II – IV devices, then MDL is required. The MDL is a product approval, while a MDEL is a permit for the company/distributor/importer itself.

Getting a MDL is comparable to the USFDA 510(k) process. The process of obtaining MDL is faster than 510(k) process for class II devices, same for class III devices and lengthier for class IV devices.

Health Canada requires manufacturers of Class II – IV medical devices to meet the QMS of ISO 13485 under Medical Device Single Audit Program (MDSAP) which includes compliance with the requirements of the CMDR. Before the device can be sold in Canada, QMS must undergo an audit by a MDSAP-accredited Auditing Organization (AO).

Approval process

Step 1:

Determine the classification of your medical device according to schedule 1, part 1 of CMDR.  Devices fall under class I, II, III and IV.

Step 2:

Implement ISO 13485:2016 under MDSAP compliant quality management system for class II – IV.

Step 3:

For class II – IV devices, get the ISO 13485:2016 audit or re audit by an approved AO under MDSAP. ISO 13485:2016 certification will be issued after the successful completion of audit.

Step 4:

For class I devices, apply for MDEL. For class II, III, and IV, apply for MDL. Mandatory documents must be submitted in English or French.

Step 5: 

For class I devices, submit a MDEL application, prepare mandatory documents and pay the fees. For class II devices, submit MDL application, Fee form, labeling (IFU), Declaration of Conformity and ISO 13485 (MDSAP) certificate and pay the fees.

For class III and IV devices, submit MDL application, followed by Declaration of Conformity, ISO 13485 certification, IFU, and premarket review document which includes the clinical data. Generally, the clinical data gathered outside Canada is accepted and finally the required fees have to be paid.

Step 6:

Health Canada reviews MDL application (Class II, III and IV) and Premarket Review Document (Class III and IV only).

Step 7:

For Class I devices, approved applications will be posted on the Health Canada website and MDEL certificate will be emailed to the manufacturer.

For Class II, III, and IV devices, issued licenses will be posted on the Health Canada website, and copies of MDL will be emailed.

Step 8:

Now the manufacturer can begin marketing the device in Canada. Note that Licenses do not expire as long as the registration is renewed usually it is annual. Failure to file for renewal will result in revocation of license. 

How KN consulting can help with Health Canada medical device approval

1.Confirming your device classification in Canada

2.Completing and filing the MDL or MDEL application on your behalf

3.Developing, implementing, or modifying your ISO 13485 quality management system to meet MDSAP and Canadian requirements

4.Providing employee training on ISO 13485, MDSAP, and CMDR

5.Determining the proper annual license fee payable to Health Canada

6.Providing onsite auditing to confirm compliance with ISO 13485, MDSAP, and CMDR.

Conclusion

With a population of more than 36 million and a well-organized national healthcare system, Canada is a lucrative market for medical device manufacturers.

Our team has experienced consultants who have helped medical device companies with Health Canada licensing, MDSAP and CMDR compliance. Contact KN consulting for more information on our Health Canada medical device registration services.

QMS – ISO 13485

A medical device quality system is a structured system of procedures and processes covering all aspects of design, manufacturing, supplier management, risk management, complaint handling, clinical data, storage, distribution, product labeling, and more. Most medical devices will require some form of a Quality Management System (QMS); the complexity of the QMS will vary based on the classification of the device.

For example, companies making medium-risk (Class II) or high-risk devices (Class III) devices will require a different QMS implementation than companies making low-risk, non-sterile, non-measuring, non-reusable surgical instrument devices (Class I).

Importance of ISO 13485

The standard is important to various parties including manufacturers and distributors of medical devices. In addition, suppliers and providers can enhance their marketability with this certification as manufacturers require ISO 13485 certification in order to do the business. 

The FDA has proposed a rule to harmonize USFDA 21CFR 820 with ISO 13485:2016 making ISO 13485 the FDA’s mandatory QMS for Medical Devices.

ISO 13485 Medical Device Quality Management Systems

ISO 13485: 2016

The International Standard ISO 13485:2016 can be used by internal and external parties, including certification bodies, to assess the organization’s ability to meet customer and regulatory requirements applicable to the QMS and the organization’s own requirements.

The International Standard ISO 13485:2016 is based on a process approach to quality management. Any activity that receives input and converts it to output can be considered as a process. Often the output from one process directly forms the input to the next process.

Reasons to update ISO 13385:2003 to ISO 13485:2016 

Evolution of Medical Device regulation since 2003

a) Shift in focus to risk management and risk based decision making processes

b) ISO 13485:2016 no longer aligns with the current version of ISO 9001, but rather aligns with the previous revision, ISO 9001:2008

c) Basically, ISO 13485:2016 = ISO 9001:2008 + additional requirements specific to medical devices arranged in 8 clause format. Additionally, ISO 13485:2016 has common requirements to address FDA 21 CFR 820. 

Overview of ISO 13485:2016

The standard contains requirements arranged in 8 clauses which are briefly explained below:

Clause 1: Scope

Talks about the standard and how it applies to organizations and 

a) The importance of process approach

b) Inclusion of regulatory requirements of company’s products and services

c) Processes in place for continual improvement

Clause 2: Normative reference

It outlines the QMS’s fundamentals and vocabulary.

Clause 3: Terms and Definitions

Gives definition used in the standard, from ISO 9001:2008 and other definitions specific to medical devices.

Clauses 4-8 are the ISO 13485:2016 requirements that need to be met within the organization to become certified under ISO 13485.

Clause 4: General requirements 

– Outlines the overall QMS documentation requirements, including:

-Quality Manual with Scope of the QMS

-Required Procedures

-Required Forms & Records

-Control of Documents

-Control of Forms

Clause 5: Management Responsibility 

Outlines the management’s role in the QMS

-Management Responsibility

-Quality Policy & Objectives

-Customer Focus & Customer Satisfaction

-Management Review

Clause 6: Resource Management 

Outlines the requirements for resources including:

-Personnel and training

-Resource management

Clause 7: Product Realization

-The clause outlines following requirements:

-The production of the product or service

-Planning

-Customer related processes and Customer Feedback

-Design

-Purchasing

-Process control

-Identification and Traceability

-Customer Property

Note: Majority of section 7 is modified from ISO 9001:2008

Clause 8: Measurement, Analysis and Improvement

The clause outlines the requirements on monitoring processes and improving the below processes which includes:

-Customer Satisfaction

-Internal Audits

-Control of Non-Conforming Product

-Corrective and Preventive Action

Note: Majority of section 8 is modified from ISO 9001:2008

ISO 13485:2016 certification

“ISO 13485 Certified” means an organization has implemented an ISO 13485 QMS and successfully met all of the applicable requirements in the standard. ISO 13485 evaluates whether the company’s QMS is appropriate and effective while emphasizing on the safety and effectiveness of medical devices.

To become ISO 13485 certified, an organization must –

a) Follow steps to implement ISO 13485 QMS 

b) Next, a certification body audits the performance of the organization against the latest version of standard requirements. Once the audit is successfully completed, the auditing body issues ISO 13485 certificate demonstrating that the organization is registered to ISO 13485 for a period of three years

c) Recertification has to be completed every three years to maintain the ISO 13485 status

Benefits of being ISO 13485: 2016 certified

-The beneficial outputs of an effective audit include:

-Meaningful feedback on the effectiveness of the QMS

-Confidence in compliance with regulations

-Identification of areas requiring attention

-Detection of areas of non-compliance and risk

-Reporting and certification that is valuable and recognized

Conclusion

ISO 13485 is the best internationally accepted model for a medical device organization to help demonstrate compliance to laws and regulations of the medical device industry.

Certified organizations are able to demonstrate the effective interconnectivity of their processes. It is essential to be able to demonstrate how outputs from complaints can feed into processes such as management review, improvement processes, Technical Documentation and risk management updates, etc.

KN CONSULTING AND SERVICES is a well-oiled marvel in the field of Medical devices regulatory consulting. We can provide you with flexible and detailed planning and consulting services suiting to your needs.

Medical Device Regulation (EU MDR) 2017/745

What is EU MDR?

The European Union Medical Device Regulation (EU MDR) 2017/745 was published in 2017 by the European Parliament and the European Union Council. The EU MDR regulations are designed to ensure a high level of safety and quality for medical devices manufactured in or supplied to European Union member countries.

The regulation was introduced to address a number of weaknesses in the existing regulations (the Medical Device Directives, or MDD).

The current European MDR is less focused on the pre-approval stage of medical device production than its predecessor, the MDD, and instead supports a life-cycle approach to medical device regulation.

WHY DID THE MDD NEED AN UPDATE?

While the MDDs served their objective well and contributed positively to the overall growth of the European medical device industry over the past 30 years but their limitations have made them rather ineffective in today’s MedTech world.

The limitations of MDD are – 

1.Out-of-date regulations: The MDD failed to keep up with technological advancements (and the regulatory challenges that come with them) in the medical device industry, especially in the area of hybrid devices and medical software.

2.Inconsistencies: Since the MDD were guidelines rather than rules, they did not supersede individual country legislation, resulting in some variance in how they were enforced across member states.

3.Notified bodies received insufficient scrutiny: Notified bodies (NBs) concentrated on one-time/premarket reviews and approval, acting as business partners for manufacturers and concentrating on approval rather than device safety and quality.

4.Focus on approval, not postmarket results: Device performance was not monitored in a particularly useful or open way following approval under the MDD, and continued clinical evaluation was not needed.

5.Narrowly oriented responsibility: The initial manufacturer was held responsible for device problems and delays, but other firms in the manufacturing/distribution chain were not held accountable, resulting in a lack of accountability for other parties involved in the supply of medical devices.

Major Changes in the EU-MDR

S No. What has Changed?
1.Broader definition
2.New classification
3.Unique Device Identification (UDI)
4.Labeling, packaging & instructions language
5.Legacy devices
6.Clinical evaluation
7.Post-market surveillance and risk management
8.Data transparency and accessibility

1.MDR is four times longer than the MDD and has five more annexes.

2.Companies will need to rationalise their portfolios and conduct a global impact review in order to make the required changes to stay compliant due to significant changes in the new law’s wording.

3.General Safety and Performance Requirements, Annex I, outlines new conditions that must be addressed for the majority of legacy devices (CE marked under the MDD). Existing goods must be recertified in order to comply with the new rules.

4.Unique Device Identification (UDI) will be needed on all labels in order to help monitor devices in the economic operator supply chain.

5.Many organisations would be required to update clinical reports, technical documents, and labelling as a result of the new regulations.

6.The concept of a medical device will be expanded to include previously unregulated non-medical and cosmetic devices. Cleaning, disinfection, and sterilisation materials, as well as contact lenses, liposuction equipment, and epilation lasers, are examples.

7.To prove protection and performance statements, manufacturers will need to produce and provide more in-depth clinical data, including stricter equivalency requirements.

8.All accidents, injuries, and deaths must be reported to an EU portal, which will centralise relevant data and provide patients with more safety-related information. The reporting period for accidents that did not result in death or significant health deterioration has been reduced from 30 days to 15 days.

9.Quality assurance, risk control, and postmarket priorities will all need to be revisited by companies in transition. To re-implement in compliance with new standards, it will take careful analysis, preparation, and upgrading.

10.Many medical devices have been reclassified to a higher risk category, and reusable surgical devices have been given a new classification that requires notified body oversight.

EU MDR effects for the Medical Device Industry 

The effect of this regulation may have a significant impact on medical device manufacturers’ activities, from a commercial, R&D, operation, and organisational standpoint, the EU MDR will be huge, also the composition of their current and future portfolios will be effected. Compliance would almost certainly come at a high price!! 

The EU MDR can eventually force businesses to consider whether a product’s return on investment is sufficient to make it viable. Because of the effort required to implement the reforms, businesses will be forced to sell goods, resulting in increased merger and acquisition activity in the industry. If the conditions are not met within the specified timeframes, a product may be withdrawn.

Businesses must move quickly to obtain stakeholder support, plan their organisations, and begin implementing changes.

Key Challenges – 

1.Time and human resources would be needed to adapt to updates for current devices.

2.If a partner wishes to stop working in the EU, it can have an effect on the supply chain.

3.The cost of remediation could push up the price of devices on the market.

4.Increased clinical data standards places additional responsibility on organisations that have not historically faced such demands.

5.The cost of remediation must be measured against sales, which may lead to product removal from certain markets.

6.Increased clinical data standards places additional responsibility on organisations that have not historically faced such demands.

7.The cost of remediation must be measured against sales, which may lead to product removal from certain markets.

EU MDR Timelines

The new EU MDR began a transition period in May 2017. Some important deadlines you should focus on – 

May 2021 – MDR date of application (Revised due Covid 19 Pandemic).

May 2022 – EC certificates of conformity issued before May 27, 2017 expire.

May 2024 – Required for all EC certificates issued 5 years from the issue/renewal date or 4 years from the MDR date of application (May 27, 2021), whichever comes first.

May 2025 – Devices certified under the MDD can no longer be sold or distributed.

ArticleArticle TitleDeadline
123.2Date of application26 May 2021
120.1The deadline for Notified Bodies to issue MDD/AIMDD certificates25 May 2021
120.2All MDD/AIMDD certificates will become invalid on this date26 May 2024
120.3The date on which the MDR’s transitional provisions on PMS, as well as the registration of economic operators and goods for all devices, will go into effect26 May 2021
120.4The last day for the sell-off period26 May 2025

The new EU MDR was theoretically accepted by medical device manufacturers as soon as it entered into force in May 2017. In practice, however, the new infrastructure needed by the EU MDR, such as the new EUDAMED database, new registration and reporting procedures, and so on, will require a few years to be implemented by European authorities, necessitating the implementation of transitional arrangements.

Conclusion 

The European MDR is a preview of how the regulatory landscape for medical devices will evolve over the next decade. Greater standardisation and stronger post-market surveillance standards, as well as process-oriented risk management and a life-cycle approach to system management, are also being pushed by the recently released ISO 13485:2016 and the MDSAP software.

Compliance today, with the help of KN Consulting and Services will place your medical company for long-term industry growth and unprecedented success in achieving regulatory compliance targets in important markets around the world.

Start your transition from MDD to MDR with us at KN CONSULTING AND SERVICES.

KN CONSULTING AND SERVICES is a well-oiled marvel in the field of Medical devices regulatory consulting. We can provide you with flexible and detailed planning and consulting services suiting to your needs.

OUR EU MDR/ EU IVDR Transition Services Include:

– Transition plan for the MDR compliance

-Product Portfolio and Current Certificate Assessments

-QMS System Gap Assessment

-Technical Documentation Gap Assessment

-Clinical Evidence or Performance Evaluation reports

-Establish working groups to setup UDI numeration strategy

-Remediation and Implementation of EU MDR/ EU IVDR Compliance Plan

-Notified Body Submissions/Reviews

Who can I contact for further information?

KN Consulting and Services is accepting applications for conformity assessment of medical devices under the MDR. We are here to help you achieve smooth transition to MDR so talk to us early in the planning stage. Also you can book a 1 Hour of FREE Subject Matter Consultation.

Call us on +1 (949) 245-5607

UK Conformity Assessed (UKCA)

-Is this the lifesaver for UK market?

When United Kingdom (UK) decided to leave European Union, manufacturers had no clue on which regulations to follow. To avoid the situation, UK put forth a new regulation known as UKCA marking to fill the gaps left by CE marking. This change in regulation will have a massive impact on supply chains that interact with UK. Due to this, organizations must be aware of the details to ensure they correctly prepare for it, mitigating any chances of any potential issues.

The UKCA (United Kingdom Conformity Assessment) marking is a regulatory norm established for goods to market in Great Britain (GB). The areas under GB include England, Wales and Scotland (Except Northern Ireland). It will be used as a replacement for CE marking on goods sold in the GB market. It captures majority of products which were previously required CE marking, known as ‘new approach’ goods. The UKCA marking came into effect on 1 January 2021. To allow the manufacturers or businesses to adjust to the new requirements, CE marking will be valid until 1 January 2023. Products can carry both CE and UKCA marking if they fulfill the regulations of both the legislation. 

Selling products in Great Britain (GB)

The UKCA marking applies to the products which are previously subjected to CE marking. Compliance to technical documentation requirements, conformity assessment processes, and standards used to demonstrate conformity largely remains same as CE marking. 

The circumstance in which self declaration applies to CE marking remains same for UKCA also. The CE marking is only valid GB areas where both the rules remain same. In case of any change in EU rules and if manufacturer gets the approval based on new rules, then the CE marked devices cannot marketed in GB even before 1 January 2023. 

Selling products in Northern Ireland (NI)

Under the NI protocol, the areas still abide by European Union (EU) rules for some products. As a result, NI continues to recognize the CE Mark but does not recognize the UKCA mark.

There are two options for the importers or for the manufacturers to place the products on the NI market, either through (a) conformity assessment by a Notified Body (NB) from one of the EU member states or (b) Conformity assessment by a UK based NB. If the second option is followed, then the product must be marked with UKNI marking in addition to CE mark which denotes that the conformity assessment activities were undertaken within the UK. Products bearing the combined CE UKNI Marks shall not be accepted on the EU market.

Selling products in European Union (EU)

The UKCA marking is not recognized on the EU market. Products need a CE marking for sale in the EU.

When to use the UKCA marking

UKCA marking is needed if the product 

a) Is for the market in Great Britain
b) Is covered by legislation which requires the UKCA marking
c) Requires mandatory third-party conformity assessment
d) Conformity assessment has been carried out by a UK conformity assessment body

How to use the UKCA marking

In general, UKCA marking should be applied to the product or to the label. But in some cases, it may be placed on the manuals or in the supporting documents. 

General rules –

a) The UKCA must be clear and legible when affixed on to the product. If this is not possible, it should be attached to the packaging (if any) or any relevant document. 

b) UKCA marking must be placed by the manufacturer or Authorised representative (where permitted in the relevant legislation)

c) When UKCA marking is affixed, it is the full responsibility of the concerned party to comply to required legislation

d) UKCA marking used only to demonstrate conformity with the relevant UK legislation

e) The UKCA marking cannot be placed on products unless there is specific requirement to do so in legislation

f) A product may have additional marking, as long as they –

-Fulfil a different function from that of the UKCA marking

-Are not likely to cause confusion with the UKCA marking

-Do not reduce the legibility and visibility of the UKCA marking

Rules for using UKCA image

The concerned party must keep the following points in mind when affixing UKCA image. They are

a) The UKCA marking should be at least 5 mm in height, unless different dimension mentioned in the relevant legislation

b) The marking should be visible and legible

c) The marking can have varied forms, as long as it follows the above mentioned norms

Technical Documentation

The technical documentation must be in place for the product to demonstrate the conformity to the regulatory norms. Either the manufacturer or the authorized representative can maintain the required documents. This must be kept for up to 10 years after the product is place on the market. This information can be requested by the concerned authority at any time to check the compliance of product to legislation.

The information varies for the specific product based on specific legislation. The concerned party must keep the records of:

a) How the product is designed and manufactured

b) How the product has been shown to conform to the relevant requirements

c) The addresses of the manufacturer and any storage facilities

UK Declaration of Conformity 

It is a document which must be drawn up for most products lawfully bearing a UKCA marking. It is recommended that manufacturers have a separate UK Declaration of Conformity to their EU Declaration of Conformity.

In the document you as the manufacturer, or your authorised representative (where allowed for in the relevant legislation), should:

a) Declare that the product is in conformity with the relevant statutory requirements applicable to the specific product

b) Make sure the document has the name and address of the manufacturer (or your authorised representative) together  with information about the product and the conformity assessment body (where relevant)

The UK Declaration of Conformity should be available to market surveillance authorities upon request. The information required on the Declaration of Conformity is largely the same as what was required on an EU Declaration of Conformity.

Start your transition from CE to UKCA marking with us at KN CONSULTING AND SERVICES.

KN CONSULTING AND SERVICES is a well-oiled marvel in the field of Medical devices regulatory consulting. We can provide you with flexible and detailed planning and consulting services suiting to your needs.