"P" is for Post Market Surveillance – start your engines now
I attended the Informa PMS surveillance conference in Berlin on 27 and 28 February, and thought I’d share some of the interesting things I picked up there because to me it was a very good conference with some of the best EU experts sharing their knowledge. There were also some easter eggs of information. The presentations I summarise below contained far more detail than I can put in a summary and the ones I have not mentioned were also interesting. The best way to get the full picture is to attend, I’m sure Informa will repeat the conference next year.
“Parliament is not interested in PMS”
The first easter egg for me was the rumor that a Commission official had said that Parliament is not terribly concerned with PMS because it’s too technical so the current wording in the draft MDR and IVDR will most likely survive – companies can start planning for the current draft to be the final word on these matters. If it’s in the regulation proposal now, it’s expected to make it to the finish. This confirms to me what I and many others have been saying all along: Parliament does not understand the underlying issues and takes a fundamentally flawed approach: you can’t remedy a problem of supervision by increasing rules on safety. That is window-dressing to the detriment of innovation. It’s falling victim to the well-known fallacy of confusing issues regarding safety of technology with issues regarding its security. This fallacy is described very well in Regenesis, a recent book about synthetic biology that I recommend as an inspiring read, and which among many things discusses this regulatory misconception in the biotechnology field.
If the ENVI committee is serious about preventing future security issues relating to the EU medical devices regulatory system (fraudulent manufacturers, naughty notified bodies proposing workarounds for certification or not paying attention to what their manufacturers are doing) they should be all over PMS and the market surveillance provisions. But they aren’t. Instead, all the emphasis is on pre-market controls, head firmly buried in the sand.
PMS under the new regulation proposal
Jacques Thielen of Medtronic gave an impressive and comprehensive presentation on PMS under the new regulation and showed how the post-market environment will increase significantly in scope, including a PMS plan and surveillance, trend reporting of advertising and markting, etc.
He presented an interesting analysis of the Dalli Action plan: unannounced audits have started, a notified body checklist for unannounced audits is circulating.
He explained how serious incidents will be reportable (not for custom made devices contrary to current MEDDEV), no later than 15 days after awareness. There is an obligation to report if there is a possible causal relationship between the device and the incident.
He further discusses the electronic vigilance system EUDAMED (article 62 proposal). Countries will however want to keep their own database, so ‘synchronization’ problems may well ensure.
Competent authorities must carry out risk assessment with respect to serious incidents and FSCA’s. However there is no harmonised method for risk assessment yet. That could be implemented via the coordinating authority concept, Jacques argued.
Trend reporting was addressed: under the proposal it’s step forward compared to the current MEDDEV : duty to report impacts on the risk-benefit analysis and unexpected undesirable side effects. Incident: includes “any unexpected undesirable side effects” in the new definition. Serious incident includes now “temporary” deterioration of patient health. FSCA definition differs slightly from GHTF definition.
Documentation of vigilance data in practice tends to lead to double assessment of vigilance data, and the notified body and competent authority they may take different views.
The proposed regulation will use implementing acts for the ‘paperwork’ (article 66), so watch that space for more detail to emerge.
Post Market Plan – in practice companies do this already, but it will now formalized and the plan must reported. The plan will cover the entire post-market life of the device (article 8), includes PMCF – if no plan is applied, that must be justified.
Advertisment and promotional material review – this must be subject to a robust internal process because it may lead to recalls if companies get it wrong.
The EUDAMED 3 “cathedral” currently under construction was discussed: the market surveillance and UDI pillars are new, as was shown with nice graphics from Eucomed’s EUDAMED working group. Jacques was skeptical about Commission being able to construct a working database able to cope with the requirements. We have heard this skepticism more often. I had to suppress jokes by analogy to Gaudi’s Sagrada Familia cathedral in Barcelona, which has been under construction for more than a century by now and with a total construction timeline of just shy of 1,5 century (started in 1882, current planned finalization date 2026).
Companies should plan ahead and anticipate impact on company resources (qualified person, increased reporting burden), timely perform a gap analysis, were Jacques’ closing words of advice.
Jenny Gough from Mölnlycke updated us on the status of EU UDI and gave a good practical study on how to implement UDI in a medical devices company. There is no detail on UDI in current EU regulation proposal – everything will be dealt with in a delegated act. There is still no international governance model, while everybody is waiting to see where the US is going with UDI. IMDRF could make the difference, but will it? Still important nuts to crack re UDI databases, UDI requirements, exception handling and existing stock treatment.
Industry issues concern standardisation: will there be UDI database harmonised requirements? This will be especially important for machine readable carriers, with respect to placement etc.
The ETF group in Eucomed is dealing with this, and is developing a UDI policy for the EU for its members. The GS1 standard seems preferable solution. Mrs Gough mentioned that the lack of preparedness the on the part of industry is “scary”, because these things takes long time to implement to be able to start in time. Even if there is no EU guidance yet, industry should start to ready its internal processes for UDI. Some countries are taking their own UDI/traceability initiatives already. The system must also work for healthcare providers and they must be on board in this.
Laura Locati from Abbott addressed Eudamed, the EU database that is supposed to pull everything devices related together. Eudamed 4.4 (to support the Eudamed 3 cathedral) will go into production in march 2013, fixing issues of alignment with national systems and new development requests such as interface improvements, with its legal basis in Article 27 MDR and 25 IVDR.
There is some news from the EU Commission working group on Eudamed on access levels.
Publicly accessible will be:
- clinical investigations subject to confidentiality restrictions
Vigilance data in Eudamed: access possible only for national competent authorities, Commission & notified bodies
Market surveillance: access possible only for national competent authorities & Commission
Competent Authority perspective
George Aislaitner from the Greek competent authority had the second easter egg, or rather easter bomb, by confirming rumours about a separate governance regulation / directive being in the works. This is apparently intended to supplement the cooperative parts of the MDR and IVDR, for example to provide a legal basis for the joint inspection teams that are envisaged. These teams will consist of a mix of inspectors from different member states and the Commission, much like we already know in competition law in the EU.
Notified body perspective
Steve McRoberts from UL gave a very down to earth view under the hood of a notified body. His message was that there are no secret recipes under the hood of notified bodies: a manufacturer must consistently meet its own specs, so the notified bodies can confirm in an audit that he does. Of course the specs have to meet the basic requirements, but there is nothing more to it. BSi also had two comprehensive presentations setting out what is required for implementing PMS that a notified body can sign off on.
Trend reporting will be another major issue under the new regulation. Jacques Thielen from Medtronic also presented on this subject. He explained how the MEDDEV on vigilance version 8‘s trend reports in meaning of 4.18 MEDDEV require pre-defined levels that trigger reporting obligations. Many companies won’t have this, and only start to think about trigger levels when something unexpected or problematic happens.
Under the new regulation a trend report must include significant increases in rate of already reportable incidents but also usually non-reportable events. How to measure what you would normally not measure? The only way here is to set up additional processes for that
Difficulties Jacques addressed under the current MEDDEV:
- Evolution of trend, associated patient / user risk and HHA are to be considered together.
- Correction for trend influence by bulk reporting, sample size, etc.
- What should be tracked? There is a lot of information to trend (complaints, service reports, failure mode, adverse event types, vigilance reports, confirmed root causes).
- How to correct for abuse by customers of complaints processes to get the manufacturer to give them freebies?
- What is the trigger level? No standard available, so each authority may look at it differently or has no idea themselves. Levels in risk analysis are engineering values, not reporting triggers. A company’s trigger level will evolve over time but how? There are no standards for that either so a company must make choices and develop audit able policies for that.
PMS in the supply chain
I presented about implementing PMS in the supply chain for a medical device. The new regulations implement the Decision 768/2008 model for supply chain market surveillance, and as was consensus in the room, there are a lot of overlapping autonomous responsibilities between the respective actors in the supply chain (the MAID) and there is no guidance in the regulation on how to implement PMS in this constellation. Consequently, the traditional top-down way of requiring “compliance with applicable law” that most companies put in their distribution agreements will not work anymore. As I explained, this may be giving a distributor a free pass to do precautionary panic recalls without anyone else knowing. Also, the MAID profiles tend to be defined broader than you would think – ‘distributor’ for example includes even the last reseller before the device reaches the end user. Companies have to start thinking about how to implement the division of these responsibilities in their import, distribution and supply agreements to avoid being faced with liability being unexpectedly being put on one’s plate and the other party raising its somebody else’s problem field with respect to the issue. My presentation is here: [slideshare id=16878153&w=512&h=421&sc=no]
I will be speaking about contracting issues in view of the new regulations more specifically on a workshop by MD Project in the Netherlands on 25 March (although the invite on their site is in Dutch, the presentations will be in English).