An MDR and IVDR transition plan
The year is off to a good start, and so should your company be with its MDR and/or IVDR transition plan.
Come again? You haven’t started looking at this yet because the MDR and IVDR are not yet final and the transitional period will run to approximately half 2020? Your management is not interested in making resources available?
Not so smart
That’s not so smart. It’s like doing a #Brexit without considering the consequences first and then hoping everybody else is nice enough to give you a good and quick trade agreement deal, because … well why not?
You may think everything can’t possibly be that complex – until you find out later that there is more to this whole thing that looked so simple at the moment when you were not really looking at it yet.
Your company may be one of the many companies expected to find out too late that some things took more time than expected, or were more contingent than they looked:
- notified bodies that will not come online for certification of products before well after half of the transition period of three years has expired. And then they still have to start with pushing all existing medical devices on the EU market through an MDR / IVDR certification process (which is stricter than under MDD/IVDD).
- additional clinical evidence may well be needed for your devices under the MDR. If you need to generate it in clinical trials, registries or other time consuming processes, you should know about it sooner or later. And your notified body will need to be on board with what you are going to do. Is yours already? I bet not.
These are just two contingencies that have a crucial impact on your MDR implementation strategy.
There are a lot of other dependencies too – like your suppliers that you need to control more, other jurisdictions that rely on the CE mark for your devices.
Many companies think that there will be some process to slide in the devices that are already on the market and are not causing any problem, so that’s easy. There is not, so there is no easy solution there. There will be no grandfathering or similar process – any device that is not certified into the MDR or IVDR by the end of the transitional period and the various limited overrun periods can not be placed on the market any longer. It will be illegal to place such devices on the market. The only thing close to grandfathering is the five/three years period that you will have to still sell off devices that were compliant under the MDD/IVDD and were placed on the market before the date of application of the MDR/IVDR. Those can still be sold off to end users for another five/three years post date of application (so after the transition period of three/five years ends).
No placing on the market means no cash flow. No cash flow means bankruptcy sooner or later, or bought at a discount by a competitor or strategic investor. Strategic investors and acquisition driven companies are already on the prowl for companies that are candidates for not making the cut of the MDR/IVDR and will swoop in when opportune.
If you get this wrong or get it right too late your company goes off the cliff like While E Coyote, still wondering what went wrong all the way down. That’s why you need to start thinking now.
You’re into software and think you’re not placing software on the market because it’s made available as a service from outside the EU? They’ve got that covered too – if your software is a device by the new standards, it will have to meet MDR/IVDR requirements regardless of whether it’s placed on the market or not.
Transition plan – journey towards compliance
This one is for MDR transition – working on one for IVDR transition too:
Start working on your transition plan – the journey towards compliance, like every journey, starts with the first step. Then you keep on going until you reach the end, and then stop. Like in the Lord of the Rings – it’s an easy journey conceptually (just take this ring to that mountain) but you’ll be slaying a lot of orcs and fighting monsters before you finally complete the quest.
By the way, even While E Coyote made plans. There’s no reason why you should be less clever than a cartoon figure.
The above picture is a single roadmap that you can put on a slide to explain to your organisation or management what the necessary steps are, where the journey begins and what you need resources for. This picture is based on the excellent General Data Protection Regulation game plan (another project that you should be well on your way with by now – the transitional period for that regulation ends 25 May 2018 and the GDPR has significant overlaps with the MDR/IVDR, e.g. on design requirements for devices (including standalone software) that process personal data).
IVDs largely similar
The roadmap for IVDs transition to the IVDR is largely similar, except that the transitional period is two years longer but the sell-off period is shorter.
And the dependencies at the end are even more scary: the reference labs will not be appointed until four and a half years into the five years transition period. That means that there is almost no time for the highest risk IVDs to be certified into the IVDR during the transitional period.
For IVDs the chance that companies underestimate the necessary efforts are even bigger, because the large majority of IVDs are currently self certified, regardless of their associated risks. The IVDR will turn this upside down and notified body certification will be the rule for the large majority of IVDs. This is a huge quantum leap in regulatory burden. It means that for the majority of IVDs a third party will take a critical look at the underlying technical documentation and performance data for the very first time. You can imagine that not all technical documentation may be in the shape that the IVDR expects. The IVDR will require a lot more and different types of data to substantiate performance, and will require more clinical data too. Producing data costs time. It costs money. It requires planning. I cannot under-emphasize how important it is for the IVD industry to engage on this. Your company does not want to be the puff of smoke that remains if While E Coyote goes off the cliff.
Each of the items described in the roadmap has a lot of detail to it, which leads companies to typically underestimate the effort. The gap assessment, impact assessment and remediation take a lot of time. It means you will have to more or less completely revisit each and every device that your company has on the market and in the pipeline, as Gert Bos and I have explained in BSI’s white papers on the MDR and IVDR. BSI has a good white paper on MDR transition too.
Detail takes time, and detail takes resources – don’t forget. Use the resources on this blog, use others of the plentiful resources that are available publicly on this subject.
Talk to your trade association, participate in the discussions at MedTech Europe, COCIR, Advamed, your local trade association, etc. so you know how other companies are dealing with this.
Make sure that your management does not underestimate this process. Hey, it’s only about company core products and core processes so why would that not merit the resources it needs, right? My apologies to be somewhat cynical but I see a lot of companies (also big and sophisticated ones) underestimate this completely. And if I’m wrong – tell me in a few years time and I’ll gladly apologise for crying wolf then while congratulating your company on being compliant well in time.
And, finally, my firm and its network is there. We are helping many companies wrap their head around it and will gladly help you too.
But do something now and don’t wait – at the very least start by understanding what this is about and what it will mean for your organisation. Your competitors are working on this already.